NOTE: To prevent root squashing for specific NFS shares, the UNIX root user and group must be mapped to the Windows administrator user and group. The access type for the NFS share's permissions must also be set to root for each applicable client or client group.
Configuring User and Group Mappings
To provide security for server files accessed from a UNIX environment, Server for NFS requires the system administrator to map UNIX user and group accounts to Windows accounts either on the server or in a Windows Domain. Users then have equivalent access rights under UNIX as they have under Microsoft Windows. Alternatively, Web sites with less stringent security needs can bypass the mapping procedure and treat all UNIX users as anonymous users.
User and Group Mapping lets you create maps between Windows and UNIX user and group accounts even though the user and group names in both environments may not be identical. You can use simple maps, which map Windows and UNIX accounts with identical names. You can also create advanced maps to associate Windows and UNIX accounts with different names. You can also use a combination of simple and advanced maps. With User and Group Mappings, you can obtain UNIX user and group information from one or more NIS servers or from imported passwd and group files.
NOTE: Only a user's primary GID is used by Server for NFS for user/group name mapping. Secondary GIDs are ignored. When adding a new user mapping, always create an associated group mapping for that user's primary GID. Users whose primary GIDs are not also mapped will be associated with the anonymous group.
To create user and group name maps, perform the following steps:
1.Log in to the NAS Manager.
2.From the NAS Manager, click Shares.
3.Click Sharing Protocols.
4.Click NFS Protocol, and then click Properties.
5.Click User and Group Mappings.
6.Use the User and Group Mappings window to define your user and group maps.
To configure the type of server to be used to access UNIX user and group names, perform the following steps:
1.On the User and Group Mappings window, click General.
2.Click Use NIS server, or click Use password and group files to select the server type.
3.Depending on whether you use an NIS server or password and group files, perform one of the following steps:
•For password and group files, specify the location and filename of the UNIX password file and UNIX group file.
NOTE: The UNIX password file and group file formats must conform to the UNIX standard for these files.
•For NIS server, type the NIS domain and, optionally, the name of the NIS server.
4.Click OK to apply the configuration.
Simple Maps
If enabled, simple maps create automatic mappings between UNIX users and Microsoft Windows users that share the same user name. In a simple user map, users in a Windows domain are implicitly mapped
To define simple maps, perform the following steps:
1.In the User and Group Mappings window, click Simple Mapping.
2.Click Enable Simple Mapping.
3.On the Windows domain list, select the server name, or the domain to which the server belongs.
If you select the server name, only the local users and groups will be mapped.
4.Click OK to create the maps.