I am connecting NFS v3 shares (ZFS datasets) from a Solaris file server owned by domain users to Windows computers, but the concept should apply to basically any POSIX-style server. I'm hoping to find an intuitive way for permissions to persist across platforms, which can also apply to multiple users using the same client.
The Solaris server does not recognize the users' identity when mounting the dataset using mount command in cmd, despite the datasets being set to the same domain user present on the server, but identified using AD LDAP's uidNumber and gidNumber.
I've seen a solution where uid/gid can be set in the registry, allowing the NFS share to be mounted in Windows as an anonymous share with one user's identity. This is not only inconvenient, it would only apply to one user.
I was using MSYS2 (e.g. "Git Bash") and noticed the id command doesn't show anything near to the uidNumber/gidNumber set in ADUC's attribute tab. I'm aware that Windows uses SIDs for identifying users and devices, which is quite dissimilar to the Unix id system - but where is MSYS2 getting this number from?
I'm hoping by shedding light on this it might help me figure out some way to set user attributes so the mount command in cmd will relay my users' identity in a way my Solaris server will understand.
Here's an example of what I'm talking about:
In ADUC, let's review the uid/gid of Administrator:
Active Directory Users and Computers
----------------------------------------------
[Menu] View --> Advanced Features -->
+ [Domain] Users --> Administrator --> Properties -->
+ [Tabs] Attribute Editor -->
+ [Tables] uidNumber, gidNumber
uidNumber: 2500
gidNumber: 2512
Ok, then let's check Administrator's id in MSYS2:
└─ ▶ id administrator
uid=1049076(Administrator) gid=1049089(Domain Users) groups=1049089(Domain Users)
Obviously these are very different numbers. Wouldn't it make more sense for the user's Unix uid/gid to be shown?
Where's MSYS2 getting these odd-looking numbers from, and is there any way to utilize a user's AD-specified uid/gid as identity in the command line?
Well, that was easy - since my users'
uidNumberandgidNumberwere set already, all I had to do was enable AD identity mapping on the client.I opened an admin command prompt, started powershell (ver 7), and ran cmdlet:
To confirm, I retrieved the settings:
Now, the moment of truth - mounting the user's NFS share (this was user-level cmd shell in ConEmu):
Looks good so far, no identity settings necessary (not that they'd be possible with NFS v3 anyway, but still...)
Left some tracks...
Then, checked identity of file creator on server:
Looks pretty good on the identity front. Let's hope it's stable!
Mounting NFS exports from a Unix server in Windows
Update: I mentioned it quickly, but for anyone who missed it, the NFS mount should be performed as user who owns share in a non-elevated cmd. This may seem unintuitive to people more familiar with NFS mounts on Posix systems, where only root (i.e. sudo) has permission to invoke
mountcommand.