I have some Linux servers that I’d like to talk to my Windows Server 2012R2 file server.
Since I’d like daemons, rather than users, to be able to communicate with the server, I thought this would be a good candidate for NFS.
Linux Side (1st round)
(I’m using Centos, but the general concept will apply to Fedora, Ubuntu, etc.)
Install the daemons that will access the file server. Most of these will create their own users.
Create any additional users you would like to be able to access the file server. You can always add more later.
To save some complexity (and not assume you pay for Active Directory), I’m not going to have my file server look up Linux IDs via Active Directory. Instead, I’m going to use flat passwd and group files, just like Linux.
Copy (via SSH, USB, copy/paste, whatever) the passwd and group files from /etc/ over to your Windows server.
You can delete all of the entries for users/groups that will not be accessing the share.
Copy the the passwd and group files to:
Create users (and groups) on your server with the same user name / group name as you created on your Linux server.
UPDATE: Make sure you set the Windows users to never have their passwords expire if they are service accounts. If they do, the users will lose access to the shares via NFS when the password expires.
The passwd and group files serve as a map between the user/group IDs in Linux and the user/group names in Windows.
Install Server for NFS on the Windows server.
Server Manager->Manage->Add Roles and Features
Next->Next->etc. until installed.
Browse to the folder on your file server you are looking to share.
Right click on it and choose Properties
Go to the NFS Sharing tab
Click the “Manage NFS Sharing” button
Check the “Share this folder” check box.
The only other change I make here is to uncheck the “Enable unmapped user access” option so that only users in the passwd file we copied over will have access to the server.
Next, click on the Permissions button at the bottom
I like to set “All Machines” to be no access, that way only the servers I specify will be able to mount the share.
Click the “Add…” button.
In the “Add Names:” box, enter the IP address of your Linux server.
Make sure Type of Access is set to the type you are looking for.
I prefer to leave “Allow root access” unchecked for a bit more security.
Press OK, OK, Close
If everything worked, the folder icon should now look like this:
Using the security tab, assign NTFS permission to the folder for the users you would like to be able to read/write to that folder, just as you would if it were an SMB share.
UPDATE for TVHeadEnd:
Many Linux daemons will use the same id for both the user and group.
Some, like tvheadend, will use different group and user IDs.
For these, it’s critical to setup a group with the same name (and with the user as a member) in Windows and assign permissions to the group as well the user.
Otherwise, you will get permission denied errors.
Linux Side (2nd Round)
Install the NFS client and enable (make start on boot) and start the services.
sudo yum -y install nfs-utils sudo systemctl enable rpcbind sudo systemctl enable nfs-server sudo systemctl enable nfs-lock sudo systemctl enable nfs-idmap sudo systemctl start rpcbind sudo systemctl start nfs-server sudo systemctl start nfs-lock sudo systemctl start nfs-idmap
Create a folder that will be used as the mount point for the file server, aka: Where do I go to get to the files on the file server.
I was really hoping to find a definitive “this is where to mount nfs shares” article, but some Binging around came up with nothing.
I will therefore advise you create a folder under /mnt, as that feels right to me.
sudo mkdir -p /mnt/[server name]/[share name]
It’s finally time to give the share a test.
sudo mount -t nfs [server name or ip]:/[nfs share name] /mnt/[server name]/[share name]
If you receive an access denied error, you may need to specify NFS v3
sudo mount -t nfs -o nfsvers=3 [server name or ip]:/[nfs share name] /mnt/[server name]/[share name]
Make sure you are logged in as a user with permission to that folder and cd into it:
cd /mnt/[server name]/[share name]
You should now be able to create files and folders! (which will of course be visible on the file server as well)
The final step is to have the server automatically mount the share on boot.
sudo nano /etc/fstab
Add a line similar to:
[server dns name or ip]:/[share name] /mnt/[file server name]/[share] nfs defaults 0 0
If you needed the nfsvers=3 option earlier, instead use:
[server dns name or ip]:/[share name] /mnt/[file server name]/[share] nfs nfsvers=3 0 0
Give the server a reboot to test automatic mounting
sudo shutdown -r now
When you reboot, the share should be mounted and all is good in the world!
PS: If you are using this for transmission-daemon (which I’m assuming you’re using for legitimate purposes), make sure you edit your settings.json file and set umask=0, otherwise transmission will create folders that it cannot create files in.
2 thoughts on “Some Fun With NFS and Windows”
Did you try the same with Active Directory mapping?
I have, but it’s been quite a long time. I only used it with NFS 3, so nothing with kerberos, simply user/group matching and IP-based sharing permissions.
My recollection is that you’ll need to set uidNumber and gidNumber in the users’ AD accounts to match the user and group IDs on the Linux/Unix systems that will be connecting.
As long as the Linux/Unix user connecting to the NFS share has a matching uidNumber/gidNumber in Active Directory, their account has NTFS ACLs, and the connection is from an IP allowed in the NFS share, and they should be able to mount the share.
Hope that helps!