SFU NFS Implementation

Windows doesn't natively support NFS. This means that if a Windows client wants to access files and other resources from a Unix server, the Windows machine will need to be made NFS-aware. SFU NFS implementation provides for free functionality for which you need to pay substantial money in case you use commercial application like NFS Maestro.

Windows Services for Unix provides three different components for accomplishing this task:

• Client for NFS: The first of the NFS components is the Client for NFS. The NFS client allows Windows 95, 98, Me, NT, 2000, and XP workstations (or servers) to access an NFS share point. There really isn't a whole lot to the NFS client. It's similar to the client for NetWare Networks in that it allows a client to authenticate into, and access files from, a foreign file system.
  
• Server for NFS: The Server for NFS works in the opposite direction as the Client for NFS; it allows a Windows Server to emulate a Unix server. Unix workstations are able to attach to the Windows server in a way that makes the Windows server appear to be a Unix server. This means that both Windows and Unix clients can access a share point on a Windows server simultaneously.
  
• Gateway for NFS: The Gateway for NFS option is a great way to make Unix resources available to Windows users who are unfamiliar with Unix. It lets a Windows server act as a Unix client that is capable of accessing a predetermined set of resources. The Windows server then reshares those resources with the Windows clients. When you create a share point with Gateway for NFS, Windows users access the share point on the Windows server in the usual manner (using the SMB protocol). Although the files that the Windows workstations access appear to be on the Windows server, they are actually on a Unix machine. If a Windows workstation requests a file, the Windows server retrieves the file from the Unix machine and passes it to the Windows workstation.

Although Gateway for NFS is a new feature, it's very reminiscent of Gateway Services for NetWare (GSNW). What's nice about this gateway is that it seems Microsoft has learned from its experience in GSNW and has really beefed up security. If you've ever used GSNW, you know that its biggest weakness is its total reliance on share-level security. If two shares happen to overlap and a user has different permissions on the two shares, the user could pass through the less restrictive share to gain an unauthorized level of access to the more restrictive share.

Microsoft addressed this problem in the Gateway for NFS component with the creation of client groups. You can create groups similar to Windows 2000 security groups and assign them to Unix share points. While the entire operation still relies on share-level security, there's a handy check box you can use to block access to the share's root level, thus preventing the security problems associated with GSNW.

Overall performance gains for NFS 3.5 are 50% on comparable hardware.

• Client for NFS SFU 3.5 implements several incremental but important changes in Client for NFS, making the client both faster and better behaved in mixed environments. These improvements include the ability to set setuid, setgid and sticky bits and create symbolic links, both important functionality additions. Additionally, the mount and file system traversal syntax expected by UNIX and Linux users is fully supported and integrated into SFU.

  To improve performance, Client for NFS now uses directory caching at the client, significantly improving the perception of speed by the end user. The mount command now provides for a case-sensitivity option to improve overall performance against UNIX shares.

  This version of Client for NFS also improves support for international character sets, including updating the mount command and providing support for Japanese, Korean and Chinese character sets.
  

• Gateway for NFS
Gateway for NFS has also had incremental improvements, including enhancements to both the command line and GUI administrative tools; Japanese, Korean, and Chinese character set support; and improvements in support for clustering. Administrators can also now set default file permissions for new NFS files.

• User Name Mapping Server The User Name Mapping Server is now cluster-enabled, making it highly available. Also, several performance enhancements have significantly improved the scalability of the User Name Mapping Server. The number of groups that an individual user can belong to is now set dynamically instead of being a hard-coded, maximum limit. Also, the User Name Mapping Server now supports user names with non-ASCII characters and is fully supported by the Interix subsystem when accessing NFS mounted file systems.

  A significant improvement for User Name Mapping server is the support for a redundant pool of User Name Mapping Servers, eliminating the single point of failure and allowing clients to fail over to the first available mapping server.

  Additionally, the User Name Mapping Server supports the .maphost file, allowing administrators to implement security based on the trusted hosts model.
  

• Server for NIS and Password Sync. There have been several improvements in the overall management of UNIX and Windows accounts in SFU 3.5, many of them as a direct result of user requests. These include improved logging, debugging, and support for creating users with a UID of less than 100. Also, to improve overall security, Server for NIS and password synchronization now both support the use of MD5 encryption of passwords, significantly improving security and integration with existing NIS environments.

  Additionally, with the performance enhancements in SFU 3.5, Server for NIS can handle up to 64,000 users. Migration times have also been substantially improved, with data migration times now roughly 40 percent of what they were with SFU 3.0.

  For those implementing password synchronization on platforms not included with the SFU distribution, the encryption libraries are now included, along with all the source code, greatly simplifying compilation and implementation.

SFU uses device files in the same way as UNIX or Linux, but you can't use the NFS file system as a bootable device for a diskless NFS workstation, and some common device files like /dev/tcp aren't possible.

Windows drives are available as /dev/fs/DRIVELETTER, for example /dev/fs/C, /dev/fs/D/

While you can create symlinks and/or aliases to mask this difference, it isn't recommended as a best practice.

Windows network shares are available without mounting to a drive letter by using the convention /net/MACHINENAME/sharename.

Shares that have been mounted on a drive letter are, of course, available as /dev/fs/DRIVELETTER.

Microsoft Windows Services for UNIX 3.5 provides all the features and tools necessary to give the user or administrator in a mixed environment the ability to use and manage their resources transparently across Windows, Linux, and UNIX systems.

Write Access to Unix Directories from NFS client

Many users experience difficulties trying to mount the Unix server directory with write access (rw) from SFU (see posts in the News section of SFU NFS page ).

The prerequisite is to install User Name Mapping server and ensure that UID and GUI of the user match with Unix server.

Also on Unix side share command should specify the clent IP or DNS name:

share -F nfs -o rw=10.194.155.10 /export/home/bezroun

After that mount command with format

mount myserver:/export/home/bezroun N:

will mount the directory as expected. My experiments with using -u: and -p: keys for SFU command were unsuccessful.

Other users also reported many problems. See News section below.

Checklist: Setting up Client for NFS

Configuring Client for NFS

When configuring Client for NFS on Windows 2000 Professional, you only need to know the name of the mapping server that you use for authenticating and mapping users.

You can use Nfsadmin.exe, a command-line utility, for configuration and administration of Client for NFS. Nfsadmin uses the following syntax:

nfsadmin client computer-name option=value

where client indicates that you want to configure the NFS Client and computer-name is the name of the computer which is running the NFS Client.

The command-line options that you can use with Nfsadmin to configure Client for NFS.

To access Client for NFS

After you configure Client for NFS, you can mount files directly from UNIX hosts in Windows 2000 Professional by using either Windows Explorer or the command prompt.

To access NFS Files and Directories with Windows Explorer

Note When you attempt to access NFS files and directories from Windows 2000 Professional and do not see any NFS volumes available, it is likely that the NFS directories and files have not been configured to be exported on your UNIX host. Refer to your UNIX documentation for more information about exporting NFS directories and files.

Note If your user name exists in the authentication domain (PCNFSD/NIS), you are able to access the NFS resources with proper credentials. If your user name does not exist in the NIS/PCNFSD domain, you must access the resources as an anonymous user. However, you can change logon credentials by selecting Connect using a different user name. You can then provide the NIS/PCNFSD credentials you want to use to access Server for NFS.

To access NFS Files and Directories from the Command Prompt

Mount Parameters and Descriptions

User Name Mapping

Overview of Services for UNIX 3.0 with Interix User Name Mapping

• Understanding User Name Mapping
  • Allow Windows users access NFS servers using Windows credentials
  • Allow Unix users access NFS files on Windows servers
  • Keep consistency in file access across all NFS clients and servers
  • Ease administrative task maintaining mappings on all machines
• Simple and Advanced Maps

Understanding User Name Mapping

• User Name Mapping acts as a single clearinghouse that provides centralized mapping services for Client for NFS, Gateway for NFS, and Server for NFS.
• User Name Mapping lets you create maps between Windows and UNIX user and group accounts even though the user and group names in both environments may not be identical. Perhaps most important, User Name Mapping lets you maintain a single mapping database for the entire enterprise. This makes it easy to configure authentication for multiple computers running Client for NFS, Gateway for NFS, and Server for NFS.
• In addition to one-to-one mapping between Windows and UNIX user and group accounts, User Name Mapping permits one-to-many mapping. This lets you associate multiple UNIX accounts with a single Windows account, or multiple Windows accounts with a single UNIX account. This can be useful, for example, when you do not need to maintain separate UNIX accounts for individuals and would rather use a few accounts to provide different classes of access permission.
• You can use simple maps, which map Windows and UNIX accounts with identical names. You can also create advanced maps to associate Windows and UNIX accounts with different names, which you can use in conjunction with simple maps.
• User Name Mapping can obtain UNIX user, password, and group information from one or more NIS servers or from password and group files. The password and group files can be on a UNIX computer running the PCNFS daemon (PCNFSD), a Windows computer running Server for PCNFS, or stored locally (e.g. transferred from the Unix Server via FTP) on the Windows User Name Mapping computer.
• User Name Mapping periodically refreshes its mapping database from the source databases, ensuring that it is always kept up to date as changes occur in Windows and UNIX name spaces. You can also refresh the database anytime you know the source databases have changed.
• You can back up and restore User Name Mapping data at any time. Because the database is backed up to a file, you can use that file to copy the mapping database to another server. This provides a level of redundancy for fault tolerance.
• If you obtain information from multiple NIS domains, it is assumed that each domain will have unique User Identifiers (UIDs).

User Name Mapping (Server)

1. NFS client includes the UID/GID in the mount request to the Server for NFS for the requested NFS file share.
2. Server for NFS maps UID/GID to a corresponding Windows-based user name using mapping data provided by the User Name Mapping server.
3. User Name Mapping Server returns the SID credentials of the mapped Windows users.
4. The File share is now accessible from the Unix client, with authorization based on the credentials (SID) of the impersonated Windows user from Name Mapping (Step 3).
5. NFS request is fulfilled to the NFS client

User Name Mapping (Client)

1. The Windows credentials (SID) are sent to the User Name Mapping Server, which maps the Windows user's credentials to the Unix user and group names
2. The User ID (UID) and Group ID (GID) are returned to the Windows NFS client.
3. Client for NFS stores the returned UID/GID (for subsequent access to the same UNIX NFS server) and includes the UID/GID in the mount request to the UNIX server for the NFS file share.
4. File share is now accessible from the Windows client, with authorization based on the UID/GID sent in the mount request.

Simple and Advanced Maps

• Simple Maps : In a simple user map, users in a Windows domain are implicitly mapped one-to-one to UNIX users on the basis of user name. When the Windows domain and the UNIX passwd and group files or Network Information Services (NIS) domain are identified, User Name Mapping maps users and groups that have the same name in both the Windows and UNIX or NIS domain. If there is no match for a user/group name in either place, that user/group is not mapped to anything.
• Advanced Map : You can use advanced maps to set up one-to-one, one-to-many, or many-to-one mappings between Windows users and UNIX users and groups. For example, a Windows user name could be mapped to several UNIX user names, or a UNIX group could be mapped to a Windows user. Advanced maps can also be used when the same person has different user names on Windows and UNIX.

Once maps are set up, users can log on to Windows using their Windows user name/password, and access UNIX resources without supplying a UNIX user name and password. User Name Mapping checks the authenticity of the Windows user and issues the appropriate UID/GID for use with the UNIX system. Likewise, UNIX users can log on to their computers and access Windows files (User Name Mapping provides the credentials). If the same user appears in both a simple and an advanced map, the advanced map is used.

User can't access his files on NFS share#6652

There is a difference in the security models and, most particularly, how they are implemented.

With the typical and historic Unix model the UID and GID identify the user and group that the
process is running as; there is also the same for effective UID and GID. The association with
these UID's/GID's provides all of the security context of the process. With this UID/GID combo
you have the right to do XXX -- no more, no less.

With an NT process (and I call it an NT process since this applies to all process types:
Interix, Win32, OS/2, and Native {Win32 != Native}) each running process has a set of ACL's
(Access Control List). This is very similar to the ACL's for disk files, but for the process.
There is for each process a security token that is an ACL. It identifies the SID's associated
with the process (akin to UID's/GID's and user), but this does not infer that all rights and
privileges associated with these SID's automatically. NT also separates rights and privileges
are two separate things (though most discussions either treat them the same or blur the distinction).
The ACE's (Access Control Entries) in the ACL can list a large, complex array of permissions that
are granted or denied. But there are some other identifiers in the security token. One of these
is an identifier/marker by the security system (in the kernel). This marker is usually used in a lookup
because it's a unique number (I'll skip over details for now).

Now to your question:
When a daemon is running, it runs by default as local Administrator (uid 197108).
The Interix subsystem allows 197108 the special ability to behavior more like the typical "Unix root".
Like with Unix, this ability is associated with the UID (197108). So 197108 can, by the special ability,
become another user without needing a password (as your daemon does). But this ability is powerful. So
a constraint of this ability is that the security token is valid for the local machine only. The marker,
mentioned earlier, will not validate with a lookup (finer details skipped for brevity). If during the
change from one user to another the password for the end-user is provided then a security token is
created with a marker that validates on lookup.

So why does this apply to NFS which in implementation doesn't really give a hoot? Give NFS a UID and
it normally is quite happy to give whatever you ask for. Well it has to do with the implementation of
the client driver on the Windows side. The Windows driver is doing work for (potentially) many processes
for different users. So the driver change (impersonates) the requesting process based on the requesting
processes security token (this is done via the NT kernel's LPC system). Since the marker is invalid
then the driver says "no-go" in mapping the SID to a UID for the NFS request (remember the NFS request
is stateless so this info is sent each time). So, Bob's your uncle, no off machine disk access.
A Unix NFS client would just pass the UID through.

The work-around is to change the user not using seteuid() but to user setuser() and provide a password
(xref the setuser man page). The downside is that this replaces the calling process' token. So you'd
need to fork off a child and stream the information back to the parent (likely through a pipe).

===

Rodney, thank you very much for these informations! I see that Interix can't allow passwordless network access without breaking the strict (paranoid?) security rules of Windows. On the other hand, something like a seteuid(uid, password) to get network access but keep the ability to switch back to the Administrator would be a very nice thing here. quote: ORIGINAL: Rodney The work-around is to change the user not using seteuid() but to user setuser() and provide a password (xref the setuser man page). The downside is that this replaces the calling process' token. So you'd need to fork off a child and stream the information back to the parent (likely through a pipe). That's what I feared already. I did something similar in a different place before, and it was a ugly piece of work...

PCNFS

Server for PCNFS. This component is similar to a PCNFS daemon (PCNFSD) running on a UNIX server. Windows users running PCNFS or Windows Services for UNIX Client for NFS version 1.0 software on their computers can access NFS file systems by providing the required UNIX user name and password when they attempt to access an NFS file.

To install Server for PCNFS Using the Windows interface:

1. Open Add/Remove Programs or Add or Remove Programs.
2. Click Microsoft Windows Services for UNIX, and then click Change.
3. Click Next.
4. Click Add or remove, and then click Next.
5. In Components, click the plus sign (+) next to Authentication Tools for NFS.
6. Click Server for PCNFS, click Will be installed on local hard drive, and then click Next.
7. Follow the remaining instructions in the Wizard.

Notes

• To open Add/Remove Programs or Add or Remove Programs, do one of the following:
  • In Windows 2000, click Start, point to Settings, click Control Panel, and then double-click Add/Remove Programs.
  • In Windows XP or Windows Server 2003 family, click Start, click Control Panel, and then double-click Add or Remove Programs.
• Server for PCNFS cannot be run from a network server. All files must be installed on the local computer.

Using a command line

• At a command prompt, type:

  msiexec /I sfusetup.msi /qb addlocal="Pcnfsd"

Notes

• For this command to work, the file sfusetup.msi must exist in the directory from which you run the command. If sfusetup.msi is in a different directory, include the full path.
• This command is intended as an illustration only. Previously installed components must also be specified as addlocal arguments, or they will be removed. If Windows Services for UNIX is not already installed, additional components may be required. See To install Windows Services for UNIX for more information.

Related Topics

Windows Services for UNIX overview

Windows 2000 UNIX Interoperability/User Authentication

When an attempt is made to access NFS resources located on Server for NFS, user name mapping and authentication are performed. During an NFS call, Server for NFS receives a UNIX user identifier (UID) from an NFS client. Server for NFS then uses the mapping server to map this UID to a Windows user name. Server for NFS uses its authentication feature to authenticate the mapped Windows user name. It uses the credentials of the mapped user to access the files and provide them to the NFS client. Thus, only valid UNIX users get access to files stored on Windows-based computers when their access privileges are the same as the corresponding Windows user. Authentication is provided by Server for NFS Authentication, which you must install either on all domain controllers, for validation of domain users, or on the computer running Server for NFS, for validation of local users.

Services for UNIX 2.0 provides the following components, which you can use for authentication of file access on an NFS server.

Server for PCNFS You can install Server for PCNFS on either Windows 2000 Professional or Windows 2000 Server. Server for PCNFS is one option for providing user authentication services when NFS-based clients (Client for NFS or third-party NFS clients) need to access NFS files. Server for PCNFS works with the mapping server. The mapping server can parse files from any PCNFSD server and then provide authentication and mapping to client computers running Client for NFS.

Server for NIS Server for NIS must be installed on a Windows 2000 Server that is configured as a domain controller. Server for NIS allows a Windows 2000 Server that is configured as a domain controller to act as the NIS master for a particular UNIX domain. One service that Server for NIS provides is the capability to authenticate requests for NFS shares.

Note You can also configure a UNIX NIS server to provide authentication for computers that have Client for NFS installed.

Installing Server for PCNFS

If you select Server for PCNFS for authentication, you need to install it on any computer that is running either Windows NT or Windows 2000, which you want to act as a PCNFSD server.

To install Server for PCNFS from Windows

1.	Run Services for UNIX Setup.
2.	Click typical installation.
3.	Select Server for PCNFS, and then select run it from my computer.

To install Server for PCNFS from the command prompt

•	At the command prompt type: msiexec /I sfusetup.msi /qb ADDLOCAL="PCNFSDServer"

Note To use the preceding command, Sfusetup.msi must exist in the same directory from which you execute the command. If Sfusetup.msi is in a different directory, include the full path. You can find Sfusetup.msi in the i386 directory on the installation CD.

Table 25.5 lists the files that are installed during the installation of Client for NFS.

Table 25.5 Server for PCNFS Files

File Name	Description	Location
Pcnfsd.exe	PCNFSD service	%windir%\system32
Kepcnfsd.sys	Kernel-mode component	%windir%\system32\drivers
Portmap.sys	Portmapper	%windir%\system32\drivers
Rpcxdr.sys	RPC/XDR	%windir%\system32\drivers
Pcnotify.mof	WMI class for Services for UNIX admin	%windir%\system32\wbem
Clinfs.chm, Clinfs_.chm, Gatenfs.chm, Gatenfs_.chm, Mapserv.chm, Mapserv_.chm, Nisserv.chm, Nisserv_.chm, Passync.chm, Passync_.chm, Pcnfsd.chm, Servnfs.chm, Servnfs_.chm, Sfuart.chm, Sfushare.chm, Sfuwipro.chm, Telclin_.chm, Telclint.chm, Telserv.chm, Telserv_.chm, Unixutil.chm, Readme.txt	Help files	<SFU directory>\help

Username Mapping Server

The computer on which you install Username Mapping Server can be running either Windows 2000 Professional or Windows 2000 Server. Username Mapping Server depends on either an NIS server or a PCNFSD server to provide the UNIX user information. This UNIX user information is used by Username Mapping Server to map and authenticate users. As Figure 25.4 illustrates, all the NFS components (Client for NFS, Server for NFS, and Gateway for NFS) must first go through Username Mapping Server during the mapping and authentication process.

Figure 25.4 Username Mapping Server

Username Mapping Server provides two kinds of mappings. The easiest is simple mapping: a UNIX user is mapped to a user with the same user name in the Windows domain and vice versa. Administrators can also configure advanced mapping: a UNIX user is mapped to a user with a completely different user name in a Windows domain and vice versa.

When Username Mapping Server receives a request, it first checks if there is an advanced mapping for the given user and returns the mapping if it finds one. If it does not find such a mapping, it looks for a simple mapping. If it finds such a user, it provides the mapped user.

Note When using Username Mapping Server, you can use Server for PCNFS or Server for NIS from Services for UNIX, or you can use a PCNFSD server or NIS server on a UNIX computer.

Installing Username Mapping Server

If you select Username Mapping Server to map and authenticate your users, you need to install it on any computer that is running Windows NT or Windows 2000 and acting as a mapping server.

To install Username Mapping Server from Windows

1.	Run Services for UNIX Setup.
2.	Click custom installation.
3.	Select Username Mapping Server, and then select run it from my computer.

To install Username Mapping Server from the command prompt

•	At the command prompt type: msiexec /I sfusetup.msi /qb ADDLOCAL="Username Mapping Server"

Note To use the preceding command, Sfusetup.msi must exist in the same directory from which you execute the command. If Sfusetup.msi is in a different directory, include the full path. You can find Sfusetup.msi in the i386 directory on the installation CD.

Table 25.6 lists the files that are installed when you install Username Mapping Server.

Table 25.6 Username Mapping Server Files

File Name	Description	Location
Mapadmin.exe	Mapping utility	<SFU directory>\common
Mapsvc.exe	Mapping server	<SFU directory>\mapper
Clinfs.chm, Clinfs_.chm, Gatenfs.chm, Gatenfs_.chm, Mapserv.chm, Mapserv_.chm, Nisserv.chm, Nisserv_.chm, Passync.chm, Passync_.chm, Pcnfsd.chm, Servnfs.chm, Servnfs_.chm, Sfuart.chm, Sfushare.chm, Sfuwipro.chm, Telclin_.chm, Telclint.chm, Telserv.chm, Telserv_.chm, Unixutil.chm, Readme.txt

SFU Mount Command

SFU mount command is very idiosyncratic. To mount you need to specify the drive letter as a target.

mount -o fileaccess=666 myserver:/export/home/myhome m:

or

mount -o fileaccess=666 -u:myuserid myserver:/export/home/myhome p:

If command executes properly you can see the results using mount command without parameters

Local Remote Properties
------------------------------------------------------------------
p: \\checkpoint\home\bezroun UID=-2, GID=-2
rsize=32768, wsize
mount=soft, timeou
retry=1, locking=y
fileaccess=666, la
casesensitive=no

If you use mount as root from SFU prompt it uses UID=-2, GID=-2, but you can run this command as user too and then it will use values from /etc/passwd

Here is the man page in its full glory:

mount(1w)                                                     mount(1w)

  mount

  NAME

    mount - Windows command-line utility to mount network file system (NFS)
    network shares

  SYNOPSIS

    mount [-o option[...]] [-u:username] [-p:password | *]
          [{\\computername\sharename | computername:/sharename}]
          [devicename | *]

  DESCRIPTION

    The mount Windows command-line utility mounts the file system identified
    by sharename exported by the NFS server identified by ComputerName and
    associates it with the drive letter specified by DeviceName or, if an
    asterisk (*) is used, by the first available driver letter. 

    Users can then
    access the exported file system as though it were a drive on the local
    computer. When used without options or arguments, mount displays
    information about all mounted NFS file systems.

    The mount utility is available only if Client for NFS is installed.

    The following options and arguments can be used with the mount utility.

    -u:username
        Specifies the user name to use for mounting the share. If username is
        not preceded by a backslash (\), it is treated as a UNIX user name.
    -p:password
        The password to use for mounting the share. If you use an asterisk
        (*), you will be prompted for the password.

    -o rsize=[buffersize]
        Sets the size in kilobytes of the read buffer. Acceptable values are
        1, 2, 4, 8, 16, and 32; the default is 32 KB.

    -o wsize=[buffersize]
        Sets the size in kilobytes of the write buffer. Acceptable values are
        1, 2, 4, 8, 16, and 32; the default is 32 KB.
    -o timeout=[seconds]
        Sets the time-out value in seconds for a remote procedure call (RPC).
        Acceptable values are 0.8, 0.9, and any integer in the range 1-60; the
        default is 0.8.
    -o retry=[number]
        Sets the number of retries for a soft mount. Acceptable values are
        integers in the range 1-10; the default is 1.
    -o mtype=[soft | hard]
        Sets the mount type (default is soft). Regardless of the mount type,
        mount will return if it cannot immediately mount the share. Once the
        share has been successfully mounted, however, if the mount type is
        hard, Client for NFS will continue to try to access the share until it
        is successful. As a result, if the NFS server is unavailable, any
        Windows program trying to access the share will appear to stop
        responding, or "hang," if the mount type is hard.

    -o anon
        Mounts as an anonymous user.

    -o nolock
        Disables locking (default is enabled).

    -o casesensitive
        Forces file lookups on the server to be case sensitive.
    -o fileaccess=mode
        Specifies the default permission mode of new files created on the NFS
        share. Specify mode as a three-digit number in the form ogw, where o,
        g, and w are each a digit representing the access granted the file's
        owner, group, and the world, respectively. The digits must be in the
        range 0-7 with the following meaning:
        *     0: No access
        *     1: x (execute access)
        *     2: w (write access)
        *     3: wx
        *     4: r (read access)
        *     5: rx
        *     6: rw
        *     7: rwx
        Interix utilities and applications do not use these default
        permissions when creating a file on the NFS share. Instead, they set
        permissions according to the user's default mode settings as set by
        the umask(1) utility.
    -o lang={euc-jp|euc-tw|euc-kr|shift-jis|big5|ksc5601|gb2312-80|ansi}
        Specifies the default encoding used for file and directory names and,
        if used, must be set to one of the following:
        *     ansi
        *     big5 (Chinese)
        *     euc-jp (Japanese)
        *     euc-kr (Korean)
        *     euc-tw (Chinese)
        *     gb2312-80 (Simplified Chinese)
        *     ksc5601 (Korean)
        *     shift-jis (Japanese)
        If this option is set to ansi on systems configured for non-English
        locales, the encoding scheme is set to the default encoding scheme for
        the locale. The following are the default encoding schemes for the
        indicated locales:
        *     Japanese: SHIFT-JIS
        *     Korean: KS_C_5601-1987
        *     Simplified Chinese: GB2312-80
        *     Traditional Chinese: BIG5

  NOTES

    If you make a persistent connection with mount, you must use umount(1w) to
    delete the connection. Neither the net use command nor
    Microsoft Windows Explorer will delete these connections.

    You cannot use mount to create a persistent connection using PCNFS
    authentication. Before attempting to use mount with PCNFS authentication,
    at a Windows command prompt, type the command net use /persistent:no to
    disable persistent connections.

  SEE ALSO

    Map_a_network_drive

nsfadmin

nfsadmin(1w)                                               nfsadmin(1w)

  nfsadmin

  NAME

    nfsadmin - Windows command-line utility to manage Server for NFS, Client
    for NFS, and Gateway for NFS

  SYNOPSIS

    Server for NFS syntax

    nfsadmin server [computer] [-u user [-p pwd]]
    nfsadmin server [computer] [-u user [-p pwd]] -l
    nfsadmin server [computer] [-u user [-p pwd]] -r {client | all}
    nfsadmin server [computer] [-u user [-p pwd]] {start | stop}
    nfsadmin server [computer] [-u user [-p pwd]] config option[...]
    nfsadmin server [computer] [-u user [-p pwd]] creategroup name
    nfsadmin server [computer] [-u user [-p pwd]] listgroups
    nfsadmin server [computer] [-u user [-p pwd]] deletegroup name
    nfsadmin server [computer] [-u user [-p pwd]] renamegroup oldname newname

    nfsadmin server [computer] [-u user [-p pwd]] addmembers name host[...]

    nfsadmin server [computer] [-u user [-p pwd]] listmembers
    nfsadmin server [computer] [-u user [-p pwd]] deletemembers group
    host[...]

    Client for NFS syntax

    nfsadmin client [computer] [-u user [-p pwd]] {start | stop}
    nfsadmin client [computer] [-u user [-p pwd]] config option[...]

    Gateway for NFS syntax

    nfsadmin gw [computer] [-u user [-p pwd]] {start | stop}
    nfsadmin gw [computer] [-u user [-p pwd]] config option[...]

  DESCRIPTION

    The nfsadmin Windows command-line utility administers Server for NFS,
    Client for NFS, or Gateway for NFS on the local computer or on a remote
    computer. If you are logged on with an account that does not have the
    required privileges, you can specify a user name and password of an
    account that does. The action performed by nfsadmin depends on the command
    arguments you specify.

    In addition to service-specific command arguments and options, nfsadmin
    accepts the following:

    computer
        Specifies the remote computer you want to administer. You can specify
        the computer using a Windows Internet Name Service (WINS) name or a
        Domain Name System (DNS) name, or by Internet Protocol (IP) address.
    -u user
        Specifies the user name of the user whose credentials are to be used.
        It might be necessary to add the domain name to the user name in the
        form domain\username
    -p pwd
        Specifies the password of the user specified using the -u option. If
        you specify the -u option but omit the -p option, you are prompted for
        the user's password.

  Administering Server for NFS

    Use the nfsadmin server command to administer Server for NFS. The specific
    action that nfsadmin server takes depends on the command option or
    argument you specify:

    -l
        Lists all locks held by clients.
    -r {client | all}
        Releases the locks held by client or, if all is specified, by all
        clients.

    start
        Starts the Server for NFS service.

    stop
        Stops the Server for NFS service.

    config
        Specifies general settings for Server for NFS. You must supply at
        least one of the following options with the config command argument:
        auditlocation={eventlog | file | both | none}
            Specifies whether events will be audited and where the events will
            be recorded. One of the following arguments is required.

            eventlog
                Specifies that audited events will be recorded only in the
                Event Viewer application log.

            file
                Specifies that audited events will be recorded only in the
                file specified by config fname.

            both
                Specifies that audited events will be recorded in the Event
                Viewer application log as well as the file specified by config
                fname.

            none
                Specifies that events will not be audited.
        fname=file
            Sets the file specified by file as the audit file. The default is
            %sfudir%\log\nfssvr.log
        fsize==size
            Sets size as the maximum size in megabytes of the audit file. The
            default maximum size is 7 MB.
        audit=[+|-]mount [+|-]read [+|-]write [+|-]create [+|-]delete [+|-
        ]locking [+|-]all
            Specifies the events to be logged. To start logging an event, type
            a plus sign (+) before the event name; to stop logging an event,
            type a minus sign (-) before the event name. If the sign is
            omitted, the plus sign is assumed. Do not use all with any other
            event name.
        lockperiod=seconds
            Specifies the number of seconds that Server for NFS will wait to
            reclaim locks after a connection to Server for NFS has been lost
            and then reestablished or after the Server for NFS service has
            been restarted.
        enabletcp={yes | no}
            Specifies whether the Transmission Control Protocol (TCP) protocol
            will be supported. The default setting is yes.
        enableV3={yes | no}
            Specifies whether NFS version 3 protocols will be supported. The
            default setting is yes.
        renewauth={yes | no}
            Specifies whether client connections will be required to be
            reauthenticated after the period specified by config
            renewauthinterval. The default setting is no.
        renewauthinterval=seconds
            Specifies the number of seconds that elapse before a client is
            forced to be reauthenticated if config renewauth is set to yes.
            The default value is 600 seconds.
        dircache=size
            Specifies the size in kilobytes of the directory cache. The number
            specified as size must be a multiple of 4 between 4 and 128. The
            default directory-cache size is 128 KB.
        translationfile=[file]
            Specifies a file containing mapping information for replacing
            characters in the names of files when moving them from Windows- to
            UNIX-based file systems. If file is not specified, then file-name
            character translation is disabled. For more information on file-
            name character translation and the format of this file, see File-
            name_character_translation. If the value of translationfile is
            changed, you must restart the server for the change to take
            effect.
        dotfileshidden={yes | no}
            Specifies whether files that are created with names beginning with
            a period (.) will be marked as hidden in the Windows file system
            and consequently hidden from NFS clients. The default setting is
            no.
        casesensitivelookups={yes | no}
            Specifies whether directory lookups will be case sensitive (that
            is, require exact matching of character case. When
            casesensitivelookups is set to yes (the default), ntfscase is
            always set to preserve.
        ntfscase={lower | upper | preserve}
            Specifies whether the case of characters in the names of files in
            the NTFS file system will be returned in lowercase, uppercase, or
            in the form stored in the directory. The default setting is
            preserve. This setting cannot be changed if casesensitivelookups
            is set to yes.
    creategroup name
        Creates a new client group, giving it the specified name.

    listgroups
        Displays the names of all client groups.
    deletegroup name
        Removes the client group specified by name.
    renamegroup oldname newname
        Changes the name of the client group specified by oldname to newname
    addmembers name host[...]
        Adds host to the client group specified by name.
    listmembers name
        Lists the host computers in the client group specified by name.
    deletemembers group host[...]
        Removes the client specified by host from the client group specified
        by group.

    To display the current Server for NFS configuration settings, specify only
    nfsadmin server; do not specify a command option or argument.

  Administering Client for NFS

    Use the nfsadmin client command to administer Client for NFS. The specific
    action that nfsadmin client takes depends on the command argument you
    specify:

    start
        Starts the Client for NFS service.

    stop
        Stops the Client for NFS service.

    config
        Specifies general settings for Client for NFS. You must supply at
        least one of the following options with the config command argument:
        fileaccess=mode
            Specifies the default permission mode of new files created on the
            NFS share. Specify mode as a three-digit number in the form ogw,
            where o, g, and w are each a digit representing the access granted
            the file's owner and group and the world, respectively. The digits
            must be in the range 0-7 with the following meaning:
            *     0: No access
            *     1: x (execute access)
            *     2: w (write access)
            *     3: wx (write and execute access)
            *     4: r (read access)
            *     5: rx (read and execute access)
            *     6: rw (read and write access)
            *     7: rwx (read, write, and execute access)
        mtype={hard | soft}
            Specifies the default mount type. For a hard mount, Client for NFS
            continues to retry a failed RPC until it succeeds. For a soft
            mount, Client for NFS returns failure to the calling application
            after retrying the call the number of times specified by the retry
            option.
        preferTCP={yes | no}
            If set to yes, specifies that TCP is the preferred transport
            protocol; if set to no (the default), specifies that User Datagram
            Protocol (UDP) is the preferred transport protocol.
        retry=number
            Specifies the number of times to try to make a connection for a
            soft mount. This value must be from 1 to 10, inclusive. The
            default is 1.
        timeout=seconds
            Specifies the number of seconds to wait for a connection (remote
            procedure call). This value must be 0.8, 0.9, or an integer from 1
            to 60, inclusive. The default is 0.8.
        rsize=size
            Specifies the size, in kilobytes, of the read buffer. This value
            can be 0.5, 1, 2, 4, 8, 16, or 32. The default is 32.
        wsize=size
            Specifies the size, in kilobytes, of the write buffer. This value
            can be 0.5, 1, 2, 4, 8, 16, or 32. The default is 32.

        perf=default
            Restores the following performance settings to default values:
            *     mtype
            *     preferTCP
            *     retry
            *     timeout
            *     rsize
            *     wsize
        fileaccess=mode
            Specifies the default permission mode for files created on network
            file system (NFS) servers. The mode argument consists of a three
            digits from 0 to 7 (inclusive) representing the default
            permissions granted the user, group, and others (respectively).
            The digits translate to UNIX-style permissions as follows: 0=none,
            1=x, 2=w, 3=wx, 4=r, 5=rx, 6=rw, and 7=rwx. For example,
            fileaccess=750 gives rwx permission to the owner, rx permission to
            the group, and no access permission to others.

    To display the current Client for NFS configuration settings, specify only
    nfsadmin client; do not specify an option or argument.

  Administering Gateway for NFS

    Use the nfsadmin gateway command to administer Gateway for NFS. The
    specific action that nfsadmin gateway takes depends on the command
    argument you specify:

    start
        Starts the Gateway for NFS service.

    stop
        Stops the Gateway for NFS service.

    config
        Specifies general settings for Gateway for NFS. You must supply at
        least one of the following options with the config command argument:
        fileaccess=mode
            Specifies the default permission mode for files created on NFS
            servers. The mode argument consists of a three digits from 0 to 7
            (inclusive) representing the default permissions granted the user,
            group, and others (respectively). The digits translate to UNIX-
            style permissions as follows: 0=none, 1=x, 2=w, 3=wx, 4=r, 5=rx,
            6=rw, and 7=rwx. For example, fileaccess=750 gives rwx permission
            to the owner, rx permission to the group, and no access permission
            to others.

    To display the current Gateway for NFS configuration settings, specify
    only nfsadmin gateway; do not specify an option or argument..

  SEE ALSO

    Server_for_NFS

    Client_for_NFS

    Gateway_for_NFS

nfsshare

nfsshare(1w)                                               nfsshare(1w)

  nfsshare

  NAME

    nfsshare - Windows command-line utility to control network file system
    (NFS) shares

  SYNOPSIS

    nfsshare [sharename]
    nfsshare /delete {sharename | drive:path | * }

    On computers running Windows Server 2003 family, use:

    nfsshare [-o option=value...] sharename[=drive:path]

    On computers running Windows 2000 or Windows XP, use:

    nfsshare [-o option=value...] sharename=drive:path

  DESCRIPTION

    Without arguments, the nfsshare Windows command-line utility lists all
    network file system (NFS) shares exported by Server for NFS. With
    sharename as the only argument, nfsshare lists the properties of the NFS
    share identified by sharename. On computers running Windows Server 2003
    family, options supplied with sharename modify properties of the existing
    NFS share identified by sharename. (On other versions of Windows, the
    properties of existing shares cannot be changed.) When sharename and
    drive:path are provided, nfsshare exports the folder identified by drive:
    path as sharename. When the /delete option is used, the specified folder
    is no longer made available to NFS clients.

  OPTIONS

    The nfsshare command accepts the following options and arguments:

    anon={yes | no}
        Specifies whether anonymous (unmapped) users can access the shared
        directory. The default is no.
    anonuid=uid
        Specifies that anonymous (unmapped) users will access the share
        directory using uid as their user identifier (UID). The default is -2.
        The anonymous UID will be used when reporting the owner of a file
        owned by an unmapped user, even if anonymous access is disabled.
    anongid=gid
        Specifies that anonymous (unmapped) users will access the share
        directory using gid as their group identifier (GID). The default is -
        2. The anonymous GID will be used when reporting the owner of a file
        owned by an unmapped user, even if anonymous access is disabled.
    encoding={big5|euc-jp|euc-kr|euc-tw|gb2312-80|ksc5601|shift-jis}
        Specifies the default encoding used for file and directory names and,
        if used, must be set to one of the following:
        *     big5 (Chinese)
        *     euc-jp (Japanese)
        *     euc-kr (Korean)
        *     euc-tw (Chinese)
        *     gb2312-80 (Simplified Chinese)
        *     ksc5601 (Korean)
        *     shift-jis (Japanese)
        If this is option is not set, the default encoding scheme is ANSI or,
        on systems configured for non-English locales, the default encoding
        scheme for the locale. The following are the default encoding schemes
        for the indicated locales:
        *     Japanese: SHIFT-JIS
        *     Korean: KS_C_5601-1987
        *     Simplified Chinese: GB2312-80
        *     Traditional Chinese: BIG5
    {big5|euc-jp|euc-kr|euc-tw|gb2312-80|ksc5601|shift-jis}=host[:host]...
        For individual client computers and client groups, specifies the
        default encoding used for file and directory names. See the encoding
        option for more information. This option is available only on Windows
        Server 2003 family.

    na
        Specifies that no client or group is granted access to the NFS share
        unless you explicitly grant it access. This option is available only
        on Windows Server 2003 family.
    noroot[=host[:host]...]
        Denies root access to the shared directory by the clients or client
        groups specified by host. Separate client and group names with a colon
        (:). If you do not specify a host, root access is denied to all
        clients and groups for which you do not explicitly grant root access.
        See "Notes" for more information about how options interact when you
        create a shared directory. This option is available only on Windows
        Server 2003 family.
    removeclient=host[:host]...
        Removes the specified clients from the list of permissions of the
        shared directory. Separate client and group names with a colon (:).
        This option is available only on Windows Server 2003 family.
    ro[=host[:host]...]
        Provides read-only access to the shared directory by the clients or
        client groups specified by host. Separate client and group names with
        a colon (:). If you do not specify a host, read-only access is granted
        to all clients and groups for which you do not explicitly grant or
        deny access. When creating a shared directory, if you set the ro
        option for one or more clients but do not set the rw option, only the
        clients specified with the ro option can access the shared directory.
        See "Notes" for more information about how options interact when you
        create a shared directory.
    root[=host[:host]...]
        Provides root access to the shared directory by the clients or client
        groups specified by host. Separate client and group names with a colon
        (:). If you do not specify a host, root access is granted to all
        clients and groups for which you did not explicitly deny root access.
        If you do not set the root option when exporting a folder, no clients
        have root access to the shared directory. See "Notes" for more
        information about how options interact when you create a shared
        directory.
    rw[=host[:host]...]
        Provides read/write access to the shared directory by the clients or
        client groups specified by host. Separate client and group names with
        a colon (:). If you do not specify a host, read/write access is
        granted to all clients and groups for which you do not explicitly
        grant or deny access. When creating a shared directly, if you set
        neither the ro nor the rw option, all clients have read-only access to
        the shared directory. See "Notes" for more information about how
        options interact when you create a shared directory.

    /delete

    If sharename or drive:path is specified, deletes the specified share.

  NOTES

    *     To view the complete syntax for this command, at a command prompt,
          type:
          nfsshare /?
    *     When you create a shared directory, the default permissions that you
          assign to client computers depends on the combination of options
          used when you export the folder. The following table details some of
          the combinations of default permissions that you can set when you
          create a shared directory. When you use nfsshare to modify an
          existing shared directory, only the specified properties are
          changed.
          Options                      Permissions

          (None)                       All clients: read-only

          -o root                      All clients: read-only

          -o noroot                    All clients: read-only

          -o ro=host                   host: read-only
                                       All other clients: no access

          -o rw=host                   host: read/write
                                       All other clients: no access

          -o root=host                 host: read/write
                                       All other clients: read-only

          -o noroot=host               host: read/write
                                       All other clients: read-only

          -o root ro=host              host: read-only
                                       All other clients: read-only

          -o noroot ro=host            host: read-only
                                       All other clients: read-only

          -o root rw=host              host: read/write
                                       All other clients: read-only

          -o noroot rw=host            host: read/write
                                       All other clients: read-only

          -o root root=host            host: read/write
                                       All other clients: read-only

          -o noroot noroot=host        host: read/write
                                       All other clients: read-only

          -o rw=host1 root=host2       host1: read/write
          noroot=host3                 host2: read/write
                                       host3: read/write
                                       All other clients: no access

          -o root=host1 root=host2     host1: read/write
          noroot=host3                 host2: read/write
                                       host3: read/write
                                       All other clients: no access

  SEE ALSO

    Share_a_directory

    Stop_sharing_a_directory

nfsstat

nfsstat(1w)                                                 nfsstat(1w)

  nfsstat

  NAME

    nfsstat - Windows command-line utility to display or reset counts of calls
    made to Server for NFS

  SYNOPSIS

    nfsstat [-z]

  DESCRIPTION

    When used without the -z option, the nfsstat Windows command-line utility
    displays the number of NFS V2, NFS V3, and Mount V3 calls made to the
    server since the counters were set to 0, either when the service started
    or when the counters were reset using nfsstat -z.

NEWS CONTENTS

• 210210 : Nabble - Troubleshooting NFS-SFU ( Nabble - Troubleshooting NFS-SFU, )
• 210210 : User cant access his files on NFS share#6652 ( User can't access his files on NFS share#6652, )
• 210210 : Services for UNIX - Interoperability ( Services for UNIX - Interoperability, )
• 210210 : Mount NFS from DB [Archive] - Sat Industry Forums ( Mount NFS from DB [Archive] - Sat Industry Forums, )
• 210210 : Ask Microsoft Need help installing Server for NFS ( Ask Microsoft Need help installing Server for NFS, )
• 210210 : InterOp Windows Services For UNIX -- TechNet Magazine, Spring 2005 ( InterOp Windows Services For UNIX -- TechNet Magazine, Spring 2005, )
• 210210 : Microsoft Windows NT Services for UNIX ( Microsoft Windows NT Services for UNIX, )

Old News ;-)

Nabble - Troubleshooting NFS-SFU

by David Higgs May 13, 2007; 11:44pm

Reply | Reply to Author | View Threaded | Show Only this Message

I've tried to configure NFS and am nearly all the way there, but it
seems like I've hit a pretty big stumbling block. I've got OpenBSD
4.1-stable (10.0.0.1) with an NFS export of my home directory. I also
have a Windows XP machine (10.0.0.2) and installed the SFU 3.5 NFS
client.

[/etc/exports]
/home/david -mapall=david:guest -network=10.0.0.0 -mask=255.255.255.0

I can successfully mount this share locally and perform both reads and writes.

Without any of SFU's User Name Mapping configured, I can mount the
share with uid/gid of -2/-2 as advertised. Appropriately, I cannot
access any files or directories that are not world-readable. However,
inside a chmod-777 directory, I cannot create files or directories
(which might be as expected).

After configuring User Name Mapping to map my Windows account to the
UNIX account, I can mount the share with the expected uid/gid.
Although I can read user-only files and directories, I still cannot
create any files or directories. Windows keeps reporting that the
drive has write-protection enabled.

User can't access his files on NFS share#6652

Rodney
Administrator

Joined: Jul. 9, '02,
From: /Tools lab
Status: online > On the other hand, something like a seteuid(uid, password) to get network access but keep the ability to switch back
> to the Administrator would be a very nice thing here.

Yes. I orginally had plans for all of the uid/gid (regular, effective and saved) for cacheing a "full" token.
This would address your need and others in this situation, and provide more speed in the switch-over.
It's unlikely to happen in the foreseeable future. So no one should hold their breath. RE: User can't access his files on NFS share - Mar. 5, '06, 2:12:44 PM BBR
New Member

Posts: 4
Joined: Jan. 5, '06,
Status: offline

quote:

ORIGINAL: Rodney

When a daemon is running, it runs by default as local Administrator (uid 197108).
The Interix subsystem allows 197108 the special ability to behavior more like the typical "Unix root".

Is group "+Administrators" also has persistent gid (131616), +Users - 131617 and so on ?

_____________________________

Boris B. Rudakov

RE: User can't access his files on NFS share - Mar. 5, '06, 4:31:25 PM Rodney
Administrator

Posts: 4267
Joined: Jul. 9, '02,
From: /Tools lab
Status: online > Is group "+Administrators" also has persistent gid (131616), +Users - 131617 and so on ?

I'm not sure what you are asking.
There are a number of id's that are "built-in" that are the same from system to system, and
thus cannot be for different accounts than originally intended.

Services for UNIX - Interoperability

Set up Server for NFS in Windows Server 2003 R2
19 April 07 05:30 PM | sfu | 5 Comments

Set up Server for NFS in Windows Server 2003 R2

In this post, I will talk about configuring Microsoft Services for Network File System, mainly Server for NFS and User Name Mapping, in Windows Server 2003 R2. You can follow the same steps for Services for UNIX (SFU) 3.5 except only a few of them because of some changes introduced with Windows Server 2003 R2.

As we move forward setting up things for us, I have tried to include information on likely problems that may be encountered and facts which help understand Server for NFS behavior which sometimes is confusing.

And to keep the post short, I have broken them into pages -

1. Introduction and installation of Services for NFS on R2
2. Sharing folders over NFS
3. Mouting NFS Share on NFS client
4. Who's 4294967294?
5. Configuring User Name Mapping
6. Using chown/chgrp from UNIX clients

You'll soon discover how Server for NFS makes life easier in heterogeneous environments.

Mount NFS from DB [Archive] - Sat Industry Forums

02-10-2005, 08:29 AM

I have a Windows 2003 server with Services for Unix installef (NFS Server). I have configured a folder to be shared by NFS. When I try to mount this folder with:

mount -t nfs -o nolock 192.168.0.2:/dreambox /mnt/db

No error messages. When I try to list files in /mnt/db I cant se any files.

I would really appreciate any ideas...

Regards Shootking

---

02-11-2005, 11:27 PM

Try using telent to connect to your Dreambox and type the command "mount" (with no parameters). This will list all mounted devices. If your NFS mount is not shown then you need to resolve why mounting failed. (The best way to do this is probably to issue the mount command manually - see below.)

If the mount is shown, then firstly check they there are files in the directory on the PC! Can you create files in the directory using the Dreambox that can be seen on the PC? (Telnet to the Dreambox, use the cd command to go to the mounted directory and type a command like "touch test.tmp" to create a dummy file.)

A typical mount command for NFS would be:

mount -t nfs -o wsize=4096,rsize=4096,rw,nolock 192.168.0.6:/home/chris/sat/movie /hdd/movie

You will need to change the IP address and directory (the text on the left and right of the colon respectively) to match your configuration.

---

shootking

02-11-2005, 11:47 PM

I got a mount with your command but I don't see any files in the mounted directory. I am able to create files and directories in thos mounted directory. But I can't see them from my dreambox, the folder is still empty. But when I look at my PC I can see the files and directories created.

Regards Shootking

---

ektor

02-19-2005, 07:07 PM

I'm having the same problem. Running MS Services for Unix all users have RW permission. On the Dreambox the owner of /hdd/movie is -2 and the group is -2

Everything appears to mount on the Dreambox and there is stuff in on the XP machine. But I can not cd into /hdd/movie via the dreambox or see any files.

Suggestions?

---

ektor

02-19-2005, 07:39 PM

Update

The problem was under MS Services for Unix. I had the maps in originally but, they had fell out. I went back into MS Services for Unix added user guest with root permission and unmapped to unmapped. This corrected the error of ownership -2 and group -2. Remapped via nfs and is recording just fine.

Next step readjust my mappings. My ultimate solution is to have the DB interface just like a Linksys Dual-Band Wireless A/G Media Center WMCE54AG

---

samedin

03-15-2005, 03:13 AM

@ektor

where did you add the user? I havent been able to map/create a user and have the same -2 problem as you had.
Thanks for any response!

---

ektor

03-15-2005, 11:31 PM

Delete any user mappings you might have. Then recreate them.

Map guest = roots
then map
unmapped to unmapped

Reload and they should work.

I need to see how to release a map once it is connected though. For some reason now my Dreambox will not map to the new shares.

---

samedin

03-15-2005, 11:34 PM

Ok, thanks!

But how did you create the guest user? Or was this not in MS Services?
I ended up installing the TrueGrid NFS server...

---

ektor

03-16-2005, 03:29 AM

I followed this guide to the tee and everything worked. Also, I run XP if that helps.

---

samedin

03-16-2005, 03:31 AM

Wow, thats a very good step by step manual!

Thank you very much! Will have a go as soon as I get home!

---

ektor

03-16-2005, 03:48 AM

I also have been researching the unix program. The MS Technet site says the SFU server has to update the services and only does so every 30 minutes. So to make your chances imediate make sure you hit apply and reload top right hand corner of the Services for Unix map user screen.

---

samedin

03-16-2005, 03:53 AM

thanks, I'll keep that in mind

---

ektor

03-16-2005, 05:17 AM

One last thing then I am done for the day. I suggest the first thing you do on the DB is to mkdir /hdd/movie before mounting. Also, before mounting I suggest you record something. Does not have to be much, just enough so that the directory is initialized. I keep having problems, the drive would mount but I could see nothing. I read somewhere and it said to first record. I did that and now all my stuff is showing.

Now if only we could develop an DIVX plugin. I've tried to get VLC going but... no luck so far using Hydra. Perhaps one of the smart folks could put the DIVX codec on the Dreambox as a plug in then we would be in business. I guess this really should be in a different thread.

---

samedin

03-16-2005, 05:23 AM

Thanks mate, installing the software now!

As for divx, I dont think the CPU is powerfull enough.But yes it would be a great plugin! (and yes we're probably in the wrong thread)

---

samedin

03-16-2005, 06:27 AM

No luck still. Its strange though because the dreambox isnt complaining until you try to cd into it:
~ > cd hdd/
cd: 44: can't cd to hdd/

I've changed the security on the folder, tried clicking on "allow anonymous"...

---

ektor

03-16-2005, 05:23 PM

On the DB type mount see if the drive did mount. If you can not CD then I doubt it did.

On the share from Windowz, did you click advanced and change the permissions identified in the folder.

Also, at the beginning of installing the SFU program, I believe it says something about do not install the client only the server.

All of these were from my failures to get it running and I have plenty more.

---

samedin

03-16-2005, 11:59 PM

Thanks, I'll have another go at a later stage.
This is what mount produced:
~ > mount
/dev/root on / type squashfs (ro)
none on /dev type devfs (rw)
/proc on /proc type proc (rw,nodiratime)
devpts on /dev/pts type devpts (rw)
usbfs on /proc/bus/usb type usbfs (rw)
/dev/mtdblock/1 on /var type jffs2 (rw,noatime)
none on /tmp type ramfs (rw)
192.168.2.154:/db on /mnt/nfs type nfs (rw,v3,rsize=8192,wsize=8192,hard,udp,nol
ock,addr=192.168.2.154)
192.168.2.154:db on /hdd type nfs (rw,v3,rsize=8192,wsize=8192,hard,udp,nolock,a
ddr=192.168.2.154)

Ask Microsoft Need help installing Server for NFS

Server for NFS can be run on any machine. If you plan to map UNIX users to domain users and the domain is running at less than Windows 2003 functional level then the ness sub-authentication package (nfssa.dll) must be installed on all DCs for the domain.

If you just want to use local user accounts then you can install Server for NFS and username mapping server on any machine and not have to worry about anything DC related.

A few more points:

• NFS on Windows Storage Server requires at least hot fix 828878 to work without nfssa.dll.
• Username mapping service can be installed on any machine (handy for distributed/large environments), but has the following requirements for that to work:
  * Each NFS server or other SFU machines must be explicitly configured (in the SFU Admin console) to use the remote UNM server.
  * The UNM server must have its %SFUDIR%\mapper\.maphosts file modified to allow remote machines to access it (instructions in the file).

InterOp Windows Services For UNIX -- TechNet Magazine, Spring 2005

SFU uses device files in the same way as UNIX or Linux, but you can't use the NFS file system as a bootable device for a diskless NFS workstation, and some common device files like /dev/tcp aren't possible. Windows drives are available as /dev/fs/DRIVELETTER-that is, /dev/fs/C, /dev/fs/D, and so forth. While you can create symlinks and/or aliases to mask this difference, it isn't recommended as a best practice. Windows network shares are available without mounting to a drive letter by using the convention /net/MACHINENAME/sharename. Shares that have been mounted on a drive letter are, of course, available as /dev/fs/DRIVELETTER.

Microsoft Windows Services for UNIX 3.5 provides all the features and tools necessary to give the user or administrator in a mixed environment the ability to use and manage their resources transparently across Windows, Linux, and UNIX systems.

Microsoft Windows NT Services for UNIX

Rather than create an NFS product from scratch, Microsoft integrated into SFU two existing NFS products from Intergraph: DiskShare, which is the NFS server

The introduction of Microsoft Windows NT Services for UNIX (SFU) fills this hole. However, the name is misleading. SFU doesn't provide NT services on a UNIX machine. Instead, it provides what many people consider to be UNIX services on an NT machine. Understanding this distinction is vital to understanding what services SFU offers and to whom. SFU simplifies resource access, facilitates password synchronization, and eases administration in mixed NT and UNIX environments. . . .

Recommended Links

Softpanorama Recommended

Top articles

Sites

Internal:

• Network File System (NFS)
• Troubleshooting Solaris NFS Problems
• Mounting NFS Resources
• Sharing NFS Resources

Services for UNIX - Interoperability

HOW TO Install Client for NFS on Windows for a UNIX-to-Windows Migration

HOW TO Set Up Server for NFS

NFS Authentication in Windows Services for UNIX

Microsoft NFS Forum - Tek-Tips

Solaris Network File System (NFS)

UNIX NFS Support User Name Mapping and Services

Windows 2000: UNIX Interoperability

Windows Services for UNIX 3.5 White Paper

Etc

SOLSTICE NFS CLIENT 3.2

Solstice Network Client and Solstice NFS Client 3.2 are now EOL.
We have named WRQ, Inc. to provide WRQ Reflection solutions and support to customers of Sun's Solstice Network Client and Solstice NFS Client products. Solstice Network Client customers wishing to continue integrating their Sun Solaris applications with their current and future PC desktops can purchase WRQ Reflection Suite for X and get WRQ's award-winning PC X server, in addition to Solaris file access from a PC desktop.
Current Solstice Network Client customers can contact WRQ resellers or WRQ at 800-872-2829 to obtain special Solstice customer pricing. Information about migrating from Solstice Network Client to Reflection as well as details on WRQ and its products is available at http://www.wrq.com/sunsolstice.

---

NFS File and Print Services for Microsoft Windows

The Solstice NFS Client software gives you the high-performance file sharing, connectivity, and caching capabilities that lie at the heart of the full Solstice Network Client. This new update to the popular Solstice NFS Client software adds new capabilities to further enhance your networking performance and access.

• Strengthened Windows and UNIX® Integration
  Solstice NFS Client 3.2 continues Sun's tradition of offering you the best in Windows and UNIX integration and leverage.
• Synchronized Passwords on Windows NT
  Previously available for Windows 95 users, Sun now provides an easy-to-use way for Windows NT users to synchronize passwords between Windows and UNIX environments.
• Windows 98 Beta Compatibility
  Solstice NFS Client 3.2 installs and operates on the current Beta releases of Microsoft Windows 98.
• WebNFS Client
  WebNFS Client allows users to browse file systems on a WebNFS server over the Internet - just as they now can browse NFS servers on a NFS network. In addition, users are able to mount shared resources across the Internet using NFS Web addresses.
• DOS Printing for Windows 95
  Users can now print to a network printer from a DOS-based PC application. They can also map a network printer to a local printer port, so that it can be accessed from a 16-bit DOS application.
• PC-CacheFS for Windows NT
  Already available for Windows 95, PC-CacheFS enables Windows NT clients to use local disk caching of network resources in order to reduce network load and increase performance.
• Enhanced PCNFSD Daemon
  The PCNFSD daemon is now multithreaded, allowing the daemon to service requests from many more clients than was previously possible.

Solstice NFS Client offers the high-performance NFS file sharing and disk caching found in Solstice Network Client, but in a smaller, less expensive package, without the network applications included in the full Solstice Network Client package. This enables a network administrator to provide users with access to NFS file and print services on a network without having to install and pay for network applications and functionality that the average user may not require.

Solstice NFS Client provides high-performance access to network file and printing services using NFS v3 and Sun's breakthrough Solstice PC-CacheFS network caching technology.

Solstice NFS Client is available for the 32-bit Windows 95, Windows 98, and Windows NT platforms and for the 16-bit Windows 3.1/3.11 and Windows for Workgroups 3.11 platforms. However, only the 32-bit versions are available for downloading.

Solstice NFS Client for Windows 95/98 and Windows NT provides these essential components:

• NFS v3 and NFS v2 client support over TCP/IP and UDP
• NFS 2.0 server for peer-to-peer networking
• NIS+, NIS, and DNS support for enterprise-wide naming services
• Automounter from files, NIS and NIS+
• Universal Naming Convention (UNC) support
• Unified Microsoft Windows and network login
• PCNFSD and LPR printer support enabling users to print directly to network printers
• Full integration with the Microsoft stack and Network Neighborhood
• High-performance caching

Solstice NFS Client for Windows 3.1/3.11 and Windows for Workgroups 3.11 provides these essential components:

• NFS v2 client support over UDP/IP
• NFS v2 server for peer-to-peer networking
• NIS and DNS support for enterprise-wide naming services
• PCNFSD and LPR printer support enabling users to print directly to network printers
• TCP/IP stack
• High-performance caching

Solstice NFS Client System Requirements

The hardware and software requirements for the Solstice NFS Client product on each supported platform are listed below.

• Hardware: Any Intel 386, 486, or Pentium PC capable of running Microsoft Windows 95/98 or Windows NT
• Operating System: Microsoft Windows 95/98, Windows NT, Windows 3.1/3.11, Windows for Workgroups 3.11
• Disk Space: 4 MB to 10 MB (an additional 30 MB of disk space is recommended to run PC-CacheFS software)
• Memory: 8 MB for Windows 3.1/3.11, 16 MB for Windows 95/98, 32 MB for Windows NT
• Networking: Microsoft TCP/IP network protocol stack
• Network Interface: Any standard network interface supported by Windows 95, including dial-up PPP

Random Findings

nfsAxe - Windows NFS Client and NFS Server for Windows

nfsAxe - Take Linux and Unix disks into your Windows environment

nfsAxe package is NFS client and NFS server for Windows. The only NFS software that gives you the high performance file sharing connectivity capabilities. nfsAxe enhances your networking performance and access.

Download free nfsAxe evaluation copy

Order the full version US$ 40.00

Etc

Society

Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotes :  Somerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose Bierce :  Bernard Shaw : Mark Twain Quotes

Bulletin:

Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

History:

Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOS :  Programming Languages History : PL/1 : Simula 67 : C : History of GCC development :  Scripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-Month :  How to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D

The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the Softpanorama society. We do not warrant the correctness of the information provided or its fitness for any purpose. The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Last modified: March 12, 2019