Thanks, Derek.
I must have read wrong then. That's fine, I can use Samba instead.
What bugs me is that the "Red Hat 8 Bible" makes no mention of the
'/etc/hosts.allow' and '/etc/hosts.deny' files for this. Is this one of
those distro differences that I fell under by reading the wrong book?
The book also says that NFS 'will' work with Windows is the boxes are
running the client software. Here's a quote from the book. Maybe I just
misread this:
"By centralizing data and applications on a file server, you can accomplish
several goals:
<snip)
+ Transparency ---- Using protocols such as NFS, clients of your file server
(Windows, Linux, UNIX systems) can connect your file systems to their local
file systems as if your file systems existed locally."
Well, of course they can. That's what file sharing is about. I guess in
reading it over (again and again and again) I see that it is referring to
Linux clients, with the Windows machines as possible servers to get the
shares from, not the other way around. Right?
BTW, I did go into MCC and tried connecting that way. I had to make MCC
search for the server and then it just wouldn't let me do anything once it
found it. And I believe I did NOT place a space between the host name and
switches, but that is a good caution to remember.
So, what you are saying is that it was not an 'authentication' problem that
was causing the server to deny my access? It could be mismatched UID's
or...I have a feeling the firewall is the key. When I installed MDK 9, I
kept the security level on 'Medium'. Should I have installed without? Do I
really need it? The server is on the same LAN segment as the rest of my
network, which is connected to the firewall/gateway, seperating the metwork
from the outside world. I do not have a static IP. Can I just drop the
services to get rid of the firewall,, or should I just open it up? Or will
Samba get past all this and I should just forget I ever bothered with NFS?
Thanks for the help, Derek
T
----- Original Message -----
From: "Derek Jennings" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, November 14, 2002 7:23 PM
Wrong. NFS is LESS secure than Samba, and in my experience slower.
>
> I am confused as to the correct verbiage to get my home folder on the
> server to be seen, read, written to from my Linux workstations (I'll worry
> about whether NFS can work for the Win boxes or if I need to use Samba,
> instead --- for later!)
NFS *cannot* work with Win boxes at all. It is Unix only.
> What I really want to do is have each workstation
> given access to folders only if their login/user name matches the folder's
> rights. All I can seem to gather is that I should be able to have the host
> name of machines qualify for access, not the users. Am I missing something
> here?
The contents of the /etc/hosts.allow and /etc/hosts.deny files determine
which hosts are allowed to make NFS connections
The users are identified purely by their UID numbers (User Identification
Numbers)
So if User Technoslick is UID 501 on Box A, but UID 502 on Box B it will not
work. You either have to keep the UID numbers constant across all boxes, or
else you need a nameserver running, so they can work out who is who.
It is this aspect that makes NFS so insecure. The NFS server has to take it
on
trust that the person applying for the connection is who they say they are.
There is no authentication. You should therefore *never* use NFS on an
untrusted lan segment.
>
> Until I understand what the correct commands are, I will be in circular
> hell. When I try to mount from a workstation as root, I am denied access
by
> the server, wanting my user name instead. If I try to mount under my user
> name, I am told (not very nicely)....'only root can do dat!' NO kidding!
> ARGH!
>
> My exports file is really simple:
>
> /home/username workstation (rw)
There must be no space between the 'n' and the '('
It changes the meaning entirely if there is.
>
> It did have the 'no_root_squash' option in there before, but I took it out
> thinking that it would allow me to log in as root to mount. Nope.
>
> I made sure that I used the 'exportfs -a -v' command after making changes,
> and I made sure that the 'nfs' and mfslock' daemons were running.
I always use exportfs -ra
Also make sure the netfs service is running.
>
> I have been using RH book for instructions, so I wasn't sure if the
> following command 'didn't' work because of the differences in distros or
> because I am missing something:
>
> 'ps ax | nfsd' yields a bad command reply. Does that makes sense?
>
> Can someone give me the syntax for exporting a home directory so that only
> the rightful user of that home, regardless of what machine he is on, can
> mount it on said machine? And maybe tell me if I am missing something that
> is being obvious to me?
To get NFS working all you need to do is define your /etc/exports file, do
your 'exportfs -ra', then on the remote machine run the GUI in Mandrake
ControlCentre>MountPoints>NfsMount Points
You can see remote shares advertised, pick a mount point, and Hey presto! it
is mounted.
BTW: Having a firewall running is a common cause of NFS problems.
PS:If you want a secure means of accessing remote directories, and you
happen
to use KDE, then give kio_fish a try. It is really easy, and very secure,
and
can even work on Windows machines. (If they support ssh)
I have a tutorial here:-
http://homepage.ntlworld.com/djennings/kio_fish.html
derek
>
> TIA
>
> T
----------------------------------------------------------------------------
----
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
