Firstly I'll layout my goal, and then I'll describe what actions I've taken to try and reach it followed by where I'm getting stuck.
My Goal:
I'm migrating data from the OpenSUSE server to the 2008 Storage Server. The idea is that all the data will reside on the 2008 Storage Server in an NFS share which will be mounted to the OpenSUSE server in the same location in which the data sat in initially.
I'd like this to be completely transparent to everyday use -- all programs designed to interact from a few other servers / computers will still work without modification, and, more importantly, all file permissions can remain the same. As far as I've seen the SMB mounting doesn't full preserve the *nix file permissions. I'm hoping the NFS mount will, but please tell me if I'm wrong. SMB is so much more straight-forward and already working. I should also note speed is a giant plus for NFS.
The Players:
Windows Server 2003 - The Active Directory server
Windows Storage Server 2008 - The new file server
OpenSUSE 10.3 - The workhorse server
I have no control over the operating system choice. I have no control over the AD server. I have limited, intermittent access to the person who does have full control of the AD server. I have full control over the file server and the workhorse server.
What I've done:
The Storage Server is running Services for Network File System (NFS). It has a 6.5ish TB RAID partition configured for NFS and Samba/CIFS sharing which is used for the data storage. The Samba/CIFS share is mountable and accessible, but I haven't found a way to maintain proper user permissions on the files. When I connect the owner and group for every file is root:root, which led me to NFS in hopes this would fix the problem.
The AD server admin has installed Services for Unix, and we imported the OpenSUSE passwd and group file. Either this didn't work, or it take a bit more configuration. Tomorrow morning we're going to take a deeper look into the SFU configuration with the AD.
Right now I can mount the NFS share on the OpenSUSE under the root account:
Command results truncated to what I think is relevant info. Ask if you need more.
Code:
$ cat /etc/fstab
192.168.1.16:/data /mnt/datadir nfs user,rw,hard,intr,exec,suid,noauto 0 0
$ sudo mount -v /mnt/datadir
mount: trying 192.168.1.16 prog 100003 vers 3 prot tcp port 2049
mount: trying 192.168.1.16 prog 100005 vers 3 prot udp port 1048
$ mount
192.168.1.16:/data on /mnt/datadir type nfs (rw,user=root,nodev,hard,intr,addr=192.168.1.16)
$ cat /proc/mounts
192.168.1.16:/data /mnt/datadir nfs rw,nodev,vers=3,rsize=32768,wsize=32768,hard,intr,proto=tcp,timeo=600,retrans=2,sec=sys,addr=192.168.1.16 0 0
$ cd /mnt/datadir
-bash: cd: /mnt/datadir/: Permission denied
$ ls -l /mnt
d--------- 2 4294967294 4294967294 64 2010-07-15 15:50 datadir
My Problems:
I'm hoping the "Permission denied" error is solely because the UID and GID mappings are incorrect. I have, however, tried to create an NFS share with full permissions to "Everyone" and anonymous access, and I get the same results.
Also I've run into another roadblock. Why do non-root accounts fail to execute the mount /mnt/datadir command?
Code:
$ mount -v /mnt/datadir/
mount: trying 192.168.1.16 prog 100003 vers 3 prot tcp port 2049
mount: trying 192.168.1.16 prog 100005 vers 3 prot udp port 1048
mount: Unable to bindresvport UDP socket: errno 13 (Permission denied)
mount.nfs: Operation not permitted
AFAIK 1048 is not a restricted port, so regular users should have access to bind to the port. I also have a Gentoo machine where regular users are allowed to execute the command. The 'mount' command shows that the NFS share was mounted with the username executing the command too.
Server NFS Config:
Code:
Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Windows\system32>nfsshare data
Alias = data
Path = E:\Shared Folders\data
Encoding = ansi
ANONYMOUS access disallowed
Anonymous UID = -2
Anonymous GID = -2
HOST ACCESS :
ALL MACHINES read-write Root Access Disallowed ansi
C:\Windows\system32>nfsadmin server
The following are the settings on localhost
Locking Daemon Grace Period : 45 seconds
Activity logging Settings : Mount,Read,Write,Create,Delete,Locking
Protocol for Portmap : TCP+UDP
Protocol for Mount : TCP+UDP
Protocol for NFS : TCP+UDP
Protocol for NLM : TCP+UDP
Protocol for NSM : TCP+UDP
Protocol for Mapping Server : TCP+UDP
Enable NFS V3 Support : Enabled
Renew Authentication : Enabled
Renew Authentication Interval : 600 seconds
Directory Cache : 128 KB
Translation File Name :
Dot Files Hidden : Enabled
Case Sensitive Lookups : Enabled
NTFS Case : Preserve Case
The above was written yesterday and not posted in hopes I could solve the problem this morning. I failed.
Update:
The domain admin installed an NIS server on the AD server. I installed an NIS server on a Gentoo Linux box. They weren't able to communicate. The Linux box thought the Windows NIS service wasn't running and Windows couldn't find the Linux machine. NIS led to a dead-end right about there.
I also tried to manually link the user accounts to UNIX UIDs via the AD user properties window to no avail.
I will say I'm by no means an expert in domain administration or construction, so I could definitely have misconfigured something.
Thanks for your time and any help you're able to give.
