CentOS - Aug 2008 - Using CentOS 5 as server; best way to setup NFSv4?

I've got a server running CentOS 5.2 and has a working NFSv4 server. 
I've
been looking for some help on this on the net, but haven't come across
anything that looks like it would pertain to my situation.

Basically, I've got a mixed distro environment (CentOS, Fedora, openSuSE,
Ubuntu, Puppy, and yikes possibly a Windows box) on various desktops and
laptops that I want to connect to my server.  Currently, I've got it setup
so that it is only NFSv4 with a host mask.  My first concern is that it
authenticates to the machine, not the user.  Second, that the user is
identifed by the UID on the local machine, not the actual user name.  Since
Centos/Fedora start UID at 500 and Ubuntu/opensuse start at 1000, even
though the names are the same, UID is not.  I'd rather not have to reID on
half my machines Third, I know I'll need samba for the windows box.  So, if
someone were to get on my local network and have the same uid as I have,
then they could mount my shares as rw and have at it.

The ideal situation is that a user would logon to a local box, then when he
wants to access a share, it sends the credentials to the server, and mounts
the share.  This is all for my home setup; basically, I'd like to have my
directories be mounted rw for myself, but if i have guests over, have them
be able to mount read only (sharing pictures with family memebers that have
laptops, etc).

Thanks,
Ryan
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.centos.org/pipermail/centos/attachments/20080801/de794da8/attachment.html>

On Fri, 2008-08-01 at 19:27 -0400, Ryan Dunn wrote:
> I've got a server running CentOS 5.2 and has a working NFSv4 server.
> I've been looking for some help on this on the net, but haven't
come
> across anything that looks like it would pertain to my situation.
> 
> Basically, I've got a mixed distro environment (CentOS, Fedora,
> openSuSE, Ubuntu, Puppy, and yikes possibly a Windows box) on various
> desktops and laptops that I want to connect to my server.  Currently,
> I've got it setup so that it is only NFSv4 with a host mask.  My first
> concern is that it authenticates to the machine, not the user.
> Second, that the user is identifed by the UID on the local machine,
> not the actual user name.  Since Centos/Fedora start UID at 500 and
> Ubuntu/opensuse start at 1000, even though the names are the same, UID
> is not.  I'd rather not have to reID on half my machines Third, I know
> I'll need samba for the windows box.  So, if someone were to get on my
> local network and have the same uid as I have, then they could mount
> my shares as rw and have at it.
> 
> The ideal situation is that a user would logon to a local box, then
> when he wants to access a share, it sends the credentials to the
> server, and mounts the share.  This is all for my home setup;
> basically, I'd like to have my directories be mounted rw for myself,
> but if i have guests over, have them be able to mount read only
> (sharing pictures with family memebers that have laptops, etc).
----
You seem to be afraid of changing id's but that really isn't that
difficult - especially considering that it's a one time process...

http://docsrv.sco.com/UG_admin/uaT.chguid.html

next - you really should consider using ldap which is perfect for
maintaining a single account/password which can be used to authenticate
users on various machines (but that wont create their $HOME
directories). Bonus is that if you use LDAP, the samba users also have
the same uid.

NFS-4 seems to be overkill for a home LAN setup but if you do some
google searches or at least start with the official documentation on
setting up NFS-4

http://www.centos.org/docs/5/html/5.2/Deployment_Guide/
(see section on NFS)

Craig

On Friday 01 August 2008 5:27:50 pm Ryan Dunn wrote:

If you are running your lan as a lab to learn, I would suggest one thing. From 
what I have read, it seems you just want to have everything work together in 
a simple manor. 

Since you have windows involved, you might consider having everything run with 
samba. With samba, every system would be able to share and use shares on 
every other computer.  

You could set up a samba server as a domain controller and use something like 
pam_smb, pam_ntdom or libpam-smbpass (i've used libpam-smbpass on other 
systems, but do know if centos makes it available anywhere, it is the only 
one that I know of that allows for update of the password from Linux) to 
allow the Linux boxes to authenticate against the samba server.

http://www.freebooks.by.ru/view/SambaIn24h/ch16-03.htm

In this case, you would not need to set up LDAP which I think is a bit much 
for what it sounds like you are trying to do. Because you would be mounting 
Linux to Linux using Samba, you would not need to worry about NFS at all. 

If it were just a Linux home network, I would do NFS3 with (probably a bad 
word here) NIS. Yes, NIS is insecure, but so is NFS3. If you use a firewall 
that would block outgoing NIS packets, it should do good enough for a home 
network. 

How this simplifies everything:

1: Only one network file system for both windows and Linux, not NFS for Linux, 
samba for windows. 

2: Allows Linux access to windows shares and printers. 

3: If you are using libpam-smbpass you do not need to use a something like 
LDAP, but rather passdb backend = tdbsam . 

Your needs may be more complex than what I assumed, but I wanted to put 
forward one way to consider...