IMPORTANT:
•
Before using Active Directory Lookup, administrators must install and populate the Identity
Management for UNIX Active Directory schema extension, included in Windows Server 2003 R2,
or have an equivalent schema which includes UNIX UID and GID
fi
elds.
•
The IP address of the User Name Mapping server can be speci
fi
ed instead of the name of
the server.
•
Before using User Name Mapping, the computer running Server for NFS must be listed in
the .maphosts
fi
le on the computer running User Name Mapping. For more information, see
“Securing access to the User Name Mapping server.”
For additional information about accessing NFS resources, see the MSNFS online Help. For additional
information about Identity Management for UNIX, see the UNIX Identify Management online Help
Managing access using the .maphosts
fi
le
The User Name Mapping component of MSNFS acts as an intermediary between NFS servers and NFS
clients on a network containing UNIX hosts and Windows-based computers. To maintain the implicit trust
relationship between NFS client and host computers, administrators can control which computers can
access User Name Mapping by editing the .maphosts in the %windir%\msnfs directory of the storage
server. Conditions to allow or deny access include:
•
If the .maphosts
fi
le is present but not empty, then only those computers allowed access by entries
in the
fi
le can access User Name mapping.
•
If the .maphosts
fi
le is present but empty (the default), no computers except the computer running
User Name Mapping itself can access User Name Mapping.
•
If the .maphosts
fi
le is not present, no computers (including the computer running User Name
Mapping) can access User Name Mapping.
The ordering of entries is important as User Name Mapping searches the .maphosts
fi
le from the top
down until it
fi
nds a match.
For additional information about the .maphosts
fi
le, see the MSNFS online Help.
Allowing anonymous access to resources by NFS clients
It may be desirable to add anonymous access to a share. An instance would be when it is not desirable
or possible to create and map a UNIX account for every Windows user. A UNIX user whose account is
not mapped to a Windows account is treated by Server for NFS as an anonymous user. By default, the
user identi
fi
er (UID) and group identi
fi
er (GID) is -2.
For example, if
fi
les are created on an NFS Share by UNIX users who are not mapped to Windows users,
the owner of those
fi
les are listed as anonymous user and anonymous group, (-2,-2).
By default, Server for NFS does not allow anonymous users to access a shared directory. When an NFS
share is created, the anonymous access option can be added to the NFS share. The values can be
changed from the default anonymous UID and GID values to the UID and GID of any valid UNIX user
and group accounts.
NOTE:
In Windows Server 2003, the Everyone group does not include anonymous users by default.
When allowing anonymous access to an NFS Share, the following must be performed by a user with
administrative privileges due to Windows Storage Server 2003 security with anonymous users and the
Everyone group.
1.
Click
Remote Desktop
. Log on to the storage server.
2.
Click
Start
>
Control Panel
>
Administrative Tools
, and then click
Local Security Policy
.
HP ProLiant DL100 G2 Storage Server administration guide
103
Summary of Contents for ProLiant DL100 G2 DPSS
Page 12: ...12 ...
Page 18: ...18 About this guide ...
Page 26: ...26 The HP storage server solution ...
Page 46: ...46 Storage management overview ...
Page 134: ...134 Troubleshooting servicing and maintenance ...