When the file server is operating in either mixed or UNIX security mode, it requires mappings between UNIX, Windows, NFSv4, and Kerberos users and groups. For example, user John Doe could have a UNIX user account named jdoe and a Windows user account named johnd. These two user accounts are made equivalent by setting up a user mapping. Furthermore, the file server assumes that equivalent user and group names are the same for both environments. For example, if no explicit mapping is found for user janed, the server assumes that the UNIX user account named janed is the same as the Windows user account with the same name.
- Specify the name and ID of each NFS user and group. Note: This step is not required for Windows users or groups, as the server gets all of the information from the domain controller (DC).
- Map the NFS user (group) names to Windows NT user (group) names.
Windows access to a file created by a UNIX user (or vice-versa) is permitted when the UNIX name and Windows name are recognized as being the same user. However, NFS clients present an NFS operation to an NFS server with numerical UNIX User ID (UID) and UNIX Group ID (GID) as credentials. The server must map the UID and GID to a UNIX user or group name prior to verifying the UNIX to Windows name mapping.
- If the server is configured to use the Network Information Service (NIS) no special configuration steps are needed; the server automatically retrieves the user (group) names and IDs from the NIS server.
- NFS user and group names can be added manually.
- NFS user and group names can be added by importing files. For example, the UNIX /etc/passwd file can be imported, providing the server with a mapping of user name to UID. The /etc/groups file should also be imported to provide the server with a mapping of Group name to GID.
- You can import the numerical ID to Name mappings directly from a NIS server or an LDAP server if one has been configured. Every time a UID is presented to the server, it will issue an NIS request to an NIS server to verify the mapping. This mapping can remain cached in the server for a configurable time. A cached ID to name binding for a User or Group will appear as Transient in the NFS Users or Groups list. Note: When a Windows user creates a file and the UNIX user or group mapping fails, the server sets the UID or the GID to 0 (root).
Each UNIX user name and numerical UID can be manually entered, along with its corresponding Windows user and domain name. Users configured manually will appear as permanent in the NFS users list.