Accessing NFS resources for Windows users and groups
Server for NFS allows Windows clients to access NFS resources on the storage system without
separately logging on to Server for NFS. The first time users attempt to access an NFS resource, the
Server for NFS looks up the user’s UNIX UID and GID information in either Windows Active Directory
or the User Name Mapping function on the storage system. If the UNIX UID and GID information is
mapped to a Windows user and group accounts, the Windows names are returned to Server for
NFS, which then uses the Windows user and group names to grant file access. If the UNIX UID and
GID information is not mapped, then Server for NFS will deny file access.
There are two ways to specify how Server for NFS on the storage system obtains Windows user and
group information:
•
Using the Windows interface
•
Using a command line (
nfsadmin.exe
)
IMPORTANT:
•
Before using Active Directory Lookup, administrators must install and populate the Identity Management
for UNIX Active Directory schema extension, included in Windows Server 2003 R2, or have an equivalent
schema which includes UNIX UID and GID fields.
•
The IP address of the User Name Mapping server can be specified instead of the name of the server.
•
Before using User Name Mapping, the computer running Server for NFS must be listed in the .maphosts
file on the computer running User Name Mapping. For more information, see “Securing access to the
User Name Mapping server.”
For additional information about accessing NFS resources, see the MSNFS online help. For additional
information about Identity Management for UNIX, see the UNIX Identify Management online help
Managing access using the .maphosts file
The User Name Mapping component of MSNFS acts as an intermediary between NFS servers and
NFS clients on a network containing UNIX hosts and Windows-based computers. To maintain the
implicit trust relationship between NFS client and host computers, administrators can control which
computers can access User Name Mapping by editing the .maphosts in the %windir%\msnfs directory
of the storage system. Conditions to allow or deny access include:
•
If the .maphosts file is present but not empty, then only those computers allowed access by entries
in the file can access User Name mapping.
•
If the .maphosts file is present but empty (the default), no computers except the computer running
User Name Mapping itself can access User Name Mapping.
•
If the .maphosts file is not present, no computers (including the computer running User Name
Mapping) can access User Name Mapping.
The ordering of entries is important as User Name Mapping searches the .maphosts file from the top
down until it finds a match.
For additional information about the .maphosts file, see the MSNFS online help.
Allowing anonymous access to resources by NFS clients
It may be desirable to add anonymous access to a share. An instance would be when it is not desirable
or possible to create and map a UNIX account for every Windows user. A UNIX user whose account
Microsoft Services for Network File System (MSNFS)
166
Summary of Contents for STORAGEWORKS ALL-IN-ONE STORAGE SYSTEM
Page 14: ...14 ...
Page 34: ...Installing and configuring the server 34 ...
Page 60: ...Storage management overview 60 ...
Page 88: ...Data protection 88 ...
Page 120: ...Troubleshooting servicing and maintenance 120 ...
Page 122: ...System recovery 122 ...
Page 172: ...Microsoft Services for Network File System MSNFS 172 ...
Page 204: ...Index 204 ...