This is the third and final part of this video series where I will be demonstrating how to configure nfs and autofs service to automount home directories.
I'd love to see an extension on this series where it covers replication from centvm01 to a second krb/ldap server. Another series covering TLS would be nice as well.
Excellent video Venkat! I will be giving this a try soon, as this is one of the better explained videos on Kerberos that I have found. I also really like seeing mistakes made and how to correct and troubleshoot them. This lets me know that you really know what you are doing and not just reading some script. Keep up the good work!
thanks for the tutorial and the effort creating it! One thing though; the NFS communication is not secure in your example. It is neither authenticated nor encrypted. Anybody on your network with root access on e.g. his/her own device can access all the data from demouser1 and demouser2 via nfs by aligning a user id. To improve that you need to add at least "sec=krb5p" to the nfs export options. I don't use centOS so I don't know if there is anything else which must be changed for everything to work again, but I thought its important to note.
@@justmeandopensource wow that was a quick response. I'm currently setting up a similar set-up using a different distro thats why I watched this video series. Most of it is still relevant, thanks again!
Good work !! Thanks Venkat for such a nice demonstration. I was struggling for setting up ldap+kerbros but every steps you mentioned worked perfectly !!!
Hi Venkat, Your videos on Kerberos, LDAP, and NFS were excellent. I really enjoyed them. I did want to know if you could create a video showing how to integrate HTTP/HTTPS to distribute the LDAP server certificates. My training course has us using the authconfig-gtk program to configure Ldap and Kerberos using a URL for the TLS' Download CA Certificate. If you can, thanks. If not, I really enjoyed your videos anyway. Regards, Jose
Hi Venkat! Great videos. Really good to have a better understanding of these matters before the RHCE exam... Is it difficult to go on to export a kerberized share from cenvm02 to cenvm03? What keytabs are needed and what services should be running. Have not been able to get it working and I have heard there have been some bugs in centos7 nfs-utils? I tried just adding principal nfs/cenvm02.jungle.kvm to both cenvm02 and cenvm03 with no success. Access denied by server. Would be nice to finally see a working solution to this problem. Greetings from Sweden
Hey i got a problem, when i login with ssh to my client i get this error : could not chdir to home directory /home/user1: no such file or directory But i got /home/user1 on my kerberos/ldap server and i did the changes to /etc/exports and all went good in the previous videos /:
Hi Ashwath, thanks for watching this video. I did this long time back about 3 years ago. And very glad that it is still relevant and people are still following it. At the momet I am focusing on Kubernetes and AWS series. When I get some time I will see if I can do a video on your requirement. Cheers.
sir I have a question if possible ans me i have made two clients and one server as in your video and used /etc/hosts file for dns resolution I am getting ticket via kerberos when I am logging in on LDAP client on client 1 machine but when I am trying to ssh from client 1 to client 2 for same ldapclient I am being asked for password even I have made changes in /etc/ssh/ssh_config file and in sshd file gssapiauthentication is yes please let me know what might be I am missing
if anyone else gets the following error on more recent versions of Centos 7 like I did: rpc mount export: RPC: Unable to receive; errno = No route to host the: firewall-cmd --permanent --add-service=nfs wasn't enough for some reason I needed all of the following for it to work: firewall-cmd --permanent --add-service=nfs firewall-cmd --permanent --add-service=mountd firewall-cmd --permanent --add-service=rpc-bind firewall-cmd --reload
@@justmeandopensource np thank YOU your videos are great. Only suggestion I have is instead of editing those config files by hand, doing the ldap setup properly. You can do it all via ldif files. Those files even say right at the top auto generated do not edit lol
![CentOS 7: Firewalld Concepts and Examples [RHCSA7/RHCE7]](/img/1.gif)
Great work! Still valid after years and years.
Hi Daniel, thanks for watching.
I'd love to see an extension on this series where it covers replication from centvm01 to a second krb/ldap server. Another series covering TLS would be nice as well.
Excellent video Venkat! I will be giving this a try soon, as this is one of the better explained videos on Kerberos that I have found. I also really like seeing mistakes made and how to correct and troubleshoot them. This lets me know that you really know what you are doing and not just reading some script. Keep up the good work!
Thanks for watching this video.
thanks for the tutorial and the effort creating it!
One thing though; the NFS communication is not secure in your example. It is neither authenticated nor encrypted. Anybody on your network with root access on e.g. his/her own device can access all the data from demouser1 and demouser2 via nfs by aligning a user id. To improve that you need to add at least "sec=krb5p" to the nfs export options. I don't use centOS so I don't know if there is anything else which must be changed for everything to work again, but I thought its important to note.
hi, yeah you are right. I did this video nearly 5 years ago and I may have to revisit this if I find time. Cheers.
@@justmeandopensource wow that was a quick response. I'm currently setting up a similar set-up using a different distro thats why I watched this video series.
Most of it is still relevant, thanks again!
@@DrB0n3 Can't believe this video is still relevant after 6 years.
Good work !!
Thanks Venkat for such a nice demonstration. I was struggling for setting up ldap+kerbros but every steps you mentioned worked perfectly !!!
Hi Venkat,
Your videos on Kerberos, LDAP, and NFS were excellent. I really enjoyed them. I did want to know if you could create a video showing how to integrate HTTP/HTTPS to distribute the LDAP server certificates. My training course has us using the authconfig-gtk program to configure Ldap and Kerberos using a URL for the TLS' Download CA Certificate. If you can, thanks. If not, I really enjoyed your videos anyway.
Regards,
Jose
Awesome thanks, very nice!
Hi Peter, thanks for watching. Glad that it is still relevant after 5 years.
Hi Venkat!
Great videos. Really good to have a better understanding of these matters before the RHCE exam...
Is it difficult to go on to export a kerberized share from cenvm02 to cenvm03?
What keytabs are needed and what services should be running. Have not been able to get it working and I have heard there have been some bugs in centos7 nfs-utils? I tried just adding principal nfs/cenvm02.jungle.kvm to both cenvm02 and cenvm03 with no success. Access denied by server. Would be nice to finally see a working solution to this problem.
Greetings from Sweden
super video ! great little course
HI Koen, thanks for watching this video.
Thanks for the excellent tutorial. It is a excellent feature to improve my time working on linux . Thanks again!
Hi Guilherme, thanks for watching this video.
Liked!!! Everything works great. Thank you.
Hey i got a problem, when i login with ssh to my client i get this error : could not chdir to home directory /home/user1: no such file or directory
But i got /home/user1 on my kerberos/ldap server and i did the changes to /etc/exports and all went good in the previous videos /:
great series , big thumbs up
do you know if there is a way to get putty to work with kerberos auth on a domain joined windows pc ?
Thanks for the tutorial. Can u do a tutorial on Ldap Access manager and how to import bulk users. Thanks again
Hi nice stuff, could you please make help in setting smb file sharing on Mac os using openldap (Linux) authentication using Kerberos ?
Hi Ashwath, thanks for watching this video. I did this long time back about 3 years ago. And very glad that it is still relevant and people are still following it. At the momet I am focusing on Kubernetes and AWS series. When I get some time I will see if I can do a video on your requirement. Cheers.
@@justmeandopensource Thank you so much, it would be really helpful if you could do the tutorial on Smb file Sharing against Kerberos authentication..
Kubernetes videos are really helpful even I'm studying following your material. Thanks so much for, please make more videos on deployment.
Thats good to hear. Thanks.
sir I have a question if possible ans me
i have made two clients and one server as in your video and used /etc/hosts file for dns resolution I am getting ticket via kerberos when I am logging in on LDAP client on client 1 machine but when I am trying to ssh from client 1 to client 2 for same ldapclient I am being asked for password even I have made changes in /etc/ssh/ssh_config file and in sshd file gssapiauthentication is yes please let me know what might be I am missing
thanks sir it has really helped me .
can you also post a video like to do nat-ing on any rhel7 or equivalent
sir there is no package in centos 8 showing openldap-servers and migrationtools please help asap
Great Job !!
HI Sreekanth, thanks for watching this video.
hi venkat good demonstration....any pdf material would be very greatfull to me ....
Thanks for watching this video.
Thanks again.
if anyone else gets the following error on more recent versions of Centos 7 like I did:
rpc mount export: RPC: Unable to receive; errno = No route to host
the:
firewall-cmd --permanent --add-service=nfs
wasn't enough for some reason I needed all of the following for it to work:
firewall-cmd --permanent --add-service=nfs
firewall-cmd --permanent --add-service=mountd
firewall-cmd --permanent --add-service=rpc-bind
firewall-cmd --reload
Thanks for the details. Very helpful.
@@justmeandopensource np thank YOU your videos are great. Only suggestion I have is instead of editing those config files by hand, doing the ldap setup properly. You can do it all via ldif files. Those files even say right at the top auto generated do not edit lol
Yeah, I know lol
Great job!