See comments in text
On Thursday 14 Nov 2002 11:57 pm, Technoslick wrote:
> OK. I am ready to start kicking things...
>
> I have my MDK 9 server running. I want to share some folders. I thought
> there was a suggestion that using NFS was more secure and faster than
> Samba, so I decided to make that happen.
Wrong. NFS is LESS secure than Samba, and in my experience slower.
>
> I am confused as to the correct verbiage to get my home folder on the
> server to be seen, read, written to from my Linux workstations (I'll worry
> about whether NFS can work for the Win boxes or if I need to use Samba,
> instead --- for later!)
NFS *cannot* work with Win boxes at all. It is Unix only.
> What I really want to do is have each workstation
> given access to folders only if their login/user name matches the folder's
> rights. All I can seem to gather is that I should be able to have the host
> name of machines qualify for access, not the users. Am I missing something
> here?
The contents of the /etc/hosts.allow and /etc/hosts.deny files determine
which hosts are allowed to make NFS connections
The users are identified purely by their UID numbers (User Identification
Numbers)
So if User Technoslick is UID 501 on Box A, but UID 502 on Box B it will not
work. You either have to keep the UID numbers constant across all boxes, or
else you need a nameserver running, so they can work out who is who.
It is this aspect that makes NFS so insecure. The NFS server has to take it on
trust that the person applying for the connection is who they say they are.
There is no authentication. You should therefore *never* use NFS on an
untrusted lan segment.
>
> Until I understand what the correct commands are, I will be in circular
> hell. When I try to mount from a workstation as root, I am denied access by
> the server, wanting my user name instead. If I try to mount under my user
> name, I am told (not very nicely)....'only root can do dat!' NO kidding!
> ARGH!
>
> My exports file is really simple:
>
> /home/username workstation (rw)
There must be no space between the 'n' and the '('
It changes the meaning entirely if there is.
>
> It did have the 'no_root_squash' option in there before, but I took it out
> thinking that it would allow me to log in as root to mount. Nope.
>
> I made sure that I used the 'exportfs -a -v' command after making changes,
> and I made sure that the 'nfs' and mfslock' daemons were running.
I always use exportfs -ra
Also make sure the netfs service is running.
>
> I have been using RH book for instructions, so I wasn't sure if the
> following command 'didn't' work because of the differences in distros or
> because I am missing something:
>
> 'ps ax | nfsd' yields a bad command reply. Does that makes sense?
>
> Can someone give me the syntax for exporting a home directory so that only
> the rightful user of that home, regardless of what machine he is on, can
> mount it on said machine? And maybe tell me if I am missing something that
> is being obvious to me?
To get NFS working all you need to do is define your /etc/exports file, do
your 'exportfs -ra', then on the remote machine run the GUI in Mandrake
ControlCentre>MountPoints>NfsMount Points
You can see remote shares advertised, pick a mount point, and Hey presto! it
is mounted.
BTW: Having a firewall running is a common cause of NFS problems.
PS:If you want a secure means of accessing remote directories, and you happen
to use KDE, then give kio_fish a try. It is really easy, and very secure, and
can even work on Windows machines. (If they support ssh)
I have a tutorial here:-
http://homepage.ntlworld.com/djennings/kio_fish.html
derek
>
> TIA
>
> T
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
