beautypg.com

Managing access using the .maphosts file – HP ProLiant SB460c SAN Gateway Storage Server User Manual

Page 69

background image

Managing access using the .maphosts file

The User Name Mapping component of MSNFS acts as an intermediary between NFS servers and
NFS clients on a network containing UNIX hosts and Windows-based computers. To maintain the
implicit trust relationship between NFS client and host computers, administrators can control which
computers can access User Name Mapping by editing the .maphosts in the %windir%\msnfs directory
of the storage server. Conditions to allow or deny access include:

If the .maphosts file is present but not empty, then only those computers allowed access by entries
in the file can access User Name mapping.

If the .maphosts file is present but empty (the default), no computers except the computer running
User Name Mapping itself can access User Name Mapping.

If the .maphosts file is not present, no computers (including the computer running User Name
Mapping) can access User Name Mapping.

The ordering of entries is important as User Name Mapping searches the .maphosts file from the top
down until it finds a match.

For additional information about the .maphosts file, see the MSNFS online help.

Allowing anonymous access to resources by NFS clients

You may want to add anonymous access to a share, for example when it is not desirable or possible
to create and map a UNIX account for every Windows user. A UNIX user whose account is not
mapped to a Windows account is treated by Server for NFS as an anonymous user. By default, the
user identifier (UID) and group identifier (GID) is -2.

For example, if files are created on an NFS Share by UNIX users who are not mapped to Windows
users, the owner of those files are listed as anonymous user and anonymous group, (-2,-2).

By default, Server for NFS does not allow anonymous users to access a shared directory. When an
NFS share is created, the anonymous access option can be added to the NFS share. The values can
be changed from the default anonymous UID and GID values to the UID and GID of any valid UNIX
user and group accounts.

NOTE:

In Windows Server 2003, the Everyone group does not include anonymous users by default.

When allowing anonymous access to an NFS Share, the following must be performed by a user with
administrative privileges due to Windows Storage Server 2003 security with anonymous users and
the Everyone group.

1.

Click Remote Desktop. Log on to the storage server.

2.

Click Start >Control Panel > Administrative Tools, and then click Local Security Policy.

3.

In Security Settings, double-click Local Policies, and then click Security Options.

4.

Right-click Network access: Let Everyone permissions apply to anonymous users, and then click
Properties.

5.

To allow permissions applied to the Everyone group to apply to anonymous users, click Enabled.
The default is Disabled.

6.

Restart the NFS server service. From a command prompt, enter net stop nfssvc. Then enter
net start nfssvc

. Notify users before restarting the NFS service.

HP ProLiant SB460c SAN Gateway Storage Server

69