DocumentationRelease Notes
Documentation

NFS integration for systems administrators | AD Bridge

This section assumes you are a systems administrator who knows how to manage shared files and folders on Linux, Unix, and Windows computers, including configuring the Linux and Unix file servers to run NFS and to comply with your IT security policy.

Instructions on how to set up NFS are beyond the scope of this content.

Requirements

The following prerequisites must be in place:

  • Root access to the Linux or Unix file server where you want to run Samba and AD Bridge.
  • AD Bridge
  • DNS capable of resolving FQDN of the NFS server and clients
  • The Linux or Unix computer must be connected to Active Directory with AD Bridge.
ℹ️

For instructions on how to join a domain, see Install AD Bridge.

Server setup

  1. Install a current version of AD Bridge as available through customer portal.

  2. Add NFS Service Principal Name(SPN) to the machine. This step should be done before we join the domain to make sure the right SPNs are added to the machine account and the keytab file. If the system is already joined you need to run the domainjoin again after the new ServicePrincipalName is set: /opt/pbis/bin/config ServicePrincipalName "host" "nfs".

  3. Join the domain: domainjoin-cli join pbisdemo.com Administrator.

  4. Check keytab file content for SPNs: /opt/pbis/bin/klist -e -k /etc/krb5.keytab. Look for:

    4 nfs/[email protected]
4 nfs/[email protected]
4 nfs/[email protected]
4 nfs/[email protected]

  5. Install NFS Server: yum install nfs-utils nfs4-acl-tools.

  6. Start NFS Server: systemctl start nfs-server.

  7. Export Shares: vim /etc/exports. Making sure the folders exist, add entries like:

    /export/data/test *(rw,sec=sys:krb5:krb5i:krb5p,sync,nohide)
    /export/data/department *(rw,sec=sys:krb5:krb5i:krb5p,sync,nohide)

  8. Export filesystem: exportfs -ra.

Client setup

  1. See supported operating systems Supported platforms. The example provided here is RHEL.

  2. Install a current version of AD Bridge as available on the customer portal.

  3. Before domain join: /opt/pbis/bin/config ServicePrincipalName "host" "cifs" "nfs".

  4. Join the domain: domainjoin-cli join pbisdemo.com Administrator.

  5. Install nfs4 acl: yum install nfs4-acl-tools nfs-utils (or dnf).

  6. Enable NFS4 by setting SECURE_NFS to yes in /etc/sysconfig/nfsSECURE_NFS="yes".

  7. Services restart: service rpcidmapd restart.

  8. Configure autofs to mount it:

    vim /etc/auto.test
* -fstype=nfs4,rw,sec=krb5,intr,hard,exec,insecure,no_subtree_check,wsize=4096,rsize=4096 rhel7.pbisdemo.com:/export/data/&

  9. Restart autofs: service autofs restart.

Now each user should have a krb5 ticket to access the shares when they authenticate. If you su to a user as root you need to run kinit to generate that users own krb5 ticket.

Updated about 1 month ago

©2003-2026 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.