Sun Microsystems, Inc.  Sun System Handbook - ISO 4.1 October 2012 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-71-1402483.1
Update Date:2012-06-28
Keywords:

Solution Type  Technical Instruction Sure

Solution  1402483.1 :   Sun Storage 7000 Unified Storage System: Identity mapping policies and requirements  


Related Items
  • Sun Storage 7410 Unified Storage System
  •  
  • Sun Storage 7310 Unified Storage System
  •  
  • Sun ZFS Storage 7120
  •  
  • Sun ZFS Storage 7320
  •  
  • Sun ZFS Storage 7420
  •  
  • Sun Storage 7110 Unified Storage System
  •  
  • Sun Storage 7210 Unified Storage System
  •  
Related Categories
  • PLA-Support>Sun Systems>DISK>NAS>SN-DK: 7xxx NAS
  •  
  • .Old GCS Categories>Sun Microsystems>Storage - Disk>Unified Storage
  •  




In this Document
Goal
Fix
 IDMU
 Directory-based mapping
 Rule-based mapping
 Ephemeral mapping (a.k.a. "none")
References


Created from <SR 3-3740498461>

Applies to:

Sun ZFS Storage 7120 - Version Not Applicable to Not Applicable [Release N/A]
Sun Storage 7410 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A]
Sun ZFS Storage 7320 - Version Not Applicable to Not Applicable [Release N/A]
Sun ZFS Storage 7420 - Version Not Applicable to Not Applicable [Release N/A]
Sun Storage 7310 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A]
7000 Appliance OS (Fishworks)

Goal

This document describes the available identity mapping policies and explains the requirements and applications for each.

To discuss this information further with Oracle experts and industry peers, we encourage you to review, join or start a discussion in the My Oracle Support Community - 7000 Series ZFS Appliances

Fix

Identity mapping creates an equivalence between a Windows account and a UNIX account. This allows file/directory permissions and ownership defined on one platform/protocol to be applied to the other. There are three identity mapping policies, as follows:

IDMU

IDMU stands for Identity mapping for UNIX, an installable Windows service and set of applications that facilitates the association of Windows and UNIX accounts. This service extends the user configuration properties, allowing you to add a uid and primary gid to each Windows user, and a gid to each group. It also includes a NIS server. To configure the ZFSSA for this environment, set up Active Directory as usual, then enable the NIS service and define the Domain Controller as the named NIS server. The mappings are all handled within the Users and Computers application on the Domain Controller.

Directory-based mapping

Directory-based mapping is essentially the same as IDMU, but the schema is manually extended on either Active Directory or the LDAP server..NIS is not supported in this mode. The LDAP or AD schema is extended to add fields for either Windows SIDs/user names or uid/gid. The attributes containing these values must be manually defined in the configuration screen.

Rule-based mapping

Rule-based mapping takes a more active role in the mapping process. You must have a connection to Active Directory and to a NIS or LDAP naming service. This means that it is not possible to use Windows workgroup mode with identity mapping, and that it is not possible to use the legacy passwd and group flat files.

For customers still using flat files, we recommend a simple NIS server. This can be run on virtually any UNIX or even Windows system, setup time is minimal, and if desired, the clients can continue to use their passwd and group files. Simply move that same passwd and group file to the NIS server, and configure only the ZFSSA to use NIS.

Rule-based mapping is indicated where IDMU is not available, but there's a requirement to map UNIX users to Windows users and maintain consistent file ownership cross-platform.

Ephemeral mapping (a.k.a. "none")

For an all-Windows environment, or an environment where permissions are distinct between UNIX users and Windows users, no mapping configuration is required. The ZFSSA assigns internal temporary uids, gids or sids internally and everything is handled automatically. If Windows and UNIX users need access to the same resources, they're assigned as separate entities.

 

Back to <Document 1428753.1> Sun Storage 7000 Unified Storage System: How to Troubleshoot Identity Mapping and cross-platform file sharing issues.

References

<NOTE:1428753.1> - Sun Storage 7000 Unified Storage System: How to Troubleshoot Identity Mapping and cross-platform file sharing issues

Attachments
This solution has no attachment
  Copyright © 2012 Sun Microsystems, Inc.  All rights reserved.
 Feedback