Using Your NAS System 39
3
Optionally, if you are setting up a shared AD LDS store to allow multiple
NFS servers to query the account mapping database, add the mapping
data store to the ACL to allow Read permissions for the Anonymous
Logon account as follows:
dsacls "\\server1:389\CN=nfsadldsinstance,dc=
server1" /G "anonymous logon":GR /I:T
NOTE: You can skip this step if there is no shared access between computers
to the mapping data store.
Configuring the Mapping Source
To configure the mapping source:
1
Click
Start
, right-click
Command Prompt
, and then click
Run as
administrator
to open an elevated command prompt.
2
Run the following command, where <
Computer
> is the name of the
computer where the AD LDS instance was created, and where <
Port
> is
the port that the AD LDS instance uses:
nfsadmin mapping config adlookup=yes addomain=
<Computer>:<Port>
NOTE: For this example, use the following:
nfsadmin mapping config adlookup=yes addomain=
server1:389
3
Test the setup by accessing the NFS resources and verifying that the user
and group account mappings work as expected.
Debug Notes for NFS Account Mapping Problems
Server for NFS can be made to log account mapping failures to the Windows
Event Log service by setting the following registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servi
ces\nfsserver\Parameters\VerboseMappingFailureLog
ging INVALID USE OF SYMBOLS REG_DWORD = 1
book.book Page 39 Thursday, September 2, 2010 2:36 PM
To Next Page
Loading...
