[Samba] Mounted NFS share as Samba share

L.P.H. van Belle belle at bazuin.nl
Fri Jan 9 02:11:35 MST 2015 

Hai, 

if you want nfs4 for on a member server and you want to share the user home dirs over nfs
so you can use them on any other server..  ( for example for ssh logins ) 

here some pointers. ( For debian, translate them to you own os ) 
And if anyone sees errors of improvements, please point them out  ;-) 

On the Member ( NFS) server
in smb.conf  this is the home ( user shares ) path : /home/samba/users used in this example.

apt-get install nfs-kernel-server --no-install-recommends -y
mkdir -p /exports/users

cat << EOF >> /etc/fstab 
/home/samba/users   /exports/users   none    bind  0  0
EOF

sed -i 's/NEED_SVCGSSD=/NEED_SVCGSSD=yes/g' /etc/default/nfs-kernel-server

cp /etc/idmapd.conf /etc/idmapd.conf.debian
cat << EOF >> /etc/idmapd.conf 

[Translation]

Method = nsswitch

EOF

cat << EOF >> /etc/exports
/exports/      192.168.0.0/24(rw,fsid=0,insecure,no_subtree_check,async)
/exports/users 192.168.0.0/24(rw,nohide,insecure,no_subtree_check,async)
EOF

## this on the ADDC SERVER
## Now login on the AD AD and if anyone who knows howto do this on the server your working, 
## so we dont need to copy the keytab file ... tell me.. ;-) 
## get kerberos to know the NFS server:  !! watch the CAPS !!
## ad the nfs spn to the "ALREADY AD JOINED SAMBA MEMBERSERVER 

samba-tool spn add nfs/membername.your.domain.tld MEMBERNAME\$ 
samba-tool spn add nfs/membername.your.domain.tld at ROTTERDAM.BAZUIN.NL MEMBERNAME\$
samba-tool domain exportkeytab --principal=nfs/membername.your.domain.tld  /root/keytab.MEMBERNAME-nfs

## now copy this file :/root/keytabs/keytab.MEMBERNAME-nfs 
## to the member server, and add this one to the default keytab file.

### back to the member server.
cp krb5.keytab krb5.keytab.backup 
ktutil
	rkt /etc/krb5.keytab
	rkt /root/keytab.MEMBERNAME-nfs
	list
	wkt /etc/krb5.keytab
	quit

service nfs-kernel-server restart


################## NFS CLIENT SETUP #################
# FOR THE OTHER SERVERS /Client servers.
apt-get install rpcbind nfs-common
cat << EOF >> /etc/idmapd.conf 

[Translation]

Method = nsswitch

EOF

###########  Dedicated nfs mount mounted at boot  
### CHOOSE ONE ! Enabled for now it the autofs. 
echo "## NFS V4 Users mounts"  >> /etc/fstab
echo "#membername.your.domain.tld:/export/users      /home/samba/users nfs   auto  0       0" >> /etc/fstab

### Or use AUTO FS optional. ( handy also for ssh Logins ) 
apt-get install autofs
echo "## automount samba home dir for NFSv4" >> /etc/auto.master
echo "/home/samba/users /etc/auto.nfshomeusers" >> /etc/auto.master

echo "*             membername.your.domain.tld:/export/users/&" >> /etc/auto.nfshomeusers

/etc/init.d/autofs restart


kerberised ssh logins on debian, very easy from here.
apt-get install ssh-krb5
/etc/init.d/ssh restart 
pam-auth-update ( and enable both )


and your able to login with ssh kerberized on debian server with the home(user) share on also on nfs. 


Greetz, 

Louis

>-----Oorspronkelijk bericht-----
>Van: d3r3kshaw at gmail.com 
>[mailto:samba-bounces at lists.samba.org] Namens BISI
>Verzonden: vrijdag 9 januari 2015 1:07
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] Mounted NFS share as Samba share
>
>On 15-01-08 10:51 AM, Tim wrote:
>> Hi,
>>
>> is it possible to create a Samba share with full Windows ACL 
>support based on a mounted NFS share?
>>
>> What is needed e.g. as NFS mount options?
>>
>> Regards
>> Tim
>>
>I have tried several times over the past few years with different 
>versions and failed every time.
>
>I will be following this to find out if it can be done.
>
>B.
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list