Server for NFS Authentication

Applies To: Windows Server 2003 R2

When a UNIX user attempts to access a file shared by Server for NFS, Server for NFS uses either Active Directory Lookup or User Name Mapping to obtain the corresponding Windows user name of that UNIX user. When the Windows user name is obtained, Server for NFS then passes this information to either a domain controller or the security authority of the local server, depending on the type of account (domain or local):

  • If the Windows user name is a domain account, then the domain controller authenticates the user with Kerberos extensions called Services-For-User (S4U).

  • If the Windows user name is a local account, then the local security authority needs the assistance of Server for NFS Authentication. Without Server for NFS Authentication, the local security authority cannot authenticate the user and access will be denied.


Active Directory Lookup always associates UNIX users to Windows domain user accounts. If Server for NFS is configured to only use Active Directory Lookup, then you will not need to install Server for NFS Authentication on the local computer. If you want to associate UNIX users with Windows user accounts, you must use User Name Mapping.


Domain controllers running Windows 2000 and earlier operating systems do not support S4U authentication. UNIX users associated with Windows domain accounts on Windows 2000 and earlier domain controllers will be denied access unless you download and install a prior version of Server for NFS Authentication. For more information, see the Microsoft Web site.

To install Server for NFS Authentication

  1. In Control Panel, click Add or Remove Programs. Then click Add/Remove Windows Components.

  2. From the list of components, in the Windows Components Wizard dialog box, select Other Network File and Print Services, and click Details.

  3. From the list of subcomponents, select Microsoft Services for NFS, and click Details again.

  4. Select Server For NFS Authentication, and click OK.

  5. Click OK again and then Next, and after the configuration of the new component has completed, click Finish.