Configuring User Name Mapping - Part 1
On this page, I have put some information about how you can configure User Name Mapping. It doesn't have the complete step-by-step kind of touch to it since that article was all about getting Server for NFS to work.
To do justice to User Name Mapping, I am beginning a series of posts which discusses different UNIX environments and how they can be used with User Name Mapping to allow Windows systems to interoperate with UNIX environment and help migrating data from UNIX systems to Windows. This post, again, will not have step-by-step guide to configure User Name Mapping. That's something to follow in the next posts.
A typical UNIX environment may use local files (/etc/passwd and /etc/group) to manage authentication and manage access. In addition to local files, a UNIX system can also make use of NIS and LDAP to authenticate users centrally. Having centralized authentication make more sense if people need to access data on NFS servers – more so because all NFS cares about is UIDs and GIDs to allow access to data.
If an environment doesn't have centralized control on user and group accounts, it presents many challenges when it comes to security and managing unique UIDs and GIDs across all UNIX systems. NIS and LDAP reduce this overhead and provide easy to manage repository of user and group accounts. They also provide mechanisms such as netgroups to further strengthen security on NFS shares.
If your environment doesn't use NIS or LDAP for authentication and if your users and groups are scattered on different UNIX systems having their own user and group naming conventions and the UIDs and GIDs are duplicated between them – you really need to make a lot of changes before you can reap the benefits of UNIX interoperability components shipped with Windows and Services for UNIX 3.5 product.
To start with – you would need to ensure that your users and group have unique UIDs and GIDs and there are no conflicts across all systems.You, of course, need to ensure that the user and group names are unique too.
Most difficult part is to plan and change UIDs and GIDs on UNIX systems. It’s not easy but you follow some simple steps to get it done sooner than later -
For now, you need to move this master database to the server running the User Name Mapping service and use it configure appropriate user and group mappings.
On the other hand, things become really easy if you have NIS or LDAP already running in your environment – User Name Mapping can directly connect to your NIS servers and fetch the details to create mappings for user and group accounts.
Server for NFS and Client for NFS which ship with Windows Server 2003 R2 and Windows Vista can also talk to your RFC2307-compliant LDAP store to fetch the UID and GID information directly. This will also be featured in Windows Server 2008. It also helps you eliminate User Name Mapping service from your setup and stop worrying about mapping users and groups manually when adding new accounts (if you are not making good use of Simple Mappings).