Any networking gurus? NFS permissions hell

Ghoulish Delight · 05-04-2012, 03:36 PM

I'm asking any resource I can find because this one is driving me bonkers:

I have a Windows 2008 R2 SP1 server with Services for NFS enabled. I've provisioned an NFS share, and set the permissions as wide open (both NTFS and NFS permissions) as I can think of, including allowing root access. The server is in a test environment on a network segment that's firewalled, so security isn't an issue.

I can see the share, mount it from a client (RHEL 6.2, PPC) and read and write from the client. However, there are permissions issues trying to access directories created by the clients from other systems. What I've finally figured out is, if I try to access the created directories from a system logged into our corporate domain (on a different segment, other side of the firewall), permission is denied. But if I access it from a system that does't use active directory domain credentials, but rather logs in with the server's administrator credentials, it works.

The server is not in the domain, it's in a workgroup, and I'm not using any Identity Mapping.

There is another server on the network, 2008 R2 (not SP1). As far as I can tell the configurations are the same. But that server doesn't have the issue. Directories created by a client with the NFS share mounted are accessible by anyone.

The only other clue I have is that when a directory is created, if I go to the server and view the directory in Explorer, it's go a lock icon on it. If I go in to the Security properties Full Control permissions to Everyone, the lock disappears and the directory is accessible to ALL users, even ones on domain-connected systems. Not sure what's different between the two servers that's causing this.

Kevy Baby · 05-04-2012, 11:06 PM

Sounds like you need some percussive maintenance

Ghoulish Delight · 05-05-2012, 07:38 AM

Not that anyone cares, but it appears the key was that the server that isn't working has its guest account enabled. Systems on the corporate domain were being logged in a guest and not getting permissions. Systems on the lab network were being logged in as Administrator.

RStar · 05-07-2012, 06:30 AM

Oh, I care. I just don't have a clue.

Good luck, though.

05-04-2012, 03:36 PM	#1
Ghoulish Delight I Floop the Pig Join Date: Jan 2005 Location: Alternative Swankstyle Posts: 19,348	Any networking gurus? NFS permissions hell I'm asking any resource I can find because this one is driving me bonkers: I have a Windows 2008 R2 SP1 server with Services for NFS enabled. I've provisioned an NFS share, and set the permissions as wide open (both NTFS and NFS permissions) as I can think of, including allowing root access. The server is in a test environment on a network segment that's firewalled, so security isn't an issue. I can see the share, mount it from a client (RHEL 6.2, PPC) and read and write from the client. However, there are permissions issues trying to access directories created by the clients from other systems. What I've finally figured out is, if I try to access the created directories from a system logged into our corporate domain (on a different segment, other side of the firewall), permission is denied. But if I access it from a system that does't use active directory domain credentials, but rather logs in with the server's administrator credentials, it works. The server is not in the domain, it's in a workgroup, and I'm not using any Identity Mapping. There is another server on the network, 2008 R2 (not SP1). As far as I can tell the configurations are the same. But that server doesn't have the issue. Directories created by a client with the NFS share mounted are accessible by anyone. The only other clue I have is that when a directory is created, if I go to the server and view the directory in Explorer, it's go a lock icon on it. If I go in to the Security properties Full Control permissions to Everyone, the lock disappears and the directory is accessible to ALL users, even ones on domain-connected systems. Not sure what's different between the two servers that's causing this. __________________ 'He who receives an idea from me, receives instruction himself without lessening mine; as he who lights his taper at mine, receives light without darkening me.' -TJ
	Submit to Quotes

05-04-2012, 11:06 PM	#2
Kevy Baby Chowder Head Join Date: Jan 2005 Location: Yes Posts: 18,500	Sounds like you need some percussive maintenance __________________ The thing about quotes on the internet is that you cannot verify their validity. - Abraham Lincoln
	Submit to Quotes

05-05-2012, 07:38 AM	#3
Ghoulish Delight I Floop the Pig Join Date: Jan 2005 Location: Alternative Swankstyle Posts: 19,348	Not that anyone cares, but it appears the key was that the server that isn't working has its guest account enabled. Systems on the corporate domain were being logged in a guest and not getting permissions. Systems on the lab network were being logged in as Administrator. __________________ 'He who receives an idea from me, receives instruction himself without lessening mine; as he who lights his taper at mine, receives light without darkening me.' -TJ
	Submit to Quotes

05-07-2012, 06:30 AM	#4
RStar Senior Member Join Date: Jun 2006 Location: Me & Manyard hangin out! Posts: 5,433	Oh, I care. I just don't have a clue. Good luck, though. __________________ Meddle not in the affairs of Dragons, for you are crunchy and good with ketchup! www.StarTownGifts.com
	Submit to Quotes