VMware Solutions Discussions

Help! NFS Permission problem in Windows

strattonfinance
9,706 Views

Hi all,

Hoping someone can shed some light on this for us as we're stumped.

We're trying to mount some volumes from our filer on a Windows box via NFS for the purpose of backing up the contents. We're trying to use NFS as we don't have a CIFS license and have no other need for one. The volumes in question store ESX Virtual Machines if that makes any difference.

Environment:

Windows 2008 Standard x64

FAS2050c

Connected directly via a private network

We've installed Services for Unix on the Windows box, which gives us the required to tools to mount an NFS export as a drive letter in Windows. On the SAN, we've given root & RW access to the IP address of the Windows box.

We then try to mount one of the exports via the command line:

mount -u:x -p:y
111.111.111.111\vol\test z:

This command completes correctly, and the drive letter appears, but we then run into permissions problems.

We can browse the contents of the drive, but cannot write any files / folders, nor read most files.

Looking at the NFS mount properties of the drive letter in Windows, it shows under "User authentication" a UID of -2 and "Primary GID" of -2.

Based on this, I assume our permission problem is something to do with the Windows box not properly authenticating with the filer, and ending up as an unpriviledge user? I can't find any references to UID or GID -2 on the filer or the net, so not sure where that is coming from.

We've tried fiddling with the export's security options (removing "root" option, adding "anonymous ID" option) and also creating a completely seperate user on the filer with administrator priviledges and connecting as that user from the Windows box - nothing works. No matter what we do, the UID and GID stay as -2 on the drive properties, and we have problems reading / writing data.

Any ideas?

6 REPLIES 6

scottgelb
9,706 Views

It's user name mapping most likely... make sure to check that box on install. Windows won't be able to mount until you map the windows user to root (default only allows root to mount).

Attached is a screen shot of what I did on my laptop to make it work...my smg username local on my laptop maps to root so the uid is passed to ontap. Without this it won't work.

strattonfinance
9,706 Views

It's user name mapping most likely... make sure to check that box on install. Windows won't be able to mount until you map the windows user to root (default only allows root to mount).

Thanks for that.

The steps are a little different in Windows 2008, but you pointed me in the right direction to get it working. To clarify further, in 2008 there doesn't appear to be a name mapping service included with the Services for NFS (new name for Services for Unix) software, but there is a seperate Unix Name Mapping Service you can install.

We had actually installed this and tried to set it up previously, but I think we missed a step - you have to edit the Services for NFS properties on the machine you want to mount an NFS export on, and tell it where to find Name Mapping Service server. Once we did that, suddenly it started working.

The whole process is a bit weird though - we had assumed that if you specified a username / password (-u:xx -p:yy) on the mount command then you didn't need user mapping, it would just authenticate against the filer using the username / password provided. Obviously not. On top of that, our filer has no access to our domain controllers (which is where our Name Mapping Service server) is running, so I'm not sure how it's correctly doing the windows <-> Unix user translation. It works though, which is the important thing from our point of view.

Now just two more problems to solve - how to make mounts persistent accross reboots (any ideas on how to do this? Could use a login script but not ideal, and can't spot any persistent option), and how to make BackupExec see the NFS mount!

Thanks again.

scottgelb
9,706 Views

sfu mount command doesn't have a persistent option... and no vfstab or fstab either...sigh

Backup Exec added NDMP support in 11d...depending on budget, skip the slow windows nfs mount and ndmp from the netapp. I remember an option in older versions (5+ years ago) of Backup Exec that allowed unc path backup (an option to force it to work) but think it may have been removed or not supported in current releases.

strattonfinance
9,706 Views

sfu mount command doesn't have a persistent option... and no vfstab or fstab either...sigh

Somehow I don't think Microsoft is really trying to make it easy I think we're going to have to hack something in for now - maybe a script that mounts the NFS exports, copies the data to local disk on the BE server, and then BE can backup the data on it's own disks.

Backup Exec added NDMP support in 11d...depending on budget, skip the slow windows nfs mount and ndmp from the netapp. I remember an option in older versions (5+ years ago) of Backup Exec that allowed unc path backup (an option to force it to work) but think it may have been removed or not supported in current releases.

Would love to use NDMP - the problem is that at the moment BE only supports filer-to-tape or filer-to-filer-to-tape backups with NDMP - you can't do filer-to-BackupExecServer-to-tape. Unfortunately, we need to backup data that isn't on the filer as well, so we can't just hook the tape driver up to the filer and do filer-to-tape.

Apparently BE 12.5 is going to add support for filer-to-BEServer-to-tape backup via NDMP... not sure when it's due out though.

Thanks for the help again.

strattonfinance
9,706 Views

sfu mount command doesn't have a persistent option... and no vfstab or fstab either...sigh

Just as a FYI for yourself and anyone else who stumbles accross this thread, I figured out how to do the persistent NFS mounts (mostly).

Once you have Services for NFS installed, you don't /have/ to use the mount command - you can also use net use, which has a /persistent switch

So, from the command line:

net use x: <hostname/ip>:/mount/point /persistent:yes

This seems to basically work - every time we reboot the server and logon again Windows complains about being unable to reconnect network drives, but the drive appears in explorer and can be immediately accessed.

uptimenow
9,706 Views

Hi Strattonfinance,

we are having the same issues with server 2008.

Could you specify where you found the sources for the "seperate Unix Name Mapping Service you can install" that you mentioned?

I am unable to find this using Google.

Thanks.

Public