Quickly configuring an LDAP + NFS client in Fedora

Recently I needed to configure 6 PCs for a central workplace. I needed central authentication as well as Network File System(NFS) on all those machines. All this was to facilitate the people of my technical club (the “Delta Force” Webteam) to use those machines for working on collaborative projects. The central authentication assured that I can easily manage user accounts from say, an LDAP server i.e. I can disable login of a user in a client machine or create a new user without having to touch the client machine at all. Similarly, NFS assured that no matter in which of those 6 machines the user logs in, he will always see the same files in his home directory and same configurations like his background-image, firefox addons, etc on that machine as if he always used the same computer for all his work. This eliminates the problem of people complaining that the machine in which their files resides are being used by someone else.

So my overall network configuration has the following prototype :

1) 6 client machines in which user will be able to login (Subnet of the machines : 10.1.39.0/24)
2) An LDAP server ( IP : 10.0.0.163 ) to take care of authentication when user logs into a client machine
3) The LDAP base DN which has the list of all users is ou=people,ou=delta,dc=ldap.delta.nitt,dc=edu
4) An NFS server ( IP : 10.0.0.126 ) which has the user home-directories of all users inside /webteam folder.
Overall working : When a user (say “jereme”) logs into a client machine, his username and password are checked from the LDAP server at 10.0.0.163. If authentication is successful, he’s logged into the machine and his home directory is actually mounted from /webteam/jereme in the NFS server at 10.0.0.126.

I assume you already have the fully configured LDAP and NFS servers since this article is only about configuring the “clients”. So here we go. Pick any of your client machines and do the following :

First we will configure NFS client. For this purpose, we will use the autofs package.

Step 1 : Install nfs-utils and autofs

For Ubuntu :

sudo apt-get install nfs-utils autofs

For Fedora :

yum install nfs-utils autofs

Step 2 : Edit the file /etc/auto.master and it should contain the following lines :

/webteam       /etc/auto.home
+auto.master

Step 3 : Edit /etc/auto.home and it should contain the following line :

      -rw,nfs,soft,intr,nolock             10.0.0.126:/webteam/&

Step 4 : Edit /etc/fstab and append the following line :

10.0.0.126:/webteam     /webteam      nfs     soft,rw     0 0

Step 5 : Edit /etc/sysconfig/autofs and it should have the following lines :

TIMEOUT=300
BROWSE_MODE="no"
MOUNT_NFS_DEFAULT_PROTOCOL=4
LDAP_URI="ldap://10.0.0.163"
SEARCH_BASE="ou=people,ou=delta,dc=ldap.delta.nitt,dc=edu"
USE_MISC_DEVICE="yes"

Step 6 : Restart autofs

/etc/init.d/autofs restart

Step 7 : Make autofs start automatically on startup :

chkconfig autofs on

Next, we will configure for the LDAP client.

Step 1 : Install nss_updatedb and openldap-clients

For Ubuntu

sudo apt-get install nss_updatedb openldap-clients

For Fedora

yum install nss_updatedb openldap-clients

Step 2 : Run authconfig-tui from terminal

authconfig-tui

Step 3 : The above will open a graphical window in the terminal. The first page will ask for the login type. It will have 2 columns. In the first column, select “LDAP authentication” and in the second column, select “LDAP,MD5,Shadow and Local Authentication”. Then click on Next.

Step 4 : Enter the following details when asked for LDAP configurations :

LDAP URI : http://10.0.0.163
Base DN : ou=people,ou=delta,dc=ldap.delta.nitt,dc=edu

Also disable “USE TLS ” option.

Step 5 : Open /etc/openldap/ldap.conf and uncomment “SIZELIMIT, TIMELIMIT and DEREF” and change it to :

SIZELIMIT	0
TIMELIMIT	0
DEREF		never

Step 6 : Open /etc/nsswitch.conf and modify :

passwd:	files sss
shadow:	files	sss
group:	files	sss

to

passwd:	files ldap sss
shadow:	files	ldap	sss
group:	files	ldap	sss

Step 7 : Now, run the following command :

nss_updatedb ldap

That’s it. You are done :). Now reboot.

Important Note : Some tools like “chkconfig” and “/etc/nsswitch.conf” configuration are Fedora-specific. Ubuntu has other alternatives. If you’re an Ubuntu user, the above configurations might not run for you. But its still worth a try. Good Luck!

Advertisements

2 comments on “Quickly configuring an LDAP + NFS client in Fedora

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s