Hi Elton, Elton wrote: > Thomas Haynes suggested I post this here as well as the General Discuss > > I have setup a small (5 machines) development/test network using Solaris 10 > 11/06 (I know this is an OpenSolaris forum) with Trusted Extensions > configured. I have an LDAP server configured and running which also serves as > the Home Directory Server. > > The problem I have encountered is when users access there machines they can > not read down and traverse their home directories. For example, a user logs > in and has access to 2 labeled zones FOO and FOBAR. (FOBAR dominates FOO) So, > the user is currently in the FOBAR labeled zone but CAN NOT access their home > directory using the /zone/FOO/export/home path. You can access the directory > but nothing is there. > > I have set-up the home directory per the install instruction with 1 > exception. The installation instructions state, "For every labeled zone, > create a new dfstab file. Each zone shares the home directories at the label > of the zone. > a. Go to the zone?s /etc/dfs directory. > # cd /zone/zone-name/root/etc/dfs" > I created the files as stated above but the files cannot be share from > non-global zones (according to the error message I receive) Also, I tried > just rebooting the box and the nfs/server service was disabled and would not > start until I removed the entries in each zone. Therefore, I added the > entries the dfstab in the global zone. > > Now this is all on the LDAP server, is there anything I need to do to the > clients? > Any suggestions would be greatly appreciated. >
I think this have ever been covered on this alias. Your trouble is that you have to define your shares in a /zone/zone-name/etc/dfs dir, not in a /zone/zone-name/root/etc/dfs dir as you did, nor from the global zone as well. Those shares are made available when the zone is started. For mounting on the clients, just edit the labeled zones vfstab as usual. Thru NFS, your clients will only have the ability to mount datas that are shared at the same label from the server. HTH, Bruno > This message posted from opensolaris.org > _______________________________________________ > security-discuss mailing list > security-discuss at opensolaris.org
