AD LDS Identity Mapping for Services for NFS

This guide explains how to configure Active Directory® Lightweight Directory Services (AD LDS) for Services for Network File System (NFS) on computers that are running Windows Server® 2008 in an environment where no Active Directory exists to support user mapping.

When a UNIX client that is using auth sys credentials (for example, UID=500 and GID=500) connects to a Windows-based server with the Services for NFS role installed, Server for NFS queries AD LDS for objects that match the uidNumber (in this case, uidNumber=500). Server for NFS then queries the samAccountName attribute of the object, which returns the username string of a local account. Server for NFS uses the credentials of this local user.

For the purposes of this guide, we will configure AD LDS for the server server1, which is a non-domain joined system or a member of a workgroup.

In this guide:

• Before You Begin
  
  
• Step 1: Install the AD LDS Server Role
  
  
• Step 2: Create a New AD LDS Instance
  
  
• Step 3: Extend the AD LDS Schema to Support NFS User Mapping
  
  
• Step 4: Set a Default Instance Name for AD LDS Instances
  
  
• Step 5: Update the Active Directory Schema
  
  
• Step 6: Add User and Group Account Maps from a UNIX-based Computer to a Windows-based Computer
  
  
• Step 7: Authorize Appropriate Access to the ADS LDS Namespace Object
  
  
• Step 8: Configure the Mapping Source