Hi !
I just installed the ESXi server for evaluation. I've been working with both the VmWare ESX and the VmWare Server versions before so that´s not a problem
My problem is that I have a NAS on my network with credentials set, and when I try to mount a NFS share from the NAS unit I am not able to enter authentication information, so I get the access denied.
Where can I define this information ?
/Thomas
Welcome to the forums, I have moved your post to the ESXi forum, you will recieve a greate audience here.
Tom Howarth
VMware Communities User Moderator
What version of NFS are you using? I don't think ESXi supports NFSv4, which, to my knowledge, is the only version of NFS that has any authentication (besides export control on the host).
Ok.. Tnx
ESX will attempt to access the NFS mounts as ROOT. As has been said, NFSv3 usually uses SYSAUTH (and therefore doesn't seen a traditional username/password for authentication), however you'll want to take a look at your NFS server and make sure that:
1) Your export rules let the host mount the export
2) It doesn't squash root.
As an aside, you can use Kerberos authentication with NFSv3, but not from an ESX host.
Tnx a lot..
I do get the export rules part, and that is OK. But I don´t really get the "make sure it doesn't squash root" ?
Ps. I´m swedish, so...
Actually I don't know what version it is. It´s a Linksys NSS4000 and I can't find out what version of NFS it has.
Maybe I should keep security settings on files and folders only and leave the share open ?
/Thomas
Here's an explanation of "squashing root"...
In NFS, permissions are done on the host level, not the user level. This means that you configure NFS to allow or disallow certain hosts to access the file share. One of the dangers of this is that, once a host has access, just about any user on that host can access the filesystem at that user's level. By default, that means that the root user on a remote machine has "root" access to the filesystem, just as if they were logged in as root on the server itself. This is, obviously, somewhat dangerous - you don't want someone hooking up a machine, having their own root password, and being able to do whatever they want on the filesystem just because they have root access. So, NFS has a "root_squash" option which basically tells the client that anyone else on the client will be allowed to access the filesystem with their user id and group id, but the root user will be given access to the filesystem as "nobody" which essentially means that the only access the root will have to the filesystem is to files that are open to "other." This is known as "squashing" root.
For VMware to work correctly, though, it has to have root access to the filesystem, so you need to make sure that you tell your NFS server (NAS appliance) to allow the VMware ESX(i) servers root access to the filesystem.
You're a quickie
Tnx a lot for the complete and "idiot proof" information
I'll have a look at it asap.. Give u a note on my progress.
/Thomas
Does this help? http://danny.bogaards.org?p=41
It would seem that turning off root squashing on that particular device isn't very easy to do,,,
Not too surprising...they're protecting you from yourself .
It sure do look like a solution, but I think I'll back up all the data before I give it a try
Tnx a lot.
/Thomas
Nick - Very true. However, hacking the installation image for the OS running on the NAS box does seem a little extreme
I'd have hoped a pop up saying 'are you sure you want to do this - enabling root to access this export has security implications, please make sure you understand the implications of enabling this option before proceeding' would have done the trick
Well, a couple of things:
- I'm not saying, nor did I say, that it's a good idea to do this. Linksys has reasons for not wanting you to enable root access on the filesystem, and, yes, hacking the image is a bit extreme. It will also probably void your support contract and/or warranty, if you have one.
- On the other hand, it really, really ticks me off when vendors do this. I call it the Microsoft syndrom - Microsoft is fantastic and putting protections in place that are hard, if not impossible, to disable. Some of these are good, but most are just downright annoying. As far as the Linksys boxes go, this sort of thing simply tells me this is not a product I should consider purchasing in the future, as there are places on my network where NFS clients need root access to the NFS server. These places are few and far between, and I'm very, very careful about where I use it, but I do know what I'm doing and I resent vendors that tell me otherwise.
- This box was obviously not designed for ESX/ESXi, otherwise they'd have some sort of Supported work-around or configuration available to make it work with ESX without having to hack it.