NFS on solaris 10 - Permission Denied (Full Version)

All Forums >> [Windows - UNIX Interop] >> System & Network Admin Forum



Message


anand_dh -> NFS on solaris 10 - Permission Denied (Aug. 30, '05, 8:13:42 AM)

I have shared a directory on a win xp machine using NFS. I'm able to mount it sucessfully on a solaris 10 machine. But I'm not able to view the mounted filesystem I get a "Permission Denied". Any ideas what could be the problem?




Rodney -> RE: NFS on solaris 10 - Permission Denied (Aug. 30, '05, 9:17:10 AM)

You should also have installed and configured (even for one user account) the Username Mapping.
This will map between the Unix UID and the Windows SID. It makes things work a lot smoother.
(Likely a UID is being sent that the Windows NFS server can't map to anything right now
so when looking at the actual file permissions, the ACL, no access is allowed).

Username Mapping is part of SFU. You can have it installed now by restarting the SFU install.
You'll find you can add components. There is help on-line from the Start-> Porgrams-> Services for Unix
menu; you'll find background info and configuration help there.




anand_dh -> RE: NFS on solaris 10 - Permission Denied (Aug. 30, '05, 6:16:16 PM)

Thanks Rodney. I setup the user name mapping and now everything works fine.




ITSupport -> RE: NFS on solaris 10 - Permission Denied (Sep. 21, '05, 1:53:39 PM)

I have the same problem with Sun Unix not able to authenticate into the Windows NFS service 3.5. I have tried to follow the advice as shown here, but cannot get it to kick.

Like anand_dh, I can mount the NFS share, but when I try to access it, I get:

NFS access failed for server 192.168.1.51: error 7 (RPC: Authentication error)

Root is the only user on these Sun machines that can execute the mount command, so I am assuming the mount passes root's uid and gid and pw.

On the Windows side, I have created a domain user "root" with needed access to the exported folder and mapped the Unix user and group to this user and the appropriate group.

Any help would be most appreciated




Rodney -> RE: NFS on solaris 10 - Permission Denied (Sep. 21, '05, 2:48:34 PM)

I'll recommend, just in general, the white paper (I've mentioned it in other threads):
http://www.microsoft.com/technet/interopmigration/unix/sfu/nfsauth.mspx
It can help at the very least establish an information base for what's-what.

> Root is the only user on these Sun machines that can execute the mount command, so I am assuming the mount passes root's uid and gid and pw.

Yes, "root" does do the mount. But it's the UID/GID of the actual user making the access request that gets sent, not root's.
This is real NFS, not PCNFS.
So in the Username Mapping you need to have listed the actual users/UID's making the access request from the Sun side
and have them map to a Windows user.

You can create a "complex" mapping of many users to one if you need to. But it's usually best at one-to-one.
The above mentioned paper plus the on-line helps doc (Start-> Programs-> Services for Unix->help) will
help you with the many-to-one if that's what you want to do.




ITSupport -> RE: NFS on solaris 10 - Permission Denied (Sep. 21, '05, 3:53:01 PM)

Rodney,

Thank you for the reply and the good information.

I have accessed, printed and read the document you referenced. The only thing I apear to be missing is the NFS Authentication Service being installed on ALL domain controlers in the domain. So, I proceded to install it on the PDC, which is a NT 4.0 box. The install program indicates the NTFS volumes on my server are NOT NTFS and will not procede to install. I am concerned that this version of Unix Services will not go on WSNT4.

Any thoughts?




Rodney -> RE: NFS on solaris 10 - Permission Denied (Sep. 21, '05, 4:04:27 PM)

Correct SFU 3.5 won't install on non-NTFS drives.
SFU 3.5 also will only install on W2K, XP and W2K3 -- not NT4.
To install on NT4 you would have to go back to SFU 3.0.




ITSupport -> RE: NFS on solaris 10 - Permission Denied (Sep. 21, '05, 4:48:31 PM)

Rodney,

Do you know, is the NFS Authentication portion of 3.0 compatable with the 3.5 stuff that is running on the WS2K3 box?

I will probably download it to try anyway - nothing to loose at this point.




Rodney -> RE: NFS on solaris 10 - Permission Denied (Sep. 21, '05, 11:28:57 PM)

> I will probably download it to try anyway - nothing to loose at this point.

Bit of an odd situation with this... SFU 3.5 is a free download, but SFU 3.0 you have to buy (if you can find it).
It used to retail around 99 USD's. Interop Systems used to sell it, but not much of market when 3.5 is free [8D]
You could send some e-mail to <info@interopsystems.com> and ask Bill if a 3.0 box is left over somewhere.

> Do you know, is the NFS Authentication portion of 3.0 compatable with the 3.5 stuff that is running on the WS2K3 box?

By this I'll assume you mean the Username Mapping. I think it should be based on a quick comparision of the documentation.
But I haven't done a set of tests to confim this at all.




jon.giacalone -> RE: NFS on solaris 10 - Permission Denied (Jul. 16, '06, 8:25:33 PM)

Hi Rodney,

I have a question regarding this older forum topic, and you seemed to be very knowledgable about User Name Mapping. http://www.interopsystems.com/tools/tm.aspx?m=6727

I have User Name Mapping set up for the most part succesfully. Now I need to add the Unix username 'root' from a particular machine to a Windows user name. When I do the search of my NIS domain for user accounts, the username root is not listed, but it does show all the other users. Any idea why, or more importantly how to get to root?




Rodney -> RE: NFS on solaris 10 - Permission Denied (Jul. 17, '06, 12:44:21 AM)

I'll assume that you did what is the method called "simple mapping".
That's where a name on the Unix machine is mapped to the identical name in the Windows domain.
There's another method called "advanced mapping". You can mix it with the simple mapping at
the same time. So if you don't have a Windows user named "root" then use the advanced mapping.
So you can have "fifi" on the Window domain map to "root" on the Unix machine.

There is good help with the SFU Help on this topic. Open from the Start Menu, Service for Unix
Help. Click open the part on UNM and then open it and read through the "Concepts", "Simple and
Advanced Maps" (it's a quick brief) and then open/read the part on "How to...", "Creating Advanced
Maps for Users". It should get you there.

> you seemed to be very knowledgable about User Name Mapping.

I've just read the Help a lot [&:]




jon.giacalone -> RE: NFS on solaris 10 - Permission Denied (Jul. 27, '06, 11:24:16 AM)

Rodney, no luck with that. I have been using "simple mapping" theory, but in my "user name mapping" in nfsmgmt.msc it still shows that they are "type" "Advanced". The problem still exsist when I go to "Create a New Map" and I enter my NIS domain name "Ecd.East.Sun.COM" and NIS server 129.xxx.xxx.26", it lists all the users but does not list "root". Any idea why?

Also, is there anyway to list the users of a particular system, if I want to map to a local user?




Efeitosa -> RE: NFS on solaris 10 - Permission Denied (Aug. 31, '06, 3:46:40 PM)

Hello Guys,

I have a similar problem and I would like any suggestion to solve this problem.

My environment is:

Winodows NT4.0 PDC - Domain controller
Windows 2003 Storage Server - SFU 3.5 installed - File Server
Windows 2000 - Application Server
UNIX Machines - HP UX ans Solaris 8.

I have made two tests:

First:
I have installed in my File Server Windows 2003 the Windows Services for Unix version 3.5.
No User Name Mapping or Simple Mapping configured in this server. OK?

In my Winodws 2003 Server I have shared one folder (TESTEUNIX) with NFS Sharing on the Windows 2003. OK?
When the Unix user "root or anyone" try to access this folder appears the error: Permission Denied. Any user get to mount the folder but they don't get to do anything in this folder.

I already tried to configure the User Name Mapping - Simple Mapping but didn't work.

Second:
I have installed the Windows Services for Unix, version 3.5 in one Windows 2000 Server.

No User Name Mapping or Simple Mapping configured in this server also. OK?

In this Server I have shared one folder (TESTEUNIX) with NFS Sharing on the Windows 2002. OK?
Automatically the UNIX user "root or anyone" got to mount and work in this folder easily.

In my PDC there isn't NFS Authentication Service installed.

What can be happening with Windows 2003 Server that is not working fine.

Any Idea?

Thanks

Eduardo




Page: [1]



Forum Software © ASPPlayground.NET Advanced Edition 2.5 ANSI

0.031