Indicating The Computer To Use For The Nfs User Mapping Server - HP 345646-001 - StorageWorks NAS 2000s External Storage Server Administration Manual

Microsoft Services for NFS
Permissions are granted on a per-export basis; each export has its own permissions,
independent of other exports on the system. For example, file system a can be exported to
allow only the Accounting department access, and file system m can be exported allowing
only the Management department access. If a user in Management needs access to the
Accounting information, the A export permissions can be modified to let that one user's client
machine have access. This modification does not affect other client access to the same export,
nor does it allow the Management user or client access to other exports.
After the client machine has permission to the export, the user logon affects file access. The
client machine presents the UNIX user ID (UID) and group ID (GID) to the server. When the
computer accesses a file, the UID and GID of the client are transferred to a Windows user ID
and group ID by the mapping server. The ACLs of the file or directory object being requested
are then compared against the mapped Windows login or group ID to determine whether the
access attempt should be granted.
Note:
presented credentials as valid and correct.
If the NFS server does not have a corresponding UID or GID, or if the administrator has set
other conditions to filter out the user, a process called squashing takes effect. Squashing is the
conversion of an unknown or filtered user to an anonymous user. This anonymous user has
very restricted permissions on the system. Squashing helps administrators manage access to
their exports by allowing them to restrict access to certain individuals or groups and to squash
all others down to restricted (or no) access. Squashing enables the administrator to allow
permissions instead of denying access to all the individuals who are not supposed to have
access. See "NFS User and Group Mappings" later in this chapter for specific information
about creating and maintaining mappings.

Indicating the Computer to Use for the NFS User Mapping Server

During the processes of starting and installing the NAS 2000s, the name localhost is assigned
by default to the computer. It is assumed that the NAS 2000s is the computer that will be used
for user name mapping.
If there are other mapping servers and a machine other than the localhost that will store user
name mappings, the name of that computer must be indicated, as detailed below:
1. Use Remote Desktop to access the NAS Management Console, click File Sharing,
2. In the Computer name box of the user-mapping screen, type the name of the computer
3. Localhost is the computer name assigned by default on the NAS 2000s. To control user
Note:
service is installed and running on that machine.
148
User credentials are not questioned or verified by the NFS server. The server accepts the
Microsoft Services for Network File System. Click Server for NFS.
example of the Server for NFS user interface.
designated for user mapping and authentication.
mapping from a different computer, enter the name of that computer.
If a machine other than the localhost is to be used, make sure that the user name mapping
Figure 81 is an
NAS 2000s Administration Guide