Microsoft Services for NFS
158
NAS 4000s and 9000s Administration Guide
Permissions are granted on a per-export basis; each export has its own permissions,
independent of other exports on the system. For example, file system a can be exported to
allow only the Accounting department access, and file system m can be exported allowing
only the Management department access. If a user in Management needs access to the
Accounting information, the A export permissions can be modified to let that one user's client
machine have access. This modification does not affect other client access to the same export,
nor does it allow the Management user or client access to other exports.
After the client machine has permission to the export, the user logon affects file access. The
client machine presents the UNIX user ID (UID) and group ID (GID) to the server. When the
computer accesses a file, the UID and GID of the client are transferred to a Windows user ID
and group ID by the mapping server. The ACLs of the file or directory object being requested
are then compared against the mapped Windows login or group ID to determine whether the
access attempt should be granted.
Note:
User credentials are not questioned or verified by the NFS server. The server accepts the
presented credentials as valid and correct.
If the NFS server does not have a corresponding UID or GID, or if the administrator has set
other conditions to filter out the user, a process called squashing takes effect. Squashing is the
conversion of an unknown or filtered user to an anonymous user. This anonymous user has
very restricted permissions on the system. Squashing helps administrators manage access to
their exports by allowing them to restrict access to certain individuals or groups and to squash
all others down to restricted (or no) access. Squashing enables the administrator to allow
permissions instead of denying access to all the individuals who are not supposed to have
access. See “NFS User and Group Mappings” later in this chapter for specific information
about creating and maintaining mappings.
Indicating the Computer to Use for the NFS User Mapping Server
During the processes of starting and installing the NAS server, the name localhost is assigned
by default to the computer. It is assumed that the NAS server is the computer that will be used
for user name mapping.
If there are other mapping servers and a machine other than the localhost that will store user
name mappings, the name of that computer must be indicated, as detailed below:
1. Use Remote Desktop to access the NAS Management Console, click File Sharing,
Microsoft Services for Network File System. Click Settings.
Figure 88
is an example of
the Server for NFS user interface.
2. In the Computer name box of the user-mapping screen, type the name of the computer
designated for user mapping and authentication.
3. Localhost is the computer name assigned by default on the NAS server. To control user
mapping from a different computer, enter the name of that computer.
Note:
If a machine other than the localhost is to be used, make sure that the user name mapping
service is installed and running on that machine.
Summary of Contents for NAS 4000s
Page 18: ...About this Guide 18 NAS 4000s and 9000s Administration Guide ...
Page 92: ...Disk Management 92 NAS 4000s and 9000s Administration Guide ...
Page 196: ...NetWare File System Management 196 NAS 4000s and 9000s Administration Guide ...
Page 246: ...Index 246 NAS 4000s and 9000s Administration Guide ...