In this post I want to show how easily you can set up a NFS server in Windows Server 2022 (2012 and later). Further we will see how Windows Server can also connect to UNIX or Linux NFS shares that allows anonymous access by installing the Client for NFS on Windows Server.


Network File System (NFS) provides a file sharing solution that lets you transfer files between computers running Windows Server and UNIX or Linux operating systems by using the NFS protocol.

NFS in Windows Server includes Server for NFS and Client for NFS. A computer running Windows Server can use Server for NFS to act as a NFS file server for other non-Windows client computers.

Client for NFS allows a Windows-based computer running Windows Server to access files stored on a non-Windows NFS server.

When a file share is configured, it’s shared with both the SMB and NFS protocols. Windows users access their files over the SMB protocol, and users on UNIX-based computers typically access their files over the NFS protocol.

For this scenario, you must have a valid identity mapping source configuration. Windows Server supports the following identity mapping stores:

Mapping File, Active Directory Domain Services (AD DS), RFC 2307-compliant LDAP stores such as Active Directory Lightweight Directory Services (AD LDS), User Name Mapping (UNM) server.

Source: https://learn.microsoft.com/en-us/windows-server/storage/nfs/nfs-overview




Introduction to the Network File System (NFS)

Network File System (NFS) is a distributed file system protocol allowing a user on a client computer to access files over a network as if they were on the local machine. NFS servers facilitate this process by managing the shared directories and files, making them accessible to client systems within the network.

An NFS server essentially acts as a centralized storage repository, allowing multiple client machines to access and manipulate files stored on it. It simplifies file sharing and collaboration within networks, enabling users to seamlessly access resources regardless of their physical location or operating system.

Key features of NFS servers include robust security mechanisms to control access to shared files, efficient data transfer protocols to optimize performance, and scalability to accommodate growing storage needs within organizations.



Running NFS behind a Firwall

By default the NFS server is listening on TCP/UDP port 2049 for incoming connection requests. Further you should allow TCP/UDP port 111 for RPC binding.

NFS and portmap
NFS relies upon remote procedure calls (RPC) to function. portmap is required to map RPC requests to the correct services. RPC processes notify portmap when they start, revealing the port number they are monitoring and the RPC program numbers they expect to serve. The client system then contacts portmap on the server with a particular RPC program number. portmap then redirects the client to the proper port number to communicate with its intended service.

Source: https://mirror.apps.cam.ac.uk/pub/doc/redhat/redhat7.3/rhl-rg-en-7.3/ch-nfs.html




Install and set up Server for NFS

To set up a NFS server on Windows Server we first need to install the Server for NFS server role.

Under server roles expand File and Storage Services -> File and iSCSI Services and select the Server for NFS role. This will also add the File Server role and the Services for Network File System Management Tools feature as shown below.

File Server role -> File Server manages shared folders and enables users to access files on this computer from the network.

Services for Network File System Management Tools -> Includes the Network File System snap-in and the nfsadmin showmount, and rpcinfo commands.




Below you will find from now on the NFS server also in the services console.




Using PowerShell to install Server for NFS

You can also use PowerShell to install the server roles and features by using the following commands.

Import-Module ServerManager
Add-WindowsFeature FS-NFS-Service
Import-Module NFS






Add new Shares

We can now add new shares on the NFS server by using the Server Manager from Windows Server as shown below.

Sharing directories or files is in UNIX NFS terminology is called exporting directories or files. To mount these shares on a NFS client later is then called importing the file system.


Select File and Storage Services -> Shares -> TASKS and click on New Share …


Select either NFS Share – Quick or NFS Share – Advanced, then select Next.


On the Share Location page, select a server and a volume, then select Next.


On the Share Name page, enter a name for the new share, then select Next.


On the Authentication page, specify the authentication method you want to use, then select Next.


On the Share Permissions page, select Add. The Add Permissions dialog opens. Choose the level of user permissions to grant: HostNetgroupClient group, or All Machines.


The share permissions we can later also check by using PowerShell.



On the Permissions page, configure access control for your selected users. When you’re ready, select Next.

We also need to configure the NTFS permissions for Windows clients, here the more restrictive permissions between the Share permissions and NTFS permissions wins finally.


On the Confirmation page, review your configuration, and select Create to create the NFS file share.




We can also any time change the settings for the share by right clicking on and select Properties as shown below.




Using PowerShell to add new Shares

The following Windows PowerShell cmdlet can also create an NFS file share (where nfs1 is the name of the share and C:\\shares\\nfsfolder is the file path):

New-NfsShare -Name nfs1 -Path C:\shares\nfsfolder






Install and set up Client for NFS

In order that Windows operating systems are able to connect to a NFS server, we first need to install the Client for NFS.

Select the Client for NFS feature as shown below.

Client for NFS enables this computer to access files on UNIX-based NFS servers. When installed, you can configure a computer to connect to UNIX NFS shares that allow anonymous access.






Mount NFS Network Shares on Windows Server

In order to mount Network File System (NFS) network shares on Windows Server we can use the mount command-line utility.

mount \braincloud07.braincourt.de\NFS-Share N:

Source: https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/mount






Mount NFS Network Shares on UNIX or Linux operating systems

On UNIX or Linux operating systems we will also use the mount command which is here by default available and one of the essential commands.

Below I first created a new directory named NFS to mount the shares from the remote NFS server in.

sudo mount -t nfs <hostname/FQDN or IP address>:/<nfs Share> /<target folder mountpoint>
sudo mount -t nfs 192.168.195.42:/NFS-Share /NFS

-t limit the set of filesystem types and here set to nfs



Mount NFS Network Shares by default by using /etc/fstab

In order to not have every time to mount the NFS share by hand, we can add the following entry in the /etc/fstab to mount it always when the system is booting.

192.168.195.42:/NFS-Share /NFS nfs defaults 0 0

For remote file system mounts I will use the option _netdev to ensure the network is online before systemd will mount the exported file system (NFS share)
192.168.195.42:/NFS-Share /NFS nfs _netdev 0 0

x-systemd.mount-timeout= : option to specify how long systemd should wait for the mount command to finish
x-systemd.automount : option to be mounted only upon access
_netdev : option ensures systemd understands that the mount is network dependent and order it after the network is online.

Device: usually the given name or UUID of the mounted device (sda1/sda2/etc)
Mount Point: designates the directory where the device is/will be mounted
File System Type: nothing trick here, shows the type of filesystem in use
Options: lists any active mount options. If using multiple options they must be separated by commas
Backup Operation: (the first digit) this is a binary system where 1 = dump utility backup of a partition. 0 = no backup. This is an outdated backup method and should NOT be used.
File System Check Order: (second digit) Here we can see three possible outcomes.  0 means that fsck will not check the filesystem. Numbers higher than this represent the check order. The root filesystem should be set to 1 and other partitions set to 2

Source: https://www.redhat.com/sysadmin/etc-fstab


In order to unmount the NFS share we can use:

sudo umount 192.168.195.42:/NFS-Share





Troubleshooting

mount Network Error – 53

When trying to mount a remote NFS share the Network Error – 53 appears.


A common error here is that the permissions on the NFS server are not set correctly. In my case for demonstration purpose I want to allow read/write access on the root. Before the permissions were set to No Access and therefore on the clients the Network Error -53 was appearing when trying to mount the share.


After switching above the permissions to Read / Write, I was able to mount the share from a different server.


By just enter mount all NFS remote shares will be listed.



NFS version 4.1

NFS version 4.1 allows the file names to be created or copied with illegal characters. If you attempt to open the files with vi editor, it shows the files as being corrupt. You can’t save the file from vi, rename, move it, or change permissions. So avoid using illegal characters.

Source: https://learn.microsoft.com/en-us/windows-server/storage/nfs/deploy-nfs#known-issue





Links

Network File System (NFS)
https://en.wikipedia.org/wiki/Network_File_System

Network File System overview
https://learn.microsoft.com/en-us/windows-server/storage/nfs/nfs-overview

Deploy Network File System
https://learn.microsoft.com/en-us/windows-server/storage/nfs/deploy-nfs

mount
https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/mount

NFS Server and File Permissions
https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/nfs-server-file-permissions