服務器端:
1.以只讀的方式共享目錄/public同時只能被domain11.example.com域中的系統
2.以讀寫的方式共享目錄/protected需要通過Kerberos安全加密,您可以使用下面URL提供的密鑰http://host.domain11.example.com/materials/nfs_server.keytab
3.目錄/protected應該包含名爲project.擁有人爲deepak的子目錄
4.用戶deepak能以讀寫方式訪問/protected/project
在system2上掛載一個system1.domain11.example.com的NFS共享,並符合下列要求:
1、/public掛載在下面的目錄上/mnt/nfsmount
2、/protected掛載在下面的目錄上/mnt/nfssecure並使用安全的方式,密鑰下載URL如下:/materials/nfs_client.keytab
3、用戶deepak能夠在/mnt/nfssecure/project上創建文件
4、這些文件系統在系統啓動時自動掛線
yum install authconfig-gtk sssd
authconfig-gtk (server只要ldap)
dc=example,dc=com
ldap://cla***oom.example.com
EXAMPLE.COM
cla***oom.example.com
http;//cla***oom.example.com/pub/keytabs/server5.keytab
yum install nfs-utils -y
vim /etc/exports
/public 172.25.5.0/24(ro,sync)
/protected 172.25.5.0/24(rw,sync,sec=krb5p)
wget -O /etc/krb5.keytab http://
mkdir /public
mkdir -p /protected/project
chmod o+w /protected
chcon -R -t public_content_t /protected/project
chown ldapuserX /protected/project
systemctl start nfs-server && systemctl enable nfs-server
systemctl start nfs-secure-server && systemctl enable nfs-secure-server
firewall-cmd --permanent --add-service=nfs --zone=work
#firewall-cmd --add-service=rpc-bind –permanent --zone=work
#firewall-cmd --add-service=mountd -–permanent --zone=work
firewall-cmd --reload
客戶端:
yum install authconfig-gtk sssd
yum install nfs-utils -y
wget -O /etc/krb5.keytab http://
vim /etc/fstab
server5:/public /mnt/public nfs defaults 0 0
server5:/protected /mnt/protected nfs rw,sync,sec=krb5p 0 0
mkdir /mnt/public /mnt/protected
systemctl start nfs-secure && systemctl enable nfs-secure
mount -a