Configuring Kerberos for NFS 4.1 access ( Ubuntu)

This blog talks about configuring Kerberos on Ubuntu for NFS access. NFS is hosted on a 2 node cluster environment. Environment: Windows 2012 as DC and cluster node Ubuntu as NFS client Cluster node: Ran the command on the cluster node to check the SPN for NFS   C:\> setspn –l node1 Registered ServicePrincipalNames for…


Setgid/Setuid does not work against a NFS share hosted on Windows 2012

One of our customer recently reported issue where setgid/setuid was not working against a NFS share hosted on Windows 2012. Below are two images which shows the expected behaviour while SGID is set on a local share v/s the unexpected behaviour over a NFS share.  ==> NFS Share                    ==> Local share   Through our investigation we…


Character translation does not work on Windows 2012 with NFS v4.1

Character translation between Windows to Unix does not working on Windows 2012 with NFS v4.1. For NFS v3, on Windows 2012 the same configuration works.   This is because the RFC for NFS v4.0 and above is all about uniformity of file names, UTF-8 encoding etc. explicitly. Hence Character translation does not apply to v4.1…


AD primary group (primarygroupID) being sent by the NFS server in case of Kerberos Authentication instead of gidNumber

With Windows 2012, there are multiple options of mapping users and group for NFS access. This has been discussed on the blog below: http://blogs.technet.com/b/filecab/archive/2012/10/09/nfs-identity-mapping-in-windows-server-2012.aspx We came across the difference in behavior while we use the authentication type as Auth_sys to the authentication type Kerberos. While using Kerberos as authentication type on the NFS share then…


"Server for NFS" service exhibits different behaviour when restarted using different options

While working on a issue recently, we found that there was a difference in behaviour when we restart the “Server for NFS” service from the services console compare to restarting it using the “nfsadmin” command. The issue was happening after a disk was reformatted and could be reproduce if the Service was started from the services…


RHEL clients displays Anonymous UID and GID in the permission for the files and folder that are shared over NFS v4.1

Consider a scenario where Windows 2012 is hosting shares over NFS v4.1. Adlookup is configured for user and group mapping. RHEL 5.8 is the NFS client which is mounting the NFS shares and then accessing as a mapped user. From the Windows side correct information is displayed on the ownership tab. Also the user who…


Tips on ‘mount options" on NFS version 4.1

Inputs on NFS 4.1 mount: While working on a recent scenario on NFS V4.1, we came across some intresting scenarios for mounting the NFS volumes on the Unix NFS clients. In the implementation of V4.1, there are no particular access requirements to virtual directories , but all relative objects have the relevant security checks applied,…


Unable to access Symbolic link on a NFS share

While working on one of the case, the customer reported that he was unable to access symbolic link of a NFS share. The symbolic link was pointing to another directory under the same NFS share. The NFS share was hosted on Windows 2008 R2. While checking the properties of the link, we found that the link…