I am accessing Unix-like NFS servers using Client for NFS in Windows Server 2008 R2.
Since the server is not part of AD, and there is no "User Mapping server" active, the documentation states that the client uses anonymous UIDs and GIDs of -2, -2.
Now, on the server side, NFS exports have -mapall= option specified.
Why is it then that a file object with Unix permissions 700 gets access denied? With more relaxed permisssions, access is okay, but if mapall maps all remote users to the specified local user credential (as per the manpage), why do 700 permissions not allow for this?
The NFS server doesn't map anonymous identities to anything.
If your mount is guarded by UNIX style permissions, you need UNIX-style identity.
Enter Windows Client for NFS, for Windows Server 2003 - onwards.
Take a few tips from this short story.
User Identity Mapping feature has been deprecated in Windows Server 2008 R2, so you basically need LDAP or AD. It took me a while to realize that - tried SUA, etc., looked for tools, no luck; I've even seen someone complain that the documentation is so old, that they don't mention it. I mean, the biggest problem was there were several documents dealing with the theme.
So I went with AD LDS (domainless ADS, readily available in Win server). Boy, oh boy, that was a mess. I found a Microsoft tutorial, official word, yo. But, noooo. The AD schema editor ("snap-in") crashed when I added uidNumber and gidNumber. Or they just didn't show up. So, I tried force configuring it with Sysinternals ADExplorer, sure enough, it actually allowed me to add uid and gid to User objects. Still no luck. Finally, the "mount" (Win NFS Client) command needed explicit values for its obscure options.