Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Linux Software

NFS/NIS Recommendations for Windows? 48

Posted by Cliff from the playing-nicely-on-the-network dept.
Fembot asks: "The Samba team are doing a great job, but I can't help but feel that making Unix machines serve Windows-based protocols is the wrong approach. Back in the days of Windows95 it shipped with an NFS client on the CD which could be installed optionaly. Are there open source (or even just free as in beer) NFS clients for Windows 2000/XP, and is it possible to authenticate users on Windows desktops via NIS?"
This discussion has been archived. No new comments can be posted.

NFS/NIS Recommendations for Windows? More

NFS/NIS Recommendations for Windows?

Comments Filter:

  • Linux Interaction Kit (Score:5, Interesting)

    by Speedy8 ( 594486 ) on Friday January 03, 2003 @08:39PM (#5011151) Journal
    Think of how cool it would be if HP, DELL, Alien Ware, etc. shipped all of their computers with a Linux interaction kit full of programs that would allow windows users to interact with Linux boxes using opensource protocals. The computers would still interact with windows boxes int he normal way but could use the open source methodes to.
    • Probably against one of Microsoft's OEM agreements with those companies.

      (Maybe)
    • Sure, we could install the Linux Interaction Connection Kit and the Proprietary Unix System Services Yeoman.

      Now _that_'s good software!

      As long as you include the System Universal Connection Kit with the Central Online Controller Kit.

      --DM
    • Think of how cool it would be if HP, DELL, Alien Ware, etc. shipped all of their computers with a Linux interaction kit full of programs that would allow windows users to interact with Linux boxes

      Yeah. That would be cool. Then they'd get their OEM licences revoked by MS and every Windows user out their would be stuck buying...uh...

      Hmm. Now that Compaq is gone, who makes overpriced, crummy computers? I don't think Gateway charges quite enough to qualify...

  • No (Score:5, Informative)

    by joto ( 134244 ) on Friday January 03, 2003 @09:21PM (#5011434)
    There are no free software, open source, or non-crippled NFS clients for Windows (at least that has been the story for quite some time...)

    Your options are to either

    1. write one :-)
    2. buy a client for each machine from one of these vendors: 1 [microsoft.com] 2 [ssc-corp.com] 3 [sun.com] 4 [pronfs.com] 5 [xlink.com] 6 [frontiertech.com] 7 [wrq.com].
    3. Buy a NFS/SMB gateway from one of the vendors above (or make one with Samba)
    4. Use both samba and NFS on the server
    5. Simply use samba
    When using both NFS and Samba there might be some tricky locking issues. At least it used to be recommended against. I don't know if that's true anymore, but you should be aware of it. If you only share disks readonly, then you will of course be safe.

    • Re:No (Score:5, Insightful)

      by Jeremy Allison - Sam ( 8157 ) on Friday January 03, 2003 @09:41PM (#5011565) Homepage
      It's interesting to understand the reasons for this.
      It isn't because no one wants it, or no Free Software
      authors are interested, it's because "the Monopoly" (tm:-)
      ie. Microsoft doesn't want you to be able to do this, so
      they don't openly release the internal interfaces you need to
      use to write such a thing.

      They're available under NDA (at least the NFS parts) but
      the authentication parts are controlled with an iron fist
      (I don't think there are any replacement LSA modules that
      will allow NT/W2K/XP to use a NIS or NIS+ server as the
      sole authentication source). You see, if you could authenticate
      to a NIS or NIS+ server then you wouldn't need to buy those
      Windows server licenses and the strategy of leveraging a
      desktop monopoly into a server one would be in danger...

      This is why people are *really interested* in a Samba PDC.

      Regards,

      Jeremy Allison,
      Samba Team.
      • I've seen Alan Cox, Bruce Perens, Sam Lantinga and a ton of other people, plus now Jeremy Allison, posting to Slashdot.

        Are there any Open Source luminaries that *don't* read Slashdot?

        • Re:No (Score:3, Funny)

          by red_dragon ( 1761 )

          Are there any Open Source luminaries that *don't* read Slashdot?

          You mean, besides the Slashdot editors? ;)

        • Are there any Open Source luminaries that *don't* read Slashdot?

          More encouraging is that these folks CONTRIBUTE to the disussions! It's one thing to read a site like this, but another to lend expertise and foster a more valuable discussion.

      • Re:No (Score:1, Informative)

        by Anonymous Coward
        I don't know if this is what you mean by LSA but there is a cool looking project called pGina [plu.edu] [plu.edu]. The about page shows:

        For instance, should an administrator wish to use an existing Unix server, and its existing base of users, to authenticate access to Windows 2000 machines there are few options. The methods employed may range from using a Windows 2000 server for authentication and having the administrator maintain identical lists of usernames/ passwords on each server, to using Samba to emulate a Windows NT 4 Server. However, each method has its drawbacks and limitations. Ideally the administrator should be able to setup a standard naming service, such as NIS (Network Information Services) or LDAP (Lightweight Directory Access Protocol), on ANY type of server and have all clients, regardless of OS revision, access that single repository.

        Sorry for the flood but it looks interesting to anybody wanting to do this sort of stuff.

        Thanks for Samba too :)

    • Don't use NFS, then (Score:5, Informative)

      by 0x0d0a ( 568518 ) on Saturday January 04, 2003 @12:02AM (#5012355) Journal
      There are no free software, open source, or non-crippled NFS clients for Windows

      Yup. But if you're willing to use AFS instead of NFS, there's OpenAFS [openafs.org] , an AFS client that's available for Windows, MacOS X, Linux, and just about every platform out there. It's free and open source, plus pretty well designed. IBM pushes and supports it, and MIT and CMU (plus a lot of other places, but it gives you an idea of how much approval it gets from people in the know) both use it for their storage system.

      AFS will also buy you a seriously secure system and better performance (thanks to leases and other good design features) than you'll get from CIFS (Windows filesharing). I'm pretty sure that NFS, despite the large number of changes in recent versions, is still outperformed by AFS.

      It can be more a bear to set up, since you'll probably want to also set up a dedicated KDC, but at least you're doing things the Right Way.

      Coda is supposed to be the successor to AFS, but I really haven't heard of people using it much, and Intermezzo doesn't have the backing that AFS does.

      Oh, yes. AFS can do distributed storage, so it can (magic boss-exciting word approaching) *scale* really well. :-)
      • I'd love to switch one of my networks over to AFS and ditch the current Samba/NFS-combo setup[1]. Unfortunately, the OpenAFS site has this to say about the FreeBSD port: "Server ported. Cache manager support is not yet complete."

        Has anyone tried a different client (arla, maybe?) against an OpenAFS server on FreeBSD? I'd /love/ to get pointers on how to make the OpenAFS server on FreeBSD work :-)

        1. I love Samba, and NFS is a nice standard. But for heterogenous networks the seperate administration required to configure tools that access the same data is a drag.
        • >
          Cache manager support is not yet complete.

          Do you already use cache in NFS or SMB? I don't even know if it exists in SMB.

          If you don't use caching already, and if its lack doesn't affect the functionality of AFS, no loss in trying.

      • I'm pretty sure that NFS, despite the large number of changes in recent versions, is still outperformed by AFS.

        Not unless AFS transfers data faster than the network can. I get about 90 Mbits per second through my 100 Mbit network with linux NFS. On to gigabit I guess.
        • Not unless AFS transfers data faster than the network can. I get about 90 Mbits per second through my 100 Mbit network with linux NFS. On to gigabit I guess.

          Most things'll work well when you have them sitting near each other on an unsaturated network link, though. :-)

          AFS works more nicely if you've got a heavily utilized or higher latency connection, because it doesn't have to hit the server as much.

  • Do the smart thing. (Score:3, Insightful)

    by Wakko Warner ( 324 ) on Friday January 03, 2003 @10:01PM (#5011685) Homepage Journal
    Use Kerberos or LDAP for authentication. There are plenty of payware NFS clients for windows, but why would you use the same server to serve both UNIX and Windows filesystems? Unless you're simply sharing data that can be accessed and modified by both types of client, there's really no point, is there?

    - A.P.
  • NIS/NIS+ is a security nightmare.

    Frankly, so is SMB, but if you have to dance with the devil, make it the devil with 95% market penetration.

    • Yeah.

      Dance with the devil that's not based on a written accredited standard, and that's likely to change significantly any time it gets to be too well understood by non-Microsoft developers.

  • Security considerations (Score:3, Interesting)

    by plsuh ( 129598 ) <plsuh&goodeast,com> on Friday January 03, 2003 @10:46PM (#5011946) Homepage
    Another factor involved in using NFS with Windows clients is the security model involved. To expand on Jeremy Allison's excellent comment, the NFS security model relies totally on the UID at the client. Since there is no native concept of a UID in Windows (plus the fact that the Win9x branch doesn't have good user privileges separation in any case), this means that you need a separate login from the Windows PC to the NFS server, using a system known as PC-NFS originally created by Sun. There is an open source pcnfsd daemon that will handle this at the server end, but the client piece is not free, and the whole thing is a PITA to set up, and is one more thing that can go wrong on a fragile Windows client system. Much better to use Samba on the server and not have to rely on yet another skanky layer. (Been there, done that, have the therapist bills to prove it :-P)

    FWIW, the Mac OS up through version 9.2 has pretty much the same set of issues. Mac OS X, being Unix-based, has NFS server and client support natively.

    --Paul
    • Windows users do have uids that are referred to as SIDs...

      For example, the local administrator on NT machines is always user -500.

      • Yes, the do have SIDs. However, mapping SIDs to UIDs is not an easy job especially since SIDS are really a GUID (like {0000002F-0000-0000-C000-000000000046}) which are too long to be cleanly mapped in a UID. Take a look at the Samba's Winbind project here [samba.org] for some more details about the problems involved.

        The end result is that there isn't a clean mapping between the two domains. And the implementations of NFS for windows that I have seen have been hackish at best and disfunctional at worst.

        Using the windows protocols (CIFS or whatever it is being called these days) may be the best option.
    • To expand on Jeremy Allison's excellent comment, the NFS security model relies totally on the UID at the client.

      Might this have changed when they moved to NFSv4? It uses GSSAPI, which presumably means it uses Kerberos principals instead of UIDs to identify users on a client machine.
      • Moved? AFAIK, Solaris 9 is still only uses NFSv3 (or optionally v2) so we haven't "moved" to NFSv4 yet. Dunno about any GSSAPI stuff in there, but here is Secure NFS [sun.com] (generally considered an oxymoron) which can use Diffie-Helman or Kerberos.
    • I ran into some interesting 'UID at the client security' issues at a place I recently worked. I had an NT box, and I threw a copy of Microsoft's Interix POSIX subsystem on the machine. Through coincidence I discovered that I could rsh into any of the Solaris boxes at the company. What I noticed most significantly was that it wasn't asking for a password at all. So, as an experiment (I had the admin password on the NT box, which was my desktop machine) I created an NT account on the machine with a co-worker's UID. *poof* I could rsh into any Solaris box, and I had their account privledges.

      I quietly backed out without doing a thing, but it made me a little nervous. The company in question makes implantable medical devices, and it would have taken me a minute or two longer to make changes to firmware code in development for said.
  • NFS really sucks in general and it is hard to add new filesystem support to Windows w/o expensive developer support and licensing... which also comes with an NDA.
    • People are always saying 'NFS really sucks in general' and it's hard to tell why they say so. It might have to do with poor implementations of NFS on Linux that I've heard mentioned. I have an NFS server here on the home network that's rock steady and serves as a primary 'waypoint' for all the Unix boxes. They're all NetBSD and Solaris boxes, so maybe that's why I haven't had any problem.

      Is there a short digest version of what's so bad about NFS on Linux that someone can reiterate?

  • nfs for win32 [opensource, freeware, commerical] (Score:4, Informative)

    by develop ( 88564 ) on Saturday January 04, 2003 @01:49AM (#5012811) Journal
    [1] http://opensource.franz.com/nfs/
    nfs is an NFS server for Windows written in Allegro Common Lisp.
    [2] War NFS Daemon written by Jarle Aase (freeware)
    [3] http://www.labtam-inc.com/
    commerical
  • Or if you need to server, NFS Maestro Server. No, it isn't free. But if you have to buy one - take a look at NFS Maestro [hummingbird.com] By Hummingbird.
    These are the same people that make Exceed. - Though instead of Exceed, I bought Xmanager [xmanager.com] by NetSarang (lot less $ and did SSH tunnel, etc)

    Good luck on your search.
  • MS has Unix Services for Unix. It is a set of server based utilities that allows a server to act as a gateway between both worlds. Best thing is you only install and configure the server. Supports NT Shares, NFS, & NIS. Also allows password changes to propogate back and forth.
  • Getting Microsoft to bundle your NFS client or writing a unix server to talk to their client?

    It's not like you can express better ownership/permission semantics than Windows supports anyhow.

    If you have to go around installing software it's always a harder sell.

    Personally, I'd love to see an ssh-based windows filesystem, though.

Slashdot Top Deals

E = MC ** 2 +- 3db

Close