Sun Storage 5320 NAS Gateway/Cluster System
 
Sun Storage 5320 NAS Appliance
 

GCS>Sun Microsystems>Storage - Disk>Network Attached Storage
 

These mappings create associations between the CIFS (typically Windows) users ID (RID) and a particular UNIX/NFS UID. This allows users with both NFS and Windows accounts to access their own data from either type of client, and to share data with heterogeneous workgroups. The mapping rules determine how the NFS UID or GID for a particular Windows user or group is obtained.

NOTE: All of the credential mapping functionality described below applies only to Windows Domain mode. To understand how UIDs and security is handled in Workgroup mode, please see <Document: 1013073.1> .

Every time a Windows user accesses the system for the first time (or a mapping otherwise does not exist) a new user mapping is created. Similarly, a new group mapping is created the first time each user from a particular Windows primary group logs in.

It is strongly recommended that you define a mapping rule and import NFS accounts to the system or configure LDAP/NIS+ prior to the migration of data. This minimizes the amount of manual configuration required.

The primary tool to automate credential mapping is the selection of user and group mapping rules. Each of the available mapping policies is detailed below, along with configuration instructions.

To Set Up Credential Mapping:

1. Open a browser to http://hostname or the IP address of your system.
2. Type the administrator password.
3. Navigate to Windows Configuration/Manage SMB CIFS Mapping/Configure User Mapping.
4. In this screen there are radio buttons for each of three user mapping options and each of three group mapping options. Select the desired mapping policy as explained below, and click Apply at the bottom of the screen.

The user mapping options are as follows:

• Default Mapping
  This is the default setting. When a new user connects, a new UID is generated by the system. This UID is one larger than the largest current UID found on the system. Any desired mapping of CIFS users to NFS users must be done manually.
• Map by User Name
  This setting specifies that the Windows users name is looked up through the configured passwd lookup service. If the lookup is successful, the NFS UID is taken from the matching entry. If the lookup fails, a new UID is generated as with the no mapping rule.
• Map by Full Name
  This setting specifies that the Windows NT users full name is looked up through the configured passwd lookup service. If the lookup is successful, the NFS UID is taken from the matching entry. If the lookup fails, a new UID is generated as with the Default Mapping rule.

The group mapping options are as follows:

• Default Mapping
  This is the default setting. When a new user connects, a new GID is generated by the system. This GID is one larger than the largest current GID found on the system. Any desired mapping of SMB groups to NFS groups must be done manually.
• Map by Group Name
  This setting specifies that the NT group name is looked up through the configured group lookup service. If the lookup is successful, the NFS GID is taken from the matching entry. If the lookup fails, a new GID is generated as with the Default Mapping rule.
• Map to Primary Group
  This setting specifies that the Windows users UNIX group is determined by the primary GID field in the passwd entry obtained during the user mapping operation. With this setting, the group.map file is never consulted and the Windows group membership is ignored. The GID for all file operations is set with the GID in the passwd file. If a GID cannot be determined, the UNIX nobody group GID (60001) is used. This setting is very useful for environments where Windows primary groups have not been defined.

Modifying Existing User and Group Credential Mappings

User and group mappings are stored in the configuration files users.map and group.map. A menu interface enables you to edit these mappings. Editing is necessary in cases where the NFS user and group account names do not match the CIFS user and group account names, and in cases where mapping was not configured prior to migration of users and data.

1. Open a browser to http://hostname or the IP address of your system.
2. At the login screen, type the administrator password .
3. Navigate to Windows Configuration/Manage SMB CIFS Mapping/Configure maps.
4. Edit or add mapping per the instructions below.

There are radio buttons at the top of the screen to select users or groups. The screen displays a list of all existing maps. For each user or group, the following information is provided (listed from right to left): UNIX user or group name, UNIX UID or GID, Windows user or group name, Windows Domain, and RID.

The RID is roughly equivalent to the UNIX UID or GID. RID information is stored in a database on the Windows domain controllers. Note that changing a users RID in the system administration interface is not possible. Modifying the value collected from the domain controller simply invalidates the mapping.

To edit a mapping, select either the user or group radio button, and double click the mapping. You are presented with four fields, as described above, with the exception that the Windows Domain and username are merged into one field in the format DOMAIN/user. If you omit the Windows Domain, it will be automatically populated with the Windows Domain that the NAS is currently a member of. Any of these fields can be edited, however, the RID should not be changed, as noted above.

To add a mapping click Add at the bottom of the screen, complete the four fields noted above. In order to use this option, you will need to know the RID information from the Windows domain controllers. It is generally easier to allow the NAS to retrieve the RIDs automatically as users connect, and edit as needed.

This solution has no attachment