RStor - Research Storage - NFS Documentation

RStor - Research Storage

NFS Documentation

Mounting RStor Directories via NFS to a Linux machine

Fictional Example: At this university you have a college, call it Faber College, and your college has one main RStor Storage Account called faber with, say, 20TB overall quota. In your Storage Account you have several folders for researchers, but the one you want to mount an NFS share to is for a researcher (Professor Jennings), and the folder is called /jennings. This is how to set up an NFS mount to grant access to the /jennings folder inside the faber Storage Account.

1. Request Process

You need to request an NFS export as the first step. The export can be open to any IP address, or restricted by IP. If you want it restricted, you need to specify a list of IP addresses for us to whitelist. While the file system is protected by permissions, it is still risky leaving the NFS export open.

To access the NFS export, users need to connect with credentials that match their eID and Campus UID number. The Campus UID is now provisioned to all eIDs and stored in Active Directory as "uIDNumber". You can configure a LINUX system to use credentials matching those as follows:

Need to find a user's UID number? Here's an Active Directory Powershell module:

Get-ADUser -Properties uidnumber -Server colostate.edu

The UIDNumber field is what you are after. You will need the Remote Server Administration Tools (RSAT) installed on your Windows system to do this.

Configure the system to use LDAP to authenticate and get user information from AD (including UID)
Use a combination of LDAP and Kerberos to authenticate and get user information from AD
Configure local UNIX users with UID and username matching their eID username and UID

The last option is easiest and why you don't want to leave the export open to the world. (Anyone with an eID can look up another person's eID logon name and UID in Active Directory then create a matching local UNIX user and impersonate them.)

2. Config Process

Email rc2-request@colostate.edu with which option (above) you're using (and, if you want to specify an IP, the IP of your host mounting this) and the share/folder (faber/jennings).

ACNS will email back with your mounting instructions, such as: "You can access the mount at campusrstornfs1.onefs.colostate.edu/faber . The export location is at the root of your files space on RSTOR, just like the Windows share. You should be able to specify a subdirectory as a mount location (e.g. campusrstornfs1.onefs.colostate.edu/faber/jennings). Access to the export is limited to the IP address you provided."

3. Troubleshooting

If you get this error, "mount.nfs: access denied by server while mounting ...." on mounting to a subdirectory of your college storage account folder, be sure to specivfy NFS v3. (Note the -o v3 option in this example command:)

sudo mount -o v3 campusrstornfs1.onefs.colostate.edu:/ifs/ACNS-NAS1/collegefolder/subfolder /mnt