Microsoft Services for NFS
165
NAS 2000s Administration Guide
NFS User and Group Mappings
When a fileserver exports files within a homogeneous environment, there are no problems with
authentication. It is a simple matter of making a direct comparison to determine whether the
user should be allowed access to the file, and what level of access to allow.
However, when a fileserver works in a heterogeneous environment, some method of
translating user access is required. User mapping is the process of translating the user security
rights from one environment to another.
User name mapping is the process of taking user and group identification from one
environment and translating it into user identification in another environment. In the context of
UNIX and NFS, user and group identification is a combination of a user ID (UID) and group
ID (GID). In Windows environments, user identification is a Security ID (SID) or, in Windows
2000, a Globally Unique Identifier (GUID).
The server grants or denies access to the export based on machine name or IP address.
However, after the client machine has access to the export, user-level permissions are used to
grant or deny access to user files and directories.
The NAS 2000s is capable of operating in a heterogeneous environment, meaning that it is
able to work with both UNIX and Windows clients. Because the files are stored in the native
Windows NT file system, the server has to map the UNIX users to Windows users to determine
the user access level of the files.
Note:
User mapping is not designed to address existing user database problems in the existing
environment. All UIDs and GIDs must be unique across all NIS (Network Information Service)
domains and all user names must be unique across all Windows NT domains.
The NAS 2000s supports mappings between one or more Windows domains and one or more
NIS domains. The default setup supports multiple Windows NT domains to a single NIS
domain. For information about users in multiple NIS domains, refer to the Supplemental Help
section in the Services for NFS online help.
Types of Mappings
There are three types of mappings. These mappings are listed below in order of the most
complex (with the greatest level of security) to the least complex (easiest to manage, but with
little security):
■
Explicit mappings
■
Simple mappings
■
Squashed mappings
Explicit Mappings
Explicit mappings are created by the administrator to link Windows and UNIX users. They
override simple mappings and are used to map users on the different systems that have unique
names.
Simple Mappings
Simple mapping is a direct comparison of user names on the Windows system and the UNIX
system. If the names match, the user is assumed to be authentic, and appropriate share access
is granted. Simple mapping is an option that the administrator must turn on if it is to be used.
Summary of Contents for 345646-001 - StorageWorks NAS 2000s External Storage Server
Page 16: ...About this Guide 16 NAS 2000s Administration Guide ...
Page 56: ...Storage Management Overview 56 NAS 2000s Administration Guide ...
Page 80: ...Disk Management 80 NAS 2000s Administration Guide ...
Page 110: ...User and Group Management 110 NAS 2000s Administration Guide ...
Page 146: ...Folder Printer and Share Management 146 NAS 2000s Administration Guide ...
Page 186: ...NetWare File System Management 186 NAS 2000s Administration Guide ...