- Building from Source
- Installing Binaries
- Disable the DFS Client
- Ldap Configuration
- Starting the Client
- Mounting
- Connectation
- Known Issues
- Windows Vista, Windows Server 2008 R2, Windows 7, Windows Server 2012 R2 (Windows XP and previous versions are not supported)
- Microsoft Visual Studio 2010
- Windows Driver Development Kit (WinDDK 6000, 7600 known to work; maybe others)
- ms-nfs41-client source code:
> https://github.com/contentfree/ms-nfs41-client.git
- WinDDK does not include the ldap library, so we build the rpc library and nfs client daemon with Visual Studio 2010.
- Open Windows Explorer and navigate to ms-nfs41-client\build.vc10.
- Make a copy of env.props.example, and rename it to env.props.
- Open env.props in a text editor, and verify that the value in
<WDKPATH>C:\WinDDK\7600.16385.1</WDKPATH>
points to your WinDDK installation. - Open the solution file ms-nfs41-client.sln in Visual Studio 2010.
- Select the desired configuration and platform (accessible via Build->Configuration Manager).
- Right-click on the daemon project and select Build. The project and its dependencies should build without errors. The resulting binaries, nfsd.exe and libtirpc.dll, can be found under **ms-nfs41-client\build.vc10\x64\Debug**.
- From the Start menu, open the WinDDK 'Checked Build Environment' for the target platform.
- Change from the WinDDK directory to ms-nfs41-client and type
build
. All projects should build without errors.
- (If you're not still in the Checked Build Environment from above…) Open a WinDDK 'Checked Build Environment' as Administrator in the ms-nfs41-client directory (right click and 'Run as administrator').
- Create a certificate for test-signing the driver (Create Self-signed Certificates. This requires creating an
.inf
file (ie.selfsigned.inf
) and runningcertreq -new selfsigned.inf selfsigned.crt
to generate the certificate. - Use the certificate to sign nfs41_driver.sys (Test-Signing a Driver File):
> signtool sign /v /f selfsigned.crt /t http://timestamp.verisign.com/scripts/timestamp.dll path\to\nfs41_driver.sys
- ms-nfs41-client binaries: nfs41_driver.sys, nfs41_np.dll, libtirpc.dll, nfs_install.exe, nfsd.exe, nfs_mount.exe
- ms-nfs41-client configuration files: nfs41_driver.cer, nfs41rdr.inf, install.bat, uninstall.bat, etc_netconfig, ms-nfs41-idmap.conf
- Microsoft Visual Studio 2010, or Microsoft Visual C++ 2010 Redistributable Libraries (x86 or x64). An installer for the redistributable libraries are included with binary releases.
- Copy all the ms-nfs41-client binaries and configuration files listed in the Requirements section above into a directory that's convenient for testing.
- Run vcredist_x.exe* to install the Visual C++ Redistributable Libraries. You may need to download this from Microsoft – Use the Visual Studio 2010 (VC++ 10.0) SP1 redistributable.
- Double-click on nfs41_driver.cer and select 'Install Certificate', then place it in the 'Trusted Root Certificate Authorities' store.
- Open a command prompt as Administrator in this directory.
- Install the driver and update the registry:
> install.bat
- Copy configuration files:
> mkdir C:\etc
> copy etc_netconfig C:\etc\netconfig
> copy ms-nfs41-idmap.conf C:\etc\
- Allow windows to load test-signed drivers:
> bcdedit /set testsigning on
- Reboot. This is very important. Do not proceed without rebooting.
- The Windows DFS client interferes with some requests, indicated by long delays during operation. See http://support.microsoft.com/kb/171386 for more information.
- Open regedit.exe and navigate to
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Mup
. - Add a DWORD value named
DisableDfs
with a value of 1.
- C:\etc\ms-nfs41-idmap.conf from Installation step 7.
- Open C:\etc\ms-nfs41-idmap.conf in a text editor.
- Uncomment the
ldap_hostname
andldap_base
lines, and configure as appropriate to match your ldap server configuration (we'll add suggestions later).
- If you've installed the binary distribution, you'll find two versions of the nfs client daemon: nfsd.exe and nfsd_debug.exe. nfsd.exe is built to run as a service, and does not provide easy access to debug output. We strongly recommend trying nfsd_debug.exe first (using the Instructions below) to verify that you can start the daemon and mount/unmount an nfs share.
- However, if you compiled the project yourself, you will not have a nfsd_debug.exe – in that case, you might still be able to test using
nfsd.exe -debug -d <debug level> [--noldap] [--uid ###] [--gid ###]
. It might warn you that-debug
is not recognized but will still start running. - You can then close nfsd_debug.exe and start running nfsd.exe as a service with:
> nfsd.exe -install
.
- From a Windows command prompt, run nfsd.exe to start the nfs client daemon. Leave this running in the background until all mapped drives are unmounted.
Usage:
> nfsd.exe -d <debug level> [--noldap] [--uid ###] [--gid ###]
<debug level>
determines the log verbosity (1, 2, 3 or 0 to disable)--noldap
disables id mapping and uses a default uid=666 and gid=777--uid, --gid
changes the default uid/gid when no mapping is available (must be nonzero)
6. Mounting
- From a Windows command prompt run nfs_mount.exe to mount a share (and use the
-p
flag to make the mount survive rebooting; after you've installed nfsd as a service):
> nfs_mount.exe Z: <server_name>:\
- To specify the security flavor, add the 'sec=' mount option with sys, krb5, krb5i, or krb5p:
> nfs_mount.exe -o sec=<flavor> Z: <server_name>:\
- You can later unmount with:
> nfs_mount.exe -d Z
7. Connectathon
- Cygwin, including packages gcc-core, make, time, tirpc, git
- Connectathon Test Suite
- ms-nfs41-client source code (patches for connectathon are located in ms-nfs41-client\tests)
- Extract nfstests.zip into a directory that's convenient for testing (i.e. cthon04).
- Open a Cygwin shell, and change directory to cthon04.
- Create a git repository to track changes:
> git init
> git add *
> git commit -m "files from nfstests.zip"
- Apply all cthon patches:
> git am /path/to/ms-nfs41-client/tests/*.patch
- Build the tests:
> make
- Run the test suite on a mounted directory:
> ./runtests -a -t z:/testdir
8. Known Issues
- krb5p security with AES keys do not work against the linux server, as it does not support gss krb5 v2 tokens with rotated data.
- When recovering opens and locks outside of the server's grace period, client does not check whether the file has been modified by another client.
- If nfsd.exe is restarted while a drive is mapped, that drive needs to be remounted before further use.
- Symbolic links are not supported in Cygwin. Connectathon's basic test8 and special test nfsidem have been commented out.
- Does not allow renaming a file on top of an existing open file. Connectathon's special test op_ren has been commented out.
- Extended attributes are supported with some limitations: a) the server must support NFS Named Attributes, b) the order of listings cannot be guaranteed by NFS, and c) the EaSize field cannot be reported for directory queries of FileBothDirInformation, FileFullDirInfo, or FileIdFullDirInfo.
Please direct any questions to [email protected].