For NFS’ sake: Installing and Configuring the Client for NFS Windows Feature

Finding information on this product is not incredibly easy, so I thought I’d throw another little bit into the Interwebs for anyone else who might be looking.

Update:  No NFSv4 Support!

Well that really sucks.  I attempted to mount a OneNote notebook from my NFS share and was greeted with the extremely-undocumented-on-the-Interwebs error from OneNote:

The request is not supported. (Error code: 0x32)

I then examined the Windows Event Log (System) and found:

Event ID 16384, NfsRdr:  Client for NFS requested a mount with file locking enabled, and the remote Network File System (NFS) server does not support file locking.

Now, I should have realized that my file server is running NFSv4 and therefore nfsd handles locks, but instead I enabled lockd and statd to see if that helped and I received this error:

We can’t open the file because it’s currently being used by another program. (Error code: 0x21)

This is likely the result of lockd contending with nfsd for file locks, but I’m not sure.  The point is: it made me realize the nature of the problem and after some extensive Googling, I appear to have confirmed that the Client for NFS software does not support NFSv4The Server for NFS software does, however, support NFSv4.1.

This is ultra-lame.  I am now forced into the U Michigan software package below if I really want to press this.  Given that the only real reason I’ve been down this road is to access my OneNote notebooks via NFS, I’ll probably simply install Office 2013 on Fedora 21 Workstation with wine and see if that’s any more successful.

However, if this does not dissuade you and you need only NFSv3 support, continue reading:

Obtaining the software

First, you’ll need an operating system from Microsoft which supports the Client for NFS Windows Feature, and limiting us to current desktop operating systems, that means you need to have one of the following operating systems:

  • Windows 7 Enterprise/Ultimate
  • Windows 8.1 Enterprise

Unfortunately, while Windows 7 Ultimate includes access to the Client for NFS software, Microsoft has limited their Client for NFS software to Windows 8.1 Enterprise.  I have no idea why they would do this – it’s not like they’re going to lose a bunch of money if people using Windows 8.1 Ultimate were allowed to make use of the Client for NFS software.

If you don’t have one of these versions of Windows (and you can’t easily get it through your University or place of employment), the next most highly recommended alternative appears to be a software package developed by U Michigan.  I have not personally used it, and given its timestamps, it appears likely to be in a questionable state of maintenance, but it might be worth a shot.

Configuring the software

One quickly sees that the Client for NFS software is intended for use in an organization which supports that client with Active Directory’s Identity Management for UNIX component (which extends the directory schema to allow for mapping Windows user and group identities to UNIX UIDs and GIDs) or a User Name Mapping service (which runs on Windows Server).  Using the client as a stand-alone solution for a personal network or even within an organization which doesn’t support the client with formal infrastructure is difficult.  You’d think simple, local UID/GID mapping would be supported, but it is not.

However, there is a means by which we can goad Windows into effectively allowing us to mount NFS shares on single-user systems.  The solution is no good for systems with multiple users (in fact, it’s a horrible security flaw, since the solution forces every user on the Windows system to access the NFS share using the same UID/GID).  Fortunately for me, I have just such a single-user system from which I’d like access to my NFS data.

The trick is to instruct the Client for NFS to use the intended UID/GID combination as its “anonymous” account values.  This way, you don’t instruct the system to conduct any mapping between your Windows identity and the proper UNIX identity, rather, you just tell it to always use the same UID/GID combination when connecting to NFS.  The means by which to do this is not well documented (surprise, surprise), but is accomplished by adding two DWORD values to a registry key which should already exist:

  • Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ClientForNFS\CurrentVersion\Default
    • REG_DWORD:  “AnonymousGid”
    • REG_DWORD:  “AnonymousUid”

Within those two DWORD values, place the desired UID and GID.  Restart the Client for NFS service, and you should now be able to mount your NFS shares.

Now, if you need a more complex solution to allow multiple users on the same machine to properly map their Windows identities to UID and GID combinations, you can try AD LDS Identity Mapping.  The link there is a step-by-step guide to implementing a identity mapping solution using AD LDS which should work on Windows 8.1 Enterprise, I imagine, given that Windows 8.1 Enterprise does include the AD LDS feature.  I haven’t tried it, and you’ll want to secure this service properly (i.e. disallow any external connections to it), but give it a shot if you need it and let me know how it goes.

Using the software

The Microsoft Management Console plugin nfsmgmt.msc is an easy-to-use, GUI-driven administration utility for the Client for NFS software.  Just type it into the Start menu and you should see the simple, two-node administrative structure appear.  From here, right-click on either node and you’ll see most, if not all, of the available administrative options for the Client software.

Beyond that, you can use the mount command from the command line, as described here, or you can mount shares directly in Windows Explorer as you usually would.

If anyone needs more specific instructions for any of the components of this post, just ask!  For my purposes, the simple solution of forcing the use of a single UID/GID combination through the Anonymous registry entries above suffices nicely.  Just be aware that anyone who can log into your Windows 8.1 device and get on your private network while using this configuration can access your NFS data as you can!

Remember: with NFS, the integrity of one’s network and devices attached thereto is paramount.  It’s a beautiful, simple system for sharing information, but it’s very vulnerable to the exploitation of infrastructure flaws, so be sure to properly maintain your network!

Advertisements
This entry was posted in Information Technology and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s