Configuring LDAP Authentication for Debian

NFS Server Setup

The following do not specify NFS version 2 versus 3 versus 4; the steps below worked for me using NFS version 3 support built into the kernels of the server and the client (server is a Debian Etch machine, the client was another Linux distribution, PLD "rescue".)

Make sure you have NFS server support in your server's kernel (kernel module named "knfsd.ko" under your /lib/modules/uname -r/ directory structure)

  $ grep NFSD /boot/config-`uname -r`

or similar (wherever you've stashed your config file, for example, perhaps in /usr/src/linux/.config.)

Then, note that there are at least two mainstream NFS server implementations at present (excluding those implemented in Python and similar): one implemented in user space (slower, easier to debug), and the other implemented in kernel space (faster.) The below shows the setup of the kernel-space one. If you wish to use the user-space server, then install the similarly-named package.

First, the packages to begin with:

 $ aptitude install nfs-kernel-server portmap

Note that portmap defaults to only listening for NFS connection attempts on 127.0.0.1 (localhost), so if you wish to allow connections on your local network, then you need to edit /etc/default/portmap, to comment out the "OPTIONS" line. Also, we need to ensure that the /etc/hosts.allow file allows connections to the portmap port. For example:

 $ perl -pi -e 's/^OPTIONS/#OPTIONS/' /etc/default/portmap
 $ echo "portmap: 192.168.1." >> /etc/hosts.allow
 $ /etc/init.d/portmap restart

See 'man hosts.allow' for examples on the syntax. But in general, specifying only part of the IP address like this (leaving the trailing period) treats the specified IP address fragment as a wildcard, allowing all IP addresses in the range 192.168.1.0 to 192.168.1.255 (in this example.) You can do more "wildcarding" using DNS names, and so on too.

Then, edit the /etc/exports file, which lists the server's filesystems to export over NFS to client machines. The following example shows the addition of a line which adds the path "/example", for access by any machine on the local network (here 192.168.1.*).

 $ echo "/example 192.168.1.0/255.255.255.0(rw,no_root_squash,subtree_check)" >> /etc/exports
 $ /etc/init.d/nfs-kernel-server reload

This tells the server to serve up that path, readable/writable, with root-user-id connecting clients to use root access instead of being mapped to 'nobody', and to use the 'subtree_check' to silence a warning message. Then, reloads the server.

From the client side (for example, I used a PLD "rescue" disk to boot up a Windows machine for some diagnostics, and used its built-in NFS client support to mount a path from my other computer), you need to ensure that portmap is running, and that the NFS client support is built into the kernel or the proper module ("nfs.ko") is loaded, and then mount the server's path like so:

 $ mount 192.168.1.100:/example /mnt/example

To help debug:


See Also: