Sign in with
Sign up | Sign in
Your question

[NFS] permissions issue

Last response: in Networking
June 6, 2011 2:19:27 PM

Hey guys,

Been toying around with some NFS shares hosted on a win2k8 r2 server and trying to share between mac osx and win xp/7 clients. Currently I'm only able to get it working anonymously. When I try to specify a user, group, or specific computer, I get access denied. I have specified the proper permissions on the folder level as well. I'm using Active Directory as my Identity mapping source and I've seemingly set everything up correctly following Microsoft's technet article(s). I've gone through a few hours of research and trial and error before deciding to create a post anywhere.

Ideally, would like to get rid of anonymous logon for obvious reasons and really secure down some of these shares. Most of the support I find is for win2k3 and some of it doesn't seem to apply to 2k8 r2. I've tried specifying a User Name Mapping server as well under Services for Network File Systems but even anonymous doesn't even work when I try that. Read that I need to specify that server in the .maphosts file which I also cannot locate in 2k8 r2, if it exists. Any help or direction is greatly appreciated.

*Note- this is only a test environment right now, nothing is live. Testing NFS out as a future alternative only.

What should I have, if anything more in this NFS Share Permissions area? Am I supposed to be able to add Active Directory users and groups to this? Because I cannot, which would in turn be my problem. I have added actual user machines to this list, which it lets me, but they still get denied access.

Thanks in advance. Any help or info is greatly appreciated.

More about : nfs permissions issue

June 6, 2011 6:36:17 PM

Setup a local account for rights to the files. Add that user to the share/file permissions. When you connect, put in the username as PCNAME/USERNAME, PCNAME would be the computer where the share lives on and you created that user on. See if that works.
June 7, 2011 12:09:37 PM

Locally on the server as you stated actually does work.
Related resources
June 7, 2011 1:26:02 PM

fcsber said:
Locally on the server as you stated actually does work.

Right, so authenticate with that same account when you connect to the share. Or does that not work?
June 7, 2011 1:28:46 PM

Does not work. My whole problem is trying to give the share network credentials.

If I do switch over, I have about 300 users, and probably 20-25 different groups that would need various access to various shares.
June 7, 2011 1:47:28 PM

There is a way. There is Identity mapping and User name mapping but as of yet, I haven't set it up right or have yet to make it work.
June 10, 2011 6:53:44 PM

hang-the-9 said:
Don't think you can use AD or your Windows network credentials for NFS, NFS was made for UNIX.

Take a look here

I do agree with that. Windows doesn't use NFS to access resources. I uses CIFS. If you are joining your mac to your AD, you shouldn't need any user mapping or anything either since the user from your windows domain is the same as the "mac domain".

I've never worked on mac, but I did about the same setup using a w2k3r2 AD with XP, linux and solaris environment. I don't need any mapping since I'm using the same domain name/user name. I also need CIFS shares to share between windows machine, and NFS share to share stuff between unix machines.

You can also setup NFS and CIFS share to the same folder if needed.