Scott & Richard,

Thank you for the explanations. In my case, we need only READ the documents from the IBM i system.
So we setup a completely separate share on the Windows Server, and following Richard's setup on allowing "Everyone" RX access from the IBM i IP address.
We are using the Active Directory to control access for PC users to update the PDFs we will be storing there. The files will be created/edited/deleted from Windows PCs.

I could have kept things simple and created an IFS share to store these documents... but our users are more accustomed to saving documents on the Windows servers.

I'm thinking we should be ok to ignore the ownership aspect of the objects.

Thanks again!
Greg

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Scott Klement
Sent: Friday, May 5, 2023 1:59 PM
To: midrange-l@xxxxxxxxxxxxxxxxxx
Subject: Re: Apache Alias and QNTC directory

Hi Greg,

When NFS submits the directory listing over the network, it passed the
user id and group id numbers (UID & GID, respectively) along with the
filenames.  When the operating system checks authorities to access these
objects, it does so according to these UID/GID numbers.

For example, suppose you have a SYSTEM-A with profile SKLEMENT as UID 1,
and SYSTEM-B has GWILBURN as UID 1.

Now suppose SYSTEM-A creates an NFS mount of SYSTEM-B's data. When the
people on SYSTEM-A look at a directory listing, it transmits the files
with the uid/gid.  Since a file owned by GWILBURN on system B has uid 1,
it will appear as owned by SKLEMENT (since he is uid 1 on SYSTEM-A)

When authorities are checked, likewise, SYSTEM-A will believe SKLEMENT
to have ownership of the object rather than GWILBURN because it is
checked by the number, not the name.

Therefore, the recommendation is that you keep the UID/GID in sync
across all systems that use NFS.


*Scott Klement*
Scott Klement Consulting LLC
https://www.scottklement.com
Cell: (414) 731-6581

IBM Champion

On 5/5/23 12:45 PM, Greg Wilburn wrote:
I know what a UID is... I just don't know how it plays a role in this configuration.

-----Original Message-----
From: MIDRANGE-L<midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Rob Berendt
Sent: Friday, May 5, 2023 12:42 PM
To: Midrange Systems Technical Discussion<midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: Apache Alias and QNTC directory

UID, not user id. It's WAAAYYY down on DSPUSRPRF.
User ID number . . . . . . . . . . . . . . : 3598
Group ID number . . . . . . . . . . . . . : *NONE

On Fri, May 5, 2023 at 11:04 AM Greg Wilburn <
gwilburn@xxxxxxxxxxxxxxxxxxxxxxx> wrote:

THANK YOU to all!

Patrik, I didn't feel like anyone provided a "terse" response 😊 (I'm a
very "direct" person).

With Richard's link, the link from IBM (and everyone that responded), I
was able to get NFS fired up and working.
Richard - I would add to your github document if I could have captured
better screen shots on the Windows 2019 server - but we remote into it, so
the resolution is not the best.
https://www.ibm.com/support/pages/using-nfs-mount-remote-file-systems

*I used the MOUNT command and OPTIONS exactly as Richard outlined, except
I used the server name instead of the IP.

Jim, I'm confused about the UID/GID statement below... I was under the
impression that NFS doesn't use "user id" to authenticate?

Also, if we go this route... do I need to do anything special during an
IPL or system save (i.e. unmount file systems)? I know I'll have to place
the MOUNT command in my startup (IPL).
Anything else to consider?

Thanks again Everyone!
Greg

-----Original Message-----
From: MIDRANGE-L<midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Jim
Oberholtzer
Sent: Thursday, May 4, 2023 6:57 PM
To: Midrange Systems Technical Discussion<midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: Apache Alias and QNTC directory

In this case I believe IBM i followed the UNIX methods etc, so they should
be the same, or very similar, so Patrik, your experience should be valid.

We’ve used NFS extensively at customers and it works really well, but, big
but, UNIX uses the UID/GID not the IBM user profile so those need to match
up between the systems. The UID and GID can be found with DSPUSRPRF, and
scroll down to near bottom. I ‘think’ windows also uses the UID.

Jim Oberholtzer
Agile Technology Architects



This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email:MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit:https://lists.midrange.com/mailman/listinfo/midrange-l
or email:MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
athttps://archive.midrange.com/midrange-l.

Please contactsupport@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email:MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit:https://lists.midrange.com/mailman/listinfo/midrange-l
or email:MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
athttps://archive.midrange.com/midrange-l.

Please contactsupport@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.