[COLUG] NFS on Windows Unified Data Storage Server 2003

Travis Sidelinger travis at ilive4code.net
Tue Aug 21 01:07:55 EDT 2007 

I like Brian's idea too.  Don't use the Windows NFS server.  Instead 
create normal Windows shares and mount them from Linux.  You could have 
a single Linux server mount those shares and re-share them under over NFS.

As for name services, I don't know how reliable Windows 2003 is as a 
plain LDAP server, but my experience with Samba's winbind is that it 
works quite well.

Windows and Unix permissions don't exactly map.  Though I can't speak 
for what issues you will have off hand.

Hope this helps.

Travis Sidelinger

Scott Merrill wrote:
> We have a Windows Unified Data Storage Server 2003 running at $work,
> which we would like to use to provide unified home directories to users
> in our (upcoming) Active Directory, allowing folks to log on using
> either Windows or GNU/Linux (RHEL4 and RHEL5) workstations.
>
> Windows UDS speaks CIFS, NFS2 and NFS3.  The file server is a member of
> the Active Directory.  The workstations with which I am testing are
> members of the AD, using Kerberos for login authentication, and LDAP for
> nsswitch lookups.  From a Linux client, I can do `getent passwd` and
> `getent group` to see those user and group accounts which have been
> supplied with UNIX credentials within the AD.
>
> I used this tutorial for joining the Linux clients to the AD:
> http://blog.scottlowe.org/2007/01/15/linux-ad-integration-version-4/
>
> I have created NFS shares on the Windows UDS server, and defined two
> hosts as having permission to mount them.  I have enabled anonymous
> connections, using UID and GID of 65534.  I have also permitted root
> connections.
>
> The first time I mount the share from the Linux client, it is owned by
> nfsnobody; so it appears that the Windows UDS server is applying a
> root_squash (even though I told it that root was permitted).  All of the
> files and directories inside the share are also owned by
> nfsnobody.nfsnobody.
>
> If I do nothing else, then domain users on the Linux client are unable
> to access the contents of the share, regardless of the NTFS permissions
> that are applied to that share.
>
> If I chgrp the share to the domainusers group, then my domain users can
> access the share, but may not access their home directories inside that
> share:
>
> # su - user.1
> su: warning: cannot change directory to /home/user.1: Permission denied
> -bash: /home/user.1/.bash_profile: Permission denied
> -bash-3.1$ exit
> logout
> -bash: /home/user.1/.bash_logout: Permission denied
>
> After executing from the Linux clint (as root)
> 	# chown user.1 /home/user.1
> 	# chgrp domainusers /home/user.1
> I can successfully `su - user1`, as well as log in via GDM.  I see that
> user.1 owns /home/user when I do an `ls -lha /home`.
>
> I have examined the resultant NTFS permissions from the above chown and
> chgrp commands, and replicated them using the Windows Explorer security
> controls to user.2 (using user.2 as the owner of /home/user.2).  After
> changing ownership and NTFS permissions from Windows, I can `su -
> user.2`, for example.
>
> If leave the Linux client alone for a while (current tests have been a
> couple hours -- I haven't gotten more granular than that, yet), then the
> permissions on the share and the contents of the share "revert" back to
> nfsnobody when I do `ls -la /home`.  I _can_ do `su - user.1`, and when
> I exit out, `ls -lha /home` shows me that user.1 owns /home/user.1, but
> nfsnobody still owns all the other directories.  I can repeat the
> process for user.2, and see that he now owns /home/user.2, but no other
> directories are modified.
>
> I left for the weekend on Friday, leaving the share mounted on the Linux
> client.  When I came back in this morning, I found that nfsnobody again
> owned the share, and the contents of the share.  This time, however, I
> was unable to `su - user.1`: I got "permission denied" as above.  I had
> to `chgrp domainusers /home`, and then `chown user.1 /home/user.1`
>
> Looking to Google for help on this issue is particularly unhelpful.
> There's not a lot of non-sales review stuff on Windows UDS yet; and "NFS
> permissions" isn't a sufficiently specific term to weed out all the
> unrelated hits that Google feeds me.
>
> I'm curious if anyone on the list has any insight that might assist me.
>   Are there client-side NFS mount options I can try?  I'm currently
> using these:
> rw,nosuid,nodev,noatime,nodiratime,nfsvers=3,posix,rsize=32768,wsize=32768
> I have tried with both nfsvers=2 and nfsvers=3.
>
> Thanks in advance,
> Scott
>
>

More information about the colug432 mailing list