Set up Services for Network File System in Windows Server 2008
Set up Services for Network File System in Windows Server 2008
The Microsoft Services for NFS continues to be the part of the operating system in Windows Server 2008 and seems we will see more improvements when Windows Server 2008 R2 is released.
In Windows Server 2008, a major change from the Windows Server 2003 R2 is the elimination of User Name Mapping service. Although, you can still use an existing UNM server to fetch the UNIX Identity information on a Windows Server 2008 system, it doesn't provide an option to install it on W2K8 system.
The other and newer option to use is Active Directory Lookup that debuted with Windows Server 2003 R2 and is yet to get accepted widely.
Using this feature, you can configure the Server for NFS and Client for NFS to directly fetch the UNIX identity information from Active Directory. This feature simplifies the identity management because now you just have to populate the information in just your Active Directory backend and it can be used to identify the UNIX users accessing the Windows NFS shares.
There are some glitches with this feature that I'll talk about in a post of its own. For now, let's move on to find out how we can enable the NFS services on a Windows Server 2008 box.
You can install Services for Network File System using the Add Roles Wizard from the Server Manager. To install Services for Network File System feature, the File Server role must be installed if it has already not been done. If the File Server role has not been added already, you can add this role and the Services for Network File System feature in a single go.
To get started, start Server Manager and click on the Add Roles link to start the Add Roles wizard. After you have followed the screens below, the necessary components and services will be added to your system -
From now on, you can manage most of the server and client configuration option from the Services for Network File System MMC snap-in -
To configure how it should fetch the UNIX identity information, right click on the top most node in the left pane in this MMC snap-in and click on Properties. You will be presented with the following dialog box and you can make your choices to use Active Directory Lookup by providing your Active Directory domain name and/or the server name of the system running User Name Mapping service -
Note: Active Directory Lookup feature is RFC2307 compliant and will work only when you have populated the RFC2307 attributes for the user and group objects in Active Directory. The attributes uidNumber and gidNumber contain the unique UID and GID information for users and groups.
The sharing of the folders over NFS remains more or less same as seen in the following screen shots -
UNIX side activities after you have installed the Services for Network File System and have exported some folders over NFS are same as documented here - https://blogs.msdn.com/sfu/pages/mounting-nfs-share-on-nfs-client.aspx
Comments
Anonymous
December 19, 2008
Seems like the ability to add additional mappings has really gone. This makes using the NFS in large AD environments actually tricky. In the past we could provide different mappings between the Unix-root user and AD accounts on different servers so that each top-level OU in the AD has its own root account. If all the mappings now come from AD this is not possible anymore. Or do I miss something?Anonymous
December 19, 2008
I believe this should work by manually assigning the UID=0 and GID=0 to all such accounts.
- Ashish
Anonymous
July 29, 2009
Can a Windows2008 share be made available to both a NFS (linux) client and a WXP/Windows7 CIFS client?Anonymous
July 29, 2009
Pretty much. You might want to enable KeepInheritance setting to make permissions compatible with both - NFS and CIFS - client at the same time.Anonymous
January 11, 2011
The comment has been removedAnonymous
January 11, 2011
@SDOG - yes, you will need AD to map the accounts if you are not going to keep the UNM/W2K3 server for long. You can use it till it's there. What is the AD schema version? Is it W2K3? or W2K3 R2 or later?Anonymous
January 11, 2011
The comment has been removedAnonymous
January 11, 2011
In that case, you can use the script documented in blogs.msdn.com/.../getting-ad-lookup-to-work-without-unix-attributes-tab.aspx to populate the information in AD and ge things going. It only requires the uidNumber/gidNumber attributes to be populated to work.Anonymous
January 27, 2012
The comment has been removedAnonymous
August 03, 2012
@Pete - unfortunately, no.