Active Directory Lookup? Or, User Name Mapping? Or Both?

re: Active Directory Lookup? Or, User Name Mapping? Or Both?

Harri — Sat, 25 Aug 2007 21:25:43 GMT

Now here is the question: How can I make use of the NFS client on Windows to mount my $HOME from my Linux PC? Do I have to buy an expensive server license and another expensive PC to run AD for my home office?

re: Active Directory Lookup? Or, User Name Mapping? Or Both?

Ashish — Mon, 27 Aug 2007 19:14:41 GMT

Too little information to say anything. Send me a mail using the link above with details about how this environment is and I should be able to give you some useful hints.

re: Active Directory Lookup? Or, User Name Mapping? Or Both?

Dan — Sun, 09 Sep 2007 23:08:49 GMT

Hi, great article.

I'm attempting to setup a server running NFS (Microsoft services for NFS 1.0 to authenticate a set of Linux clients to corresponding domain accounts. I've attempted to turn on Active Directory lookup and populated the "Unix Attributes" area for all AD Users I'm trying to authenticate, however when I do this I'm never able to authenticate users (always see "permission denied" from the Linux clients.)

When I turn on the local User Name mapping and configure the exact same domain account mapping on the localhost everything works fine. I can also turn on user name mapping on the domain controller and this works fine as well.

Every article I've read so far on the topic makes it sound like AD lookup should just work... I haven't found a good troubleshooting reference yet. Do you have any ideas about where I should look for troubleshooting hints? I'm a bit out of my area of expertise here so I'm not sure about the best way to debug AD issues like this.

Thanks

Dan

re: Active Directory Lookup? Or, User Name Mapping? Or Both?

Ashish — Mon, 10 Sep 2007 17:03:25 GMT

Dan,

At first, this looks like a permissions issue on the shares but I am not sure.

A network capture can reveal why is this happening.

Use the Email link above to send me a mail and later send me the network capture.

How User Name Mapping works?

Services for UNIX - Interoperability — Fri, 25 Apr 2008 07:33:52 GMT

How User Name Mapping works? User Name Mapping is the core NFS authentication component in Services for

re: Active Directory Lookup? Or, User Name Mapping? Or Both?

Yaron — Fri, 05 Sep 2008 15:59:01 GMT

i have a nfs sharing on windows 2003, and an unix computer.

How can i map multiple unix users to the same windows users for accesing the nfs shared,i've read at http://technet.microsoft.com/en-us/library/bb463218.aspx that it's not possible.

When i tried, i got an error user mapping already exist. Perhaps there is another solutions like group mapping ?

I don't use NIS, i use nfsmgmt.msc to get the path of the file that contain unix users and update the unix users.

re: Active Directory Lookup? Or, User Name Mapping? Or Both?

Ashish — Fri, 12 Sep 2008 01:05:25 GMT

You can set all of such users' primary group to one specific group and then map all such users to their Windows counterparts. If it's an option, you can use anonymous access.

- Ashish

re: Active Directory Lookup? Or, User Name Mapping? Or Both?

Finy — Wed, 01 Apr 2009 18:24:46 GMT

Will it be possible for a root user on linux box to create many local users(in /etc/passwd) with different uid and gain access to NFS share(with different windows credentials) hold by Windows?

Do windows 2008(maybe AD) authenticate the Unix user by his passwd? or just check it's uid and mapped to a windows account for authorization?

re: Active Directory Lookup? Or, User Name Mapping? Or Both?

Ashish — Wed, 01 Apr 2009 19:39:24 GMT

Pretty much - yes. The NFS server authenticates the users by their UID/GID (which is true for every NFS server out there) and obtains a token so that they can access the files and folder on the Windows NTFS volumes.

If you have systems where root access is allowed and you cannot trust the user - make use of the client groups and limit access to the shares only from the machines where it is desired.

- Ashish

re: Active Directory Lookup? Or, User Name Mapping? Or Both?

RCMD — Tue, 01 Sep 2009 22:24:44 GMT

Is there a way for Windows 2008 to use the Password and Group files the way that 2003 did? I can only get it to point to a remote server, but I want to look locally.

re: Active Directory Lookup? Or, User Name Mapping? Or Both?

Ashish — Wed, 02 Sep 2009 00:01:07 GMT

Not really. If this is a DC, you can populate the information in AD and use that. If it's not a DC, ADLDS/ADAM is an option but I am not sure if you would want to do that.

The guide is here - http://technet.microsoft.com/en-us/library/dd764497(WS.10).aspx

- Ashish