Solved

ACL and windows server 2012 R2 NFS and file sharing

Posted on 2016-08-26
11
144 Views
Last Modified: 2016-08-27
Hi experts

i just installed windows 2012 R2 file server and i added role to support NFS share in order to create share that AD user can access it with NTFS permission and mount the same share on linux server with root access

but i start to get issue which i dont know how to fix it

after i setup the NTFS permission on the shared file system and give root access to the linux server

so i mount this share    mount filertwo:/archive /export/archive

so please check the attached files  how look like

so when i change the owner and group  with this command    chown -R root:root *

then i go to windows i find that the all NTFS permissions got damaged so when i try to fix it on windows side got damaged on linux side

so how can use  NFS shearing feature with windows with such issue

note :   on linux i just want to give access to local root  and maybe other user


kindly advice
1.jpg
2.jpg
3.jpg
4.jpg
0
Comment
Question by:sword12
  • 5
  • 4
  • 2
11 Comments
 
LVL 11

Expert Comment

by:zalazar
ID: 41772395
I have experienced this problem also in the past.
What you could do as an alternative is to fix the NTFS permissions
And only use Everyone or Authenticated Users with read or modify permissions and set this up via the normal NTFS permissions.
The disadvantage of course is that everyone with a user account has access.
It's possible to set it more strictly but this would need a mapping server which maps the Linux account (group/user) to the Windows account.
1
 
LVL 76

Expert Comment

by:arnold
ID: 41772562
Define the rights you want on the Windows side to match access you want users in the Linux side to have.

Once you envoke user ownership changes , chown the NFS server component on the Windows server that runs with system rights, makes the adjustments.

It is similar to painting a room blue, and allowing someone else to paint the room.
Once you have this type of setup, you can not control which color the room will have

What is the reason you are tunning chown on the NFS share versus letting ....

Was the existing setting preventing root from doing what you needed?

Do you have a Windows account with a a uid 0 to correspond to root on Linux?
0
 

Author Comment

by:sword12
ID: 41772663
Hi Zalazar

it is look like you understand my pain very well

do you have any idea for my case how can i configure mapping server - or mapping service

which can help me to avoid this pain


thanks
0
 

Author Comment

by:sword12
ID: 41772938
Hi Zalazar

i made so test and you are absolutely right  without user mapping service it will be so difficult to mange

so can you please advice me how can i configure mapping service

we have AD 2008 R2  and we have windows server 2012 R2 as file server

and i want to share one file sysytem with our intranet server  which include web services

our users (( windows users will add some file like pdfs files and photos )) on this share and at the same time i have to provide access to our windows users and  Linux users like root and www

so please tell me step by step how can configure users mapping for such scenario


thanks
0
 
LVL 76

Expert Comment

by:arnold
ID: 41772952
Windows services for UNIX should add the schema to ad user accounts a uid/gid UNIX related info.
You would need to tie the Linux/UNIX system into tge AD using smb/winbind or reconfigure your DCs to allow slap/ldaps access from the Linux/Unix systems.p for purpose of querying/authenticating/authorizing users.
1
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 

Author Comment

by:sword12
ID: 41772970
Hi arnold

i just added these feature to my test AD  please check the attached files

but i dont know how to configure them in order to reach my target

i thought i can just add these roles and then do nothing on linux side

but it is look like i have to install samba on linux side then create the same users on AD as local users on linux server then add they UID and GUI in AD user profile in order to configure user mapping


if you know any shorter way which will help me to reach my target please update me

plus this is the first time i will do this so i need some sort of step by step doc or help

thank you in advance for your kind help

Sword
111.jpg
22.jpg
33.jpg
0
 
LVL 76

Expert Comment

by:arnold
ID: 41772981
If you are using nis, you would need to configure your Linux/Unix systems as clients utilizing nis to authenticate/authorize ad users on Linux/UNIX.
Which Linux/UNIX distro are you using.
Note, your Linux will be a nis client.

Upon the change the /etc/nsswitch.conf will have nis in addition to files in the hosts, passwd, groups lines.

Make sure you do not duplicate local/ad users.
0
 

Author Comment

by:sword12
ID: 41772996
Hi arnold

yes we have nis in our environment . but we are going to take it away

so now i want to find a way that i can mange user mapping between our active directory and our linux systems

so can you tell me what options i have


i start to think about ingrate our Linux systems with AD  using SAMBA which will be installed on every linux system


i have right now scenario

i have linux server work as intranet  and i have windows server 2012 R2  work as file server

so i created shared file system on windows file server  this shared support CIFS and NFS

and gave root access to that intranet server and i manged to mount this share on intranet

but now i have difficulties to mange  user mapping in other words i have problem with permissions

for this i want to know what the best approach i can take in my case

and if you have doc or step by step doc this will be big help for me


thanks
Sword
0
 
LVL 76

Accepted Solution

by:
arnold earned 500 total points
ID: 41773003
You just defined your windows server as a nis server.
You could configure your linux/unix systems as clients of the AD either by using samba/winbind or using LDAP where by the linux/unix clients will be querying the LDAP (AD DC) which you would need to adjust the windows firewall as well as adjust the registery to allow linux/unix system to query the LDAP/LDAPs when authenticating.

Which linux distribution do you have Redhat/centos, debian/Ubuntu, FreeBSD, etc.?

look for linux AD integration and follow the guides.

https://technet.microsoft.com/en-us/magazine/fe9f28db-9ce5-4995-85fa-56be998b2bc7

usually net ads join .... is the command to join the linux/unix system to the AD........
1
 

Author Comment

by:sword12
ID: 41773016
Thank you Arnold

i will make some test and maybe i will ask you another questions


thanks again
0
 
LVL 11

Expert Comment

by:zalazar
ID: 41773267
Good to see that you got further with the AD integration possibility. Good luck with the implementation.
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

My GPO's made for 2008 R2 servers were not allowing me to RDP into a new 2012 server by default.  That’s why I tried to allow RDP via Powershell, because I could log into a remote shell without further configuration. Below I will describe how I wen…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now