Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
15265
Views
25
Helpful
4
Comments

ISE NFS Repository Configuration Example

Tim Beebe
Cisco Employee
Cisco Employee

on ‎11-06-2018 02:10 PM

Configure Windows 2016 Server for NFS

1. Log in to the Windows 2016 Server and open Server Manager

2. Click on Add roles and features


001-AddRoles.png

 

3. Select Role-based or feature-based installation

002-Rolebasedinstall.png

 

4. Select a server from the server pool

004-ServerForNFS.png

 

5. Expand File and Storage Services and File and iSCSI Services and then select Server for NFS

004-ServerForNFS.png

 

6. Confirm to Add Features

005-ConfirmFeatures.png

 

7. Click Next on the Features Page

006-ClickNext.png

  

8. Click Install

007-Install.png

 

9. Close the window once Installation is complete

008-ClickClose.png

 

10. Create a shared folder and note the path

This example uses C:\NFSShare

009-NFSShare.png

 

 

11. Open Server Manager and click on File and Storage Services

010-FileStorageServices.png

 

12. Click on Shares

011-Shares.png

 

13. On the right of the screen, select the TASKS dropdown and click on New Share

012-NewShare.png

 

14. Select NFS Share – Quick

Click Next

013-NFSQuick.png

 

15. Set the Share Location to the shared folder created in step 10

Click Next

014-FilePath.png

 

16. Confirm the Share name, local path, and remote path

Click Next

015-ShareName.png

 

17. Specify authentication methods based on the security policy for your organization. For the lab demonstration, all options will be selected. 

Click Next016-Authentication.png

 

 

18. On the Share Permissions page click on Add

Set the ISE Host IP address

Set Share Permissions to Read / Write

Add the permission and repeat for any other hosts (MNT, etc.)

Allow root access

017-AddPermissions.png

 

19. Verify permissions and click Next

018-VerifyNext.png

 

20. Click on Customize permissions…

019-CustomizePermissions.png

 

Click Add

020-AddUser1.png

 

 

Click Select a principal

021-AddUser2.png

  

Since ISE NFS uses the ISE machine account for NFS access we will add the ISE machine to the allowed users

Add the ISE Machine Account

            Click OK

023-AddUser6.png

 

            Set Basic permissions and click OK

          023-AddUser52.png

 

Click Apply and OK

Click Next

 

21. Click Create

024-Create.png

 

22. Click Close

025-Close.png

 

 

Configure ISE to use the NFS Repository

 

1. Log in to the ISE GUI

2. Navigate to Administration > Maintenance

 

026-AdminMaint.png

 

3. Select Repository

 

027-Repository.png

  

4. Click Add

 

027-ClickAdd.png

  

5. Name the Repository

Set the protocol to NFS

Set the server FQDN or IP address

Set the Path

Click Submit

 

028-AddRepo.png

  

Verify ISE can view the contents of the repository from the CLI

 

1. Create a test file in the NFS repository

2. Access the ISE CLI via SSH

3. Run the command: show repository <repository name>

029-ShowRepo.png

 

 

Comments
Rob_Walko
Level 1
Level 1
‎01-30-2020 11:28 AM

Exactly what I needed, thank you!!

neil.j.bishop
Level 1
Level 1
‎04-20-2021 05:57 AM

I followed the instructions but still cant get the NFS to work on ISE 2.7 patch 3!

 

I have setup everything on the windows server etc. but unsure of the 'specify permission to control access' section, it says add ISE machine account!? what is this refering to? Is it an ISE user account setup on active directory or the computer object for the ISE in AD??

I have now tried adding it so many different ways and i cant get it to work as a repository on my ISE's.

Dasch7531
Level 1
Level 1
‎07-02-2021 07:36 AM

There is a bug using GUI and a NFS Repository. Upgrade to Patch 4. From Release notes: 

CSCvv43383
NFS Repository is not working from GUI 

https://www.cisco.com/c/en/us/td/docs/security/ise/2-7/release_notes/b_ise_27_RN.html

and here is the bug report

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv43383

 

 

 

gmasters428
Level 1
Level 1
‎07-27-2022 11:39 AM

@neil.j.bishop  I was able to get mine working using the AD computer object. I was confused on that as well. One caveat is if the server has multiple drives, you must specify the drive letter in the repository path on ISE. Ex: /c/share

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents