Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

fleet_unixteam

1 Message

1279

October 23rd, 2009 00:00

Setup Celerra share on Unix and windows clients with User mapping

I have an existing NFS share in Celerra which is exported to a Unix host. Now I need to make that share accessible to a Windows server as well.
As of now using SFU (Services for Unix) on the Windows client I an able to access (only read) the NFS share from the windows host. But i need to give the permissions for that share to a Windows domain user on the server.
Please suggest how can I achieve this using either user mapper or ACL or any other Celerra/ third party tools

Thanks,
Sumeet

mmadsen21

1 Message

October 25th, 2009 13:00

If its just that one user you can edit the usermapper database and change the WIndows user's UID/GID entry to the corresponding users primary UNIX UID/GID. If it is much more than that one user I would look to use the IDMU found in the MS Windows Server 2003 R2 edition, or Win 2008.

Rainer_EMC

8.6K Posts

October 26th, 2009 01:00

Hi,

I assume you want to use CIFS from the Windows client even though you mention SFU, which can provide a Windows NFS client.

For that I suggest to take a look at the Managing Celerra for a Multiprotocol Environment and Configuring EMC Celerra User Mapping manuals available from Powerlink.

You need to make a choice about:
- access policies for your file systems(s)
- user mapping methods

The choice usually depends on how much work you want to put in and:
- how many users that need to access are in which world ?
- do they have the same user names ?
- where your "primary" clients are (CIFS or Windows) ?
- which "world" creates files ?
- what security you need on the Unix side
....

If you do use NFS on Windows (SFU) then you dont need to do anything on the Celerra, but you need to also do some user mapping on the Windows client or domain.

regards
Rainer

serge_sterck

22 Posts

October 27th, 2009 12:00

on celera version 5.6 you've got also the ntxmap feature.
in summery if you don't have more than 1000 user you create a file called ntxmap.conf
put it on the data mover


How Windows credentials mapping works
When a Windows user logs in and requests a UNIX resource:
1. The user logs in to the Data Mover and provides a Windows credential, which
include the SID, domain, and Windows username.
2. The Data Mover uses the domain and Windows username to query the
ntxmap.conf file for a corresponding mapped UNIX name, if one is available.

format of the ntxmap.conf
domain : user : direction : unix_name

example
*:f731:=:f731

means from any domain the user windows f731 as been mapped to unix user f731 and use the unix uid and gid
Work greats for me i have a very very old os/2 application i have mapped the os/2 smb user to my unix user. The file system shared between cifs & nfs has security set to UNIX.

see documentation in the pdf
Using ntxmap for Celerra CIFS User
Mapping
P/N 300-006-209
Rev A02
Version 5.6
May 2008

Rainer_EMC

8.6K Posts

October 28th, 2009 01:00

yes, but dont forget that the secmap cache is always queried first - so if you have used usermapper (default) for that user before configuring ntxmap you have to manually delete that automatic mapping entry from secmap using server_cifsssupport

you also need to take into account the other direction for mapping - i.e. if a NFS user creates a file we also need to map that to a Windows user. That might need some sort of Unix UID->name tranlation like NIS or LDAP or files

View More

View All

No Events found!

Top