Identity Matching in User Name Mapping Service

Applies To: Windows Server 2003 R2

The User Name Mapping service was the core authentication component of Windows Services for UNIX, and it continues to be supported in Services for Network File System (NFS). However, it is important to note that this is the final release of the User Name Mapping service, and it will not be supported in future releases of Services for NFS.

Although User Name Mapping service is at the core of the authentication processes for Windows Services for UNIX 3.5, it does not perform the authentication. The authentication is performed by the:

• Windows domain controller or the Local Security Authority Subsystem Service (LSASS) if access permissions are requested by a Windows user (when Server for NFS shares files with UNIX users).

• UNIX authentication mechanism if access permissions are requested by a UNIX user (when Windows users access UNIX-based shared network resources through Client for NFS).

In other words, if a user requests access to a shared network resource on a Windows computer, that computer uses a Windows authentication mechanism. If a user requests access to a shared network resource on a UNIX computer, that computer uses UNIX authentication.

One other important authentication occurs when a request comes to the User Name Mapping service. The .maphosts file resides in the %SFUDIR%\Mapper subdirectory of the Windows Services for UNIX 3.5 installation directory or the %WINDIR%\msnfs directory in Windows Server 2003 R2. The .maphosts file is checked to see whether the requesting computer is permitted to access the User Name Mapping service. If it is not, the request is denied.

Several steps are involved in any authentication, and any of the steps could cause an authentication failure. It is important to understand the process to troubleshoot it effectively.