Create a User Name Mapping server pool
You can use DNS round robin to create a pool of computers running
User Name Mapping. This will provide improved performance on
wide-area networks as well as provide failover capability when one
of the servers is no longer available. For more information, see
Creating a
User Name Mapping server pool.
Refresh data whenever a user is added or changed
To ensure that the user will have immediate access to network file
system (NFS) resources, refresh the User Name Mapping database
immediately after you add a user or otherwise make changes to the
user's Windows or UNIX accounts that would affect the user's
mapping. For information on refreshing the database, see Refresh data
now.
Place passwd and group files on the User Name Mapping
server
If User Name Mapping is configured to use PCNFS passwd and group
files, these files must be located on a hard drive on the server to
ensure that User Name Mapping will be able to access the files
whenever it refreshes the mapping database.
Use appropriate permissions to protect passwd and group
files
If you store passwd and group files on the computer running User
Name Mapping, be sure to protect them with permissions that allow
access only by appropriate users. It is recommended that the
permissions list contain only entries that grant Full Access to
SYSTEM and the Administrators group. Also, do not change the
permissions that Windows Services for UNIX applies to other User
Name Mapping configuration files.
Avoid loss of complex data
To avoid loss of complex advanced maps in case of system
difficulty, or to aid in transferring maps to another server, be
sure to back up your User Name Mapping data whenever you change
advanced maps.
Ensure consistency of group mapping
To ensure proper file access, Windows and UNIX groups that are
mapped to each other should contain the same users, and the members
of the Windows and UNIX groups should be properly mapped to each
other.
When setting up simple or advanced mapping, specify the NIS
server in addition to the NIS domain
This will help ensure that Windows user accounts will be mapped
with accounts in the intended NIS domain, in case more than one NIS
domain with the same name exists on the network. This can happen if
an attacker has set up an NIS master server on the network in an
attempt to take control of NIS clients.
Specify the computers that can access User Name
Mapping
User Name Mapping requires you to identify the computers that can
access User Name Mapping in the .maphosts file. (If the list in
this file is empty, only the computer running User Name Mapping can
access the service.) To maintain a high level of security, you
should explicitly specify the computers that can access User Name
Mapping, rather than using the plus sign (+) by itself to grant
access to all computers. For more information, see Controlling access to
User Name Mapping.