I have a Windows file server that I would like to create NFS shares on. These shares need to be accessible by both Windows 7 domain clients and Linux clients (Red Hat 5 & 6) using Samba/Winbind Active Directory authentication.
It's my understanding that Windows has the ability to use unmapped and mapped identity management, meaning your AD users can be mapped to Unix IDs. So when you create a share that uses mapped identities, the permissions (I believe) are NTFS permissions but the server looks up incoming Linux user IDs and calculates if that UID should be mapped to a user with permissions. To do this, I've installed the Unix Identity Management component on my Active Directory server. I've then went to each of my users and modified the unix attributes so that the UIDs and GIDs are what show up on my Linux clients (using the rid uid).
Here is my problem. If I create a NFS share with mapped identities, I can get to the files/folders with Windows just fine but not on Linux. The file owners show up as numbers, for example 425067890, rather than the appropriate owner's username. I know the user has the right UID set correctly in AD, and it does not match this number. If I create the share using unmapped identities, the owner shows up as the proper user (johndoe) on Linux but my Windows permissions are messed up and those clients can't access the share. So far the only way I can get it to work is create it as a user-mapped share, set the NTFS permissions, then use the nfsfile command to convert the share to an unmapped share (nfsfile /cx c:\myShare). I then can set the appropriate owner/group/permissions for Linux. Both clients are happy. Until users start creating files/folders, and the permission issues keep coming in.
This is so weird that I know I'm doing something wrong. I'd love to just use NTFS permissions and let the server figure out what AD user maps to what unix UID.
How do I properly create and manage Windows NFS shares for Linux clients with AD authentication?
