Configuring User Name Mapping
Configuring User Name Mapping
We can now mount the share on the Linux client and can also create files. Next thing we should do is to configure User Name Mapping and see it in action.
So let’s go back to our Windows system. I have created few local users and group on this Windows systems and the Linux client. Some user and group names are same on both the systems and some are not.
Yes, that’s on purpose - you would notice that User Name Mapping parses the passwd and group files and can automatically map the users and groups that have same names. This is called Simple mapping. To allow User Name Mapping to do this for you, you need to enable the Use Simple Mapping option in the User Name Mapping properties using the Microsoft services for Network File System MMC Snap-in.
To start, you need to copy the /etc/passwd and /etc/group file over from your Linux system and filter them for unwanted user and group accounts which you don’t want to map. I am keeping them in C:\etc directory.
Open the MMC snap-in and check that you are pointing your installation to point to the correct user name mapping server- right click on the top of the hierarchy in the MMC snap-in on Microsoft Services for NFS and select Properties. Under the General Settings, type localhost for User Name Mapping Server if it’s not already there.
We are not going to use Active Directory Lookup so you can ignore that option for now.
Save this setting and now right click on User Name Mapping, go to properties and under the UNIX User Source tab, select Use Password and Group file and then browse to the passwd and group files. Move the Simple Mapping tab and enable Use simple maps option. Click on OK and come back to MMC snap-in.
Expand User Name Mapping, select User Maps, right click and click on Show simple maps. Now again right click on User maps and click on Refresh to refresh the mapping information. On my box, I see this –
And, the Group Maps looks like this –
The other kind of mapping is called Advanced Mapping where you can map users with different login names on Windows and UNIX systems. You anyway need to do this to map UNIX root user to Windows Administrator user and UNIX root group to Windows Administrators group.
To create an advanced map, right click on User Maps, select Create Map…, Click on List Windows Users and then on List UNIX Users, Select Administrator in the list of Windows users and root in the list of UNIX users and click on Add.
Close this dialog box and now you should see the new mapping –
Ditto for Group Maps –
You may want to add few other advanced mappings for bin and sys/bin groups.
Server for NFS queries the User Name Mapping service when it starts and then keeps polling every 30-miuntes to fetch the mapping information. I have restarted my Server for NFS service so that I can go to the Linux client and do some tests there –
See that the nfs directory is owned by the root group which on the Windows side translates to Administrators group. Thanks to User Name Mapping.
I cannot, however, change to this directory as root user. That’s because I haven’t checked the Allow root access check-box in the NFS sharing properties.
<< Who's 4294967294? | Back to post | Using chown/chgrp from UNIX clients >> |
Comments
Anonymous
August 28, 2007
I have a simple question. As we know , the NFS server will map the Unix user to Window user. So we must copy the file password (/etc/passwd) and group (/etc/group). I wonder one thing .Is the password field in the file password important? or we just need the user name field ? . Thanks for your replyAnonymous
August 28, 2007
User Name Mapping doesn't care about the password in the passwd file. That's because it cannot authenticate the users based on those passwords - it uses Kerberos extension called S4U to authenticate the Windows/AD users. Apart from user names, it also uses UID and GID fields in the passwd file.Anonymous
January 24, 2008
Configuring User Name Mapping - Part 3 (Advanced Mapping) Simply said - when you map users and groupsAnonymous
April 15, 2008
All (well, almost) about Client for NFS - Configuration and Performance I was looking at the referralsAnonymous
April 18, 2008
Configuring User Name Mapping - Part 3 (Advanced Mapping) Simply said - when you map users and groupsAnonymous
April 24, 2008
Configuring User Name Mapping - Part 1 On this page , I have put some information about how you can configureAnonymous
October 21, 2009
Excellent blog Ashish, thankyou very muchAnonymous
December 15, 2011
How are we configure Advanced mapping for Services of NFS in Windows Server 2008 R2Anonymous
June 18, 2012
Is this simple mapping also possible fpr Windows 2008 R2? I can only see the AD options in the MMC Snapin there.Anonymous
August 03, 2012
@Tom - yes.