Files accessed via NFS list owner as "nouser" and group as "nobody"

Discussion:

(too old to reply)

Rich Gory

2006-03-08 18:45:55 UTC

I built a Windows 2003 R2 server that has "Services for UNIX" installed and
enabled. This server will be used to allow our Windows users access to NFS
file systems, and also to NFS share local data to other UNIX systems.

I copied the password and group files from the UNIX system in question
(HP-UX 11) to the 2003 server, and have defined an advanced user map linking
the proper Active Directory account(s) to the appropriate UNIX accounts.

I verified that I am able to create a file or folder in an NFS mounted file
system from the 2003 server, and that the owner and group information
appears as correct from the UNIX server's point of view.

My problem - when I view an NFS mounted file system (residing on the HP-UX
11 server) through the 2003 server (via a shell), the file and folder owner
is listed as "nouser" and the group is listed as "nobody". In other words,
the 2003 server is not displaying the ownership information appropriately
for the NFS mounted file system.

Can anyone offer any suggestions on how to resolve this issue?

Any assistance is appreciated.

Darren Moss [msft]

2006-03-15 01:07:27 UTC

Permalink

Correct me if I'm wrong - this is the problem:
A UNIX client mounts a Windows server NFS share and sees the owner and group.
A Windows NFS client mounts a UNIX server NFS share sees "nouser" and
"nobody".
Both the UNIX and Windows hosts have the same password and group files.

How are you listing the files on the Windows NFS client?

Post by Rich Gory
I built a Windows 2003 R2 server that has "Services for UNIX" installed and
enabled. This server will be used to allow our Windows users access to NFS
file systems, and also to NFS share local data to other UNIX systems.
I copied the password and group files from the UNIX system in question
(HP-UX 11) to the 2003 server, and have defined an advanced user map linking
the proper Active Directory account(s) to the appropriate UNIX accounts.
I verified that I am able to create a file or folder in an NFS mounted file
system from the 2003 server, and that the owner and group information
appears as correct from the UNIX server's point of view.
My problem - when I view an NFS mounted file system (residing on the HP-UX
11 server) through the 2003 server (via a shell), the file and folder owner
is listed as "nouser" and the group is listed as "nobody". In other words,
the 2003 server is not displaying the ownership information appropriately
for the NFS mounted file system.
Can anyone offer any suggestions on how to resolve this issue?
Any assistance is appreciated.

J***@gmail.com

2006-03-16 17:15:11 UTC

Permalink

Darren, you got that reversed.

Rich has the NFS server on his HP-UX box and he's using the Windows NFS
client.
Strangely enough I'm having the same issue as he is.

In my case I'm access the NFS server on a RedHat 7.3 box.
I too copied the passwd and group files over to the Win2003 R2 box. I
tried to use simple maps, I tried manual maps, I even tried changing
the account that the mapping service runs under to a domain account
(thinking the localsystem account may not have permission to read from
active directory). I also tried creating local user accounts on the
windows box and map to that. Nothing I tried got the directory listing
to display correctly.

Here's what I'm doing to view this:
- from the windows box start up a shell (Korn Shell in my case).
- cd /net/redhathost/u
- ls -alF shows:
total 81
drwxr-xr-x 8 nouser nobody 4096 Mar 16 10:44 ./
dr-xr-xr-x 1 0 0 0 Mar 16 12:08 ../
drwxr-xr-x 2 nouser nobody 4096 Nov 29 2004 SOFTWARE/
drwxr-xr-x 2 nouser nobody 4096 Feb 8 11:21 bin/
drwxr-xr-x 18 nouser nobody 4096 Mar 16 11:33 fg/
drwxr-xr-x 2 nouser nobody 4096 Oct 12 2004 lib/
drwx------ 2 nouser nobody 16384 Jun 14 2002 lost+found/
drwxrwxrwx 2 nouser nobody 4096 Mar 15 15:20 tmp/
lrwxrwxrwx 1 nouser nobody 5 Jun 17 2002 users@ -> /home

The above users/groups are all wrong.
Yet when I create a file in the NFS directory using the korn shell, and
then go over to the RedHat box, I can see that the ownership of the
file is correct:
-rw-r--r-- 1 rmac users 10485760 Mar 16 11:33 testfile

Rich Gory

2006-03-16 21:42:36 UTC

Permalink

Yes - this is the scenario I am dealing with.

I have contacted Microsoft Support Services and am working with an engineer
to solve the issue. I'll post my findings here...

Post by J***@gmail.com
Darren, you got that reversed.
Rich has the NFS server on his HP-UX box and he's using the Windows NFS
client.
Strangely enough I'm having the same issue as he is.
In my case I'm access the NFS server on a RedHat 7.3 box.
I too copied the passwd and group files over to the Win2003 R2 box. I
tried to use simple maps, I tried manual maps, I even tried changing
the account that the mapping service runs under to a domain account
(thinking the localsystem account may not have permission to read from
active directory). I also tried creating local user accounts on the
windows box and map to that. Nothing I tried got the directory listing
to display correctly.
- from the windows box start up a shell (Korn Shell in my case).
- cd /net/redhathost/u
total 81
drwxr-xr-x 8 nouser nobody 4096 Mar 16 10:44 ./
dr-xr-xr-x 1 0 0 0 Mar 16 12:08 ../
drwxr-xr-x 2 nouser nobody 4096 Nov 29 2004 SOFTWARE/
drwxr-xr-x 2 nouser nobody 4096 Feb 8 11:21 bin/
drwxr-xr-x 18 nouser nobody 4096 Mar 16 11:33 fg/
drwxr-xr-x 2 nouser nobody 4096 Oct 12 2004 lib/
drwx------ 2 nouser nobody 16384 Jun 14 2002 lost+found/
drwxrwxrwx 2 nouser nobody 4096 Mar 15 15:20 tmp/
The above users/groups are all wrong.
Yet when I create a file in the NFS directory using the korn shell, and
then go over to the RedHat box, I can see that the ownership of the
-rw-r--r-- 1 rmac users 10485760 Mar 16 11:33 testfile

Jijo Jose [msft]

2006-03-17 07:31:23 UTC

Permalink

i believe the issue you see is that the windows korn shell is unable to map
the uids to names. could you do "ls -ln" to see if the UIDs/gids show up
correctly?

thx
jijo

Post by Rich Gory
Yes - this is the scenario I am dealing with.
I have contacted Microsoft Support Services and am working with an
engineer to solve the issue. I'll post my findings here...

J***@gmail.com

2006-03-17 14:02:08 UTC

Permalink

Post by Jijo Jose [msft]
i believe the issue you see is that the windows korn shell is unable to map
the uids to names. could you do "ls -ln" to see if the UIDs/gids show up
correctly?
thx
jijo

Unfortunately the uid/gids are incorrect so I think the issue is a
little bigger than that. What I find really interesting is that the
file created by 'touch testfile' has the correct uid/gid when seen on
the RedHat box.

$ touch testfile
$ /usr/bin/ls -ln
total 73
drwxr-xr-x 2 -1 -2 4096 Nov 29 2004 SOFTWARE
drwxr-xr-x 2 -1 -2 4096 Mar 16 13:42 bin
drwxr-xr-x 18 -1 -2 4096 Mar 16 13:43 fg
drwxr-xr-x 2 -1 -2 4096 Oct 12 2004 lib
drwx------ 2 -1 -2 16384 Jun 14 2002 lost+found
-rw-r--r-- 1 -1 -2 0 Mar 17 08:56 testfile
drwxrwxrwx 2 -1 -2 4096 Mar 15 15:20 tmp
lrwxrwxrwx 1 -1 -2 5 Jun 17 2002 users -> /home

And viewed from the RedHat box:
[***@cslnet u]# ls -alF
total 44
drwxrwxrwx 8 root root 4096 Mar 17 08:56 ./
drwxr-xr-x 20 root root 4096 Mar 16 22:00 ../
drwxr-xr-x 2 root root 4096 Mar 16 13:42 bin/
drwxr-xr-x 18 root root 4096 Mar 16 13:43 fg/
drwxr-xr-x 2 root root 4096 Oct 12 2004 lib/
drwx------ 2 root root 16384 Jun 14 2002 lost+found/
drwxr-xr-x 2 root root 4096 Nov 29 2004 SOFTWARE/
-rw-r--r-- 1 rmacneil users 0 Mar 17 08:56 testfile
drwxrwxrwx 2 root root 4096 Mar 15 15:20 tmp/
lrwxrwxrwx 1 root root 5 Jun 17 2002 users -> /home/

Jijo Jose [msft]

2006-03-17 15:54:01 UTC

Permalink

Oh..in order to determine if its the korn shell or the windows NFS client
that's misreporting the UIDs, could you also navigate to the mount through
explorer, right click on the files & check if the UID shows up correctly in
nfs properties?

(if you're already working with someone from Microsoft Support on this,
ignore my chatter:)

Post by J***@gmail.com

Post by Jijo Jose [msft]
i believe the issue you see is that the windows korn shell is unable to map
the uids to names. could you do "ls -ln" to see if the UIDs/gids show up
correctly?
thx
jijo

Unfortunately the uid/gids are incorrect so I think the issue is a
little bigger than that. What I find really interesting is that the
file created by 'touch testfile' has the correct uid/gid when seen on
the RedHat box.
$ touch testfile
$ /usr/bin/ls -ln
total 73
drwxr-xr-x 2 -1 -2 4096 Nov 29 2004 SOFTWARE
drwxr-xr-x 2 -1 -2 4096 Mar 16 13:42 bin
drwxr-xr-x 18 -1 -2 4096 Mar 16 13:43 fg
drwxr-xr-x 2 -1 -2 4096 Oct 12 2004 lib
drwx------ 2 -1 -2 16384 Jun 14 2002 lost+found
-rw-r--r-- 1 -1 -2 0 Mar 17 08:56 testfile
drwxrwxrwx 2 -1 -2 4096 Mar 15 15:20 tmp
lrwxrwxrwx 1 -1 -2 5 Jun 17 2002 users -> /home
total 44
drwxrwxrwx 8 root root 4096 Mar 17 08:56 ./
drwxr-xr-x 20 root root 4096 Mar 16 22:00 ../
drwxr-xr-x 2 root root 4096 Mar 16 13:42 bin/
drwxr-xr-x 18 root root 4096 Mar 16 13:43 fg/
drwxr-xr-x 2 root root 4096 Oct 12 2004 lib/
drwx------ 2 root root 16384 Jun 14 2002 lost+found/
drwxr-xr-x 2 root root 4096 Nov 29 2004 SOFTWARE/
-rw-r--r-- 1 rmacneil users 0 Mar 17 08:56 testfile
drwxrwxrwx 2 root root 4096 Mar 15 15:20 tmp/
lrwxrwxrwx 1 root root 5 Jun 17 2002 users -> /home/

J***@gmail.com

2006-03-17 17:02:40 UTC

Permalink

Ah, as Rich noted earlier, when using explorer to view the uid/gid they
show up correctly. So I would tend to agree with you Jijo that this is
an issue with ksh or the posix subsystem (I tried it with csh as well,
same result as with ksh).

(I'm not currently working with anyone at MS Support but I beleive Rich
is.)

Rich Gory

2006-03-17 15:02:59 UTC

Permalink

When I execute the "ls -ln" command, the system responds with "-1" and "-2"
rather than the correct UID/gid information, yet when I browse to this share
with a "My Computer" browse window and check the NFS properties, the UID/gid
information shows as correct.

Post by Jijo Jose [msft]
i believe the issue you see is that the windows korn shell is unable to map
the uids to names. could you do "ls -ln" to see if the UIDs/gids show up
correctly?
thx
jijo

Post by Rich Gory
Yes - this is the scenario I am dealing with.
I have contacted Microsoft Support Services and am working with an
engineer to solve the issue. I'll post my findings here...

Jijo Jose [msft]

2006-03-17 17:29:46 UTC

Permalink

As Jim said - this sounds like a posix/korn problem. I don't actively work
on those so I guess the support guys are your best bet...

Post by Rich Gory
When I execute the "ls -ln" command, the system responds with "-1" and
"-2" rather than the correct UID/gid information, yet when I browse to
this share with a "My Computer" browse window and check the NFS
properties, the UID/gid information shows as correct.

Post by Jijo Jose [msft]
i believe the issue you see is that the windows korn shell is unable to
map the uids to names. could you do "ls -ln" to see if the UIDs/gids show
up correctly?
thx
jijo

Post by Rich Gory
Yes - this is the scenario I am dealing with.
I have contacted Microsoft Support Services and am working with an
engineer to solve the issue. I'll post my findings here...

Rich Gory

2006-03-30 20:03:59 UTC

Permalink

I finally have a workable solution to my original problem.

1. Launch the Microsoft Services for Network File System administration
tool.
2. Right-click on Microsoft Services for NFS in the left pane, & choose
Properties.
3. Alter the User Name Mapping Server field to replace the default
Localhost value with the static IP address of the Windows server (itself).
4. Verify that Active Directory Lookup is NOT checked (we are configured
to use password & group files that were imported from the UNIX system in
question we are NOT configured to use NIS).
5. Add the statically defined IP address of the server (reference step #3)
to the end of the c:\windows\msnfs\.maphosts file (last line).
6. Restart the User Name Mapping service.

I defined advanced user maps linking Domain Windows accounts to the
associated UNIX accounts (based on the passwd and group files) that were
imported from the UNIX system. Once I completed these steps, then shell
commands (such as ls l) displayed valid owner and group information.

NOTE: Shell commands that do report owner and group information report data
based on the mapped information, NOT UNIX information for example

Assume a file on a UNIX NFS-mapped share as follows:

Owner = Fred
Group = Engineering

Assume a user map on the Windows 2003 Server running Services for NFS as
follows:

Windows User Account Bill = UNIX User Account Fred
Windows Group Account Engr = UNIX Group Account Engineering

Shell commands executed on the Windows 2003 Server reporting ownership will
list the NFS file as follows

Owner = Bill
Group = Engr

Therefore, if you need the ownership to exactly match between environments,
you need to insure that the user and group names match.

Post by Rich Gory
Yes - this is the scenario I am dealing with.
I have contacted Microsoft Support Services and am working with an
engineer to solve the issue. I'll post my findings here...

Jim

2006-04-24 13:49:58 UTC

Permalink

Thanks for sharing that with us Rich, unfortunately your suggestions
did not work for me. I opened a case with MS and in the end I ended up
with:
1) 'localhost' set as the "User Name Maping Server"
2) and in .maphosts I have one line with "plus, space, plus":
+ +
3) restart "User Name Mapping".

Regards,
Jim

J***@gmail.com

2006-03-16 17:15:13 UTC

Permalink