Therefore, the administrator nee d s to install the Server for NFS Authentication DLL on Windows 2 00 0
domain controllers when:
• The NFS file serving environment uses previous NFS releases (NAS, SFU, and so on).
• The Windows domain environment uses pre-2003 domain controllers.
Refer to Table 7 for gu idance as to when to use NFS Authentication DLL instead of S4U legacy NFS
and R2 MSNFS.
Table 7 Authentication table
Domain controller type
Legacy NFS (pre-WSS2003 R2) MSNFS (WSS2003 R 2)
Legacy domain
controller
(pre-WSS200
3)
Requires NF S A
uthentication DLL
on domain con
troller
Requires NFS A
uthentication DLL
on domain con
troller
Recent domain controllers
(WSS2003 and later)
Requires NFS Authentication DLL
on domain controller
Usesthebuilt-inS4U(onthe
domain c o ntroller). It is unaffected
by the NFS Authentication DLL on
the domain controller.
The S4U set of extensions to the Kerberos protocol consists of the Ser vice-for-User-to-Proxy (S4U2 Proxy)
extension and the Service-for-User-to-Self (S4U2Self) extension. For m ore information about the S4U2
extensions, see the Kerberos articles at the following URLs: h
ttp://searchwindowssecurity.techtarget.com/
originalContent/0,289 142,sid45_gci1013484,00 . html (intended for IT professionals) and
h
ttp://msdn.microsoft.com/msdnmag/issues /03/04/SecurityBriefs/default.aspx (intended for
developers).
Installing NFS Authentication DLL on domain controllers
NOTE:
Iftheauthenticationsoftwareisnotinstalledonalldomaincontrollersthathaveusernamemappings,
includin
g primary domain controllers, backup domain controllers, and Active Directory domains, then
domain user name mappings will not work corre ctly.
You need t
o install the version of NFS Authentication included with Services for UNIX 3.5. You can
download Services for UNIX 3.5 at no charge from h
ttp://go.microsoft.com/fwlink/?LinkId=44501.
To install the Authentication soft ware on the domain controllers:
1. From the SFU 3.5 files, locate the directory named SFU35SEL_EN.
2. On the domain controller where the Authentication software is being installed use Windows Explorer
to:
a. Open the shared directory containing setup.exe.
b. Double-click the file to open it. Windows Installer is opened.
NOTE:
If the domain controller used does not have Windows Installer installed, locate the file
InstMSI.exe on the SFU 3.5 directory and run it. After this installation, the Windows
Installer program starts when opening setup.exe.
3. In the Microsoft Windows Services for UNIX Setup Wizard dialog box, click Next.
4. In the User na m e box, enter your name. If the name of your organization does not appear in the
Organization box, enter the name of your organization there.
5. Read the End User License Agreement carefully. If you accept the terms of the agreement, click I
acceptthetermsintheLicenseAgreement, and then click Next to continue installation. If you click I
do not accept the License Agreement (Exit Setup), the installation procedure terminates.
78
Microsoft Serv ices for Network File S ystem (MSNFS)
To Next Page
Loading...
Need help?
General