Specify How Server for NFS Obtains Windows User and Group Information
Applies To: Windows Server 2008
In a UNIX environment, authentication is the process of providing a user identifier (UID) and group identifier (GID) to a user who presents a valid user name and password. UNIX hosts provide these identifiers when a user logs on to the host. When the user logs on, the user's name and password are compared to those in a password file. If they correspond with a user name and password in the file, the server returns a corresponding UID and GID. The UID and GID identify the user for Network File System (NFS) browsing and mounting operations.
Server for NFS makes it possible for clients to access NFS resources without separately logging on to Server for NFS. Instead, the first time you try to access an NFS resource, Server for NFS looks up your UNIX UID and GID information in either Active Directory Domain Services or User Name Mapping. If your UNIX UID and GID information is mapped to a Windows user and group accounts, the Windows names are returned to Server for NFS, which then uses the Windows user and group names to grant file access. If your UNIX UID and GID information is not mapped, then Server for NFS will deny file access.
Note
User Name Mapping has changed. Server functionality no longer exists, but client functionality is present. Services for NFS can still retrieve mappings from existing legacy User Name Mapping servers.
Specifying how Server for NFS obtains Windows user and group information
You can perform this procedure using the following methods:
Using the Windows interface
Using a command line
To specify how Server for NFS obtains UID and GID information using the Windows interface
Open Services for Network File System: click Start, point to Programs, point to Administrative Tools, and then click Services for Network File System (NFS).
If necessary, connect to the computer you want to manage.
Right-click Services for NFS, and then click Properties.
Specify how Server for NFS obtains user identifier (UID) and group identifier (GID) information for users:
To use Active Directory Lookup, select the Active Directory domain name check box, type the domain name, and then click Apply.
To use User Name Mapping, select the User Name Mapping check box, type the name of the mapping server you want to use for authentication, and then click Apply.
Note
Before using Active Directory Lookup, you must install and populate the Identity Management for UNIX Active Directory schema extension, included in Windows Server 2008, or have an equivalent schema which includes UNIX UID and GID fields. Identity Management for UNIX greatly simplifies this aspect of Windows-to-UNIX user account management in Active Directory Domain Services.
You can specify the IP address of the User Name Mapping server instead of the name of the server.
Before using User Name Mapping, the computer running Server for NFS must be listed in the .maphosts file on the computer running User Name Mapping.
Additional references
To specify how Server for NFS obtains UID and GID information using the command line
Open the command prompt with elevated privileges.
Click the Start button, and click All Programs.
Click Accessories.
Right-click the command prompt, and click Run as administrator.
Specify how Server for NFS obtains user identifier (UID) and group identifier (GID) information for users:
To use Active Directory Lookup, at a command prompt, type:
**nfsadmin mapping [ComputerName] config adlookup=yes addomain=**DomainName
Argument Description DomainName
The name of the domain controller you want to use.
ComputerName
The name of the computer you want to manage.
Note
To view the complete syntax for this command, at a command prompt, type: nfsadmin mapping /?
Before using Active Directory Lookup, you must install and populate the Identity Management for UNIX Active Directory schema extension, included in Windows Server 2008, or have an equivalent schema which includes UNIX UID and GID fields. Identity Management for UNIX simplifies this aspect of Windows-to-UNIX user account management in Active Directory Domain Services.