ACL and windows server 2012 R2 NFS and file sharing

Hi experts

i just installed windows 2012 R2 file server and i added role to support NFS share in order to create share that AD user can access it with NTFS permission and mount the same share on linux server with root access

but i start to get issue which i dont know how to fix it

after i setup the NTFS permission on the shared file system and give root access to the linux server

so i mount this share    mount filertwo:/archive /export/archive

so please check the attached files  how look like

so when i change the owner and group  with this command    chown -R root:root *

then i go to windows i find that the all NTFS permissions got damaged so when i try to fix it on windows side got damaged on linux side

so how can use  NFS shearing feature with windows with such issue

note :   on linux i just want to give access to local root  and maybe other user

kindly advice
Who is Participating?

Improve company productivity with a Business Account.Sign Up

arnoldConnect With a Mentor Commented:
You just defined your windows server as a nis server.
You could configure your linux/unix systems as clients of the AD either by using samba/winbind or using LDAP where by the linux/unix clients will be querying the LDAP (AD DC) which you would need to adjust the windows firewall as well as adjust the registery to allow linux/unix system to query the LDAP/LDAPs when authenticating.

Which linux distribution do you have Redhat/centos, debian/Ubuntu, FreeBSD, etc.?

look for linux AD integration and follow the guides.

usually net ads join .... is the command to join the linux/unix system to the AD........
I have experienced this problem also in the past.
What you could do as an alternative is to fix the NTFS permissions
And only use Everyone or Authenticated Users with read or modify permissions and set this up via the normal NTFS permissions.
The disadvantage of course is that everyone with a user account has access.
It's possible to set it more strictly but this would need a mapping server which maps the Linux account (group/user) to the Windows account.
Define the rights you want on the Windows side to match access you want users in the Linux side to have.

Once you envoke user ownership changes , chown the NFS server component on the Windows server that runs with system rights, makes the adjustments.

It is similar to painting a room blue, and allowing someone else to paint the room.
Once you have this type of setup, you can not control which color the room will have

What is the reason you are tunning chown on the NFS share versus letting ....

Was the existing setting preventing root from doing what you needed?

Do you have a Windows account with a a uid 0 to correspond to root on Linux?
Build your data science skills into a career

Are you ready to take your data science career to the next step, or break into data science? With Springboard’s Data Science Career Track, you’ll master data science topics, have personalized career guidance, weekly calls with a data science expert, and a job guarantee.

sword12Author Commented:
Hi Zalazar

it is look like you understand my pain very well

do you have any idea for my case how can i configure mapping server - or mapping service

which can help me to avoid this pain

sword12Author Commented:
Hi Zalazar

i made so test and you are absolutely right  without user mapping service it will be so difficult to mange

so can you please advice me how can i configure mapping service

we have AD 2008 R2  and we have windows server 2012 R2 as file server

and i want to share one file sysytem with our intranet server  which include web services

our users (( windows users will add some file like pdfs files and photos )) on this share and at the same time i have to provide access to our windows users and  Linux users like root and www

so please tell me step by step how can configure users mapping for such scenario

Windows services for UNIX should add the schema to ad user accounts a uid/gid UNIX related info.
You would need to tie the Linux/UNIX system into tge AD using smb/winbind or reconfigure your DCs to allow slap/ldaps access from the Linux/Unix systems.p for purpose of querying/authenticating/authorizing users.
sword12Author Commented:
Hi arnold

i just added these feature to my test AD  please check the attached files

but i dont know how to configure them in order to reach my target

i thought i can just add these roles and then do nothing on linux side

but it is look like i have to install samba on linux side then create the same users on AD as local users on linux server then add they UID and GUI in AD user profile in order to configure user mapping

if you know any shorter way which will help me to reach my target please update me

plus this is the first time i will do this so i need some sort of step by step doc or help

thank you in advance for your kind help

If you are using nis, you would need to configure your Linux/Unix systems as clients utilizing nis to authenticate/authorize ad users on Linux/UNIX.
Which Linux/UNIX distro are you using.
Note, your Linux will be a nis client.

Upon the change the /etc/nsswitch.conf will have nis in addition to files in the hosts, passwd, groups lines.

Make sure you do not duplicate local/ad users.
sword12Author Commented:
Hi arnold

yes we have nis in our environment . but we are going to take it away

so now i want to find a way that i can mange user mapping between our active directory and our linux systems

so can you tell me what options i have

i start to think about ingrate our Linux systems with AD  using SAMBA which will be installed on every linux system

i have right now scenario

i have linux server work as intranet  and i have windows server 2012 R2  work as file server

so i created shared file system on windows file server  this shared support CIFS and NFS

and gave root access to that intranet server and i manged to mount this share on intranet

but now i have difficulties to mange  user mapping in other words i have problem with permissions

for this i want to know what the best approach i can take in my case

and if you have doc or step by step doc this will be big help for me

sword12Author Commented:
Thank you Arnold

i will make some test and maybe i will ask you another questions

thanks again
Good to see that you got further with the AD integration possibility. Good luck with the implementation.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.