Tag Archives: NTFS

NetApp access NTFS CIFS share from Unix host via NFS

Posted on by
Reply

NTFS vs. Unix style volume settings have nothing to do with which hosts can mount the volume, they have to do with permissions. To access a NTFS volume via NFS, first allow rw or root mounting in /etc/exports (you do have your root vol mounted on your admin boxes right?):

# sed -i '/cifsshare/d' /mnt/toaster/vol0/etc/exports
# echo '/vol/cifsshare -sec=sys,rw,root=someadminhost:anotherlinuxbox,anon=0,nosuid' >> /mnt/toaster/vol0/etc/exports
# ssh toaster
toaster> exportfs -a
toaster> Connection to toaster closed by remote host.
Connection to toaster closed.
#

Mount the volume on your administration host and list the directory:

# mkdir -p /mnt/toaster/cifsshare
# mount toaster:/vol/cifsshare /mnt/toaster/cifsshare
# cd /mnt/toaster/cifsshare 
# ls
ls: .: Permission denied
#
# whoami
root
#

So even though we are able to mount this share via NFS, the NTFS permissions do not let us see what’s there. Check the filer to see what permissions context it has for ‘root’.

toaster> wcc -u root
Tue Jul 16 09:11:57 PDT [toaster: auth.trace.authenticateUser.loginTraceMsg:info]: AUTH: LSA lookup: Lookup of account "DOMAINNAME\root" failed: STATUS_NONE_MAPPED (0xc0000073).
(NT - UNIX) account name(s):  (DOMAINNAME\guest - root)
        ***************
        UNIX uid = 0
        user is a member of group daemon (1)
        user is a member of group daemon (1)

        NT membership
                DOMAINNAME\Guest
                DOMAINNAME\Domain Guests
                DOMAINNAME\Domain Users
                BUILTIN\Guests
                BUILTIN\Users
        User is also a member of Everyone, Network Users,
        Authenticated Users
        ***************
toaster>

Looks like the filer doesn’t recognize the user ‘root’ and sees it as a guest. This explains why we might not have permissions in the ‘cifsshare’ mount. The solution is to add a user mapping so that user ‘root’ is recognized as ‘administrator’ for the domain ‘DOMAINNAME’. Make an entry in usermap.cfg (you do have your root vol mounted on your admin boxes right?):

echo 'DOMAINNAME\administrator == root' >>/mnt/toaster/vol0/etc/usermap.cfg

Now let’s see what user ‘root’ is seen as from the view of the filer:

toaster> wcc -u root
Tue Jul 16 09:12:30 PDT [toaster: auth.trace.authenticateUser.loginTraceMsg:info]: AUTH: LSA lookup: Located account "DOMAINNAME\administrator" in domain "DOMAINNAME"..
(NT - UNIX) account name(s):  (DOMAINNAME\administrator - root)
        ***************
        UNIX uid = 0
        user is a member of group daemon (1)
        user is a member of group daemon (1)

        NT membership
                DOMAINNAME\administrator
                DOMAINNAME\Enterprise Admins
                DOMAINNAME\Exchange Recovery Administrators
                DOMAINNAME\Schema Admins
<a ton of other stuff here>
                BUILTIN\Administrators
                BUILTIN\Users
        User is also a member of Everyone, Network Users,
        Authenticated Users
        ***************
toaster>

Now we have all the privileges that the domain administrator has, and we can view, list, and alter files that the domain administrator has permissions for. In a production environment, you could just map a Linux admin jdoe to DOMAINNAME\jdoe assuming they had domain admin permissions.

mount windows disk image in linux

Posted on by
Reply

I was recently converting a Windows installation from a physical desktop to a virtual machine. Because the installation was an OEM installation the P2V conversion failed the “hardware” check and the target VM was unregistered. The only way to fix was to do a repair install changing the installation from an OEM to a Retail version of Windows. This needed to be done on the physical source desktop. There’s no way I was going to attempt this without a total backup of the system. I could have just copied important files, but I decided a disk clone was more appropriate. I booted off of a Debian rescue cd, mounted a NFS share, and dd’d a copy of the entire drive to a flat file.

# mkdir /mnt/nfsserver/diskclone
# mount nfsserver:/vol/diskclone /mnt/nfsserver/diskclone
# cd /mnt/nfsserver/diskclone
#
# dd if=/dev/sda of=desktop.img
156250000+0 records in
156250000+0 records out
80000000000 bytes (80 GB) copied, 7079.64601 seconds, 11.3 MB/s
#
# ls -l
total 78278496
-rw-r--r-- 1 root root 80000000000 2013-05-20 15:47 desktop.img

I then needed to mount the image and take a look at the contents. A flat disk image file is just a block for block copy of the actual disk, so the first step is to look at the partition table listed in sectors and find the offset. The offset will tell mount where the beginning of the file system is.

# losetup /dev/loop0 desktop.img
#
# fdisk -l -u  /dev/loop0

Disk /dev/loop0: 80.0 GB, 80000000000 bytes
255 heads, 63 sectors/track, 9726 cylinders, total 156250000 sectors
Units = sectors of 1 * 512 = 512 bytes 

      Device Boot      Start         End      Blocks   Id  System
/dev/loop0p1   *          63   156232124    78116031    7  HPFS/NTFS
#
#

Find the offset by multiplying the 63 (start sector) by 512 bytes ( 63*512 ) and the offset is 32256. Now we can tell mount where the start is. 

# mkdir /mnt/diskimage
# mount -t ntfs -o offset=32256,ro desktop.img /mnt/diskimage
#

I mounted readonly so that we don’t mess anything up. You may need to install ntfsprogs to be able to read an NTFS file system (apt-get install ntfsprogs) if you don’t have it installed already