HP ProLiant Storage Server User Guide (440584-003, September 2007)

ManualsBrandsHP ManualsStorageHP DL380 G5 Storage Server GE Bundle

Therefore, the administrator needs to install the Server for NFS Authentication DLL on Windows 2000

domain controllers when:

• The NFS ﬁle serving envir onment uses previous NF S releases (NAS , SFU, and so on).

• The Windows domain environment uses pre-2003 domain controllers.

See Table 8 for guidance as to when to use NFS Authentication D LL instead of S4U legacy NFS and

R2 MSNFS.

Table 8 Authentication table

Domain controller

type

Legacy NFS

(pre-WSS2003 R2)

MSNFS (WSS2003 R2)

Legacy domain

controller (pre-

WSS2003)

Requires NFS Authentication

DLL on domain controller

Requires NFS Authentication DLL on domain

controller

Recent domain

controllers (WSS2003

and later)

Requires NFS Authentication

DLL on domain controller

Uses the built-in S4U (on the domain controller).

It is unaffected by the NFS Authentication DLL on

the domain controller.

The S4U set of extensions to the Kerberos protocol consists of the Service-for-User-to-Proxy (S4U2Proxy)

extension and the Service-for-User-to-Self (S4U2Self) extension. For more information about the S4U2

extensions, see the Kerberos articles at the following URLs: h

ttp://searchwindowssecurity.techtarget.com/

originalContent/0,289142,sid 45_gci1013484,00.html (intended for IT professionals) and

ttp://msdn.microsoft.com/m sdnmag/ iss ues/03/04/SecurityBriefs/default.aspx (intended for

developers).

Installing NFS Authentication DLL on domain controllers

NOTE:

Iftheauthenticationsoftwareisnotinstalledonalldomaincontrollersthathaveusernamemappings,

including primary domain controllers, backup domain controllers, a nd Active Directory domains, then

domain user name mappings will not work correctly.

You need to install the version of NFS Authentication included with Services for U NIX 3.5. You can

download Services for UNIX 3.5 at no charge from h

ttp://go.microsoft.com/fwlink/?LinkId=44501.

To install the Authentication software on the domain controllers:

1. From the SFU 3.5 ﬁles, locate the directory named SFU35SEL_EN.

2. On the domain controller where the Authentication soft ware is being installed use Windows Explorer

to:

a. Open the shared directory containing setup.exe.

b. Double-click the ﬁle to open it. Windows Installer is opened.

NOTE:

If the domain controller used does not have Windows Installer installed, locate the ﬁle

InstMSI.exe on the SFU 3.5 directory and run it. After this installation, the Windows

Installer program starts when opening setup.exe.

3. In the Microsoft Windows Services for UNIX Setup Wizard dialog box, click Next.

4. In the User name b ox, enter your name. If the name of your organization does not appear in the

Organization box, enter the name of your organization there.

5. Read the End User Lic ense Agre em ent carefully. If you accept the terms of the agreement, click I

acceptthetermsintheLicenseAgreement, and then click Next to continue installation. If you click I

do not accept the License Agreement (Exit Setup), the installation procedure terminates.

Microsoft Serv ices for Network File System (MSNFS)