General Discussion

windows to unix user mapping

digdev
5,989 Views

Hello

I set up a UNIX security style volume on a multiprotocol enabled vserver. 

The goal is that UNIX and Windows clients can put, edit and delete data on the volume. From a Linux client I can mount the NFS share and put data on the share. From a Windows client I can only do that from within a user context that is member of the local administrators group of the vserver. Do I need to map the Windows user to a UNIX user on the vserver for this to work? How can I link permissions to the local vserver unix server? The information I have found in the documentation center only provides an example for a mapping where Windows and UNIX accounts have the same name, however this is not the case in my situation here. Any help/tips would be greatly appreciated.

 

Best regards

1 ACCEPTED SOLUTION

hmoubara
5,934 Views

Hello,

 

The unix user you want to map it to can be local or from ldap/nis server based on where that user exist or you have to create. As for the permissions,  you are mapping the windows user to a unix user that has already premission to that folder/file based on its bits (per example: 775 owner, group or others).

Hope this answer your question.

 

Thanks

View solution in original post

5 REPLIES 5

hmoubara
5,951 Views

Hello,

 

You should be able to map it to any user you want as long as that user is available either in AD/ldap/NIS or locally. Please check the below documentation for some additional information:

 

https://docs.netapp.com/us-en/ontap/nfs-admin/name-mapping-concept.html

 

https://docs.netapp.com/us-en/ontap/nfs-admin/create-name-mapping-task.html

 

Thanks 

digdev
5,941 Views

Thank you, so if I understand correctly I should make a local unix user on the vserver and create a Windows to user mapping to this user? How can I set permissions on the data for this local user?

 

Best regards

hmoubara
5,935 Views

Hello,

 

The unix user you want to map it to can be local or from ldap/nis server based on where that user exist or you have to create. As for the permissions,  you are mapping the windows user to a unix user that has already premission to that folder/file based on its bits (per example: 775 owner, group or others).

Hope this answer your question.

 

Thanks

digdev
5,929 Views

Hello,

thank you for the helpful reply. I still have one question, with local user you mean a local user on the vserver I guess? Can I set the permission bits in ONTAP or do I have to do that from a UNIX client?

hmoubara
5,925 Views

Hello,

It could be a local user on the vserver or a user from ldap/nis/ad. As far as the permissions, we recommend setting those from the unix client.

 

Thanks 

Public