![]() | Sun System Handbook - ISO 4.1 October 2012 Internal/Partner Edition | ||
|
|
![]() |
||||||||||||||||||||||||
Solution Type Technical Instruction Sure Solution 1402483.1 : Sun Storage 7000 Unified Storage System: Identity mapping policies and requirements
In this Document
Created from <SR 3-3740498461> Applies to:Sun ZFS Storage 7120 - Version Not Applicable to Not Applicable [Release N/A]Sun Storage 7410 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A] Sun ZFS Storage 7320 - Version Not Applicable to Not Applicable [Release N/A] Sun ZFS Storage 7420 - Version Not Applicable to Not Applicable [Release N/A] Sun Storage 7310 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A] 7000 Appliance OS (Fishworks) GoalThis document describes the available identity mapping policies and explains the requirements and applications for each. To discuss this information further with Oracle experts and industry peers, we encourage you to review, join or start a discussion in the My Oracle Support Community - 7000 Series ZFS Appliances
FixIdentity mapping creates an equivalence between a Windows account and a UNIX account. This allows file/directory permissions and ownership defined on one platform/protocol to be applied to the other. There are three identity mapping policies, as follows: IDMUIDMU stands for Identity mapping for UNIX, an installable Windows service and set of applications that facilitates the association of Windows and UNIX accounts. This service extends the user configuration properties, allowing you to add a uid and primary gid to each Windows user, and a gid to each group. It also includes a NIS server. To configure the ZFSSA for this environment, set up Active Directory as usual, then enable the NIS service and define the Domain Controller as the named NIS server. The mappings are all handled within the Users and Computers application on the Domain Controller. Directory-based mappingDirectory-based mapping is essentially the same as IDMU, but the schema is manually extended on either Active Directory or the LDAP server..NIS is not supported in this mode. The LDAP or AD schema is extended to add fields for either Windows SIDs/user names or uid/gid. The attributes containing these values must be manually defined in the configuration screen. Rule-based mappingRule-based mapping takes a more active role in the mapping process. You must have a connection to Active Directory and to a NIS or LDAP naming service. This means that it is not possible to use Windows workgroup mode with identity mapping, and that it is not possible to use the legacy passwd and group flat files. Ephemeral mapping (a.k.a. "none")For an all-Windows environment, or an environment where permissions are distinct between UNIX users and Windows users, no mapping configuration is required. The ZFSSA assigns internal temporary uids, gids or sids internally and everything is handled automatically. If Windows and UNIX users need access to the same resources, they're assigned as separate entities.
Back to <Document 1428753.1> Sun Storage 7000 Unified Storage System: How to Troubleshoot Identity Mapping and cross-platform file sharing issues. References<NOTE:1428753.1> - Sun Storage 7000 Unified Storage System: How to Troubleshoot Identity Mapping and cross-platform file sharing issuesAttachments This solution has no attachment |
||||||||||||||||||||||||
|