The main goal in undertaking this effort is to create a structure in which hosts running Linux (typically CentOS) and Solaris 10 share common home directories. These common home directories will be NFS-hosted shares that are automounted when a user logs in. By combining this with CIFS-hosted shares (for Windows-based clients), we can provide common home directories for users regardless of the OS to which they are logging in.
The plan was to use Windows Server 2003 R2 as the NFS server. A server running CentOS 4.3 and a server running Solaris 10, both already configured for Active Directory integration, would be used as the clients. In addition, I was going to test connectivity from a Mac OS X client as well.
Unfortunately, I just can’t seem to make it work. I have the Server for NFS component installed on a newly-built file server, and I have all the Unix attributes all stored in Active Directory (UID, UID number, login shell, Unix home directory, etc.). But I can’t seem to get my head wrapped around the need for “User Name Mapping,†which is designed to match Windows accounts with Unix accounts. In this situation, the Windows accounts are the Unix accounts! I installed and configured User Name Mapping on one of the DCs, and configured the NFS server to use that server, but things still don’t seem to work.
Any Unix/NFS gurus out there care to help me understand this?
Tags: ActiveDirectory, CentOS, Linux, Macintosh, NFS, Solaris, UNIX
2 comments
Comments feed for this article
Trackback link
http://blog.scottlowe.org/2006/10/27/delving-into-nfs-and-automounts/trackback/
Monday, January 22, 2007 at 10:09 pm
David Magda
Have you looked at Microsoft’s official instructions?
http://www.microsoft.com/technet/interopmigration/unix/sfu/nfsauth.mspx
RPC is used for NFS, and in the RPC protocol the AUTH_UNIX authentication mechanism is used to pass user information. The UID and GID numbers (integers) are what’s sent along, not username and group strings. So (AFAIK) when the Windows NFS server gets the RPC, it looks at the UID, looks up the Unix username and then maps that to a Windows username / SID. The SID is then what determines whether the operation is allowed.
This is mostly an educated guess as I’ve never used used Windows NFS, but it seems logical.
Monday, January 22, 2007 at 11:13 pm
slowe
David,
I must admit that I have not read Microsoft’s official instructions. I understand the idea of mapping UID/GID to Windows username and SID; that part makes sense. I think more than anything it was just Microsoft’s specific implementation that was throwing me off.
I eventually got it working as I expected; see this article for more information:
http://blog.scottlowe.org/2006/11/21/greater-ad-integration-via-nfs-and-automounts/
Thanks,
Scott