HP ProLiant ML310 G3 Storage Server Administration Guide (WSS R2 version, March 2006)
IMPORTANT:
• Before using Active Directory Lookup, administrators must install and populate the Identit y
Management for UNIX Active Directory schema extension, included in Windows Server 2003 R2,
or have an equivalent schema which includes UNIX UID and GID fields.
• The IP address of the User Name Mapping server can be specified instead of the name of
the server.
• Before using User Name Mapping, the computer running Server for NFS must be listed in
the .maphosts fi le on the computer running User Na m e Mapping. For more information, see
“Securing access to the User Nam e Mapping server.”
For additional information about accessing NFS resources, see the MSNFS online Help. For additional
information about Identity Management for UNIX, see the UNIX Identify Managem ent online Help
Managing access using the .maphosts file
The User N ame Mapping component of MSNFS acts as an intermediary between NFS servers and NFS
clients o n a network containing UNIX hosts and Windows-based computers. To maintain the implicit trust
relationship between NFS client and host computers, administrators can control which computers can
access User N am e Mapping by editing the .maphosts in the %windir%\msnfs directory of the storage
server. Conditions to allow or deny access include:
• If the .maphosts file is present but no t empty, then only those computers allowed access by entries
in the file can access User Name mapping.
• If the .maphosts file is present but empty (the default), no computers except the computer running
User Nam e Mapping itself can access User Name Mapping.
• If the .maphosts file is not present, no computers (including the computer running User Name
Mapping) can access User Name Mapping.
The ordering of entries is important as User Name Mapping searches the .maphosts file from the top
down until it finds a match.
For additional information about the .maphosts fi le, see the MSNFS online H elp.
Allowing anonymous access to resources by N FS clients
It may be desirable to add anonymous access to a sha re. An instance would be when it is not desirable
or possible to create and m ap a UNIX a ccou nt for every Windows user. A UN IX user whose account is
not mapped to a Windows account is treated by Ser ver for NFS as an anonymous user. By default, the
user identifier (UID) and group identifier (GID) is -2.
For example, if files are created on an NFS Share by UNIX users who are not mapped to Windows users,
the owner of those files are listed as anonymous user and anonymous group, (-2,-2).
By default, Ser ver for N FS does not allow anonymous users to access a shared directory. When an NFS
share is created, the anonymous access option can be added to the NFS share. The values can be
changed from the default anonymous UID and GID values to the UID and GID of any valid UNIX user
and group accounts.
NOTE:
In Windows Server 2003, the Everyone group does not include anonymous users by default.
When allowing anonymous access to an N FS Share, the following must be performed by a user with
admi
nistrative privileges due to Windows Storage Server 2003 security with anonymous users and the
Everyone group.
1. Click Remote Desktop. Log on to the storage server.
2. Clic
k Start >Control Panel > Administrative Tools, a nd then click Local Security Policy.
HP ProLiant ML310 G3 Storage Server administration guide
105