Mounting NFS Shares

Kerberized NFS

NOTE: Kerberized NFS will not work on BU Linux 6 without per-machine keytabs. Please use SSHFS as described at http://collaborate.bu.edu/engit/MountingNetworkDrives or join the system to AD as described at http://collaborate.bu.edu/engit/LinuxOnAD

Kerberized NFS is the Network File System authenticated via Kerberos. Your BU login name and password are implemented via Kerberos and are used to provide access to many BU resources, including:

  • Active Directory – Logging into Windows and in some cases Macintosh computers.
  • PAMS – Logging into Linux systems
  • WebLogin and XMLGateway– accessing protected web pages
  • Kerberized NFS – using Kerberos to access your files

Accessing Kerberized NFS from BULinux

Make sure you are running BU Linux, from http://linux.bu.edu, and make sure you have the “nfs-utils” RPM installed. You can run yum install nfs-utils to be sure.

You will need to have a valid Kerberos ticket. This will happen automatically if your machine is authenticating logins with kerberos. You can use the kinit command to to manually get a ticket.

You will need a properly configured /etc/krb5.conf. This one is setup to work at BU.

rpc.gssd must be running. You can start it manually with service rpcgssd start. To turn this on by default, edit or create the file /etc/sysconfig/nfs to contain the line SECURE_NFS=yes This file will work with BU Linux.

You should now be able to run:

mount -t nfs -o\'sec=krb5\' server.bu.edu:/export /mountpoint

Once you have successfully done this, we recommend that you follow the next section, Setting up Mount Points, to mount the drives that you need automatically, and that you set your users’ home directories to be their networked home directory.

Not using BULinux? Even though it’s not supported, a number of people are using Ubuntu at BU and openSUSE at BU

Setting up Mount Points

Once you have set up Kerberized NFS, you should add the mountpoints that you use frequently to your /etc/fstab file so that they will mount automatically on bootup. At the very least, ENG users should run: mkdir -p /ad/eng/users; mkdir -p /ad/eng/support

and then add the following three lines to your /etc/fstab exactly as shown. Note that the third line has probably line-wrapped on your screen to two lines, but make sure that it is truly only one line when you enter it into your fstab:

engna1.bu.edu:/vol/users/       /ad/eng/users   nfs     sec=krb5,rw,tcp,nolock,rsize=8192,wsize=8192,noatime   0 0

engna2.bu.edu:/vol/support/     /ad/eng/support nfs     sec=krb5,rw,tcp,nolock,rsize=8192,wsize=8192,noatime   0 0

eng-support:/vol/support/software/linux/all/all       /ad/eng/opt     nfs ro,tcp,nolock,rsize=8192,wsize=8192,noatime 0 0

If you have an /ad/eng/research share for your lab, you should add this as well. If you don’t know what it’s named, or if your lab doesn’t have one at all, email enghelp@bu.edu with the name of your lab, the purpose of the share, and the amount of space you anticipate needing for data collaboration among your lab’s users. These shares are not intended for data archiving, only for holding and modifying data that is currently being used for collaboration.

You should also set your users’ Kerberos accounts to use their networked home directories as their default home directory for every login. To do this, when adding a new user to your system, run:

add-bu-user johndoe -d /ad/eng/users/j/o/johndoe

if you were adding the username “johndoe”. Note that the directory path always uses firstletter/secondletter/wholeusername as shown above. If you have already added Kerberos users to your system using add-bu-user, run “userdel johndoe” before running add-bu-user again with the -d flag as shown above. This will not delete the user’s already-existing /home/johndoe local home directory, but it will make the networked directory the default. If the user needs to go back into the local home directory, they can still do so by cd’ing to /home/johndoe.

Note that these home directories are the exact same ones that show up as the “X Drive” on a Windows system in ENG that has been added to the AD domain. Setting this directory as your home directory in Linux greatly simplifies interoperability between your Linux machines and your Windows windows machines. We strongly recommend keeping everything you care about on these networked drives, as they are backed up hourly and you can retrieve the backups yourself without any assistance. For more info, please see this page: http://collaborate.bu.edu/engit/FAQ/Snapshots

You may want to add executable directories of programs that you frequently use from the /ad/eng/support/software share into your $PATH variable so that they are easily accessible without browsing through the share.

Archived

As a shortcut, installing this RPM package (rpm -Uvh kerbNFS.noarch.rpm) will attempt to complete the setup and mount the users and support directories automatically.(Other directories can then be added manually.) The only dependencies of this file are nfs-utils and krb5-libs, both included already in a default BU Linux installation_