FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 03-26-2008, 12:01 PM
Neal Becker
 
Default What linux lacks most - a decent remote fs

I used unix/linux for many years. In the past we've used nfs. But nfsv3
has no (useful) authentication. Anyone can setup a rogue machine and
pretend to be any uid/gid.

I understand that nfsv4 was supposed to fix that. Looking at the docs I
could find, it appears I'll never live long enough to understand how to set
that up, and I haven't yet found the idiot's guide to setting up nfsv4 with
authentication.

For now I'm using cifs. That's pretty sad.

I've glanced at afs, but there's no Fedora package.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 03-26-2008, 12:09 PM
"Dr. Michael J. Chudobiak"
 
Default What linux lacks most - a decent remote fs

Neal Becker wrote:

I used unix/linux for many years. In the past we've used nfs. But nfsv3
has no (useful) authentication. Anyone can setup a rogue machine and
pretend to be any uid/gid.

I understand that nfsv4 was supposed to fix that. Looking at the docs I
could find, it appears I'll never live long enough to understand how to set
that up, and I haven't yet found the idiot's guide to setting up nfsv4 with
authentication.

For now I'm using cifs. That's pretty sad.

I've glanced at afs, but there's no Fedora package.



Mmm... I dream of an easy-to-use remote fs with automagical local caching...

- Mike

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 03-26-2008, 12:53 PM
Tom Horsley
 
Default What linux lacks most - a decent remote fs

On Wed, 26 Mar 2008 09:09:09 -0400
"Dr. Michael J. Chudobiak" <mjc@avtechpulse.com> wrote:

> Mmm... I dream of an easy-to-use remote fs with automagical local caching...

I dream of one that actually functions reliably. I can't believe
how widely used NFS is, because it is the source of endless problems
for me. I've never seen it work with any kind of reliability at all.
One thing I'll say for samba is that the data actually seems to show
up correctly on the other side :-).

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 03-26-2008, 01:38 PM
Tim
 
Default What linux lacks most - a decent remote fs

On Wed, 2008-03-26 at 09:53 -0400, Tom Horsley wrote:
> can't believe how widely used NFS is, because it is the source of
> endless problems for me. I've never seen it work with any kind of
> reliability at all. One thing I'll say for samba is that the data
> actually seems to show up correctly on the other side :-).

I've had the opposite. Samba stalling and transferring at a rate slower
than I can retype a file. Samba never managing to connect to the other
side. The hassles of manually setting up each user. The hassles of
file permissions and ownership getting screwed up in transit. Compared
to NFS working without pain.

Though, I have to say that my painless NFS server is on a FC4 machine,
and that works fine. I've found I've had to manually mess with
firewalling to get it to work through anything higher than FC4.

--
(This computer runs FC7, my others run FC4, FC5 & FC6, in case that's
important to the thread.)

Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 03-26-2008, 01:41 PM
Stuart Sears
 
Default What linux lacks most - a decent remote fs

Neal Becker wrote:
> I used unix/linux for many years. In the past we've used nfs. But
> nfsv3 has no (useful) authentication. Anyone can setup a rogue
> machine and pretend to be any uid/gid.
>
> I understand that nfsv4 was supposed to fix that. Looking at the
> docs I could find, it appears I'll never live long enough to
> understand how to set that up, and I haven't yet found the idiot's
> guide to setting up nfsv4 with authentication.

You need to set up a kerberos infrastructure for the authentication to
work properly. Once you do, you'll have the ability to encrypt traffic
as well as authenticating users. But all of your users will have to have
a kerberos principal and all of your machines will also have to have
their host/hostname@REALM principals extracted correctly.

If you don't know kerberos you are heading for a world of pain.

The closest thing to useful docs I can find is:

http://www.freeipa.com/page/ConfiguringRHEL5Client

but the tools used are specific to freeipa.
You would need to set up a kerberos KDC first, which is documented
elsewhere...

> For now I'm using cifs. That's pretty sad.
why? If it works...


> I've glanced at afs, but there's no Fedora package.
once again, AIUI afs uses kerberos for this. I have not researched this
much, though.

Regards,

Stuart
--
Stuart Sears RHC*

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 03-26-2008, 01:44 PM
John Summerfield
 
Default What linux lacks most - a decent remote fs

Tim wrote:

On Wed, 2008-03-26 at 09:53 -0400, Tom Horsley wrote:

can't believe how widely used NFS is, because it is the source of
endless problems for me. I've never seen it work with any kind of
reliability at all. One thing I'll say for samba is that the data
actually seems to show up correctly on the other side :-).


I've had the opposite. Samba stalling and transferring at a rate slower
than I can retype a file. Samba never managing to connect to the other
side. The hassles of manually setting up each user. The hassles of
file permissions and ownership getting screwed up in transit. Compared
to NFS working without pain.

Though, I have to say that my painless NFS server is on a FC4 machine,
and that works fine. I've found I've had to manually mess with
firewalling to get it to work through anything higher than FC4.


I'm surprised you don't need to with FC4. It's actually fairly simple.
[root@mail.js.id.au sysconfig]# cat nfs
LOCKD_TCPPORT=32768
LOCKD_UDPPORT=32788
RQUOTAD_PORT=621
MOUNTD_PORT=640

[root@mail.js.id.au sysconfig]#

I chose the ports that were actually in use, but left it its own devices
it can choose ports of other servers yet to start. CPUS for example.





--

Cheers
John

-- spambait
1aaaaaaa@coco.merseine.nu Z1aaaaaaa@coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

You cannot reply off-list:-)

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 03-26-2008, 01:56 PM
Chris G
 
Default What linux lacks most - a decent remote fs

On Wed, Mar 26, 2008 at 11:44:58PM +0900, John Summerfield wrote:
> Tim wrote:
>> On Wed, 2008-03-26 at 09:53 -0400, Tom Horsley wrote:
>>> can't believe how widely used NFS is, because it is the source of
>>> endless problems for me. I've never seen it work with any kind of
>>> reliability at all. One thing I'll say for samba is that the data
>>> actually seems to show up correctly on the other side :-).
>>
>> I've had the opposite. Samba stalling and transferring at a rate slower
>> than I can retype a file. Samba never managing to connect to the other
>> side. The hassles of manually setting up each user. The hassles of
>> file permissions and ownership getting screwed up in transit. Compared
>> to NFS working without pain.
>>
>> Though, I have to say that my painless NFS server is on a FC4 machine,
>> and that works fine. I've found I've had to manually mess with
>> firewalling to get it to work through anything higher than FC4.
>>
> I'm surprised you don't need to with FC4. It's actually fairly simple.
> [root@mail.js.id.au sysconfig]# cat nfs
> LOCKD_TCPPORT=32768
> LOCKD_UDPPORT=32788
> RQUOTAD_PORT=621
> MOUNTD_PORT=640
>
Surely a far easier approach to the firewall issues is to remove the
firewall completely to the interface between your LAN and the outside
world. I just turn the firewall off on all the systems on my LAN and
the router firewall is set up to give me the security I want. It
simplifies maintenance too because there is only one firewall to set
up and systems behind the firewall can be as lax as they like and be
re-installed frequently without problems.

--
Chris Green

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 03-26-2008, 01:58 PM
Les Mikesell
 
Default What linux lacks most - a decent remote fs

Tom Horsley wrote:




Mmm... I dream of an easy-to-use remote fs with automagical local caching...


I dream of one that actually functions reliably. I can't believe
how widely used NFS is, because it is the source of endless problems
for me. I've never seen it work with any kind of reliability at all.


What kind of problems do you see? It can be hard to get firewall
openings right and it depends on uid's matching at the client and server
for file ownership and permissions, but those things either work right
or not at all. You shouldn't see reliability or performance problems
unless you have hundreds of busy clients.



One thing I'll say for samba is that the data actually seems to show
up correctly on the other side :-).


Maybe you have serious network problems that tcp retries cover up
better. But current nfs versions should default to tcp too.


--
Les Mikesell
lesmikesell@gmail.com


--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 03-26-2008, 02:12 PM
John Summerfield
 
Default What linux lacks most - a decent remote fs

Chris G wrote:

On Wed, Mar 26, 2008 at 11:44:58PM +0900, John Summerfield wrote:

Tim wrote:

On Wed, 2008-03-26 at 09:53 -0400, Tom Horsley wrote:

can't believe how widely used NFS is, because it is the source of
endless problems for me. I've never seen it work with any kind of
reliability at all. One thing I'll say for samba is that the data
actually seems to show up correctly on the other side :-).

I've had the opposite. Samba stalling and transferring at a rate slower
than I can retype a file. Samba never managing to connect to the other
side. The hassles of manually setting up each user. The hassles of
file permissions and ownership getting screwed up in transit. Compared
to NFS working without pain.

Though, I have to say that my painless NFS server is on a FC4 machine,
and that works fine. I've found I've had to manually mess with
firewalling to get it to work through anything higher than FC4.


I'm surprised you don't need to with FC4. It's actually fairly simple.
[root@mail.js.id.au sysconfig]# cat nfs
LOCKD_TCPPORT=32768
LOCKD_UDPPORT=32788
RQUOTAD_PORT=621
MOUNTD_PORT=640


Surely a far easier approach to the firewall issues is to remove the
firewall completely to the interface between your LAN and the outside
world. I just turn the firewall off on all the systems on my LAN and
the router firewall is set up to give me the security I want. It
simplifies maintenance too because there is only one firewall to set
up and systems behind the firewall can be as lax as they like and be
re-installed frequently without problems.


I have several subnets at school (students, staff) and at home
(different physical locations). Traffic between subnets is filtered.



My firewalls filter traffic both ways. Should you actually manage to
install malware inside my LAN, it might be able to do spam _if_ it can
contact an IRC bot, but it probably can't do that, and certainly
portscanning the world will be difficult.


If you run a web server or a whois server on a non-standard port, the
odds are good I won't visit your server.










--

Cheers
John

-- spambait
1aaaaaaa@coco.merseine.nu Z1aaaaaaa@coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

You cannot reply off-list:-)

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 03-26-2008, 02:19 PM
Tom Horsley
 
Default What linux lacks most - a decent remote fs

On Wed, 26 Mar 2008 09:58:50 -0500
Les Mikesell <lesmikesell@gmail.com> wrote:

> What kind of problems do you see? It can be hard to get firewall
> openings right and it depends on uid's matching at the client and server
> for file ownership and permissions, but those things either work right
> or not at all. You shouldn't see reliability or performance problems
> unless you have hundreds of busy clients.

What I mostly see is every imaginable problem on different machines
at different times :-).

I think the root cause is related to having vast numbers of different
versions of unix/linux on different machines all of which claim
to "support" NFS, but which together are highly unreliable (especially
the ones too old to support tcp connections).

The worst problem is data corruption on writes, especially writing
large files across NFS, they will often wind up with large chunks of
zero bytes in place of the actual data.

There is one particular machine (in theory running the same dadgum
version of linux as several others) where some sort of nonsense
persists in always getting stale NFS filehandle messages any time
I try to read specific individual files. I always have to unmount
and remount the filesystem when it gets like this. (Neither system
was down or not talking at any point, just some fiddling of the
files in question, replacing them with symlinks, then suddenly the
stale filehandle messages start).

The protocols are in theory supposed to support negotiation of the
correct NFS version when connecting to older machines, but that
almost never works, we have to manually fiddle fstab entries to
explicitly give the proper nfsver option or we get things like
the filesystem is "mounted" but all attempts to access files get
errors.

Herding cats has got to have fewer irritations than using NFS :-).

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 

Thread Tools




All times are GMT. The time now is 09:42 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org