User Name Mapping
SFU uses the User Name Mapping service to map between UNIX and Windows user and group names. The other SFU services require the User Name Mapping service to ensure that when a user on a certain platform requests a resource, the system uses user credentials known by that platform. For example, NFS exports are accessed using UNIX user account information, and Windows file shares are accessed using Windows account information. The User Name Mapping service lets you tie Windows and UNIX accounts together. You'll still create file-level access control lists (ACLs) on either a UNIX or Windows system by using the native permission syntax for users native to that system. User accounts from the alternate platform that map to appropriate, allowed Windows user accounts would be able to access those files by using the mapped identity. Suppose John Public uses the Windows user account John.Public and the UNIX account JohnP. With User Name Mapping, John could tie John.Public and JohnP together so that he can access a UNIX NFS export permissible for JohnP while logged on to a Windows computer as John.Public. The User Name Mapping service permits 1:1 mappings between UNIX and Windows users and groups, or many UNIX identities to a single Windows identity.
Use the MMC Microsoft Windows Services for UNIX snap-in or the SFU command tool mapadmin.exe to configure the User Name Mapping service. From the MMC console, select the User Name Mapping node and go to the Maps tab. If your UNIX names match your Windows domain user names (e.g., the Windows username jeff equals the UNIX username jeff) select the Simple Maps check box. However, to map differently named users or groups, click Show User Maps or Show Group Maps to configure these custom relationships. For example, if you want to map the UNIX group operators to the Windows group Server Admins, select both groups and click Add, as Figure 1 shows.
Gateway for NFS
The SFU Gateway for NFS service provides a mapping from UNIX-hosted NFS exports to regular Windows shares. Windows clients that aren't running SFU can access NFS export data. The following example shows how to configure a UNIX NFS export and make that data available as a Windows share on the Gateway for NFS server.
On a UNIX system, exporting a directory is straightforward. First, make sure NFS is installed and operational. Next, depending on your UNIX variant, edit the /exports file (typically /etc/exports) so that it includes the name of the folder you want to export, the read/write permissions you want to set, and the server (or network) you want to export it to. Set the UNIX folder permissions to allow an NIS user or group Read or Write access to the folder. Execute the UNIX command
exportfs -a
or restart the NFS service to reread the NFS configuration file and host the new export.
Next, on the Gateway for NFS server, you can optionally define an NFS network. Open My Network Places and select Entire Network. You'll notice a new Network type called NFS Network. Right-click NFS Network and click Add new network. Enter the IP address and subnet of the network that contains your NFS server(s). Click OK, then drill down into the NFS network you just created. You should see your UNIX computer hosting the NFS export. Double-click the UNIX computer name to see your UNIX export and the folders it contains.
Finally, configure the Gateway for NFS server to share this UNIX-based NFS export. Click Start, All Programs, Windows Services for UNIX, and launch Gateway for NFS Shares. Use this application to create and configure the Windows share that will map to the NFS export. Name the share, select the drive that you want to assign to that share, specify the NFS export in the Network Resources tree, and choose the encoding (typically ANSI), as you see in Figure 2. Click the Permissions button to set share-level permissions for the newly created share.
The Client Components
So far, I've described the features of SFU 3.5 and walked you through the configuration of Server for NIS, User Name Mapping, and Gateway for NFS. Now, let's take a look at SFU 3.5's main client components. On an XP client, repeat the SFU 3.5 installation but this time, during the custom component selection, accept the defaults to install the SFU Utilities, NFS Client, NFS Server, Windows Remote Shell Service, and Server for NFS Authentication services. You won't install the User Name Mapping service on the client systems because you'll instead leverage the centralized User Name Mapping service previously installed on the network server. After you select the components to install, click Next and answer a few questions specific to your installation choices. First, specify whether the Interix programs will support setuid behavior. When a program enabled for setuid is executed, it will run under its own UID instead of the UID of the account that started it.
When prompted, specify the Remote User Name Mapping Server as the server that you previously configured. (Alternately, if you're installing SFU independently, you can choose to set up a Local User Name Mapping Server, which will perform logon mapping for the local system. After the installation is complete, you must restart the computer. Upon reboot, you'll be able to access SFU features.
The Shell
The UNIX shell provides the input mechanism to the kernel—similar to the Windows command prompt. SFU includes two shells: the C Shell (csh) and the Korn Shell (ksh). Use these shells to launch the SFU UNIX applications. Click Start, All Programs, Windows Services for UNIX, and launch your preferred shell. From the shell, issue the commands
cd /
ls -la
to change directory to the root directory and list its contents. If you're familiar with UNIX systems, you'll recognize the single-rooted file structure. In a single-rooted file structure, all the SFU UNIX files and directories are located relative to a single root (e.g., hosts is located at /etc/hosts). However, Windows and Interix file structures are separate. From the Windows perspective, the UNIX files reside in the C:\SFU directory. From the SFU UNIX perspective, the C drive is located at /dev/fs/C.
Next, in the SFU shell, issue the command
tree
This command presents a text representation of the folder hierarchy and gives you an idea of the SFU file system structure. Also, notice that this Windows program runs within the Interix shell—useful functionality if you're writing a shell script in UNIX but need to quickly execute a Windows command. You'll find that some (but not all) of the UNIX utilities will also run in the Windows shell and visa versa.
Picking a favorite product from an impressive crowd of competitive offerings is never an easy task, and such was the case with our Editors' Best and Community Choice awards this year. ...
An often irreverent look at some of the week's other news, including some post-PDC some soul searching, a Google Chrome OS announcement and a Microsoft response, Windows 7 off to a supposedly strong start, the Jonas Brothers and Xbox 360, and so much more ...
Free CDs Offer Fundamental Content for IT Pros Are you up to speed on the latest technologies and solutions? Don't miss out on your chance to get up to speed quickly on fundamental, in-depth information on some of the hottest topics in our library of content.
Let Your Users Reset Their Own Passwords: Free Download Try a 30 day free trial of Desktop Authority Password Self-Service – it provides an easy-to-use, robust system for allowing users to reset their own forgotten passwords or locked accounts.
Get Windows IT Pro & Mark Minasi’s Favorite Power Tools Guide Order Windows IT Pro now and get "More of Mark Minasi's Favorite Power Tools"--a in-depth guide to the most useful Windows commands --FREE with your paid order! Subscribe today, and save 58% off the cover price!
Deep Dive into VMware vSphere, eLearning Series Join John Savill to explore the major functionality capabilities of the vSphere virtualization platform, including identification of the changes from ESX 3.5.
Register
