AIX NFS Version 4 configuration over Kerberos inter- realm setup. Introduction. Since security is one of the key aspects and selling features of Network File. System Version 4 (NFS Version 4), it is widely being accepted as the. The current implementation of NFS Version. Kerberos (RFC 4. 12. In such a heterogeneous environment. Microsoft. There are. AIX NFS Version 4 to operate across. In such cases, there is a high chance that the Kerberos. Kerberos by different vendors (for example, some using IBM NAS and others using. Microsoft Active Directory). In other scenarios that are similar, some. Microsoft Active Directory to IBM. Unable to mount NFS datastore from NetApp storage array due to incorrect configuration (1008591). NAS for AIX to act as the Kerberos server for their realm. This article describes the necessary configuration steps to aid you in. Example setup Configuration steps. For a better understanding, the configuration steps are divided into four distinct modules: Setting up IBM NAS KDC server and AIX NFS Version 4 server; Setting up Microsoft Active.IBM NAS Version 1. Microsoft Active Directory. It further details the changes required for AIX NFS. Version 4 to work over such an inter- realm setup and illustrates its working. Linux NFS configuration services By Adam Haeder. This is specific to RedHat, but most other Linux distributions follow the same pattern. An NFS server on linux requires 3 services to be running in order to. Download nfs - Need for Speed Shift Falken Demo: Demo dedicated to the Porsche GT3 RSR, and much more programs. How to Set Up a NFS Server and Client on Ubuntu Karmic Koala. Nfs is the fastest way to share files over a network between *nix systems. This article is a quick and easy way to share files with everyone on your local network. NFS (Network File System) client allows you to access shared directory from Linux client. The computer sharing the directory is called the NFS server (it can be NAS server too) and the computers or devices. Kerberos inter- realm. The Kerberos Version 5 protocol is implemented by various vendors for a variety. Its basic use is to achieve centralized authentication over a. Kerberos interoperability provides a common protocol for. In the Kerberos world, all the users and applications that use Kerberos as the. Kerberos server. (say either IBM NAS Version 1. AIX or Microsoft Active Directory) together. The name of the realm in which a Kerberos. Title: How to connect vSphere 4 with Qnap NAS as a datastore, using NFS Author: QNAP Subject: How to connect a vSphere 4 NFS Datastore on QNAP NAS Keywords: QNAP;NFS;datastore;vmware;esx;vsphere Created Date: 1/13/2010 7:51:14 PM. How to configure NFS Version 4 (NFS4) on Ubuntu Server. NOTE: This guide has been tested on Lucid Lynx 10.04 & Karmic Koala 9.10 although it may work equally well on earlier or later version of Ubuntu. 7 Configuring Storage for Oracle Grid Infrastructure and Oracle RAC. This chapter describes the storage configuration tasks that you must complete before you start the installer to install Oracle Clusterware and Oracle. The basic concept behind. Kerberos credentials in other realm. The following sections describe the configuration details on how to set up an. Kerberos realms, one configured to IBM NAS servers and the. Microsoft Active Directory. It further explains the use of AIX NFS. Version 4 as the kerberized application to test the working of inter- realm. AIX NFS Version 4. IBM NAS and Microsoft Active Directory—The scenario. In order to set up and test the execution of AIX NFS Version 4 over the Kerberos. IBM NAS and Microsoft Active Directory, consider the. As shown in Figure 1, the scenario. Kerberos realms. One of the realms. ADFSAIX1. IN. IBM. COM, has IBM NAS for AIX acting as the Kerberos Key. Distribution Center (KDC), while the other realm, MSKERBEROS. IN. IBM. COM, makes use of Microsoft Active Directory as the. Kerberos KDC. The AIX NFS Version 4 server exporting the directories is configured. IBM NAS realm, ADFSAIX1. IN. IBM. COM, while the AIX NFS Version 4. AIX NFS V4 server, is configured. ADFSAIX1. IN. IBM. COM and MSKERBEROS. IN. IBM. COM Kerberos. The final goal that defines the success of this scenario is that an. MSKERBEROS. IN. IBM. COM Kerberos principal, belonging to. MSKERBEROS. IN. IBM. COM realm, should be able to successfully acquire. Kerberos credentials on the AIX NFS Version 4 client machine and use those credentials to. AIX NFS Version 4 nfs/adfsaix. ADFSAIX1. IN. IBM. COMserver, belonging to. ADFSAIX1. IN. IBM. COM realm. Definitions NFS domain name: in. AIX NAS 1. 4 (KDC) and AIX NFS V4 server. Realm name : ADFSAIX1. IN. IBM. COM. Hostname : adfsaix. Operating system : AIX V5. IBM NAS admin principal : admin/admin. NFS V4 Server principal : nfs/adfsaix. Microsoft Active Directory Server (KDC). Realm Name : MSKERBEROS. IN. IBM. COM. Hostname : windce. Operating system : Microsoft Windows Server 2. Enterprise Edition, SP1). Active Directory admin. Principal : administrator. AIX NAS 1. 4 client and AIX NFS V4 client. Realm name : ADFSAIX1. IN. IBM. COM. Hostname : nfsaix. Operating system : AIX V5. Configured to ADFSAIX1. IN. IBM. COM and MSKERBEROS. IN. IBM. COM realms. Figure 1. Example setup. Configuration steps. For a better understanding, the configuration steps are divided into four distinct. Setting up IBM. NAS KDC server and AIX NFS Version 4 server Install krb. AIX 5. 3. machine. The IBM NAS Version 1. AIX Version. 5. 3 Expansion CD. The commands to install IBM NAS Version 1. AIX NFS Version 4 are: Listing 2. Fileset requirements bash- 2. Xgd . For more information, please refer to. AIX 5. 3L or 6. 10 documentation. Configure the AIX NAS KDC server. To configure the NAS KDC server. Listing 3 . For detailed. IBM NAS administration, please refer to the IBM NAS Version 1. Administration’s and User’s Guide, shipped with the AIX Version 5. Expansion. Pack CD. Configuration of the NAS KDC. PATH=/usr/krb. 5/bin/: /usr/krb. PATH. bash- 2. 0. S - r ADFSAIX1. IN. IBM. COM - d in. ibm. Initializing configuration.. Note that policy may be overridden by. ACL restrictions. For more information, please. Record the name. and chosen password in a secure place, as these principals are essential for. NAS environment. Set up the NFS domain name. You must have the NFS domain name set before. NFS Version 4. NFS setup. Current local domain: in. Add NFS domain- to- realm mapping on the NFS Version 4 server. NFS domain- to- realm mapping bash- 2. ADFSAIX1. IN. IBM. COM in. ibm. com. MSKERBEROS. IN. IBM. COM in. ibm. com. Create the NFS server principal on AIX KDC and then create the NFS server. Creating the NFS server principal bash- 2. WARNING: no policy specified for nfs/adfsaix. ADFSAIX1. IN. IBM. COM. defaulting to no policy. Note that policy may be overridden by. ACL restrictions. Enabling NFS Version 4 using RPSEC- GSS bash- 2. Stop and restart the NFS daemons (gssd and. Stopping and restarting the NFS daemons bash- 2. The Subsystem or Group, gssd, is currently inoperative. Subsystem PID is 3. Subsystem PID is 4. Enter lssrc - g nfs to make sure all of the NFS. Export the directory from NFS server that can be accessed by Kerberos. Exporting the directory bash- 2. Mount the exported directory locally to test that it is accessible with. Kerberos authentication. Get the Kerberos credentials for the user and then. NFSv. 4 exported directory on . Mounting the exported directory locally bash- 2. Password for admin/admin@ADFSAIX1. IN. IBM. COM. bash- 2. Ticket cache: FILE: /var/krb. For this scenario, we. Active Directory on a machine with hostname windce. Active Directory Domain MSKERBEROS. IN. IBM. COM, which we also. Microsoft Kerberos Realm running on Microsoft Active Directory. Inter- realm. settings on IBM NAS KDC Server and Microsoft Active Directory. The following steps are required on both the KDC machines to set up an. Add the krbtgt service principal to NAS KDC server. So, you need to. create krbtgt service principals for cross realms. It is important that these principals all have the same passwords. Adding the krbtgt service principal to NAS KDC server bash- 2. MSKERBEROS. IN. IBM. COM@ADFSAIX1. IN. IBM. COM. WARNING: no policy specified for krbtgt/MSKERBEROS. IN. IBM. COM@ADFSAIX1. IN. IBM. COM. defaulting to no policy. Note that policy may be overridden by. ACL restrictions. Note that policy may be overridden by. ACL restrictions. In this case, we added MSKERBEROS. IN. IBM. COM stanza in the. Editing the NAS KDC server /etc/krb. Stop and restart the krb. Stopping and restarting the. Stopping /usr/krb. Figure 2 lists the existing setup of the Active. Directory on windce. Figure 2. Existing setup of Active Directory on windce. Set up the configuration for the foreign Kerberos realm using the following. Windows Active Directory machine. Figure 3 lists the output of adding KDC in Active. Directory on windce. Figure 3. KDC in Active Directory on windce. Create a trusted domain relationship with the AIX NAS realm on the Windows. Active Directory. Log on to the Windows 2. Server machine. (windce. Active Directory and do the following: Start the Domain Tree Management tool. Click Programs. Administrative tools, and then Active Directory Domains and. Trusts. Right- click on the Properties of your domain, and then select the. Trusts tab and press New Trust. Enter your AIX NAS realm. ADS trust list. Select Realm trust as the trust type, Nontransitive as the. Two- way as the trust direction, and then in the. Trust password, type the password you passed while creating. After this the entry is created for your trusted realm, verify the. Figure 4 lists the final output after adding the trust. Active Directory realm and NAS realm on the Active Directory. Figure 4. Final output after adding. Active Directory. Confirm that you are able to get the TGT for the ADS principal (administrator). NAS server machine. Confirming that. you are able to get the TGT for the ADS principal file bash- 2. MSKERBEROS. IN. IBM. COM. Password for administrator@MSKERBEROS. IN. IBM. COM. bash- 2. Ticket cache: FILE: /var/krb. The command we used to install was: Listing 1. Installing krb. 5 client and modcrypt filesets bash- 2. Xg. Yd . Configuring the AIX NAS client bash- 2. PATH=/usr/krb. 5/bin/: /usr/krb. PATH. bash- 2. 0. C - r ADFSAIX1. IN. IBM. COM - d in. ibm. Initializing configuration.. For more information, please. Set up the NFS domain name and add the NFS domain- to- realm mapping on the. NFSv. 4 client machine. Listing 1. 7. Setting up the NFS domain name. NFS domain- to- realm mapping bash- 2. Current local domain: in. ADFSAIX1. IN. IBM. COM in. ibm. com. MSKERBEROS. IN. IBM. COM in. ibm. com. Stop and restart the NFS daemons (gssd and. Stopping and. restarting the NFS daemons bash- 2. The Subsystem or Group, gssd, is currently inoperative. Subsystem PID is 4. Subsystem PID is 2. Make sure all of the NFS daemons are active now by running. Also ensure that all the machines are. Get the TGT for the user in Microsoft realm and use it to access the NFS. IBM NAS. realm. Getting the TGT for the user bash- 2. MSKERBEROS. IN. IBM. COM. Password for administrator@MSKERBEROS. IN. IBM. COM. bash- 2. Ticket cache: FILE: /var/krb.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
September 2017
Categories |