The Identity Management for UNIX Active Directory schema extension includes UNIX user identifier (UID) and group identifier (GID) fields. This enables Server for NFS and Client for NFS to look up Windows-to-UNIX user account mappings directly from Active Directory Domain Services. Identity Management for UNIX simplifies Windows-to-UNIX user account mapping management in Active Directory Domain Services.
Mapping (through either Active Directory Lookup or User Name Mapping) the UNIX user root (UID 0) to the Windows user Administrator—and also, mapping the group to which the root belongs to the Windows group Administrators.
By default, Server for NFS does not allow anonymous users to access a shared directory. When you share a directory, you can allow anonymous access to the directory and you can change the default anonymous UID and GID values to the UID and GID of any valid UNIX user and group accounts. If you change the anonymous UID and anonymous GID for a shared resource, those values will be used when reporting the owner of a file owned by a Windows user which is not mapped to UNIX user, even if anonymous access is not allowed.
To allow anonymous access to an NFS share using the Windows interface
- Open Windows Explorer: click Start, point to Programs or All Programs, point to Accessories, and then click Windows Explorer.
- In the details pane, right-click the shared directory you want to manage.
- Click Sharing.
- Click NFS Sharing.
- Select Allow anonymous access.
- To specify a nondefault value for the anonymous user identifier (UID) or anonymous group identifier (GID), type the value in theAnonymous UID or Anonymous GID box.
- Click Apply.
====================================================================================================================================
Users of client computers can use the chmod utility to set the setuid (set-user-identifier-on-execution), setgid (set-group-identifier-on-execution), and sticky file mode bits on files or directories that are stored on an NTFS file system partition and shared through Server for NFS. When the file or directory is subsequently accessed by a UNIX-based client, the standard semantics for these bits will apply.
Changing setuid and setgid behavior
Use the following procedure to change the behavior of the setuid and setgid bits:To change setuid and setgid behavior
- Open Registry Editor.
- Set the following registry key:
HKEY_Local_Machine\System\CurrentControlSet\Services\NfsSvr\Parameters\SafeSetUidGidBits = (DWORD)
- A value of 1 causes safer setuid and setgid behavior.
- A value of 0 causes the standard UNIX behavior.