In the past I have used Win2k3 and SFU 3.5 to export a share that ESX 3.0 used
as a datastore, although I can't seem to find the machine anymore.

I remember running into a problem where when I installed SFU 3.5
I failed to install the User Name Mapping service. You can see the
list of services installed by going to:

Start -->
All Programs -->
Windows Services for UNIX -->
Service For UNIX Administrator

On the left there should be a heading that says:

Service for UNIX [local]

Under that you should see a User Name Mapping service, do you have it?

Also, under the security tab on the folder you shared, what entries do you have listed?
Do you have an entry for Everyone?

Thank you,

You confirm what my research led me to discover. I already posted my own comments in another thread: http://www.vmware.com/community/thread.jspa?threadID=34032&tstart=0 with references to a quick 101 setup paper regarding SFU and my own settings (quite like yours).

I shall add that with very few ESX to Windows user / group mappings it is better not touch the security on the Windows side, but on the ESX side.

I mapped root to the local Administrator account and the root group to the local Administrators group and any other user / groups default to <unmapped>, because all root:root is owning all files & folders under /vmfs.

My first operation after mounting the nfs share was to "chown root:root" & "chmod" the entire content of the share and ownership+permissions are consistent from the ESX box point of view. On the Windows side, it looks more weird (Windows admin point of view) where the Unix permissions translate to explicit rights to Administrator (user), Administrators (local group) and, well Anonymous. No inherited permissions, none of the usual familiar fancy groups (e.g. Creator Owner & al).

When I add content from Windows into the NFS share, I always correct ownership and rights to remain consistent with the ESX box.

Hope this will help beginners like me.

hmm strange..

i cannot get it to work.. i exported the passwd and groups files from /etc.. and copied them to the windows machine.. i can create a share.. but i cannot add users for permissions to it..

when i enter root, administrator it claims the user cannot be found.. any clues?

How are you trying to add users for permissions to it?

There are several different layers of permissions, the first level restricts what machines are able to access a volume. You can set this by:

1) right click on folder you want to share
2) select properties
3) click on NFS sharing tab
4) Select the "Share this folder" option

Then you need to decide on what permissions you want:

1) click on the permissions button
2) select the allow root access box
3) For a start try adding an entry for "all machines" , you can tailor this list later to include just the machines that you want to be able to mount this volume.

Once you have this setup showmount -e <NFS Server name> from the Service Console should show you the folder you exported.

Once you have done this you can change what users are allowed to access the folder by

1) right click on folder
2) select properties
3) select security tab

In this window if you want to allow root to have access I believe you need to add rights for the administrator user, not the root user. The users you specify here must be windows users, and then you need to create the appropriate mapping from a UNIX user to a Windows user in the User Name Mapping service provided my SFU.

What happens currently when you try to mount the volume?