Kerberized NFS Server

This guide explains how to set up an NFS server that works with FreeIPA/Red Hat IdM.

It will install and set up:

• Kerberos service credentials
• Exports file
• Local folders that can be accessed

For more information on how to configure, check the [defaults/main.yml](the defaults file).

Home Directories

This setup can also include scripts I created for situations where all Linux users are managed through Active Directory, allowing them to access Linux systems through a trust.

In this case, there is no easy way to automatically create all home directories on the NFS server.

To solve this, I set up:

• Scripts on the NFS server to create any missing home directories
• Sudo and HBAC rules on the IPA server so users can run these scripts
• Instructions for users to log in via SSH to the NFS system first, which will create their home directory

This role can install these scripts, but they are currently fixed to work from the /exports/home directory.

Quotas

This setup can also manage user/group quotas on the NFS server, using the xfs_quota program, which is standard on RHEL-like systems.

It will set a default quota (if specified) and enable the use of the quota command on NFS clients.

IMPORTANT: To turn off a quota for a specific user or group, do not set it to 0; instead, give it a very large number. This is because a default quota will take precedence over any values set to 0.

Like other quota systems, the local root user is not subject to these restrictions.