Tuesday, 27 October 2009

How to Configure multi CVS repository in fedora

  1. First of all Install xinetd package.yum -y install xinetd

  2. Install cvs package.yum -y install cvs*

  3. Create a group cvs.

  4. Create a user cvsroot and assing it to cvs group.

  5. Now make sure that following entries are present in your /etc/services file if the entries are not present then add it manually save & exit.

  6. Than Create 2 directory to be used for cvs repository
# mkdir /test

# mkdir /test2

# chmod 777 /test

# chmod 777 /test2



Initialize the repository for the first time



# cvs -d /test init

# cvs-d /test2 init

Now this steps are important

execute # cvs -d /test1/ init

# cvs -d /test2/ init



now enter into /test1 or /test2
  1. Assign permission chmod 771 CVSROOT

  2. This time,all local real system users can log into CVS server with their own passwords.

    If you want to disable, you can do by:

# chmod 644 /test/CVSROOT/config



# chmod 644 /test2/CVSROOT/config

Here you need to uncomment the line where #SystemAuth = yes. And set SystemAuth = no.



  1. Check your /etc/xinetd.d/cvs file and check that following entries are available and if now as above add it manually for multi cvs repository.

Entry will look like this:-

# default: off

# description: The CVS service can record the history of your source

# files. CVS stores all the versions of a file in a single

# file in a clever way that only stores the differences

# between versions.

service cvspserver

{

port = 2401

socket_type = stream

protocol = tcp

wait = no

user = test

server = /usr/bin/cvs

server_args = -f --allow-root=/test --allow-root=/test2 pserver

}



now save & exit this file.

  1. Now restart your xinetd service using following command

#service xinetd restart or /etc/init.d/xinetd restart

#chkconfig xinetd on

Now Disabled firewall & selinux.



Then now your system user cannot use cvs services with their own system password.

# cd /test1/CVSROOT or cd /test2/CVSROOT

# touch passwd (make passwd file manually)

If passwd file is not available then create user by executing following commands:-

# htpasswd -d -c /test1/CVSROOT/passwd user

# htpasswd -d -c /test2/CVSROOT/passwd user

To add additional user:-

# htpasswd -d /test1/CVSROOT/passwd user2

Check cvs Repository-:

# su - user1

# export CVSROOT=:pserver:user1@localhost:/test1

# cvs login

There should be no error when you have successfully login to the CVS server.















Wednesday, 8 July 2009

Step by step Install & configure Nagios


Nagios is a host and service monitor designed to inform you of network problems before your clients, end-users or managers do. It has been designed to run under the Linux operating system, but works fine under most *NIX variants as well. The monitoring daemon runs intermittent checks on hosts and services you specify using external "plugins" which return status information to Nagios. When problems are encountered, the daemon can send notifications out to administrative contacts in a variety of different ways (email, instant message, SMS, etc.). Current status information, historical logs, and reports can all be accessed via a web browser.


Nagios has a lot of features, making it a very powerful monitoring tool. Some of the major features are listed below:

Monitoring of network services (SMTP, POP3, HTTP, NNTP, PING, etc.)

Monitoring of host resources (processor load, disk and memory usage, running processes, log files, etc.)

Monitoring of environmental factors such as temperature

Simple plugin design that allows users to easily develop their own host and service checks

yum install httpd
yum install gcc

Create a new nagios user account and give it a password.

/usr/sbin/useradd nagios
passwd nagios

/usr/sbin/groupadd nagcmd

/usr/sbin/usermod -G nagcmd nagios
/usr/sbin/usermod -G nagcmd apache

Create a directory for storing the downloads.

mkdir ~/downloads
cd ~/downloads

wget http://osdn.dl.sourceforge.net/sourceforge/nagios/nagios-3.0.tar.gz

wget http://osdn.dl.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.4...

cd ~/downloads

tar xzf nagios-3.0.tar.gz
cd nagios-3.0

Run the Nagios configure script, passing the name of the group you created earlier like so:

./configure --with-command-group=nagcmd

Compile the Nagios source code.

make all

Install binaries, init script, sample config files and set permissions on the external command directory.

make install
make install-init
make install-config
make install-commandmode

Don't start Nagios yet - there's still more that needs to be done...

Sample configuration files have now been installed in the /usr/local/nagios/etc directory. These sample files should work fine for getting started with Nagios. You'll need to make just one change before you proceed...

Edit the /usr/local/nagios/etc/objects/contacts.cfg config file with your favorite editor and change the email address associated with the nagiosadmin contact definition to the address you'd like to use for receiving alerts.

vi /usr/local/nagios/etc/objects/contacts.cfg

Install the Nagios web config file in the Apache conf.d directory.

make install-webconf

Create a nagiosadmin account for logging into the Nagios web interface. Remember the password you assign to this account - you'll need it later.

htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin

Restart Apache to make the new settings take effect.

service httpd restart

cd ~/downloads

tar xzf nagios-plugins-1.4.11.tar.gz
cd nagios-plugins-1.4.11

Compile and install the plugins.

./configure --with-nagios-user=nagios --with-nagios-group=nagios
make
make install

chkconfig --add nagios

chkconfig nagios on

Verify the sample Nagios configuration files.

/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

If there are no errors, start Nagios.

service nagios start

Wednesday, 8 April 2009

Configure RT(Ticketing system) in Fedora

Ticketing system use of Sales lead Tracking,bug tracking or networking security tracking.
Basic installation & configuration RT in fedora
$ yum install httpd
$ yum install mysql
$ yum install mysql-server
$ yum install sendmail*
$ yum install dovecot*

Start the httpd and mysql services

service mysqld start
service httpd start

Make sure the httpd & mysqld service start at boot

chkconfig httpd on
chkconfig mysqld on


RT Installation
wget http://www.jwhite3.com/files/rt-3.6.6-bundle.tar.gz 

tar –zxvf rt-3.6.6-bundle.tar.

 Set repository -set repository if you are using rhel 5

vi /etc/yum/repos.d/localrt.repo

[rhel51-rt3] name=RT 3.6.6 for Red Hat Enterprise Linux 5.1 baseurl=file:///path/to/your/extracted/files enabled=1 gpgcheck=0
Install rt3 and all dependencies with yum

yum install rt3

RT Post Setup

Now that rt is installed you may want to customize your setup. Inorder to do that you will need to know where your files are located. This package changes the file locations from the fedora6 version of rt,and differs greatly from the BP default

Customize /etc/rt3/RT_SiteConfig.pm

You may find a need to change the site configuration of rt from time to time. For example to point rt to a remote database, configure external authentication, or set other configurable options. Below are several options that I like to set, but keep in mind these may differ greatly from a standard configuration.

Set($WebExternalAuth , '1');
Set($WebFallbackToInternalAuth , '1'); 
Set($OldestTransactionsFirst, 0); 
Set($MyTicketsLength, 25); 
Set($MyRequestsLength, 25); 
Set($WebBaseURL , "http://rt.blogspot.com"); 
Set($WebPath , ""); Set($WebImagesURL , $WebPath . "/NoAuth/images"); 
Set($rtname, 'blogspot.com'); 
Set($DatabaseHost   , 'db.blgspot.com'); 
Set($DatabaseRTHost , 'localhost'); 
Set($DatabaseUser, 'dbuser'); 
Set($DatabasePassword , 'dbpassword'); 
Set($DevelMode, '0'); 
Set($ShowTransactionImages, 0); 
Set($SuppressInlineTextFiles, true); 

Initialize the RT database

rt-setup-databse --action init


Configure sendmail

Symlink rt-mailgate to /etc/smrsh, and create aliases to use RT:

ln -s /opt/rt3/bin/rt-mailgate /etc/smrsh/rt-mailgate

Edit /etc/aliases and add lines:


rt: "|/etc/smrsh/rt-mailgate --queue general --action correspond --url http://blogspot.com/"
rt-comment: “|/etc/smrsh/rt-mailgate –queue general –action comment –url http://blogspot.com/”

Edit /etc/mail/sendmail.mc and change the line:


DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
to read:
dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA’)

Edit /etc/dovecot.conf and change the line:

protocols = imap,imaps,pop3,pop3s

Rebuild your sendmail.cf:

m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

Add rt server alias to /etc/mail/local-host-names:

rt.blogspot.com

Restart sendmail:

service sendmail restart


Test your new RT instance

Login to your new RT instance and test things out:

Default URL : http://blogspot.com/rt3/
Default User: root
Default password-password




Wednesday, 1 April 2009

How to configure ldap in fedora & rhel -5

$  yum install openldap-clients
$  yum install openldap-servers
$  
yum install openldap*
$rpm -qa | grep ldap
Take backup for slapd.conf
$ /etc/openldap/slapd.conf /etc/openldap/slapd.conf.bak
Edit the file /etc/openldap/slapd.conf


we need to change some lines suffix,
rootdn and the two rootpw lines.


Suffix is the high level descriptor you selected above. The
rootdn is who (the user) that owns the server and should start with
cn=. The first root password (rootpw) line should be set to
secret. You can generate an encrypted password for the second
rootpw line using the command:
$ slappasswd
Just cut and paste the output of the slappasswd command into the
second rootpw line in slapd.conf
$ vim /etc/openldap/slapd.conf
suffix "dc=bloger,dc=com"

bloger is a your domain name

rootdn "cn=Manager,dc=bloger,dc=com"
rootpw secret
rootpw {SSHA}MRNBda83kd9f7d7did902mLA1x0AVOWMRBua

save & exit this file.
open ldap.conf file.
$ vim /etc/openldap/ldap.conf
change 2 line in this file
HOST 127.0.0.1
BASE dc=bloger,dc=com

save & exit this file.
LDAP Migration tools-:
These tools are located
in /usr/share/openldap/migration. If
you don't find them in your distribution you can download these tools
from:
http://www.padl.com/OSS/MigrationTools.html

Install is simple.

untar zxf MigrationTools.tgz
cd MigrationTools-47

You then must edit migrate_common.ph and change the following site-specific variables to reflect your installation:


# Default DNS domain
$DEFAULT_MAIL_DOMAIN = "bloger.com";

# Default base
$DEFAULT_BASE = "dc=blger,dc=com
Now we need to add the base entries into the LDAP. Here is an example of a new base org. units you may need and a user new user. The file we will create in out example is bloger.com.ldif.

Create a data file (bloger.ldif) & copy following content.
$ tuch bloger.ldif

dn: dc=bloger,dc=com
objectclass: top
objectclass: organization
o: bloger
description: Top level LDAP for bloger.com
dn: ou=Group,dc=bloger,dc=com
ou: Group
objectClass: top
objectClass: organizationalUnit

dn: ou=People,dc=bloger,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit

dn: ou=Services,dc=bloger,dc=com
ou: Services
objectClass: top
objectClass: organizationalUnit
save this file.
$
/usr/share/openldap/migration/
migrate_base.pl > bloger.ldif
Import first record

$
ldapadd -a -W -x -D "cn=Manager,dc=bloger,dc=com"
-f bloger.ldif
$
ldapsearch -x -b '
dc=bloger,dc=com
' 'objectclass=*
Create test user-:create file newrec.ldif for test user & add some content in this file.

$ touch bloger.ldif
note-
You need an empty line before each line starting with "dn:"
$ vim bloger.ldif
# test1, < style="font-weight: bold;">bloger, com

dn: uid=test,ou=People,dc=bloger,dc=com
cn: test
sn: test
objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
userPassword: {crypt}$!Z0ksiAKjsKLAsjuwyuAK!jksX
uid: test
uidNumber: 501
gidNumber: 501
loginShell: /bin/bash
homeDirectory: /home/test
shadowLastChange: 10877
shadowMin: 0
shadowMax: 999999
shadowInactive: -1
shadowWarning: 7
shadowFlag: 0
shadowExpire: -1
save & exit this file.
The dn: record must be uniqe and should include the include your suffix.

Add the record to your LDAP

To add a record to the ldap database we use the command ldapadd

$ ldapadd -W -x -D "cn=Manager,dc=bloger,dc=com" -W -f newrec.ldif
$ ldapsearch -x -b 'cn=test,dc=bloger,dc=com'
will display this record if it is added correctly.
Client Side Authentication-:
1. Click System, select Administration and click Authentication. This will launch the Authentication Configuration window.

2. Check Enable LDAP Support and click the Configure LDAP button
3. Fill in the LDAP Search Base DN and LDAP Server fields. Click Ok when you are done.
4. Click the Authentications tab and check Enable LDAP Support.

To test this, create a user in your LDAP directory that is not in
your machine. Then check the account by fingering the
user. For example, if you add the test record for you
should be able to essue the command:
$ getent passwd
$ finger test1




Wednesday, 18 March 2009

Enable Passwordless Authentication with SSH

Step 1:
(*note server1 is the source server and server2 will be the destination server)

server1# mkdir ~/.ssh

Step 2:

server1# cd ~/.ssh

Step 3:

server1# ssh-keygen -t rsa

Generating public/private rsa key pair.
Enter file in which to save the key (”your_local_home”/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in id_rsa.
Your public key has been saved in id_rsa.pub.
The key fingerprint is:
18:6a:e3:78:ab:2d:0c:8e:f9:67:f7:30:32:44:77:34 phil@server1

Step 4:

server1# scp ~/.ssh/id_rsa.pub phil@server2.philchen.com:/home/phil/id_rsa.server1.pub

Step 5:

server1# ssh phil@server2.philchen.com Password:

Step 6:

server2# mkdir .ssh

Step 7:

server2# chmod 700 .ssh

Step 8:

server2# cat id_rsa.server1.pub >> .ssh/authorized_keys

Step 9:

server2# chmod 644 .ssh/authorzied_keys

Step 10:

server2# exit server1# ssh phil@server2.philchen.com

Thursday, 5 March 2009

Backups With Rsync

rsync is a command line utility that is used to synchronize files between two computers over a network to synchronize files between two filesystems. It was written as a replacement for rcp but with many new features. For example it uses an algorithm that will only transfer files that have been modified. SSH will be used to authenticate between the machines and to encrypt the network traffic.

The situation: We have four machines named: server, machine1, machine2, and machine3. The server has a tape drive that is used to do nightly backups. machine1 is used as a development box and has files that need to be backed up in /src and in /home. machine2 is used for mail and needs /home and /mail to be backed up. machine3 is a web server and needs /home, /var/www, and /etc/httpd backed up.

Create a shell script for each machine. Simplify your maintenance by placing the scripts in a central location. I like to use /root/scripts. Decide on where you want to log your output. I like /root/logs but another common option is to have the script mail you the output.

Add entries to your crontab to call the scripts. Make sure you leave enough time before your normal backups of the server that the rsync jobs complete.

Each night the following will occur:

  1. rsync machine1 -> Server
  2. rsync machine2 -> Server
  3. rsync machine3 -> Server
  4. backup server to tape
Let's take a look at the flags used for rsync in the examples:

rsync -ave ssh --numeric-ids --delete machine1:/home /machine1


Next generate a public private key pair with ssh. Place the public key in the ~/.ssh/authorized_keys file in an account on machine1, machine2, and machine3 that has read access to the directories that need to be backed up. It is best not to use the root account on the remote machines, but you should evaluate the risk in your environment. Test that you can login to these accounts using ssh without using a password.

Test each one of the rsync scripts. The first time you run rsync will take the longest as it will need to copy all the files from the remote machines and not just the files that have changed.

Add the /machine1, /machine2, and /machine3 (or whatever you have named them) directories to the servers backup script.

While this process does not backup the entire remote machine, it will ensure that you will not lose irreplaceable data.

Starting with the example scripts included in this tutorial there are many changes that can be made to fit your specific circumstances.

The frequency of the rsyncs can be modified to occur more often or at different times. Simply by adding additional crontab lines the backup from the remote machines could be done everyday at lunch, multiple times a day or even hourly.

The scripts could also be changed to rotate between multiple backups on the server or could be changed to do some sort of processing on the files before they are backed up. For example if the home directories you are backing up contain web browser caches, they could be removed after the rsync but before the system backup.

Using this article as a starting point you should create a backup plan that fit your needs.


Example rsync script for machine1:
#!/bin/bash  rsync -ave ssh --numeric-ids --delete machine1:/home /machine1 rsync -ave ssh --numeric-ids --delete machine1:/src /machine1  

Example rsync script for machine2:
#!/bin/bash  rsync -ave ssh --numeric-ids --delete machine2:/home /machine2 rsync -ave ssh --numeric-ids --delete machine2:/mail /machine2  

Example rsync script for machine3:
#!/bin/bash  rsync -ave ssh --numeric-ids --delete machine3:/home /machine3 rsync -ave ssh --numeric-ids --delete machine3:/var/www /machine3 rsync -ave ssh --numeric-ids --delete machine3:/etc/httpd /machine3   

Example crontab file logging to a directory:
# Scripts to rsync machines 59 20 * * * /root/scripts/sync-machine1.sh >/root/logs/sync-machine1.log 2>&1 59 21 * * * /root/scripts/sync-machine2.sh >/root/logs/sync-machine2.log 2>&1 59 22 * * * /root/scripts/sync-machine3.sh >/root/logs/sync-machine3.log 2>&1 # # Nightly Backup script 59 23  * * * /root/scripts/backup.sh > /root/logs/backup.log 2>&1 

Example crontab file mailing the output:


# Scripts to rsync machines 59 20 * * * /root/scripts/sync-machine1.sh 59 21 * * * /root/scripts/sync-machine2.sh 59 22 * * * /root/scripts/sync-machine3.sh # # Nightly Backup script 59 23  * * * /root/scripts/backup.sh

Saturday, 28 February 2009

Some simple Tricks

1. Create a Directory with different permission-: 

when we need a directory with specific permission , we created directory 
using the mkdir command then set the permission using chmod command.Define 
the access permission while creating the directory &  set permission. 
try to following command-: 
# mkdir /test -v -m 700 
where we used the -m option for define the permission,we need to set. Option 
v use for verbose mode. 

now check the directory permission. 
# ls -ld /test 

2. Take Hardware information on live server -:  Do you know Ram, Bious
Motherboard,processor,cache , slot status information form live server. We 
can use following command. 
# dmidecode --type bious 
# dmidecode --type processor 
# dmidecode --type memory

Thursday, 26 February 2009

Basic Samba Configuration step by step

We are trying to share knowledge about a samba by example.

we are going to create a directory path /home/data/sales.set the ownership and permission on the drectory such that people in the sales group can add/delete file but other can not.
first create a directory & set group & permission.
$ mkdir -p /home/data/sales
$ chgrp sales /home/data/sales
$ chmod 770 /home/data/sales
$ chmod g+s /home/data/sales note-: we have set special permission for group can add/delete file other can not.

# yum install samba*

open smb.conf file & add some line.

[sales]
comment = sales 's file
path = /home/data/sales
public = no
write list = @sales
: writable = yes

save & exit file.
$ /etc/init.d/smb restart

make a samba users & set smbpasswd-
$ smbpasswd -a user1

Selinux- if your selinux is inforce mode then you will need to allow selinux policy
$ getsebool -a | grep sam
$ setsebool -P samba_enable_home_dirs on

Iptables- if your pc firewall is enable then you will need set rules for allow.
$ iptables -I INPUT -s 192.168.10.0/24 -p tcp --dport 137:139 -J ACCEPT
$ iptables -I INPUT -s 192.168.10.0/24 -p tcp --dport 445 -J ACCEPT
$ iptables -I INPUT -s 192.168.10.0/24 -p udp --dport 137:139 -J ACCEPT
$ iptables -I INPUT -s 192.168.10.0/24 -p udp --dport 445 -J ACCEPT
$ /etc/init.d/iptables save
$ /etc/init.d/iptables restart
$ /etc/init.d/smb restart

Client side-
$ smbclient //servername/sales -U user1

if you want to permantly mount when system boot. you should be make fstab entry
add some line in fstab file.

$ vim /etc/fstab
//192.168.100.10/sales /mnt cifs username=user1,passwd=matix 0 0
save this file
$ umount -a
$ mount -a
$ df -kh (for check mount enrty)

Monday, 23 February 2009

CHKCONFIG on Ubuntu

If you want to use chkconfig command on ubantu. you can use following process..

$ apt-get install libnewt0.52

$ ln -s /usr/lib/libnewt.so.0.52 /usr/lib/libnewt.so.0.50

$ wget http://www.tuxx-home.at/projects/chkconfig-for-debian/chkconfig_1.2.24d-1_i386.deb

$ dpkg --force-all -i chkconfig_1.2.24d-1_i386.deb

chkconfig --list

Sunday, 22 February 2009

Nis Server Configuration for RHEL-5

Server side-: Install following package.
# yum install Ypserv
# yum install Ypbind
# yum install tools

# chkconfig ypserv on

# chkconfig yppasswdd on

# chkconfig ypxfrd on

# /etc/init.d /portmap restart

# chkconfig portmap on

Open file vim /etc/sysconfig/network

make this entry in file.


NISDOMAIN= ABC    "abc is a domian name"

save & exit file.

# service ypserv restart

# service yppasswd start

Make new user

adduser "username"

passwd "enter password"

enter new password “typpe new password”

retype new password “retype new password”

*remote home directory-:

# mkdir /abc

#chmod 777 /abc


#creaton of the user #

useradd -d /abc/test1 test1

passwd test1

useradd -d /abc/test2 test2

passwd test2

* type following command-:

# /usr/lib/yp/ypinit -m

 It will ask u next host to add#

Press CTR+D#

you will get below message #

The current list of NIS servers looks like this:

linux1.abc.com

Is this correct? [y/n: y]

#

#Press Y#




# Install nfs service#

chkconfig nfs on

chkconfig portmap on

chkconfig nfslock on



vim /etc/exports

 make the foolowing entry to share abc folder


/abc    *.192.168.10.0/24(rw,sync)


vim /etc/sysconfig/nfs

#make following entries in this file#

MOUNTD_PORT="4002"

STATD_PORT="4003"

LOCKD_TCPORT="4004"

LOCKD_UDPPORT="4004"

/etc/init.d/nfs restart

/etc/init.d/nfslock restart

/etc/init.d/portmap restart

exportfs -avf

show the exported folder

Client Side-:

now configure auto.misc and auto.master on client machine

make following entry in auto.misc

* -rw,soft,intr serveripaddress:/abc/&

make following entry in auto.master

/testhome etc/auto.misc

/etc/init.d/autofs restart

now run authconfig-tui

select nis domain

put ABC in domain fiels

server's ipaddress in server field

now login with user test1 from client machine in cmd prompt




Enjoy.........





Saturday, 21 February 2009

Squid Installation & Configuration

Server Configuration

  • Step #1 : Squid configuration so that it will act as a transparent proxy
  • Step #2 : Iptables configuration
    • a) Configure system as router
    • b) Forward all http requests to 3128 (DNAT

# yum install squid*

First, Squid server installed (use up2date squid) and configured by adding following directives to file:
# vi /etc/squid/squid.conf

Modify or add following squid directives:

http_port 3128
list of networks from where browsing should be allowed.uncommnet this 2 line & define spacified network.acl our_networks src 192.168.0.0/24     http_access allow our_networks  

If you want to block perticular website then you can set follwoing below process.but this line should be add in first of above 2 line, then it will be affected For a example we are ging to block orkut.com.

acl blocksite dstdomain .orkut.com

http_access deny blocksite


save & exit file.

Iptables configuration

Next, I had added following rules to forward all http requests (coming to port 80) to the Squid server port 3128 :
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to 192.168.0.0:3128
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -I INPUT -s 192.168.0.0/24 -p tcp --dport 3128 -j ACCEPTiptables -I INPUT -s 192.168.0.0/24 -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -s 192.168.0.0/24 -p udp --dport 3128 -j ACCEPT
iptables -I INPUT -s 192.168.0.0/24 -p udp --dport 80 -j ACCEPT
# /etc/init.d/iptables save# /etc/init.d/iptables restartStart or Restart the squid:

# /etc/init.d/squid restart

# chkconfig squid on

Friday, 20 February 2009

NFS Installation & configuration in fedora & RHEL-5

Server Side-
set repository ( if you are using RHEL-5)

# yum install nfs*
# yum install nfslock
# yum install portmap*

now restart all services
# /etc/init.d/nfs restart
# /etc/init.d/portmap restart
# /etc/init.d/nfslock restart

# chkconfig nfs on
# chkconfig portmap on

Make directory for share in network.
# mkdir /data
give permission as per your user management.
# chmod -R 777 /data (full permission)
Open /etc/exportfs file & edit this file.

# vim /etc/exportfs
/data *. 192.168.10.0/24(rw,sync)


file save in exit.

ro: The directory is shared read only; the client machine will not be able to write it. This is the default.
rw: The client machine will have read and write access to the directory.
sync: By default, all but the most recent version (version 1.11) of the exportfs command will use async behaviour.

# /etc/init.d/iptables start
open vim /etc/sysconfig/nfs & add following line for set port for nfs in iptables running mode.
MOUNTD_PORT="4002"
STATD_PORT="4003"
LOCKD_TCPPORT="4004"
LOCKD_UDPPORT="4004"

save & exit file.
# iptables -I INPUT -s 192.168.10.0/24 -p tcp --dport 111 -j ACCEPT
# iptables -I INPUT -s 192.168.10.0/24 -p tcp --dport 2049 -j ACCEPT
# iptables -I INPUT -s 192.168.10.0/24 -p tcp --dport 4002 -j ACCEPT
# iptables -I INPUT -s 192.168.10.0/24 -p tcp --dport 4003 -j ACCEPT
# iptables -I INPUT -s 192.168.10.0/24 -p tcp --dport 4004-j ACCEPT
# iptables -I INPUT -s 192.168.10.0/24 -p udp --dport 111 -j ACCEPT
# iptables -I INPUT -s 192.168.10.0/24 -p udp --dport 4002 -j ACCEPT
# iptables -I INPUT -s 192.168.10.0/24 -p udp --dport 4003 -j ACCEPT
# iptables -I INPUT -s 192.168.10.0/24 -p udp --dport 4004 -j ACCEPT
# iptables -I INPUT -s 192.168.10.0/24 -p udp --dport 2049 -j ACCEPT

# /etc/init.d/iptables save
# /etc/init.d/iptables restart
# /etc/init.d/nfs/restart
# showmount -e 192.168.10.10
It will be display share directory.
(note 192.168.100.10 - nfs configuration server ip )

Client Side-:
start portmap or nfs services.
/etc/init.d/nfs/restart
/etc/init.d/portmap restart

Mount nfs share directory temparly
mount -t nfs 192.168.10.10:/data /mnt

if you want to mount permanatly then open file vim /etc/fstab file & add this line.

# vim /etc/fstab

192.168.10.10:/data /mnt nfs defaults 0 0

Then file save & exit

# umount -a
# mount -a
# df -kh
Filesystem Size Used Avail Use% Mounted on
/dev/sda1 73G 5.9G 63G 9% /
tmpfs 248M 124K 248M 1% /dev/shm
gvfs-fuse-daemon 73G 5.9G 63G 9% /root/.gvfs
192.168.10.10:/data
97G 77G 21G 80% /mnt
Enjoy...........................