![]() |
€uromeinke, FEJ. and Ghoulish Delight RULE!!! NA abides. |
![]() |
#1 |
I Floop the Pig
|
Any networking gurus? NFS permissions hell
I'm asking any resource I can find because this one is driving me bonkers:
I have a Windows 2008 R2 SP1 server with Services for NFS enabled. I've provisioned an NFS share, and set the permissions as wide open (both NTFS and NFS permissions) as I can think of, including allowing root access. The server is in a test environment on a network segment that's firewalled, so security isn't an issue. I can see the share, mount it from a client (RHEL 6.2, PPC) and read and write from the client. However, there are permissions issues trying to access directories created by the clients from other systems. What I've finally figured out is, if I try to access the created directories from a system logged into our corporate domain (on a different segment, other side of the firewall), permission is denied. But if I access it from a system that does't use active directory domain credentials, but rather logs in with the server's administrator credentials, it works. The server is not in the domain, it's in a workgroup, and I'm not using any Identity Mapping. There is another server on the network, 2008 R2 (not SP1). As far as I can tell the configurations are the same. But that server doesn't have the issue. Directories created by a client with the NFS share mounted are accessible by anyone. The only other clue I have is that when a directory is created, if I go to the server and view the directory in Explorer, it's go a lock icon on it. If I go in to the Security properties Full Control permissions to Everyone, the lock disappears and the directory is accessible to ALL users, even ones on domain-connected systems. Not sure what's different between the two servers that's causing this.
__________________
'He who receives an idea from me, receives instruction himself without lessening mine; as he who lights his taper at mine, receives light without darkening me.' -TJ |
![]() |
Submit to Quotes
![]() |
![]() |
#2 |
Chowder Head
Join Date: Jan 2005
Location: Yes
Posts: 18,500
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() |
Sounds like you need some percussive maintenance
__________________
The thing about quotes on the internet is that you cannot verify their validity.
- Abraham Lincoln |
![]() |
Submit to Quotes
![]() |
![]() |
#3 |
I Floop the Pig
|
Not that anyone cares, but it appears the key was that the server that isn't working has its guest account enabled. Systems on the corporate domain were being logged in a guest and not getting permissions. Systems on the lab network were being logged in as Administrator.
__________________
'He who receives an idea from me, receives instruction himself without lessening mine; as he who lights his taper at mine, receives light without darkening me.' -TJ |
![]() |
Submit to Quotes
![]() |
![]() |
#4 |
Senior Member
Join Date: Jun 2006
Location: Me & Manyard hangin out!
Posts: 5,433
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() |
Oh, I care. I just don't have a clue.
Good luck, though.
__________________
Meddle not in the affairs of Dragons, for you are crunchy and good with ketchup! |
![]() |
Submit to Quotes
![]() |