Linux client with MS SFU server

Linux client with MS SFU server

[Peter Åstrand]

[-- Attachment #1: Type: TEXT/PLAIN, Size: 990 bytes --]


I'm trying to use the Linux NFS client with a Microsoft "Services For 
UNIX" (SFU) server. The SFU version if 2.2. The server is actually a HP 
Storageworks 1000s NAS server.

It's possible to mount, but then I'm stuck. Basically every operation on 
/mnt, except ls/stat on the mount point itself, gives me "permission 
denied". The permissions on /mnt is 050, so I'm not surprised I cannot 
enter the directory. What's strange, though, is that "chown", "chmod" etc 
also fails, even though I'm root, and the server does not use root 
squashing.

I've captured a few packets with Ethereal. What's surprises me is that the 
server is returning RPC-level AUTH_ERRORs. Is this really normal?

I've tried both UDP and TCP, and both v2 and v3. The packet capture is 
available as http://www.cendio.se/~peter/tmp/sfu22-auth-error.cap.

-- 
Peter Åstrand		Chief Developer
Cendio			www.thinlinc.com
Teknikringen 3		www.cendio.se
583 30 Linköping        Phone: +46-13-21 46 00

Re: Linux client with MS SFU server

[Trond Myklebust]

ty den 05.07.2005 Klokka 18:47 (+0200) skreiv Peter =C3=85strand:

> I've tried both UDP and TCP, and both v2 and v3. The packet capture is=20
> available as http://www.cendio.se/~peter/tmp/sfu22-auth-error.cap.

Your server is returning similar errors for that file. ;-)

  Trond



-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
NFS maillist  -  NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs

Re: Linux client with MS SFU server

[Peter Åstrand]

[-- Attachment #1: Type: TEXT/PLAIN, Size: 491 bytes --]

On Tue, 5 Jul 2005, Trond Myklebust wrote:

> ty den 05.07.2005 Klokka 18:47 (+0200) skreiv Peter Åstrand:
>
>> I've tried both UDP and TCP, and both v2 and v3. The packet capture is
>> available as http://www.cendio.se/~peter/tmp/sfu22-auth-error.cap.
>
> Your server is returning similar errors for that file. ;-)

Oops. Try again now.

-- 
Peter Åstrand		Chief Developer
Cendio			www.thinlinc.com
Teknikringen 3		www.cendio.se
583 30 Linköping        Phone: +46-13-21 46 00

Re: Linux client with MS SFU server

[Trond Myklebust]

ty den 05.07.2005 Klokka 19:19 (+0200) skreiv Peter =C3=85strand:
> On Tue, 5 Jul 2005, Trond Myklebust wrote:
>=20
> > ty den 05.07.2005 Klokka 18:47 (+0200) skreiv Peter =C3=85strand:
> >
> >> I've tried both UDP and TCP, and both v2 and v3. The packet capture is
> >> available as http://www.cendio.se/~peter/tmp/sfu22-auth-error.cap.
> >
> > Your server is returning similar errors for that file. ;-)
>=20
> Oops. Try again now.

It is actually returning an AUTH_REJECTEDCRED to the readdir request,
which is very odd since we're not actually using AUTH_SHORT.

Looks like a pretty clear-cut server bug to me.

Cheers,
  Trond



-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
NFS maillist  -  NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs

Re: Linux client with MS SFU server

[Peter Staubach]

Peter =C5strand wrote:

>
> I'm trying to use the Linux NFS client with a Microsoft "Services For=20
> UNIX" (SFU) server. The SFU version if 2.2. The server is actually a=20
> HP Storageworks 1000s NAS server.
>
> It's possible to mount, but then I'm stuck. Basically every operation=20
> on /mnt, except ls/stat on the mount point itself, gives me=20
> "permission denied". The permissions on /mnt is 050, so I'm not=20
> surprised I cannot enter the directory. What's strange, though, is=20
> that "chown", "chmod" etc also fails, even though I'm root, and the=20
> server does not use root squashing.
>
> I've captured a few packets with Ethereal. What's surprises me is that=20
> the server is returning RPC-level AUTH_ERRORs. Is this really normal?
>
> I've tried both UDP and TCP, and both v2 and v3. The packet capture is=20
> available as http://www.cendio.se/~peter/tmp/sfu22-auth-error.cap.


Does this server need to be configured with the uid and maybe gid of the=20
user to
be accessing files on the file system?  I have seen some situations,=20
typically
with Microsoft servers, that need to be accessed using a specific uid/gid
combination.  Since these systems don't have the concept of uid and gid=20
anyway,
perhaps this is required here.

At Connectathon, it seems like some of the servers need to be accessed us=
ing
magic uids and gids...

       ps


-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
NFS maillist  -  NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs

Re: Linux client with MS SFU server

[Peter Åstrand]

[-- Attachment #1: Type: TEXT/PLAIN, Size: 1216 bytes --]

On Tue, 5 Jul 2005, Peter Staubach wrote:

>> I'm trying to use the Linux NFS client with a Microsoft "Services For UNIX" 
>> (SFU) server. The SFU version if 2.2. The server is actually a HP 
>> Storageworks 1000s NAS server.

> Does this server need to be configured with the uid and maybe gid of the 
> user to be accessing files on the file system?  I have seen some 
> situations, typically with Microsoft servers, that need to be accessed 
> using a specific uid/gid combination.  Since these systems don't have 
> the concept of uid and gid anyway, perhaps this is required here.

Well, yes. The server has a "User Name Mapping" feature. It can build maps 
based on a NIS server source, for example. This is what I'm using. This is 
all documented in the NAS 1000s administration guide.

There's a component called "NFS Authentication Software" (sfucustom.msi) 
that, according to the guide, needs to be installed on all PDCs and BDCs. 
First, I didn't think this was necessary, but perhaps it is. I wonder what 
this software actually does...


-- 
Peter Åstrand		Chief Developer
Cendio			www.thinlinc.com
Teknikringen 3		www.cendio.se
583 30 Linköping        Phone: +46-13-21 46 00

Re: Linux client with MS SFU server

[Peter Staubach]

Trond Myklebust wrote:

>
>It seems strange, though, that a GETATTR should succeed but that a
>READDIR with the same credential should fail with an RPC error of
>AUTH_REJECTEDCRED.
>
>It looks as if they rather want to be returning NFSERR_ACCES here.
>

I'd rather given up on trying to guess why some of the Windows based 
solutions
worked the way that they did.  I keep hoping that it make some sense, given
some information that I don't have...  :-)

       ps


-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
NFS maillist  -  NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs

Re: Linux client with MS SFU server

[Trond Myklebust]

ty den 05.07.2005 Klokka 14:16 (-0400) skreiv Peter Staubach:

> Does this server need to be configured with the uid and maybe gid of the 
> user to
> be accessing files on the file system?  I have seen some situations, 
> typically
> with Microsoft servers, that need to be accessed using a specific uid/gid
> combination.  Since these systems don't have the concept of uid and gid 
> anyway,
> perhaps this is required here.
> 
> At Connectathon, it seems like some of the servers need to be accessed using
> magic uids and gids...

It seems strange, though, that a GETATTR should succeed but that a
READDIR with the same credential should fail with an RPC error of
AUTH_REJECTEDCRED.

It looks as if they rather want to be returning NFSERR_ACCES here.

Cheers,
  Trond



-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
NFS maillist  -  NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs

RE: Linux client with MS SFU server

[dshaffer]

	It is used for mapping SID's to UID's and depending on your environment =
may need to be loaded to them, however a Getattr and a Readdir would be =
reading the same mappings. I am obviously prejudiced and think you could =
use a better one (see sig). You can get help from this newsgroup but the =
version you are using is very old and I am not sure what you will get:

http://groups-beta.google.com/group/microsoft.public.servicesforunix.gene=
ral?hl=3Den

	Even though you are not squashing root the UID 0 is treated differently =
from all other UID's. If the UID 0 is not mapped you are getting =
world/anonymous access. Even if you grant the machine root access if you =
have not mapped UID 0 I believe this is still the case. Also Getattr may =
be allowed as it is non-destructive and some NFS Clients do one as part =
of the Mount. If Getattr was denied the Mount would fail also.

Dan Shaffer
www.accessnfs.com


-----Original Message-----
From: Peter =C5strand [mailto:astrand@cendio.se]
Sent: Tuesday, July 05, 2005 1:42 PM
To: Peter Staubach
Cc: nfs@lists.sourceforge.net
Subject: Re: [NFS] Linux client with MS SFU server


On Tue, 5 Jul 2005, Peter Staubach wrote:

>> I'm trying to use the Linux NFS client with a Microsoft "Services For =
UNIX"=20
>> (SFU) server. The SFU version if 2.2. The server is actually a HP=20
>> Storageworks 1000s NAS server.

> Does this server need to be configured with the uid and maybe gid of =
the=20
> user to be accessing files on the file system?  I have seen some=20
> situations, typically with Microsoft servers, that need to be accessed =

> using a specific uid/gid combination.  Since these systems don't have=20
> the concept of uid and gid anyway, perhaps this is required here.

Well, yes. The server has a "User Name Mapping" feature. It can build =
maps=20
based on a NIS server source, for example. This is what I'm using. This =
is=20
all documented in the NAS 1000s administration guide.

There's a component called "NFS Authentication Software" (sfucustom.msi) =

that, according to the guide, needs to be installed on all PDCs and =
BDCs.=20
First, I didn't think this was necessary, but perhaps it is. I wonder =
what=20
this software actually does...


--=20
Peter =C5strand		Chief Developer
Cendio			www.thinlinc.com
Teknikringen 3		www.cendio.se
583 30 Link=F6ping        Phone: +46-13-21 46 00


-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
NFS maillist  -  NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs