Fix KDE samba/NFS sharing

[tim]

Fix KDE's support for allowing easy addition of both NFS & Samba shares to a PC-BSD system.

[FitchKendall@…]

Re: NFS File Server & Complications on PCBSD.

Tim, I know you are an expert on the items in Sections 1, 2, & 3 below which identify the usual commands to set up server & client and to mount the server. Those commands are well documented in the FreeBSD Handbook and all over the Web. Section 4 below identifies the barriers arising in PCBSD that are not covered in the Handbook.

1. Configuring PCBSD as an NFS Server requires the "usual" commands in /etc/rc.conf:

nfs_server_enable="YES"

rpcbind_enable="YES"

rpcbind_flags="-r"

The NFS Server gets an entry in the /etc/exports file identifying which clients can attach:

[This example exports /usr/home to everyone on the internal network 192.168.0.0]

/usr/home -network 192.168.0.0 -mask 255.255.255.0

2. The NFS Client also gets the following modifications to its /etc/rc.conf:

nfs_client_enable="YES"

nfs_client_flags="-n 4"

3. The NFS Client mounts the Server from the Terminal as root:

mount_nfs 192.168.0.100:/usr/home /mnt/Server1

Where 192.168.0.100 is the IP of the server

/usr/home is the shared resource

/mnt/Server1 is the mountpoint on the client

(Alternatively, you can initiate the mount commands automatically in /etc/fstab.

4. In theory that should be sufficient. Actually, however, the PCBSD client is most likely greeted with the following error message:

[udp] 192.168.1.100:/usr/home: RPCPROG_NFS: RPC: Port mapper failure - RPC: Timed out

or

nfs: can't access /usr/ports/distfiles: Permission denied

or

nfsd: RPCPROG_NFS: RPC: Port mapper failure - RPC: Authentication error

These problems are caused by the security settings in /etc/rc.conf and /etc/hosts.allow and the firewall rules. The PCBSD firewall rules create a barrier.

/etc/rc.conf contains the following lines which turn on the firewall:

pf_enable="YES"

pf_rules_enable="YES"

In PCBSD 1.3.4 /etc/hosts.allow contains the following code:

<snip>

# Start by allowing everything (this prevents the rest of the file

# from working, so remove it when you need protection).

# The rules here work on a "First match wins" basis.

#ALL : ALL : allow

<end snip>

<snip>

# Rpcbind is used for all RPC services; protect your NFS!

# (IP addresses rather than hostnames *MUST* be used here)

rpcbind : 192.0.2.32/255.255.255.224 : allow

rpcbind : 192.0.2.96/255.255.255.224 : allow

rpcbind : ALL : deny

<end snip>

I knew I had to change the IP addresses in the rcpbind to match my network's IPs. That was not enough. A lamer like me could not attach to the server until I turned off the firewall in /etc/rc.conf and modified the rcpbind lines in /etc/hosts.allow.

The /etc/hosts.allow file used in PCBSD 1.4 Beta is different from the one in 1.3.4. For 1.4, turning off the firewall and changing the rcpbind lines were not enough. I had to activate the early line in /etc/hosts.allow that says ALL : ALL : allow.

In summary, in order to let PCBSD client attach to a PCBSD NFS Server, the firewall rules and hosts.allow must be adjusted.

[tim]

Changed owner, Florian wants to take care of this.

[florian]

I need to bail on this. I had very few time to get it working, even less to test it. Mostly because of private issues and the lack of hardware. Once I am up to date and more free I will get it working. Even though I believe it won't matter anymore since KDE 4.0 is then on its way.

[florian]

How is the state of this in KDE 4.X? Does it come with some sort of sharing manager or needs it to be completly written from scratch?

[kris]

That module is still in KDE4, but it does look like it may need some work still. (Tested it on 4.1RC1) It exists, but some of the permissions stuff needs work, it isn't prompting properly for the root PW when I want to share a folder via samba, since it needs to update smb.conf

[florian]

Alright. I will try to look into that one when time permits.

[kris]

Switched milestone to 7.1. Will you still be able to look into this Florian?

[kris]

Closing this because of inactivity. Should probably be on the freebsd-kde team site now.