HP ProLiant ML310 G3 Storage Server User Manual

the Windows user and group names to grant file access. If the UNIX UID and GID information is not

mapped, then Server for NFS will deny file access.
There are two ways to specify how Server for NFS on the storage server obtains Windows user and

group information:

•

Using the Windows interface

•

Using a command line (nfsadmin.exe)

IMPORTANT:
•

Before using Active Directory Lookup, administrators must install and populate the Identity

Management for UNIX Active Directory schema extension, included in Windows Server 2003 R2, or

have an equivalent schema which includes UNIX UID and GID fields.

•

The IP address of the User Name Mapping server can be specified instead of the name of the server.

•

Before using User Name Mapping, the computer running Server for NFS must be listed in the

.maphosts file on the computer running User Name Mapping. For more information, see “Securing

access to the User Name Mapping server.”

For additional information about accessing NFS resources, see the MSNFS online help. For additional

information about Identity Management for UNIX, see the UNIX Identify Management online help

Managing access using the .maphosts file

The User Name Mapping component of MSNFS acts as an intermediary between NFS servers and NFS

clients on a network containing UNIX hosts and Windows-based computers. To maintain the implicit trust

relationship between NFS client and host computers, administrators can control which computers can

access User Name Mapping by editing the .maphosts in the %windir%\msnfs directory of the storage

server. Conditions to allow or deny access include:

•

If the .maphosts file is present but not empty, then only those computers allowed access by entries

in the file can access User Name mapping.

•

If the .maphosts file is present but empty (the default), no computers except the computer running

User Name Mapping itself can access User Name Mapping.

•

If the .maphosts file is not present, no computers (including the computer running User Name

Mapping) can access User Name Mapping.

The ordering of entries is important as User Name Mapping searches the .maphosts file from the top

down until it finds a match.
For additional information about the .maphosts file, see the MSNFS online help.

Allowing anonymous access to resources by NFS clients

It may be desirable to add anonymous access to a share. An instance would be when it is not desirable

or possible to create and map a UNIX account for every Windows user. A UNIX user whose account is

not mapped to a Windows account is treated by Server for NFS as an anonymous user. By default, the

user identifier (UID) and group identifier (GID) is -2.
For example, if files are created on an NFS Share by UNIX users who are not mapped to Windows users,

the owner of those files are listed as anonymous user and anonymous group, (-2,-2).
By default, Server for NFS does not allow anonymous users to access a shared directory. When an NFS

share is created, the anonymous access option can be added to the NFS share. The values can be

changed from the default anonymous UID and GID values to the UID and GID of any valid UNIX user

and group accounts.

NOTE:

In Windows Server 2003, the Everyone group does not include anonymous users by default.

80

Microsoft Services for Network File System (MSNFS)