With Server for NFS, network file system (NFS) requests can be processed as if they were issued by a Windows user. When Server for NFS users are mapped to domain users, the Authentication Tools must be installed on all authenticating computers. The Authentication Tools can be installed with the Windows Services for UNIX Setup wizard.
If you own a single copy of Server for NFS, you are licensed to install the Authentication Tools on all domain computers in your organization. The program should be installed on all domain and backup domain controllers to provide authenticated access to mapped users.
Server for NFS uses reverse (UNIX user to Windows user) mapping to determine the file-access permissions for an NFS request. When Server for NFS receives the user identifier/group identifier (UID/GID) pair in an NFS request, it uses the mapping to determine the Windows user who is using the UID. The NFS request is determined to originate from a mapped Windows user.
Since multiple Windows user accounts can be mapped to one UNIX user account, one of the mappings is marked as the primary mapping. The primary mapping specifies which mapping is used to determine the Windows user name for a given UID. Because multiple Windows users are mapped to the same UNIX user account, files owned by any of these Windows users are reported as being owned by the mapped UID. For example, if users Kim and Pat are mapped to UID 10, files owned by both Kim and Pat are reported to have UID 10. However, when the NFS request with UID 10 accesses the file, the file is accessed in the context of the primary Windows user. For example, if the mapping between Kim and UID 10 is the primary mapping, the NFS access request for UID 10 will be handled in the context of Kim. Consequently, files owned by Pat, although reported as owned by UID 10, may not be accessible to UID 10.
To avoid such situations, use one-to-one mapping in which each Windows user is mapped to a single UNIX user and vice versa.