DOCUMENT:Q323722 06-AUG-2002 [winnt] TITLE :User Name Mapping Does Not Seem to Work and Event ID 1003 Occurs PRODUCT :Microsoft Windows NT PROD/VER::3.0 OPER/SYS: KEYWORDS: ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Windows Services for UNIX, version 3.0 ------------------------------------------------------------------------------- SYMPTOMS ======== The User Name Mapping service does not seem to work with any of the Windows Services for UNIX components such at Client for NFS, Server for NFS, Gateway for NFS, and other components. All files are still being written by using anonymous permissions even though you configured User Name Mapping properly. Additionally, the following event ID message may be logged in the system log if you are running Server for NFS: Event Type: Warning Event Source: NfsSvr Event ID: 1003 Description: Mapping information could not be obtained from Username mapping. Another attempt will be made after 30 minutes. NOTE: This problem only occurs if User Name Mapping is running on a remote server; however, if a negative entry (represented by a dash [-]) exists in the .Maphosts file, this problem does not occur. CAUSE ===== The authentication mechanism that is used by the network file system (NFS) protocol is based on trust relationships between host computers. That is, an NFS server accepts the user identifiers (UIDs) and group identifiers (GIDs) from a specific client computer because the server is configured to recognize the client computer as trustworthy. User Name Mapping acts as an intermediary between NFS servers and NFS clients on a network that contains UNIX hosts and Windows-based computers. To maintain the implicit trust relationship between the NFS client and host computers, you must control which computers can access User Name Mapping and act as a trusted host on the NFS network. To control which computers can access User Name Mapping, edit the .Maphosts file in the \Mapper folder of the server that is running User Name Mapping. When you add entries in this file, you can easily allow or deny any other computer access to User Name Mapping. If the .Maphosts file is present but not empty, only those computers that are allowed access by entries that are included in the file can access User Name Mapping. If the .Maphosts file is present but it does not contain host entries (it contains only comments, which is the default text), only the computer that is running User Name Mapping can access User Name Mapping; no other computers can access this service. If the .Maphosts file is not present, no computers can access User Name Mapping, including the computer that is running User Name Mapping. RESOLUTION ========== To resolve this issue, edit the .Maphosts file in the \Mapper folder on the User Name Mapping server. NOTE: When User Name Mapping matches a computer that is making a request against the elements in the list, it searches from the top down until it finds a match. As a result, the order of the entries is important. To edit the .Maphosts file, add any of the following elements: - host: Use this element to specify one or more computers that can access User Name Mapping. You can specify the host by using an Internet Protocol (IP) address (IP version 4) or as a host name that resolves to one or more IP addresses. - host -: Use this element to specify one or more computers that are denied access to User Name Mapping. You can specify the host as an IP address (IP version 4) or as a host name that resolves to one or more IP addresses. Note that you must use at least one blank space between "host" and the dash (-). - Plus sign (+) : Use only the plus sign (+) to specify that all computers can access User Name Mapping unless they are denied access by an earlier entry in the list. All of the entries in the list that follow this element are ignored. - Dash (-): Use only the dash (-) to specify that all computers are denied access to User Name Mapping unless they are allowed by an earlier entry in the list. All of the entries in the list that follow this element are ignored. Additional query words: sfu ====================================================================== Keywords : Technology : kbWinServiceUNIXSearch kbWinServiceUNIX300 Version : :3.0 Issue type : kbprb ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2002.