Step 6: Add User and Group Account Maps from a UNIX-based Computer to a Windows-based Computer

  • Article

Applies To: Windows Server 2008

This step explains how to create containers and mappings between UNIX systems and Windows-based computers.

The following procedures are included in this step:

  • To connect to the distinguished name or naming context. Follow this procedure to set a default naming context and create a container to hold your account mappings from UNIX to the Windows operating system.

  • To add user account maps. Follow this procedure to create a user-class object in the CN=Users container, to map the uidNumber, gidNumber, and sAMAccountName attributes.

  • To add group account maps. Follow this procedure to create a group-class object in the CN=Users container, to map the gidNumber and sAMAccountName attributes.

To connect to the distinguished name or naming context

  1. Open ADSI Edit. (Click Start, point to Administrative Tools, and then click ADSI Edit.)

  2. In the console tree, right-click ADSI Edit and then click Connect to. This opens the Connection Settings dialog box.

    • Under Connection Point, select the Select a well known Naming Context option, and then click Default naming context from the drop-down menu.

    • Under Computer, select the Select or type a domain or server option, and then type the server name and port number into the text box, separated by a colon (for example, localhost:389).

    When you are finished, click OK. ADSI Edit refreshes to display the new connection.

  3. In the resulting tree, under the Default naming context node, right-click the partition name, point to New, and then click Object.

Note

For this example, under the Default naming context [localhost:389], select the following properties: CN=nfsadldsinstance,DC=server1.

  1. In the Create Object dialog box, select the Container class, and then click Next.

  2. In the Value text box, type Users, and then click Next. This value specifies the name of the container object that will be used to hold your user account mappings.

  3. Click Finish.

To add user account maps

  1. In ADSI Edit, expand the Default naming context node, and then expand the partition name.

  2. Right-click CN=Users, point to New, and then click Object.

  3. In the Create Object dialog box, select the User class, and then click Next.

  4. In the Value text box, type the user’s name, and then click Next.

Note

The user’s name is not associated with the Windows or Unix user, and can be a random entry.

  1. Click the More Attributes button to edit the uidNumber, gidNumber, and sAMAccountName attributes of this user account.

Note

The uidNumber and gidNumber represent the UID and GID of the UNIX user who is being mapped, and sAMAccountName must match the name of a local Windows user on the computer that is running Server for NFS. If, after selecting the More Attributes button, the uidNumber and gidNumber do not appear, close and open the ADSI Edit MMC.

  1. Click OK.

To add group account maps

  1. In ADSI Edit, expand the Default naming context node, and then expand the partition name.

  2. Right-click CN=Users, point to New, and then click Object.

  3. In the Create Object dialog box, select the Group class, and then click Next.

  4. Ensure that the group object’s name matches the name of the group account for which group account mapping is desired.

  5. Set the gidNumber and sAMAccountName attributes for the new group object.

Note

The gidNumber is the GID of the UNIX group that is being mapped, and sAMAccountName must match the name of a local group on the Windows-based computer that is running Server for NFS. If, after selecting the More Attributes button, the uidNumber and gidNumber do not appear, close and open the ADSI Edit MMC.

  1. Click OK, and then click Finish to exit the wizard.