Thursday, November 5, 2009

Windows 7: Client for NFS and User Name Mapping without AD, SUA

In this tutorial, I will show you how to mount a NFS share on Windows 7 with Client for NFS without using neither Active Directory server nor SUA (Subsystem for UNIX-based Application).

Important: Client for NFS feature is only available on Windows 7 Ultimate Edition and Enterprise Edition. Thanks Eugene for this notice.

The Client for NFS is included in the Windows 7, however, it is turned off by default. You can turn it on by access Control Panel → Programs Programs and Features Turn Windows features on or off.


Now, you can mount any NFS share on your network. However, if you try to open the mounted drive, you are most probable to receive an "Access is denied" notification. The reason is that Windows and UNIX use different mechanisms for user identification, authentication, and resource access control.

The mechanism of identifying an user on the Windows-based system is different from the Unix-based system, which uses User Identification (UID) and Group Identification (GID). Therefore, to access resources on an Unix-based system from a Windows-based system and vice versa, we have to map user information between Windows-based system and Unix-based system.

The most popular solutions are using an Active Directory for mapping user identification or using SUA. However, that is too complicated for a small environment, such as home or small office. For example, in my case, I have two Ubuntu boxes, one Windows box in the office, and one Windows box in my dormitory room. NFS server is running on one of my Ubuntu boxes.

By googling, I have found an un-documented trick to set the "default" anonymous UID and GID for Client for NFS to access a NFS share. Now, you can do it as follows:
  1. Open the Run box by pressing Windows + R.
  2. Start Registry Editor by running command regedit. Remember to click the Yes button on the User Account Control window.
  3. Locate HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ClientForNFS\CurrentVersion\Default.
  4. Add two DWORD values: AnonymousUid and AnonymousGid.
  5. Set theses values to the UID and GID on the Ubuntu box. In the most popular cases, they are 1000 and 1000 in decimal base. Actually, it should be the UID and GID of the owner of the shared directory on the Ubuntu system.
  6. Restart your Client for NFS service or restart your computer.

Now, you can access Ubuntu box's NFS share from your Windows box.

Example

On the Ubuntu, I want to share the home directory of the user cuongnv /home/cuongnv. The owner UID is cuongnv (1000), and the owner GID is also cuongnv (1000). I assume that you know how to install NFS service on the Ubuntu (actually, you only need to install two package: portmap and nfs-kernel-server). My Ubuntu box's IP is 192.168.0.10, and I want to share above directory to all the computers in my network 192.168.0.0/24.

Now, on the Ubuntu box, you add the following line to the file /etc/exports:

/home/cuongnv    192.168.0.0/24(rw,sync,no_subtree_check)

Then, you need to run command exports -ra. Final, restart portmap service and nfs-kernel-server service.

On the Windows 7 box:
  1. Open Computer (or press Windows + E).
  2. Click the Map netwok drive button on the toolbar.
  3. Enter 192.168.0.10:/home/cuongnv on the Folder text box.
  4. Click Finish.

Done!


14 comments:

Nhan said...

Nice article. How do you setup NFS server on Window 7? I want to share windows folders on a Linux machine using NFS

Eugene said...

I don't have the Services for NFS as an option under Turn Windows Features On or Off,

I thought I read somewhere that one needs Windows 7 ultimate.

Is this true, and does someone know a good free client?

Nguyen Viet Cuong said...

@Nhan: I have never tried to setup NFS server on Windows 7. There are several choices for you:
1. SUA of Microsoft.
2. Cygwin NFS Server.
3. Allegro NFS Server (30 days evaluation with full features)

@Eugene: Services for NFS is only available on Windows 7 Ultimate and Enterprise Edition. For free client, you may try cygwin. I am very impressed on the performance of recent versions of cygwin.

explore4342 said...

i have tried this in both windows 7 x86 and x64, but cannot get the reg trick to work. I continually get this error (from the event log)

Windows(R) Lightweight Directory Access Protocol (LDAP) failed a request to connect to Active Directory Domain Services(R) for Windows user .

Without the corresponding UNIX identity of the Windows user, the user cannot access Network File System (NFS) shared resources.

Verify that the Windows user is in Active Directory Domain Services and has access permissions.


Anyone able to get past this, encounter this, or see any steps left out? Thanks

Nguyen Viet Cuong said...

Hi explore4342,

Which edition of Windows 7 are you using?

Do you use a central authentication method? I means Active Directory or LDAP...

Gustavo Izurieta said...

Hi Nguyen, I have a similar issue with a Windows 2008 reporting "Windows Lightweight Directory Access Protocol (LDAP) failed a request to connect to AD Domain services for Windows user domain\gus.izur

Without the corresponding UNIX identity of the Windows user, the user cannot access NFS shared resources.

Verify that the Windows user in AD has access permissions."

This Windows 2008 is accessing a NFS share on a HP-UX box by Windows LDAP accesing to a AD.

Do you think is required SUA in this case? (http://www.suacommunity.com/SUA.aspx)

Nguyen Viet Cuong said...

Hi Izurieta,

I have recently found that NFSv4 has some security mechanism preventing us from mount the NFS shared directory with only UID and GID.

In that situation, I guess you should try to use SUA.

Phillip said...

Nice workaround. Works on Win 7 Ult x64 and ubuntu 10.04 LTS x86.

Norbou said...

Im getting crazy, does not work for me, I have Win7 Ultimate. Im trying connect to Ubuntu 11.04 NFS share 192.168.0.252:/home but this is not share for anonymous access, i must write my credentials to mount. I have already tryed a mount and net use, but nothing happend. Oh, yes, whe I used mount, it worked for me well, but I mounted a netrwork drive ony in my commandline console, from windows mounted volume was not visible. Please help ! :-) úúúúúú

Nguyen Viet Cuong said...

Hi Norbou,

I will check your case and reply asap.

Schorschi said...

In my case I got this to work with Windows 7 Ultimate. However, mounts via Windows will always default to Anonymous UID/GID which is -2 for UID, -2 for GID. So even if the mount is success, access denied errors would result. Also, if the Windows 7 instance is part of a Windows domain (joined to a domain in an Active Directory forest), the default security settings for Windows 7 change significantly, and this can interfer with the NFS client function on Windows 7. Change of some key security based settings such as, disable of 128 bit encryption and changing Windows 7 to allow LM & NTLM connections maybe needed. This would not be a best practice but in a simple home environment, or a lab non-production environment maybe acceptable.

Christian said...

Thanks!

ochi man said...

Perfect
I seen in auth.log someting wrong
but i will never think that is possible to fix simple like that.
thanks a lot

Shridhar bhandare said...

Hi,
I am doing the same to mount NFS dir in windows7 ultimate 64 bit. But I am getting below error while mounting.

NET HELPMSG 85
Local Device name already in use

However, I have done all configuration right. I am using VMbox for rhel6 54 bit system, I am trying to mount NFS in windows.

I used below command to mount

mount 192.168.0.1:/abc H:

getting above error.

NFS started, DHCP working , DNS is resolving. everything is fine. Please adivce.