ACL and windows server 2012 R2 NFS and file sharing

Posted on 2016-08-26
Last Modified: 2016-08-27
Hi experts

i just installed windows 2012 R2 file server and i added role to support NFS share in order to create share that AD user can access it with NTFS permission and mount the same share on linux server with root access

but i start to get issue which i dont know how to fix it

after i setup the NTFS permission on the shared file system and give root access to the linux server

so i mount this share    mount filertwo:/archive /export/archive

so please check the attached files  how look like

so when i change the owner and group  with this command    chown -R root:root *

then i go to windows i find that the all NTFS permissions got damaged so when i try to fix it on windows side got damaged on linux side

so how can use  NFS shearing feature with windows with such issue

note :   on linux i just want to give access to local root  and maybe other user

kindly advice
Question by:sword12
  • 5
  • 4
  • 2
LVL 11

Expert Comment

ID: 41772395
I have experienced this problem also in the past.
What you could do as an alternative is to fix the NTFS permissions
And only use Everyone or Authenticated Users with read or modify permissions and set this up via the normal NTFS permissions.
The disadvantage of course is that everyone with a user account has access.
It's possible to set it more strictly but this would need a mapping server which maps the Linux account (group/user) to the Windows account.
LVL 77

Expert Comment

ID: 41772562
Define the rights you want on the Windows side to match access you want users in the Linux side to have.

Once you envoke user ownership changes , chown the NFS server component on the Windows server that runs with system rights, makes the adjustments.

It is similar to painting a room blue, and allowing someone else to paint the room.
Once you have this type of setup, you can not control which color the room will have

What is the reason you are tunning chown on the NFS share versus letting ....

Was the existing setting preventing root from doing what you needed?

Do you have a Windows account with a a uid 0 to correspond to root on Linux?

Author Comment

ID: 41772663
Hi Zalazar

it is look like you understand my pain very well

do you have any idea for my case how can i configure mapping server - or mapping service

which can help me to avoid this pain

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.


Author Comment

ID: 41772938
Hi Zalazar

i made so test and you are absolutely right  without user mapping service it will be so difficult to mange

so can you please advice me how can i configure mapping service

we have AD 2008 R2  and we have windows server 2012 R2 as file server

and i want to share one file sysytem with our intranet server  which include web services

our users (( windows users will add some file like pdfs files and photos )) on this share and at the same time i have to provide access to our windows users and  Linux users like root and www

so please tell me step by step how can configure users mapping for such scenario

LVL 77

Expert Comment

ID: 41772952
Windows services for UNIX should add the schema to ad user accounts a uid/gid UNIX related info.
You would need to tie the Linux/UNIX system into tge AD using smb/winbind or reconfigure your DCs to allow slap/ldaps access from the Linux/Unix systems.p for purpose of querying/authenticating/authorizing users.

Author Comment

ID: 41772970
Hi arnold

i just added these feature to my test AD  please check the attached files

but i dont know how to configure them in order to reach my target

i thought i can just add these roles and then do nothing on linux side

but it is look like i have to install samba on linux side then create the same users on AD as local users on linux server then add they UID and GUI in AD user profile in order to configure user mapping

if you know any shorter way which will help me to reach my target please update me

plus this is the first time i will do this so i need some sort of step by step doc or help

thank you in advance for your kind help

LVL 77

Expert Comment

ID: 41772981
If you are using nis, you would need to configure your Linux/Unix systems as clients utilizing nis to authenticate/authorize ad users on Linux/UNIX.
Which Linux/UNIX distro are you using.
Note, your Linux will be a nis client.

Upon the change the /etc/nsswitch.conf will have nis in addition to files in the hosts, passwd, groups lines.

Make sure you do not duplicate local/ad users.

Author Comment

ID: 41772996
Hi arnold

yes we have nis in our environment . but we are going to take it away

so now i want to find a way that i can mange user mapping between our active directory and our linux systems

so can you tell me what options i have

i start to think about ingrate our Linux systems with AD  using SAMBA which will be installed on every linux system

i have right now scenario

i have linux server work as intranet  and i have windows server 2012 R2  work as file server

so i created shared file system on windows file server  this shared support CIFS and NFS

and gave root access to that intranet server and i manged to mount this share on intranet

but now i have difficulties to mange  user mapping in other words i have problem with permissions

for this i want to know what the best approach i can take in my case

and if you have doc or step by step doc this will be big help for me

LVL 77

Accepted Solution

arnold earned 500 total points
ID: 41773003
You just defined your windows server as a nis server.
You could configure your linux/unix systems as clients of the AD either by using samba/winbind or using LDAP where by the linux/unix clients will be querying the LDAP (AD DC) which you would need to adjust the windows firewall as well as adjust the registery to allow linux/unix system to query the LDAP/LDAPs when authenticating.

Which linux distribution do you have Redhat/centos, debian/Ubuntu, FreeBSD, etc.?

look for linux AD integration and follow the guides.

usually net ads join .... is the command to join the linux/unix system to the AD........

Author Comment

ID: 41773016
Thank you Arnold

i will make some test and maybe i will ask you another questions

thanks again
LVL 11

Expert Comment

ID: 41773267
Good to see that you got further with the AD integration possibility. Good luck with the implementation.

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OfficeMate Freezes on login or does not load after login credentials are input.
A procedure for exporting installed hotfix details of remote computers using powershell
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question