We have two Windows 2012 R2 servers running Services for NFS. These servers have an NFS share defined so that an HP-UX server can dump files as part of application integration routines. This setup has been working great over the past several years and through multiple server upgrades (2003-2008-2012.) As part of the configuration I had the registry key 'everyoneincludesanonymous' set to '1'.
HKLM\System\CCS\Control\Lsa\everyoneincludesanonymous
Unfortunately, the corporate parent last week pushed out a new policy that sets this key to '0'. Now, each time the Windows server is rebooted the Unix server no longer has permission to write to the NFS share. I have to change the key back to '1', restart the NFS Server, and then unmounts/mount the share on the Unix box. This restores permissions until the next time the Windows server is rebooted.
There is little chance I can convince the corporate guys to reverse the policy change. I think I could use basic identity mapping so that the write requests coming from Unix are not seen as anonymous. I can't use AD identity mapping because I don't have access to the domain controllers (corporate guys again.) I would like to use the basic passwd and group files to allow access from the Unix server. But I'm not sure how to proceed.
1) Can anyone provide an example of how the passwd and group files should be formatted?
2) How can I tell what identity is being provided by the Unix server when the attempted write is performed? I assume I need this to create the passwd and group files.
Hope this makes sense. Thanks in advance.
Joe