Configuring Active Directory Lookup for UNIX GID and UID Information
So that NTFS permissions can be
properly mapped to UNIX user accounts, integration with Active Directory
Domain Services (AD DS) must be set up between AD DS and UNIX. This
requires the proper schema extensions to be enabled in the domain. By
default, Windows Server 2008 R2 AD DS includes these schema extensions.
If installing Services for NFS into a down-level schema version of AD,
such as with Windows Server 2003, the schema must be extended first to
Windows Server 2008 R2 levels.
To enable AD DS lookup for Services for NFS, do the following:
1. | Open the Services for Network File System MMC (Start, All Programs, Administrative Tools, Services for Network File System).
|
2. | Right-click on the Services for NFS node in the node pane, and choose Properties.
|
3. | In
the Identity Mapping Source section, check the Active Directory domain
name check box, and enter the name of the domain in which identity
mapping will be enabled, as shown in Figure 2.
|
4. | Click OK to save the changes.
|
Note
Windows Server 2008 R2
Services for NFS still supports the legacy User Name Mapping service,
although installation of the User Name Mapping service itself cannot be
done on a Windows Server 2008 R2 server. It is preferable to use the AD
DS integration, however, rather than the User Name Mapping service.
Configuring Client for NFS and Server for NFS Settings
After enabling the lookup
method used for Services for NFS, you can configure the individual
Server for NFS and Client for NFS settings by right-clicking the
individual nodes and choosing Properties. This allows you to change
default file permissions levels, TCP and UDP settings, mount types, new
Windows Server 2008 R2 Kerberos settings, and filename support levels.
For example, in Figure 3, the screen for customizing Client for NFS settings is displayed.
Creating NFS Shared Network Resources
Configuring
a shared resource with Server for NFS requires opening the Command
Prompt window with elevated privileges (Start, All Programs,
Accessories, right-click Command Prompt, Run As Administrator) and then
creating the share using the nfsshare command-line utility. Type nfsshare /? for the exact syntax.
To create an NFS shared network resource using the GUI interface, perform the following tasks:
1. | From Windows Explorer on the server, navigate to the folder that will be shared, right-click it, and choose Properties.
|
2. | Select the NFS Sharing tab.
|
3. | Click the Manage NFS Sharing button.
|
4. | Check the Share This Folder check box, as shown in Figure 4.
Configure if anonymous access will be allowed (not normally
recommended) or configure any special permissions by clicking
Permissions.
|
5. | Click OK and then click Close to save the changes.
|
