Hopefully this question hasn't been asked a thousand times. I am trying to connect a Windows Server to an exported NFS share which resides on an AIX box.
I think the directory is exported correctly from the AIX side but I can't verify that because I didn't do it myself. On the windows side, I can map a network drive to \\aixservername\nfssharename and it sees it, but I get "Access is denied" when I try to open it.
I assume this is because it's not recognizing the domain username on the Unix side but I don't know how to fix that. I have installed services for Unix on my 2008 server, which includes Unix Identity Management and Server for NIS. When I go to the properties of the administrator account in Active Directory there is a Unix Attributes tab which I have filled out but without success, I keep getting "Null GID - The selected group does not have a GID assigned. Assign a GID to the group first."
I must be missing something stupid. Can anyone help me out here?
It may be as simple as AIX needing to have the hostname and IP address of the Windows server in the /etc/hosts file. This is required by AIX for NFS by default but can be changed.
Thanks for the tip. I checked and the host name is in fact in the /etc/hosts file. I could see based on the way it's entered that there might be a problem with it, so I changed it and tried again but I discovered before I could try that the client for NFS service has stopped on the server. I have tried restarting it and I get an error in the event log stating that the system may be "low on system resources" and that's why client for NFS will not start. Restarting in the services menu yields an error stating "The client for NFS service on the local system started and then stopped. Some services stop automatically if they are not in use by other programs or services"
I can't even test my change until I can get the client restarted...is there any way to do it without rebooting the server? I get the same result whether I start from the command line or the services dialog. I can almost guarantee this system is not "low" on system resources and that this is just M$'s way of telling me they don't have a damn clue what the problem really is. This is an I7 server 2008 box with 6 gigs of RAM and all it's doing is providing authentication for 70-80 people ...
Thanks for any help you can give in getting this service restarted!
NFS (network file system) is a protocol and is part of the TCP/IP protocol suite. Classically it used UDP to transport its information and worked on top of it, modern versions (NFS4) use TCP in the transport layer.
Windows is NOT (really!) using TCP/IP at all. Windows is using a protocol suite called NetBIOS and this protocol suite includes a protocol which serves a similar purpose to NFS: the SMB (server message block). Microsoft has, in the wake of the Internet, claimed that Windows today utilizes TCP/IP, but this is a half-lie: what Windows does is to use TCP/IP as a mere transport protocol to transmit normal NetBIOS protocol frames. All the Windows network functions (like Directory management, file sharing, etc.) are all still built on NetBIOS facilities which just get transmitted enclosed in TCP frames instead of being transmitted natively (like in Token-Ring frames).
The principal problem you face is that both Unix and Windows are using TCP/IP to transmit information, but while Unix uses a real TCP/IP protocol suite (telnet/ssh for remote login, nfs for file sharing, lpr/lpd for print services, etc.), Windows uses TCP only to tunnel another network protocol suite.
One possibility to overcome this is to implement (parts of) the NetBIOS protocol suite in Unix. This is what Samba and similar products do. Samba is the implementation of the SMB (hence the name) protocol as a Unix daemon. Install it on the Unix system and you could export parts of the local file system as "network shares", which represent the SMB pendant to an NFS export. You could even connect this "SMB server" to a domain and handle the user/rights administration from your domain controller.
Another possibility is to implement a full-featured TCP/IP-protocol stack in Windows. This is what - however clumsily - "Unix services for Windows" does.
So, after this rather long-winded explanation, what can you do to remedy your problem. Lets assume the problem is on the Windows side:
NFS relies on the RPC (remote procedure call) protocol. Make sure that your Windows system is able to answer RPC calls from the remote server.
It might be that the NFS server uses an older NFS protocol. Make sure that both server and client use the same transport protocol (TCP or UDP). UDP even might be better in settings with packet sizes which are large relative to NFS's data transfer size (i.e. Ethernet Jumbo Frames are enabled).
NFS servers run either portmapper or rpc.bind daemons to advertise service endpoints to their clients. This can cause problems with firewalls between server and client. NFS often uses port 2049 but auxiliary services (i.e. NLM) use random ports and the rpcbind uses 111.
Usually NFS shares are exported to hosts, not user/host combinations, so i suppose your point with the Unix UID is mute. However, you will need to "mount" the filesystem once you see it exported to your system.
In AIX the command "showmount -e <hostname>" will show you all the exported directories of the host <hostname>. I have no idea if this command is available in WIndows when the Unix Services for Windows are installed. If it is use it to find out if the directory is indeed exported and available for you.
I hope this helps. If you suppose that the problem is with the Unix system state that here, get root access to the system (NFS configuration needs root privileges) and report back to here.
Thanks again for the help everyone. While I am familiar with Samba and have used it to share a Linux volume to Windows clients before, it would be much more work than to just figure it out with NFS given the setup of the rest of the network and the other systems that access this directory.
That being said, I ran the showmount -e command against the AIX server (from Windows Server 2008 command prompt) and it produced an export list including /usershome (the directory I'm trying to mount on windows) and it says it is available to "all machines."
How can I verify that both servers are using TCP or UDP?
To your point about firewalls, the servers in question are both in the internal network and not touching the firewall. The windows box has the firewall turned off entirely but the AIX box I know nothing about the firewall. If there's a way to verify it's not being blocked there I'm all ears.
One thing that I do see could be causing a problem: The 2008 server is on a different domain than the AIX server. In other words the host name of the 2008 server is 2008server.inside.mycompany where the host name of the AIX server is AIXserver.mycompany.com. We are in a transitional period and will eventually move all systems to a single internal domain name which will be "inside.mycompany" but in the mean time we need to deal with issues that could be caused by the separation.
How can I verify that my Windows server can respond to RPC calls from the AIX server? (Sorry, I'm new at this)
Again I appreciate all the help!
Edit: BTW I have root/admin access to all servers if needed.
You must konown only:
AIX supports both NFS Version 2 and Version 3 on the same machine
beginning with AIX 5.3, the operating system also supports NFS version 4.
You can user option vers=[2|3|4] when you mount
You can use option -V to export like exportfs -V [2|3|4]
Windows2008
You can use Services for NFS with UNIX computers which are running NFS client or
server software which complies with version 2 or version 3 of the NFS protocol.
(you can configure server as version only 2 but client work bath as version 2 and 3)
NFS Version 2 Protocol defined in RFC 1094
NFS Version 3 Protocol defined in RFC 1813
NFS Version 4 Protocol defined in RFC 3530
AND PORTS if problems with firewalls
User Name Mapping and Server for NFS
Portmapper
TCP, UDP
111
Server for NFS
Network Status Manager
TCP, UDP
1039