Configuring an NFS client

Edit online

Use this procedure to configure an NFS client.

  1. Start NFS using the instructions in Starting the NFS daemons.
  2. Establish the local mount point using the mkdir command.
    For NFS to complete a mount successfully, a directory that acts as the mount point (or place holder) of an NFS mount must be present. This directory should be empty. This mount point can be created like any other directory, and no special attributes are needed.
    Note: With one exception, the mount points for all NFS mounts must exist on your system before mounting a file system. If the automount daemon is used, it is not necessary to create mount points. See the automount daemon description in Commands Reference, Volume 1 for details.
  3. If using Kerberos, follow these steps:
    1. Configure the NFS client into a Kerberos realm.
      This is done with the config.krb5 command. Refer to the IBM® Network Authentication Service Administrator's and User's Guide for configuration details.
    2. Create Kerberos principals for all users on the client who will be accessing files via Kerberos mounts.
      This is done with the kadmin command. Refer to the Network Authentication Service Administrator's and User's Guide for a description of how to create Kerberos principals.
    3. Establishing a Kerberos principal for the client machine itself is optional.
      A client without a principal is known as a slim client, and a client with a principal is referred to as a full client. Slim clients use weaker NFS RPC security when performing certain NFS version 4 client-to-server context management operations used for state management. A full client, dependent on configuration, can use the stronger Kerberos-based RPC security. Slim client configurations require less administrative overhead and may be sufficient for many environments. Deployments requiring the highest levels of security may choose to run full client configurations.
  4. If you are using NFS version 4, you must also establish an NFS version 4 domain using the chnfsdom command.
    Initially, you can specify the client's internet domain in the file. It is possible, however, to define an NFS version 4 domain that is different from the client's internet domain. For clarification on this, see the documentation for the NFS registry daemon, nfsrgyd.
  5. If you want to use Kerberos authentication on the client, you must enable enhanced security on the client.
    You can enable enhanced security using SMIT, or by using the chnfs -S -B command. For more information on chnfs, refer to the chnfs command reference page.
  6. Establish and mount the predefined mounts by following the instructions in Establishing predefined NFS mounts.