HP ProLiant DL100 G2 Administration Manual page 103

IMPORTANT:
• Before using Active Directory Lookup, administrators must install and populate the Identity
Management for UNIX Active Directory schema extension, included in Windows Server 2003 R2,
or have an equivalent schema which includes UNIX UID and GID fields.
• The IP address of the User Name Mapping server can be specified instead of the name of
the server.
• Before using User Name Mapping, the computer running Server for NFS must be listed in
the .maphosts file on the computer running User Name Mapping. For more information, see
"Securing access to the User Name Mapping server."
For additional information about accessing NFS resources, see the MSNFS online Help. For additional
information about Identity Management for UNIX, see the UNIX Identify Management online Help
Managing access using the .maphosts file
The User Name Mapping component of MSNFS acts as an intermediary between NFS servers and NFS
clients on a network containing UNIX hosts and Windows-based computers. To maintain the implicit trust
relationship between NFS client and host computers, administrators can control which computers can
access User Name Mapping by editing the .maphosts in the %windir%\msnfs directory of the storage
server. Conditions to allow or deny access include:
• If the .maphosts file is present but not empty, then only those computers allowed access by entries
in the file can access User Name mapping.
• If the .maphosts file is present but empty (the default), no computers except the computer running
User Name Mapping itself can access User Name Mapping.
• If the .maphosts file is not present, no computers (including the computer running User Name
Mapping) can access User Name Mapping.
The ordering of entries is important as User Name Mapping searches the .maphosts file from the top
down until it finds a match.
For additional information about the .maphosts file, see the MSNFS online Help.
Allowing anonymous access to resources by NFS clients
It may be desirable to add anonymous access to a share. An instance would be when it is not desirable
or possible to create and map a UNIX account for every Windows user. A UNIX user whose account is
not mapped to a Windows account is treated by Server for NFS as an anonymous user. By default, the
user identifier (UID) and group identifier (GID) is -2.
For example, if files are created on an NFS Share by UNIX users who are not mapped to Windows users,
the owner of those files are listed as anonymous user and anonymous group, (-2,-2).
By default, Server for NFS does not allow anonymous users to access a shared directory. When an NFS
share is created, the anonymous access option can be added to the NFS share. The values can be
changed from the default anonymous UID and GID values to the UID and GID of any valid UNIX user
and group accounts.
NOTE:
In Windows Server 2003, the Everyone group does not include anonymous users by default.
When allowing anonymous access to an NFS Share, the following must be performed by a user with
administrative privileges due to Windows Storage Server 2003 security with anonymous users and the
Everyone group.
1. Click Remote Desktop. Log on to the storage server.
2. Click Start >Control Panel > Administrative Tools, and then click Local Security Policy.
HP ProLiant DL100 G2 Storage Server administration guide
103