14.

NFS (Network File System) Server and Autofs

1. What is NFS? Explain it.
NFS stands for Network File system and it is way to share the local hard drive files
between machines which are NFS compatible. That means we share the files between Linux
and Unix machines but not between Linux and windows systems. NFS is used upd protocol.
Normally the NFS server exports one or more directories to the client system and the
client system mount one or more of the shared directories called mount points. After the NFS is
mounted, all I/O operations are written back to the server, and all the clients notice the
change. A manual refresh is not needed because the client access the remote file systems
same as local file system because access does not requires the IP address, user name and
password. However we can provide the security using the kerberos security.
2. What are the disadvantages of NFS?
(i) NFS does not support cross plat forms. ie., it will not support the sharing the
files between Linux and Windows systems.
(ii) NFS does not support encryption of the data and it supports only plain text
format.
(iii) NFS does not support TCP Wrappers, ie., NFS does not support
/etc/hosts.allow and /etc/hosts.deny, because there is no libwrap.so module is not
loaded with NFS service.
(iv) NFS does not support authentication. So, to overcome this problem kerberos
security system is used.
3. What is the profile of NFS?
Package : nfs*
Services : nfs (in RHEL - 6)
nfs-server, nfs-secure-server (nfs with kerberos)
(both for NFS server)
nfs-secure (for NFS client) (these three services
are in RHEL - 7)
Script : /etc/init.d/nfs
Port numbers : 2049 (for NFS server) and below 1024 (for NFS client)
Configuration Files : /etc/exports and /etc/sysconfig/nfs
Other Important Files : /var/lib/nfs/etab and /var/lib/nfs/rmtab
Versions : NFS - 3 (default in RHEL - 5) but it supports NFS -
4
NFS - 4 (default in RHEL - 6) but It also supports
NFS - 3
NFS - 4 (default in RHEL - 7) but it also supports
NFS - 3
Protocol : udp protocol
4. What are the background deamons for NFS and explain them?
There are 6 background deamons for NFS.
(i) rpc . mountd :
This deamon is responsible for executing mount and unmount requests by the
client.
 (ii) rpc . nfsd :
This deamon responds to clients requests for file access.
(iii) rpc . rquotad :
This deamon is responsible for enabling quotas on NFS shared devices.
(iv) rpc . statd :
This deamon is used to see the statistics about NFS server from NFS client
when executing the commands # netstat or # nfsstat (to see the I/O statistics of NFS)

(v) rpc . lockd :

This deamon manages file locks and releases incase of client disconnected.
(vi) rpc . idmapd :
This deamon is responsible for mapping user id and group id towards
themselves.
5. What are the difference between NFS 3 and NFS 4?
In NFS 3 there is no security to protect the data, but in NFS 4 there is a kerberos
security to protect the data.
In NFS 3 there is no ACL permissions on the shared directory, but in NFS 4 there is an
ACL permissions on the shared directory.
6. In how many ways we can mount the NFS shared directory?
In order to access the NFS shared data, we have to mount that shared directory on
local mount point. The mounting can be direct mount (manual mount) and indirect mount
(auto mount).
Direct mount :
First create the local mount point and then mount that shared NFS directory on our
local systems mount point by # mount <server host name or IP address> : <shared
directory with full path><mount point> command. But this is temporary mount and we can
mount it permanently by put an entry in /etc/fstab file.
Example :
# mount 172.25.9.11:/product /mnt/nfs (to mount the directory /product on
/nfs mount point temporarily)
# vim /etc/fstab (open this file and put an entry of mount point
to mount permanently)
172.25.9.11:/product /mnt/nfs nfs defaults 0 0 (save and
exit this file)
Indirect mount :
This method is used to mount the NFS share by using the Autofs service. Autofs uses
the automount daemon to manage our mount points by only mounting them dynamically when
they are accessed.
Autofs consults the master map configuration file /etc/auto.master to determine which
mount points are defined. It then starts an automount process with the appropriate
parameters for each mount point. Each line in the master map defines a mount point and
a separate map file that defines the file systems to be mounted under this mount point. For
example, the /etc/auto.misc file might define mount points in the /mnt directory; this
relationship would be defined in the /etc/auto.master file.
 Each entry in auto.master has three fields. The first field is the mount point. The second
field is the location of the map file, and the third field is optional. The third field can contain
information such as a timeout value.
For example, to mount the directory /product on the remote machine
server9.example.com at the mount point /mnt/nfs on your machine, add the following line
to auto.master:
/mnt /etc/auto.misc --timeout 60
Next, add the following line to /etc/auto.misc:
nfs -rw server9.example.com:/product
The first field in /etc/auto.misc is the name of the /mnt subdirectory. This subdirectory
is created dynamically by automount. It should not actually exist on the client machine.
The second field contains mount options such asrw for read and write access. The third
field is the location of the NFS export including the hostname and directory.
The directory /mnt must be exits on the local file system. There should be no sub
directories on the local file system.
To start the autofs service, at a shell prompt, type the following command:
# servive autofs restart
To view the active mount points, type the following command at a shell prompt:
# service autofs status
If you modify the /etc/auto.master configuration file while autofs is running, you must
tell the automount daemon(s) to reload by typing the following command at a shell prompt:
# service autofs reload
7. How to configure NFS server?
(i) First install the NFS package by # yum install nfs* -y command.
(ii) Create the NFS shared directory on server system by # mkdir /public command.
(iii) Modify the permissions of the /public directory by # chmod 777 /public
command. (These permissions
may be changed depend on it's requirement)
(iv) Modify the SELinux context of the /public directory if SELinux is enabled by
executing the below command. # chcon -t public_content_t /public
(v) create some files in the /public directory by # touch f{1..10} command.
(vi) Open the file NFS configuration file and put an entry of the NFS shared information
by # vim /etc/exports command and type as an entry like <shared directory name>
<to whom to export the shared directory> (<permissions>, sync)
For example,
# vim /etc/exports
/public *.example.com (ro/rw, sync)
(save and exit the file)
* Where *.example.com means the shared directory can be exported to all
the systems of the example.com domain.
* Permissions like ro (read only) or rw (read & write) and sync means the
data will always be synced.
/public desktop9.example.com (rw, sync) (to export the /public
to desktop 5 system only)
 /public *.example.com (ro, sync) (export to the entire example.com
domain with read only)
/public 172.25.0.0/24 (rw, sync) (export to 172.25.0.0 network
only with read and write)
/public server [ 0 - 20 ].example.com (rw, sync) (export to server0 to
server20 in example.com
domain with read and write)
/public 172.25.0.10 (rw, sync) (export to 172.25.0.10 network
only with read and write)
Common Mount permission options :

rw read/write permissions
ro read-only permissions
insecure Allows the use of ports over 1024
Specifies that all changes must be written to disk before a
sync
command completes
no_wdelay Forces the writing of changes immediately
root_squash Prevents root users

(vii) Export the above shared directory to the defined client systems by # exportfs -rv
command.
(viii) Restart the NFS services by following the commands in RHEL - 6 and RHEL - 7.
# service rpcbind restart (to restart the
rpcbind service in RHEL - 6)
# service nfs restart (to restart the
NFS service in RHEL - 6)
# systemctl restart nfs-server (to restart the
NFS service in RHEL - 7)
(ix) Make the NFS service permanently boot at next boot time onwards as follows.
# chkconfig rpcbind on (to on the
rpcbind service in RHEL - 6)
# chkconfig nfs on (to on the nfs
service in RHEL - 6)
# systemctl enable nfs-server (to
enable the nfs-server in RHEL - 7)
(x) Export the NFS shared directory as follows.
# exportfs -rv
(xi) Enable the NFS service to the IP tables and Firewall in RHEL - 6 and RHEL - 7 as
follows.
In RHEL - 6 :
(i) # setup
(a) Select Firewall Configuration.
(b) Select Customize ( Make sure firewall option remain selected ).
 (c) Select NFS4 ( by pressing spacebar once ).
(d) Select Forward and press Enter.
(e) Select eth0 and Select Close button and press Enter.
(f) Select ok and press Enter.
(g) Select Yes and press Enter.
(h) Select Quit and press Enter.
(ii) Now open/etc/sysconfig/iptables file and add the following rules under the
rule for port 2049 and save file.
-A INPUT -m state --state NEW -m udp -p udp --dport 111 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 111 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 32803 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 32769 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 892 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 892 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 875 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 875 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 662 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 662 -j ACCEPT
(iii) Restart the IP tables service by # service iptables restart command.
(iv) Make the IP tables service as permanent from next boot onwards as
follows.
# chkconfig iptables on
The following commands could be helpful for troubleshooting :

# mountstats Shows information about mounted NFS shares

# nfsstat Shows statistics of exported resources
# nfsiostat Shows statistics of NFS mounted shares

In RHEL - 7 :
# firewall-cmd --permanent -add-service=nfs (to enable the
nfs service at firewall)
# firewall-cmd --permanent -add-service=mountd (to
enable the mountd service at firewall)
# firewall-cmd --permanent -add-service=rpc-bind
(to enable the rpc-bind service at firewall)
# firewall-cmd --complete-reload (to reload the
firewall)
8. What are requirements for NFS client?
(i) NFS server IP address or hostname.
(ii) Check the NFS shared name.
(iii) Create the local mount point.
(iv) Mount the NFS shared name on the local mount point.
(v) Go to mount point (local mount point) and access the NFS shared data.
9. How to access the NFS shared directory from the client?
(i) On Client system, install the nfs-utils package by # yum install nfs-utils* -
y command.
(ii) Check the exported NFS shared directory by # showmount -e <IP address
or hostname of the server>
Example : # showmount -e 172.25.9.11 or # showmount -e
server9.example.com
(iii) Create one mount point to mount the NFS shared directory by # mkdir
/<mount point> command.
Example : # mkdir /mnt/nfs
(iv) Mount the NFS shared directory on the above created mount point.
# mount <IP address or server hostname> : <NFS shared
directory><mount point>
Example : # mount 172.25.9.11:/public /mnt/nfs or
# mount server9.example.com:/public /mnt/nfs
* These are temporary mount only. ie., If the system is rebooted these are unmounted
automatically and we have to mount again after the system is rebooted.
(v) So, if we want to mount it permanently, then open /etc/fstab file and put an
entry of the mount point.
# vim /etc/fstab (to open the
file)
<IP address or server hostname> : <shared name><mount point><file
system> defaults 0 0
Example : 172.25.9.11:/public /mnt/nfs nfs defaults 0 0
( or )
server9.example.com:/public /mnt/nfs nfs defaults
0 0 (save and exit the file)
(vi) Mount all the mount points as mentioned in the above /etc/fstab file by #
mount -a command.
(vii) # df -hT command is used to check all the mounted partitions with file system
types.
10. Why root user cannot create the files in the NFS shared directory and how to make
him to create the files?
The root user normally has all the permissions, but in NFS root user is also becomes as
a normal user. So, the root user having no permissions to create the files on the NFS shared
directory.
The root user becomes as nfsnobodyuser and group also nfsnobody due to
root_squash permission is there by default. So, if we want to make the root user to create file
on the NFS shared directory, then go to server side and open the /etc/exports file and
type as below,
<shared name> <domain name or systems names>(permissions, sync,
no_root_squash)
Example : /public *.example.com(rw, sync, no_root_squash)
(save and exit the file)
 # exportfs -rv (to export the shared directory)
# service nfs restart (to restart the NFS service in RHEL - 6)
# systemctl restart nfs-server (to restart the NFS service in RHEL
- 7)
11. What are the disadvantages of the direct or manual mounting?
(i) Manual mounting means, we have to mount manually, so it creates so many
problems. For example if NFS service is not available then, # df -hT command will
hang.
(ii) If the NFS server is down while booting the client, the client will not boot
because it searches for NFS mount point as an entry in /etc/fstab file.
(iii) Another disadvantage of manual mounting is it consumes more memory and CPU
resources on the client system.
So, to overcome the above problems normally indirect or automount is used using
Autofs tool.
12. What is secure NFS server and explain it?
Secure NFS server means NFS server with Kerberos security. It is used to protect the
NFS exports. Kerbebors is a authentication tool to protect the NFS server shares. It uses the
krb5p method to protect by authentication mechanism and encrypt the data while
communication.
For this one key file is required and this should be stored in each and every client which
are accessing the nfs secure directory. Then only Kerberos security will be available. This key file
should be stored in /etc/krb5.keytab file. For example the following command will download
and store the keytab.
# wget http://classroom.example.com/pub/keytabs/server9.keytab -O
/etc/krb5.keytab (where O is capital)
13. How to configure the secure NFS server?
(i) Install the NFS package.
# yum install nfs* -y
(ii) Create a directory to share through NFS server.
# mkdir /securenfs
(iii) Modify the permissions of shared directory.
# chmod 777 /securenfs
(iv)Change the SELinux context of the directory if the SELinux is enabled.
# chcon -t public_content_t /securenfs
(v) Open the NFS configuration file and put an entry of the shared directory.
# vim /etc/exports
/securenfs *.example.com(rw,sec=krb5p)
(save and exit the file)
(vi)Download the keytab and store it in /etc/krb5.keytb file.
# wget http://classroom.example.com/pub/keytabs/server9.keytab -O
/etc/krb5.keytab
(vii)Export the shared the directory.
# exportfs -rv
(viii) Restart and enable the NFS services in RHEL - 6 and RHEL - 7.
 # service nfs restart (restart the NFS
service in RHEL - 6)
# service nfs-secure-server restart (restart the secure NFS
service in RHEL - 6)
# chkconfig nfs on (enable the NFS
service in RHEL - 6)
# systemctl restart nfs-server
(restart the NFS service in RHEL - 7)
# systemctl restart nfs-secure-server (restart the
secure NFS service in RHEL - 7)
(ix) Enable the IPtables or firewall to allow NFS servicein RHEL - 6 and RHEL - 7 as
follows.
In RHEL - 6 :
(i) # setup
(a) Select Firewall Configuration.
(b) Select Customize ( Make sure firewall option remain selected ).
(c) Select NFS4 ( by pressing spacebar once ).
(d) Select Forward and press Enter.
(e) Select eth0 and Select Close button and press Enter.
(f) Select ok and press Enter.
(g) Select Yes and press Enter.
(h) Select Quit and press Enter.
(ii) Now open /etc/sysconfig/iptables file and add the following rules under
the rule for port 2049 and save file.
-A INPUT -m state --state NEW -m udp -p udp --dport 111 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 111 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 32803 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 32769 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 892 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 892 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 875 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 875 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 662 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 662 -j ACCEPT
(iii) Restart the IP tables service by # service iptables restart command.
(iv) Make the IP tables service as permanent from next boot onwards as
follows.
# chkconfig iptables on
In RHEL - 7 :
# firewall-cmd --permanent -add-service=nfs (to enable the
nfs service at firewall)
# firewall-cmd --permanent -add-service=mountd (to
enable the mountd service at firewall)
 # firewall-cmd --permanent -add-service=rpc-bind
(to enable the rpc-bind service at firewall)
# firewall-cmd --complete-reload (to reload the
firewall)
14. How to access the secure NFS server on client side?
(i) Install the nfs-utils package.
# yum install nfs-utils* -y
(ii) Download the same key tab and store it in /etc/krb5.keytab file.
# wget http://classroom.example.com/pub/keytabs/desktop9.keytab
-O /etc/krb5.keytab
(iii) Check the shared NFS directory.
# showmount -e server9.example.com
(iv) Restart the secure NFS service on client side.
# service nfs-secure restart (restart the
secure NFS client service in RHEL - 6)
# systemctl restart nfs-secure (restart the
secure NFS client service in RHEL - 7)
(v) Create the mount point on client system.
# mkdir /mnt/nfssecure
(vi) Mount the NFS shared directory on the local mount point temporarily.
# mount server9.example.com:/securenfs /mnt/nfssecure
(vii) Open /etc/fstab file and put an entry of the NFS shared mounting details to
mount it permanently.
# vim /etc/fstab
server9.example.com:/securenfs /mnt/nfssecure nfs
defaults,sec=krb5p 0 0
(save and exit the file)
(viii) Mount all the file systems which are having the entries of the /etc/fstab file.
# mount -a
(ix) Check all the mounted file systems with file system type on client system.
# df -hT
15. How to mention the NFS version while configuring?
(i) Open /etc/sysconfig/nfs file by # vim /etc/sysconfig/nfs command.
(ii) Go to line no. 13 and edit the line as below,
RPCNFSDARGS=" - 4.2 "
(iii) Save and exit this file.

16. How to add the LDAP user shared directory and how the LDAP user access that
directory on client?
(i) Create a sub-directory in /securenfs directory.
# mkdir /securenfs/secure
(ii) Change the ownership of the above sub directory to LDAP user.
# chown ldapuser9 /securenfs/secure
(iii) Assign the full permissions on that directory to LDAP user.
 # setfacl -m u : ldapuser9 : rwx /securenfs/secure
(iv) Change the SELinux context of that directory if SELinux is enabled.
# chcon -t public_content_t /securenfs/secure
(v) Re-export the secure NFS shared directory.
# exportfs -rv
(vi) Restart the NFS services.
# service nfs restart (restart the NFS
service In RHEL - 6)
# service nfs-secure-server restart (restart the secure
NFS service In RHEL - 6)
# systemctl restart nfs (restart the
NFS service In RHEL - 7)
# systemctl restart nfs-secure (restart the
secure NFS service In RHEL - 7)
On Client side :
(i) Login as LDAP user on local system through ssh.
# ssh ldapuser9@localhost (type yes and press
Enter if it asks (yes/no))
(ii) Type the password as kerberos if it asks the LDAP user password.
(iii) Go to that secure NFS shared mount point and access the contents.
$ cd /mnt/nfssecure (to
access the mount point)
$ ls (to see
the contents in that)
$ cd secure (to
access the sub directory)
$ ls (to see
the contents in that)
$ exit (to exit or
logout from ssh)
17. What are the advantages of NFS?
(i) NFS allows multiple computers can use same files, because all the users on the
network or domain can access the same data.
(ii) NFS reduces the storage costs by sharing applications on computers instead of
allocating local disk space for each user application.
(iii) NFS provides data consistency and reliability, because all users can read same set
of files.
(iv) NFS supports heterogeneous environments which are compatible to NFS.
(v) NFS reduces System Administration overhead.
18. Remote user cannot mount the NFS shared directory. How to resolve this?
(i) First check the user belongs to the same domain as the NFS shared or not. ie.,
the user's system domain and NFS shared system domain should communicate.
(ii) Check the user's system is pinging or not.
 (iii) Check the user's name is present, not present or disabled to access the NFS
server.
(iv) Check the mounted file system is shared or not.
(v) Check all the NFS server and client deamons are running or not.
(vi) Check all the network connections are properly established or not.
(vii) Check whether the NFS service is running or not in server's current run level.
(viii) Check whether the NFS server is running or hung or shutdown.
(ix) Check both NFS server and NFS client systems network routers, network
connections and IP addresses.
(x) Check the mount point is correct or not, paths are correct or not and files
are there or not.
(xi) Check the NFS shared directory and mount point details are correct or not
in /etc/fstab file.
(xii) Check the keytabs are downloaded and stored properly in /etc/krb5.keytab file
on both NFS server and client.
(xii) Finally check whether the NFS port no. 2049 is running or not and make sure
that the IP tables or firewall should not block the NFS service.
19. NFS server and NFS client configurations are OK, but at client it is not showing
anything. How to resolve?
(i) The rpcbind may be failed.
(ii) The server is not responding.
(iii) NFS client may be failed at reboot.
(iv) The NFS service is not responding.
(v) The deamons on both systems may not be running.
(vi) Network may be failed on both server and client or any one system.
(vii) May be server and client are not in the same domain or not pinging.
(viii) The server may be in hung or shutdown state.
20. What is Autofs ?
Autofs is service that can automatically mount the shared directory on demand and will
automatically unmount the shared directory if it is not accessed within the specified timeout
period. The default timeout period is 5 minutes or we can specify the timeout period in
/etc/auto.master file.
21. What are the advantages of the Autofs?
(i) Shares are accessed automatically and transparently when a user tries to access
any files or directories under the designated mount point of the remote file system to be
mounted.
(ii) Booting time is significantly reduced because no mounting is done at boot time.
(iii) Network access and efficiency are improved by reducing the number of permanently
active mount points.
(iv) Failed mount requests can be reduced by designating alternate servers as the source
of a file system.
(v) Users do not need to have root privilegesto mount or unmount the mount
point.
 (vi) We can reduce the CPU and memory utilizations because autofs will not mount
permanently.
(vii) We can also reduce hard disk utilization because permanent mount points occupies
the hard disk space.
22. What are the minimum requirements for Autofs?
(i) autofs package.
(ii) autofs deamon.
(iii) One shared directory.
(iv) One mount point.
(v) Two configuration files are,
(a) /etc/auto.master
(b) /etc/auto.misc
23. How to configure Autofs?
(i) Install the autofs package by # yum install autofs* -y command.
(ii) Open /etc/auto.master file by # vim /etc/auto.master and at last type as
below.
< Client's local mount point> /etc/auto.misc --
timeout=60
Example :
/mnt /etc/auto.misc
(save and exit this file)
( * Where timeout=60 means, if the directory is not used for 60 seconds then
the shared directory is unmounted automatically. And the default is 5
minutes.)
(iii) Open /etc/auto.misc file by # vim /etc/auto.misc and types as below.
< Client temporary mount point >-<permissions><IP address or hostname of
the server> : <shared
name>
Example :
nfs -ro (or) -rw classroom.example.com:/public (save
and exit this file)
( * where -ro means read-only and -rw means read-write)
(iv) Restart the autofs service in RHEL -6 and RHEL - 7.
# service autofs restart (restart the autofs
service in RHEL - 6)
# chkconfig autofs on (enable the autofs
service at next boot in RHEL - 6)
# systemctl restart autofs (restart the autofs
service in RHEL - 7)
# systemctl enable autofs (enable the autofs service at
next boot in RHEL - 7)
(iv) Goto the Client local mount point which is entered in /et/auto.master file by #
cd <mount point> command.
Example :
 # cd /mnt
(v) Goto the Client temporary mount point which is entered in /etc/auto.misc file as
below.
# cd /mnt/<temporary mount point>
Example :
# cd nfs
# pwd (the
output is /mnt/nfs)
24. What is LDAP server?
LDAP (Lightweight Directory Access Protocol) is a software protocol for enabling anyone
to locate organizations, individuals, and other resources such as files and devices in a network,
whether on the public Internet or on a corporate intranet.LDAP is lighter because in its initial
version it did not include security features.
25. What is LDAP client?
LDAP Client is a network user creation and activity. LDAP user means network user.
Network user means login the user through network. If a user wants to login to the remote
system, the LDAP user should be created and login to the remote system through LDAP
account.
Upto RHEL -5 for this NIS (Network Information System) is used. From RHEL - 6
onwards LDAP is using. The main feature of the LDAP is to share the users information in
network.
26. What are the requirements of LDAP and explain it?
(i) Packages.
(a) authconfig-gtk (to configure the LDAP client)
(b) sssd (system security service deamon)
(ii) LDAP client configuration file is /etc/ldap.conf
(iii) LDAP kerberos configuration file is /etc/krb5.conf
(iv) sssd (systems security service deamon) deamon.
(v) LDAP port no. is 389.
(vi) sssd deamon responsibility is retrieving and caching the authentication information.
(vii) The configuration file of sssd is /etc/sssd/sssd.conf
(viii) Through NIS the data is transferred in plain text format. So, there is no security.
But LDAP will transfer the data in encrypted format. So, the data will be in secured way.
(ix) LDAP is used by default sssd ie., kerberos.
27. What are the requirements for LDAP client?
(i) dc (domain controller)
Example : If the domain is example.com then dc=example, dc=com
(ii) ldap server
Example : ldap://classroom.example.com
(iii) Authentication certificate (example-ca.crt) is located in
http://classroom.example.com/pub directory.
28. How to configure the LDAP client?
(i) Create the LDAP user.
(ii) Configure the kerberos.
 (iii) configure the NFS automount to share the LDAP user's home directory.
So, LDAP + NFS + sssd is the LDAP system.
* LDAP is used share the user name and password to remote system.
* sssd is used to authenticate in secured communication.
* NFS is used to share the user's home directory to remote system.
Steps :
(i) Install the LDAP + kerberos packages by the following commands.
# yum groupinstall directory* -y
(installation in RHEL - 6)
# yum install authconfig-gtk* sssd* -y
(installation in RHEL - 7)
* The LDAP packages are different in RHEL - 6 and RHEL - 7 but, the
configuration of LDAP is same in both the versions.
(ii) Create the LDAP users and passwords in the LDAP server.
(iii) Configure the LDAP user's authentication by # system_config_authentication
command in graphical user interface.
(iv) The above command will display the configuration window and in that select and
type the option as below.
User Account Database = LDAP
LDAP search base on = dc=example, dc=com
LDAP server = ldap://classroom.example.com/
Enable TLS to encrypt = Click on Download CA Certificate
button and then enter the url as,
http://classroom.example.com:/pub/example-
ca.crt
Authentication Method = LDAP Password (then
click on Apply button)
(v) Check whether the LDAP user is configured or not by # getent password
ldapuser9 command.
29. How to mount the LDAP user's home directory automatically when demand using
Autofs tool?
(i) Install the autofs package by # yum install autofs* -y command.
(ii) Open the /etc/auto.master file by # vim /etc/auto.master command and
type as below.
/home/guests /etc/auto.misc
(save and exit this file)
(iii) Open the /etc/auto.misc file by # vim /etc/auto.misc command and type as
below.
ldapuesr9 -rw classrrom.example.com:/home/guests/ldapuser9 (save
and exit this file)
(iv) Restart the autofs services.
# service autofs restart (restart the autofs service in
RHEL - 6)
 # chkconfig autofs on (enable the autofs
service at next boot in RHEL - 6)
# systemctl restart autofs (restart the autofs service in
RHEL - 7)
# systemctl enable autofs (enable the autofs service at
next boot in RHEL - 7)

(v) Check whether the LDAP user is able to login or not.

# su - ldapuser9 (to
switch to ldapuser9)
$ pwd (to see the
present working directory)
* The output of the above command is /home/guests/ldapuser9
$ ls (to see the files in LDAP
user's home directory)
$ exit (to exit or
logout of the LDAP user)