Sun StorageTek[TM] 5000 Series NAS: Offline Creation of CIFS/NFS (Windows/UNIX) User Credential Maps for an Entire Windows Domain

Asset ID:	1-71-1008486.1
Update Date:	2009-05-04
Keywords:

Solution Type Technical Instruction Sure

Solution 1008486.1 : Sun StorageTek[TM] 5000 Series NAS: Offline Creation of CIFS/NFS (Windows/UNIX) User Credential Maps for an Entire Windows Domain

Related Items


Sun Storage 5210 NAS Appliance
 Sun Storage 5220 NAS Appliance
 Sun Storage 5310 NAS Appliance
 Sun Storage 5320 NAS Gateway/Cluster System
 Sun Storage 5320 NAS Appliance
 Sun Storage 5310 NAS Gateway System

Related Categories


GCS>Sun Microsystems>Storage - Disk>Network Attached Storage

PreviouslyPublishedAs
211601

Description
By default, credential mappings (UNIX UID to Windows RID) are not created until the first time that each Windows user or group connects to the NAS server. We received several requests for the ability to create these mappings when initially installing the system, so that security and quotas could be configured prior to users connecting to the system. In response to these requests, the makemap utility was created.

Steps to Follow
The makemap.exe utility can be found in the /cvol/nf1 directory on the NAS, (If not present, check /cvol/nf2.) To use this utility, proceed as follows:

Log into a Windows workstation as a member of the Domain Admins group.
Copy the makemap.exe file to the workstation. Do this by using ftp or creating a Windows share.
Open a command prompt and run the utility using the following syntax:

 Usage: makemap <Domain Name> <\\PDC Name> [/u] [/g]
/u: generate users.map file
/g: generate group.map file

 (PDC Name = Primary Domain Controller hostname or IP address)

Run the utility twice, once with the /u option and once with the /g option. The output of this will be a complete, NAS-compatible users.map and group.map file.

Edit the files. To use these files, they must to be edited, as the file will initally be populated with system generated UNIX user names and UIDs. The files consist of one plain-text line per user or group with the following format:

 users.map

 unixusername:UID:windowsusername:DOMAIN:RID

 group.map

 unixgroupname:GID:windowsgroupname:DOMAIN:RID

When editing the file, edit only the first two fields, the UNIX user/group name and UID/GID. The last three fields are automatically obtained from the Windows Domain Controller and the mappings may not work if modified.

After editing is complete, the files should be copied to /dvol/etc. For cluster models, the file must be copied to both heads. Overwrite any existing users.map or group.map files.

After the files have been copied, reboot the NAS (both heads for a cluster). You can then proceed to configure user quotas, home directories (using NAS command line mkdir, chown and chmod commands) or any other user-based configuration.

Product
Sun StorageTek 5320 NAS Gateway/Cluster System
Sun StorageTek 5320 NAS Appliance
Sun StorageTek 5320
Sun StorageTek 5310 NAS Gateway/Cluster System
Sun StorageTek 5310 NAS Gateway System
Sun StorageTek 5310 NAS Appliance
Sun StorageTek 5220 NAS Appliance
Sun StorageTek 5220
Sun StorageTek 5210 NAS Appliance

Internal Comments
This document contains normalized content and is managed by the the Domain Lead(s) of the respective domains. To notify content owners of a knowledge gap contained in this document, and/or prior to updating this document, please contact the domain engineers that are managing this document via the “Document Feedback” alias(es) listed below:

storage-nas-domain@sun.com
The Knowledge Work Queue for this article is KNO-STO-NAS.

NAS, CIFS, Credential Mapping, user mapping, group mapping, makemap, Normalized, Audited
Previously Published As
90700

Change History
Date: 2007-09-21
User Name: 95826
Action: Approved
Comment: - verified metadata
- review date ok : 2008-09-20
- checked for TM - 1 added
- checked audience : contract
Publishing
Version: 3
Date: 2007-09-21

Attachments

This solution has no attachment