Table 10 Authentication table
Domain controller type
Legacy NFS (pre-WSS2003 R2) MSNFS ( WSS2003 R2)
Legacy domain controller
(pre-WSS2003)
Requires NFS Authentication DLL
on domain controller
Requires NFS Authentication DLL
on domain controller
R
ecent domain controllers
(
WSS2003 and later)
R
equires NFS Authentication DLL
o
ndomaincontroller
U
ses the built-in S4U (on the
d
omain controller). It i s unaffected
b
y the NFS Authentication DLL on
the domain controller.
The S4U set of extensions to the Kerberos protocol consists of the Service-for-User-to-Proxy (S4U2Proxy)
extension and the Service-for-User-to-Self (S4U2Self) extension. For more information about the S 4 U 2
extensions, see the Kerberos articles at the following URLs: h
ttp://searchwindowssecurity.techtarget.com/
originalContent /0,289142,sid45_gci1013484,00.html (intended for IT professionals) and
h
ttp://msdn.microsoft.com/msdnmag/issues/03/04/SecurityBriefs/default.aspx (intended for
developers).
Installing NFS Authentication DLL on domain controllers
NOTE:
If the authentication software is not installed on all domain controllers that have user name mappings,
including primary domain controllers, backup domain controllers, and Active Directory domains, then
domain user name mappings will not work correctly.
You need to install the version of NFS Authentication included with Services for UNIX 3.5. You can
download Services for UNIX 3.5 at no charge from h
ttp://go.microsoft. com/fwlink/?LinkId= 44501.
To install the Authentication software on the domain controllers:
1. From the SFU 3.5 files, locate the directory name d SFU35SEL_EN.
2. On the domain controller where the Authentication software is being installed use Windows Explorer
to:
a. Open the shared directory containing setup.exe.
b. Double-click the file to open it. Windows Installer is opened.
NOTE:
If the domain controller used does not have Windows Installer installed, locate the file
InstMSI.exe on the SFU 3.5 directory and run it. After this installation, the Windows
Installer program starts when opening setup.exe.
3. In the Microsoft Windows Services for UNIX Setup Wizard dialog box, click Next.
4. In the User name box, enter your name. If the name of your organization does not appear in the
Organization box, enter the name of your organization there.
5. Read the End User License Agreement carefully. If you accept the terms of the agreement, click I
accept the terms in the License Ag reem ent, and then click Next to continue installation. If you click I
do not accept the License Agreement (Exit Setup), the installation procedure terminates.
6. Click Custom Installation, and then click Next.
7. In the Components pane, click the down arrow next to Windows Services for UNIX, and then
click Entire component will not be available.
8. Click the plus sign (+) next to Authentication Tools.
9. In the Components pane, click the plus s ign ( + ) next to Authentication Tools.
10. Click Server for NFS Authentication,clickWill be installed on local hard drive, and then click Next.
HPProLiantML350G5StorageServer
91