A Quick Tutorial to Set Up an NFS Server on Windows

Update (Nov 9, 2011): As noted in the comments below, Windows Services for UNIX Version (SFU) is no longer supported on Windows 7 and 2008. For these versions, try installing Cygwin with the optional nfs-server component. If you’re using Windows 2008, you can use the Server for NFS that comes built-in instead – in this case, most of the steps below should apply.

A few days ago, I needed to share a large folder present on a Windows server to access it from my local Ubuntu workstation. I initially used Samba, but my build script refused to recognize paths present in that share.

The solution was to use an NFS share – but this required a special setup on Windows. Even after a lot of searching on Google, I couldn’t easily find a guide that talked about how to get started with an NFS server on Windows quickly. Most articles I came across were only detailing information on NFS security, or some obscure command line options for tweaking NFS options – which shouldn’t be required when all you want is a simple share within your local, protected network.

So, here’s what to need to do if you need an NFS server enabled on Windows quickly, and mount it on your Linux box:

1) Download Windows Services for UNIX from Microsoft’s Download Center. Here’s the direct download link.

2) Run setup.exe from the extracted directory.

Welcome to the Microsoft Windows Services for UNIX Setup Wizard

3) Follow the prompts, until you reach the following screen:

Installation Options

Choose custom installation – since we’d like to only install the NFS server for sharing folders.

4) Choose the following three components to install:
(i) NFS -> Server for NFS
(ii) Authentication tools for NFS -> User Name Mapping
(iii) Authentication tools for NFS -> Server for NFS Authentication

Here’s a pictorial representation of the components you’ll need:

Selecting Components   Selecting Components

5) On the next screen, choose to change the behavior to case-sensitive, to provide full compatibility with UNIX programs

6) On the User Name Mapping screen, choose “Local User Name Mapping Server” and “Password and group files”:

User Name Mapping

7) Now, copy your passwd and group files from your UNIX/Linux distribution onto your Windows machine. For Ubuntu, these are located at /etc/passwd and /etc/group. Provide the paths to these files in the next screen:

User Name Mapping Configuration

8) Continue with the installation prompts until you finish.

Installation...

9) Windows Services for UNIX should now be installed:

Windows -> All Programs

10) Open the Services for UNIX Administration shortcut, and click on User Name Mapping:

User Name Mapping on local computer

11) Click on “Show User Maps” and then click on the buttons for Listing Windows Users and Linux Users:

Creating a map

12) Choose “Administrator” (or the appropriate account you want to map the UNIX user to) in the Windows list, and your username in the Linux list. (In Ubuntu, UIDs for user accounts usually start from 1000)

13) Click “Add” to create a map. If you get the following warning, click “OK” to ignore it.

You have specified a special Windows account.

14) Click Apply at the top right corner.

15) Now, you’re ready to share folders! Just right click any folder you need to share, and share it from the NFS tab. You can click the Permissions button for more options, like allowing write access, which is disallowed by default.

NFS Sharing on Windows.

16) Next, mount the share on your UNIX/Linux machine. I used the following command on Ubuntu:

$ sudo mount <windows-server-ip-address>:/<windows_share_name> <path_to_local_mount_point>

For example:

$ sudo mount 192.168.1.3:/SharedFolder ~/windows_share

If this guide helped you, please let us know in the comments below!

Automatic Login For SSH/SFTP on Ubuntu

There are just three simple steps needed to automate your SSH/SFTP logins to remote Unix/Unix-like servers from your Ubuntu/Linux distribution, or an emulator on Windows like Cygwin.

1) Run ssh-keygen

abdullah@desktop:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/abdullah/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/abdullah/.ssh/id_rsa.
Your public key has been saved in /home/abdullah/.ssh/id_rsa.pub.
The key fingerprint is:
06:23:fc:34:0f:12:40:b2:5e:7c:41:eb:4f:a2:ab:24 abdullah@desktop
The key's randomart image is:

Randomart image

2) Run ssh-copy-id <username>@<server-name>

abdullah@desktop:~$ ssh-copy-id login@myserver.com
login@myserver.com's password: 
Now try logging into the machine, with "ssh 'login@myserver.com'", and check in:

 ~/.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

3) Login to your server using ssh

abdullah@desktop:~$ ssh 'login@myserver.com'
Welcome to MyServer.com!
Last login: Sun Sep 25 23:22:21 2011 from 209.85.175.105
login@myserver.com:~# 

That’s all!

If you want a quick shortcut in the GUI, you could add a Custom Application Launcher to the panel with the ssh login command, as shown below:

Launcher Properties

Clicking the panel icon will directly open the terminal at the server with you logged in.

Note that this will also automate the login for SFTP, so you won’t need to type in your passwords there anymore too!

How to Delete a Directory in Linux

To delete or remove a directory in Linux, use the “-r” flag to the “rm” command. “r” stands for recursive.

rm -r <directory_name>

On some Linux systems, you might be prompted before each file is deleted. This means that the rm command has been aliased to “rm -i”, which turns on interactive mode. To run the original rm command and avoid the prompts, use “\rm”:

\rm -r <directory_name>

In the bash shell, just as the backslash is used to escape special characters, it is also used to escape aliases.

Caution!

Be careful to double check the directory name you provide, and be extra careful when using wildcards. There have been many stories of grief because of users ending up deleting important files and folders recursively.

How to run phpMyAdmin alongside Tomcat web applications

I was asked to look into this problem at my alma mater where the administrators wanted to have access to their Tomcat web application, without specifying the port number, or the application name. That is, visiting www.myecampus.info should open the application in Tomcat, and not serve Apache’s home page that displays the Fedora logo. At the same time, they needed access to applications running on Apache itself, such as phpMyAdmin, which cannot be ported to Tomcat.

Initial attempt

My initial attempt was to make Tomcat run on port 80, and change the port for Apache to 85. This worked flawlessly, but there were two important issues with this setup:

  1. Tomcat needed to be run as root in order to allow it to listen on port 80. This is a security risk, since any vulnerabilities present in Tomcat or the applications that run in it will have root privileges to carry out attacks.
  2. This setup only allowed one application to be tied to a domain name. That is, we could not have domains myecampus.info and myprojectwindow.com point to different web applications.

A Better Approach

When I thought about the above issues, I started looking for a way to leave the servers running on their original port numbers (80 for Apache and 9080 for Tomcat), and asking Apache to forward requests meant for Tomcat to Tomcat.

After a lot of Googling and experimenting, the following worked for me:

Configure Tomcat to understand requests forwarded from Apache

This step involved configuring Tomcat to listen to requests from Apache sent using the ajp13 protocol. Documentation for this is available here. I only added the following <Service> element in server.xml inside the <Server> element:

<Service name="Tomcat-Apache">
<!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -->
<Connector protocol="AJP/1.3" className="org.apache.coyote.tomcat4.CoyoteConnector"
port="8009" minProcessors="5" maxProcessors="75"
enableLookups="true" redirectPort="8443"
acceptCount="10" debug="0" connectionTimeout="20000"
useURIValidationHack="false"
protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"/>



<Engine name="Apache" defaultHost="www.myecampus.info" debug="0">
<Host name="www.myecampus.info" appBase="/usr/java/tomcat-5.5/webapps/jsp-examples/">
<Context path="" docBase="" debug="1" />
</Host>
</Engine>
</Service>

Note that the appBase above needs to point the appropriate webapps directory for your app. I used jsp-examples above.

Also, make sure that no other connection is configured to listen to the same port (8009). Either remove or change the other definition, or change this one.

Restart tomcat: /etc/init.d/tomcat55 restart

Configure Apache to Forward Requests to Tomcat

mod_jk is the Apache plugin that can forward requests to Tomcat. This comes built-in with Apache (that’s what it was on the machine I was using).

1) Create a worker that mod_jk can use

Modify /etc/httpd/conf/workers.properties:

  1. Add ecampus to worker.list. “ecampus” can be named anything else too.
    worker.list=wlb,jkstatus, ecampus
  2. Add the definition of “ecampus”. Note that the port number should match the number specified in the Connector definition above.
    # Defining our worker 
    worker.ecampus.type=ajp13
    worker.ecampus.host=localhost
    worker.ecampus.port=8009

2) Ask Apache to forward all requests to our “ecampus” worker

Add the following line to /etc/httpd/conf/httpd.conf:

JkMount /* ecampus
JkUnMount /phpMyAdmin* ecampus

The second line is required so that requests to phpMyAdmin are NOT redirected to Tomcat.

3) Restart Apache

service httpd restart

Testing

After the above steps, all the following URLs worked:

www.myecampus.info – opens jsp-examples
www.myecampus.info/phpMyAdmin – opens phpMyAdmin
www.myecampus.info:9080 – opens the Tomcat ROOT application, from where the Tomcat manager and admin applications can be accessed

Next steps

The next step would be figuring out how to use this setup to allow multiple sites point to different applications running in Tomcat. I’ll surely blog about it if I’m involved in figuring that out. Until then, goodbye!

Resources

Configuring Tomcat to listen to Apache ajp13 requests

Quick Start HowTo for mod_jk

Apache HowTo for mod_jk

Did this guide help you? Please let us know in the comments below!