I'm trying to use the Linux NFS client with a Microsoft "Services For
UNIX" (SFU) server. The SFU version if 2.2. The server is actually a HP
Storageworks 1000s NAS server.
It's possible to mount, but then I'm stuck. Basically every operation on
/mnt, except ls/stat on the mount point itself, gives me "permission
denied". The permissions on /mnt is 050, so I'm not surprised I cannot
enter the directory. What's strange, though, is that "chown", "chmod" etc
also fails, even though I'm root, and the server does not use root
squashing.
I've captured a few packets with Ethereal. What's surprises me is that the
server is returning RPC-level AUTH_ERRORs. Is this really normal?
I've tried both UDP and TCP, and both v2 and v3. The packet capture is
available as http://www.cendio.se/~peter/tmp/sfu22-auth-error.cap.
--
Peter ?strand Chief Developer
Cendio http://www.thinlinc.com
Teknikringen 3 http://www.cendio.se
583 30 Link?ping Phone: +46-13-21 46 00
ty den 05.07.2005 Klokka 18:47 (+0200) skreiv Peter =C3=85strand:
> I've tried both UDP and TCP, and both v2 and v3. The packet capture is=20
> available as http://www.cendio.se/~peter/tmp/sfu22-auth-error.cap.
Your server is returning similar errors for that file. ;-)
Trond
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
On Tue, 5 Jul 2005, Trond Myklebust wrote:
> ty den 05.07.2005 Klokka 18:47 (+0200) skreiv Peter ?strand:
>
>> I've tried both UDP and TCP, and both v2 and v3. The packet capture is
>> available as http://www.cendio.se/~peter/tmp/sfu22-auth-error.cap.
>
> Your server is returning similar errors for that file. ;-)
Oops. Try again now.
--
Peter ?strand Chief Developer
Cendio http://www.thinlinc.com
Teknikringen 3 http://www.cendio.se
583 30 Link?ping Phone: +46-13-21 46 00
ty den 05.07.2005 Klokka 19:19 (+0200) skreiv Peter =C3=85strand:
> On Tue, 5 Jul 2005, Trond Myklebust wrote:
>=20
> > ty den 05.07.2005 Klokka 18:47 (+0200) skreiv Peter =C3=85strand:
> >
> >> I've tried both UDP and TCP, and both v2 and v3. The packet capture is
> >> available as http://www.cendio.se/~peter/tmp/sfu22-auth-error.cap.
> >
> > Your server is returning similar errors for that file. ;-)
>=20
> Oops. Try again now.
It is actually returning an AUTH_REJECTEDCRED to the readdir request,
which is very odd since we're not actually using AUTH_SHORT.
Looks like a pretty clear-cut server bug to me.
Cheers,
Trond
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
Peter =C5strand wrote:
>
> I'm trying to use the Linux NFS client with a Microsoft "Services For=20
> UNIX" (SFU) server. The SFU version if 2.2. The server is actually a=20
> HP Storageworks 1000s NAS server.
>
> It's possible to mount, but then I'm stuck. Basically every operation=20
> on /mnt, except ls/stat on the mount point itself, gives me=20
> "permission denied". The permissions on /mnt is 050, so I'm not=20
> surprised I cannot enter the directory. What's strange, though, is=20
> that "chown", "chmod" etc also fails, even though I'm root, and the=20
> server does not use root squashing.
>
> I've captured a few packets with Ethereal. What's surprises me is that=20
> the server is returning RPC-level AUTH_ERRORs. Is this really normal?
>
> I've tried both UDP and TCP, and both v2 and v3. The packet capture is=20
> available as http://www.cendio.se/~peter/tmp/sfu22-auth-error.cap.
Does this server need to be configured with the uid and maybe gid of the=20
user to
be accessing files on the file system? I have seen some situations,=20
typically
with Microsoft servers, that need to be accessed using a specific uid/gid
combination. Since these systems don't have the concept of uid and gid=20
anyway,
perhaps this is required here.
At Connectathon, it seems like some of the servers need to be accessed us=
ing
magic uids and gids...
ps
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
On Tue, 5 Jul 2005, Peter Staubach wrote:
>> I'm trying to use the Linux NFS client with a Microsoft "Services For UNIX"
>> (SFU) server. The SFU version if 2.2. The server is actually a HP
>> Storageworks 1000s NAS server.
> Does this server need to be configured with the uid and maybe gid of the
> user to be accessing files on the file system? I have seen some
> situations, typically with Microsoft servers, that need to be accessed
> using a specific uid/gid combination. Since these systems don't have
> the concept of uid and gid anyway, perhaps this is required here.
Well, yes. The server has a "User Name Mapping" feature. It can build maps
based on a NIS server source, for example. This is what I'm using. This is
all documented in the NAS 1000s administration guide.
There's a component called "NFS Authentication Software" (sfucustom.msi)
that, according to the guide, needs to be installed on all PDCs and BDCs.
First, I didn't think this was necessary, but perhaps it is. I wonder what
this software actually does...
--
Peter ?strand Chief Developer
Cendio http://www.thinlinc.com
Teknikringen 3 http://www.cendio.se
583 30 Link?ping Phone: +46-13-21 46 00
ty den 05.07.2005 Klokka 14:16 (-0400) skreiv Peter Staubach:
> Does this server need to be configured with the uid and maybe gid of the
> user to
> be accessing files on the file system? I have seen some situations,
> typically
> with Microsoft servers, that need to be accessed using a specific uid/gid
> combination. Since these systems don't have the concept of uid and gid
> anyway,
> perhaps this is required here.
>
> At Connectathon, it seems like some of the servers need to be accessed using
> magic uids and gids...
It seems strange, though, that a GETATTR should succeed but that a
READDIR with the same credential should fail with an RPC error of
AUTH_REJECTEDCRED.
It looks as if they rather want to be returning NFSERR_ACCES here.
Cheers,
Trond
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
Trond Myklebust wrote:
>
>It seems strange, though, that a GETATTR should succeed but that a
>READDIR with the same credential should fail with an RPC error of
>AUTH_REJECTEDCRED.
>
>It looks as if they rather want to be returning NFSERR_ACCES here.
>
I'd rather given up on trying to guess why some of the Windows based
solutions
worked the way that they did. I keep hoping that it make some sense, given
some information that I don't have... :-)
ps
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
It is used for mapping SID's to UID's and depending on your environment =
may need to be loaded to them, however a Getattr and a Readdir would be =
reading the same mappings. I am obviously prejudiced and think you could =
use a better one (see sig). You can get help from this newsgroup but the =
version you are using is very old and I am not sure what you will get:
http://groups-beta.google.com/group/microsoft.public.servicesforunix.gene=
ral?hl=3Den
Even though you are not squashing root the UID 0 is treated differently =
from all other UID's. If the UID 0 is not mapped you are getting =
world/anonymous access. Even if you grant the machine root access if you =
have not mapped UID 0 I believe this is still the case. Also Getattr may =
be allowed as it is non-destructive and some NFS Clients do one as part =
of the Mount. If Getattr was denied the Mount would fail also.
Dan Shaffer
http://www.accessnfs.com
-----Original Message-----
From: Peter =C5strand [mailto:[email protected]]
Sent: Tuesday, July 05, 2005 1:42 PM
To: Peter Staubach
Cc: [email protected]
Subject: Re: [NFS] Linux client with MS SFU server
On Tue, 5 Jul 2005, Peter Staubach wrote:
>> I'm trying to use the Linux NFS client with a Microsoft "Services For =
UNIX"=20
>> (SFU) server. The SFU version if 2.2. The server is actually a HP=20
>> Storageworks 1000s NAS server.
> Does this server need to be configured with the uid and maybe gid of =
the=20
> user to be accessing files on the file system? I have seen some=20
> situations, typically with Microsoft servers, that need to be accessed =
> using a specific uid/gid combination. Since these systems don't have=20
> the concept of uid and gid anyway, perhaps this is required here.
Well, yes. The server has a "User Name Mapping" feature. It can build =
maps=20
based on a NIS server source, for example. This is what I'm using. This =
is=20
all documented in the NAS 1000s administration guide.
There's a component called "NFS Authentication Software" (sfucustom.msi) =
that, according to the guide, needs to be installed on all PDCs and =
BDCs.=20
First, I didn't think this was necessary, but perhaps it is. I wonder =
what=20
this software actually does...
--=20
Peter =C5strand Chief Developer
Cendio http://www.thinlinc.com
Teknikringen 3 http://www.cendio.se
583 30 Link=F6ping Phone: +46-13-21 46 00
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs