Windows 10 Client for NFS Freenas Mapping

[malum-in-se]

Thanks to anyone who can take the time to help me with this. I'm about 15 hours into researching and still can't what I need accomplished.

Problem: I have Windows 10 Pro with Client for NFS installed. I log into my windows box with User "Bob" and "normal_bob_password". Once logged into that Windows box, it properly mounts several Mapped Samba shares with the appropriate permissions of the user who logs in. There is a separate NFS, of completely separate data set. A bunch of "nix boxes access that share as read only. However, the "Bob" windows 10 box, needs to have full control over that data set. Client for NFS is installed. Currently that mapped drive can be mount, and searched, however it mounts as user -2, (anonymous) and doesn't have write permissions. The ownership of those files, as well as the Freenas user is not "Bob", it is "Bill", and cannot be "Bob". Using credential manager to mount and map it the appropriate user on the Freenas side has been unsuccessful. I do not have AD or LDAP, nor do I want it.

Setup: Freenas 9.3, Windows 10 Pro, Pfsense 2.3--Runs unbound DNS resolver. The domain is bobhome.dev.

Questions:
1. Supposedly user mapping can be set locally via passwd and group files in Windows. What is the proper format for those files, and how can I ensure that is where the client is mapping to?

2. Somewhere my NFS mapping is getting sideways. It connects to the NFS share always, but the mapping is always off. Under credential manager I have tried 100s of combinations of bill@bobhome.dev, bill, 1009 (bill freenas UID), NAS/Bill (Nas is the Samba netbois), freenas.bobhome.dev/Bill... nothing . I've tried setting the share address as freenas.bobhome.dev. I've tried setting it as the IP: 192.168.1.130. Both of those will connect, but none of them map correctly.

3. What logs should I be referring to, to specifically see how the mapping is going and where it is breaking down?

4. Any input on specific settings would be great. i.e enable NFS4 etc.

5. When using credential manager in Windows 10, what is the proper format under "user" for a Freenas 9.3 NFS share? Is it domain\freenas User, or freenasuser@domain.com?

6. What is the best command on the freenas CLI to see as what user/group shares are being mounted as? What about on the Windows 10 side? I've begun learning all the nfsadmin powershell commands but that's an entirely new world for me... last time I used windows at a command prompt was Windows 3.1.


Thank you again for anyone who can offer their time to help.

 

[bigphil]

Any reason you dont just create a SMB share pointing to the same dataset that the NFS export uses? Set the permission style to UNIX and connect to the FreeNAS box with compmgmt.msc from Windows and then you may set proper Windows permissions for the share too.

 

[malum-in-se]

Hello Big Phil,

Everything else that access that specific share is a *nix box of some sorts. Also as a general rule I try to not simultaneously keep a SMB and NFS share on the same dataset. I've had mixed luck in the past when mixing SMB and NFS permissions and access in one data share.

I wanted to reach out, because on it's face is doesn't seem like something that should be terribly difficult, and figured I was missing an easy step. 1. My windows 10 machine has client for NFS installed. 2. I have an NFS share on my freenas system. 3. For everything else, the freenas box works perfect, including SMB to and from the Windows 10 machine. 4. I want to access that share as a different user/UID than what I normally log into windows as via credential manager.

None of that seemed like some next level functionality that's bleeding edge. I figured I've just got to be making a simple mistake. A few versions of windows and a few versions of freenas-ago, I had no problem access NFS from freenas under different mapped users.

 

[bigphil]

When I set it up as a test, I simply used the Advanced NFS share properties to setup "authorized IP addresses or hosts" setting and set the maproot user and group to accounts that had permissions on the dataset. This works perfectly. However, if you'd like to mount the NFS share from Windows without this method, I suggest you check the following links:
link1
link2
link3

 

[malum-in-se]

Thank you phil, I will double check the settings you mention below. I have the hosts allow blank under nfs settings.

I read through the link below, and it reference the registry edit trick so that all anon logins on that machine map to one user. I'm trying to avoid that solution as I don't want to enable other users on the window machine to have write access. I will check the allow host setting and get back to you.

Question: the freenas domain under general settings is by default set to local. For your windows machine, does the setting have to match, or does a domain even need to be configured in order for NFS to validate the windows user?

Sent from my SM-G935V using Tapatalk

 

[malum-in-se]

Still the same deal, can access the server but windows maps to user ID -2. Any ideas on what logs I should check to better determine where the breakdown is?