Important Tips on NFS (Part 1)
How can we map users in Windows 2008?
In windows 2008\2008 R2, we have the following options:
1. Fetching maps from a windows 2003\2003 R2 mapping server
2. Using Adlookup for mapping domain accounts
3. Using ADLDS for local accounts
Why the mapping information is not getting saved through GUI:
The issue is more common on WIndows 2008\2008 R2. After making the changes for user name mapping (either using ADlookup or fetching through user name mapping server), restarting Server for NFS service reverts the changes.
To resolve the issue, use the command line to set mapping informationè
To fetch from a UNM server:
nfsadmin mapping config mapsvr=<servername>
nfsadmin mapping config mapLookup=yes
For ADlookup you can run the command below:
nfsadmin mapping config adlookup=no/yes
How can we manage permission on a Windows NFS share?
The permission on a NFS share can be managed either from the Windows side or from the Unix side. From Unix side, you can manage the le permission (RWXRWXRWX). Command like chown can be used to change the ownership information. Command like chmod can be used to change the permission bit.
From Windows side you can manage through the NTFS permissions (Properties-Security). User ownership can be managed from here. You can also force the Unix clients to honor the NTFS permission by enabling the ‘keepInheritance” registry key.
Who gets the ownership for a file\folder, if it is created from Windows side?
Any new files\folder created had default owner as Administrators account. Well there was a security policy which was there prior Windows vista which could be set to have the current logged in user as the owner for the newly created files. http://support.microsoft.com/kb/947721
Setting the policy in Windows 2008\2008 R2 as per the support documents will not apply.
On windows 2008\2008 R2, if a user is part of the administrator group and if the user creates a file then the default owner will be Administrators group. In case the user is not a member of the administrator groups then he would be the owner for the newly created files and folder.
By default in Windows you can set the User ownership on a file\folder. The group ownership is set to the primary group of the logged in user. And the group ownership cannot be modified from Windows side, it has to be from Unix side.
There is a command available in Windows 2008 R2 to check the ownership for the file\folder.
· nfsfile <file-name>