We are trying to enable auditing / logging events for file access since some events look like they may give us good information. We have already enabled CIFS auditing and are seeing events related to this, but they are too fine grained to help as-is. What we are trying to do is enable auditing using SACLs (system access control lists) if possible which will give us file access audits.
Since we need events for all files on a given vol1, the only way to do that (as far as we know from docs) is to apply Storage-Level Access Guard security.
The way to enable Storage-Level Access Guard security is given here. We have been able to do everything asked here (except the problem area – see below).
The hard requirement for Storage-Level Access Guard security is this - “Note: At this time, only NTFS access permissions are supported for Storage-Level Access Guard. For a UNIX user to perform a security check on qtrees or volumes where Storage-Level Access Guard has been applied, the UNIX user must be mapped to a Windows user.”
How do we do this in the filer configuration? That is, map the Unix user to a Windows user?