Part I Network Services Topics
Part II Accessing Network File Systems Topics
4. Managing Network File Systems (Overview)
5. Network File System Administration (Tasks)
How to Set Up Automatic File-System Sharing
How to Enable NFS Server Logging
How to Mount a File System at Boot Time
How to Mount a File System From the Command Line
How to Disable Large Files on an NFS Server
How to Use Client-Side Failover
How to Disable Mount Access for One Client
How to Mount an NFS File System Through a Firewall
How to Mount an NFS File System Using an NFS URL
How to Select Different Versions of NFS on a Server
How to Select Different Versions of NFS on a Client by Modifying the /etc/default/nfs File
How to Use the Command Line to Select Different Versions of NFS on a Client
How to Browse Using an NFS URL
How to Enable WebNFS Access Through a Firewall
Task Overview for Autofs Administration
Task Map for Autofs Administration
Using the /etc/default/autofs File to Configure Your autofs Environment
How to Use the /etc/default/autofs File
Administrative Tasks Involving Maps
Avoiding Mount-Point Conflicts
Accessing Non-NFS File Systems
How to Access CD-ROM Applications With Autofs
How to Access PC-DOS Data Diskettes With Autofs
Accessing NFS File Systems Using CacheFS
How to Access NFS File Systems by Using CacheFS
Setting Up a Common View of /home
How to Set Up /home With Multiple Home Directory File Systems
How to Consolidate Project-Related Files Under /ws
How to Set Up Different Architectures to Access a Shared Namespace
How to Support Incompatible Client Operating System Versions
How to Replicate Shared Files Across Several Servers
How to Apply Autofs Security Restrictions
How to Use a Public File Handle With Autofs
How to Use NFS URLs With Autofs
How to Completely Disable Autofs Browsability on a Single NFS Client
How to Disable Autofs Browsability for All Clients
How to Disable Autofs Browsability on a Selected File System
Strategies for NFS Troubleshooting
NFS Troubleshooting Procedures
How to Check Connectivity on an NFS Client
How to Check the NFS Server Remotely
How to Verify the NFS Service on the Server
Identifying Which Host Is Providing NFS File Service
How to Verify Options Used With the mount Command
Error Messages Generated by automount -v
6. Accessing Network File Systems (Reference)
8. Planning and Enabling SLP (Tasks)
10. Incorporating Legacy Services
Part V Serial Networking Topics
15. Solaris PPP 4.0 (Overview)
16. Planning for the PPP Link (Tasks)
17. Setting Up a Dial-up PPP Link (Tasks)
18. Setting Up a Leased-Line PPP Link (Tasks)
19. Setting Up PPP Authentication (Tasks)
20. Setting Up a PPPoE Tunnel (Tasks)
21. Fixing Common PPP Problems (Tasks)
22. Solaris PPP 4.0 (Reference)
23. Migrating From Asynchronous Solaris PPP to Solaris PPP 4.0 (Tasks)
25. Administering UUCP (Tasks)
Part VI Working With Remote Systems Topics
27. Working With Remote Systems (Overview)
28. Administering the FTP Server (Tasks)
29. Accessing Remote Systems (Tasks)
Part VII Monitoring Network Services Topics
To use the Secure NFS system, all the computers that you are responsible for must have a domain name. Typically, a domain is an administrative entity of several computers that is part of a larger network. If you are running a name service, you should also establish the name service for the domain. See System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP).
Kerberos V5 authentication is supported by the NFS service. Chapter 21, Introduction to the Kerberos Service, in System Administration Guide: Security Services discusses the Kerberos service.
You can also configure the Secure NFS environment to use Diffie-Hellman authentication. Chapter 16, Using Authentication Services (Tasks), in System Administration Guide: Security Services discusses this authentication service.
See the System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) if you are using NIS+ as your name service.
Note - For information about these commands, see the newkey(1M), the nisaddcred(1M), and the chkey(1) man pages.
When public keys and secret keys have been generated, the public keys and encrypted secret keys are stored in the publickey database.
If you are running NIS+, type the following:
# nisping -u Last updates for directory eng.acme.com. : Master server is eng-master.acme.com. Last update occurred at Mon Jun 5 11:16:10 1995 Replica server is eng1-replica-replica-58.acme.com. Last Update seen was Mon Jun 5 11:16:10 1995
If you are running NIS, verify that the ypbind daemon is running.
Type the following command.
# ps -ef | grep keyserv root 100 1 16 Apr 11 ? 0:00 /usr/sbin/keyserv root 2215 2211 5 09:57:28 pts/0 0:00 grep keyserv
If the daemon is not running, start the key server by typing the following:
# /usr/sbin/keyserv
Usually, the login password is identical to the network password. In this situation, keylogin is not required. If the passwords are different, the users have to log in, and then run keylogin. You still need to use the keylogin -r command as root to store the decrypted secret key in /etc/.rootkey.
Note - You need to run keylogin -r if the root secret key changes or if /etc/.rootkey is lost.
For Diffie-Hellman authentication, edit the /etc/dfs/dfstab file and add the sec=dh option to the appropriate entries.
share -F nfs -o sec=dh /export/home
See the dfstab(4) man page for a description of /etc/dfs/dfstab.
Edit the auto_master data to include sec=dh as a mount option in the appropriate entries for Diffie-Hellman authentication:
/home auto_home -nosuid,sec=dh
Note - Releases through Solaris 2.5 have a limitation. If a client does not securely mount a shared file system that is secure, users have access as nobody rather than as themselves. For subsequent releases that use version 2, the NFS server refuses access if the security modes do not match, unless -sec=none is included on the share command line. With version 3, the mode is inherited from the NFS server, so clients do not need to specify sec=dh. The users have access to the files as themselves.
When you reinstall, move, or upgrade a computer, remember to save /etc/.rootkey if you do not establish new keys or change the keys for root. If you do delete /etc/.rootkey, you can always type the following:
# keylogin -r