When working with permissions, one of the key things a NAS device has to do is determine who is asking for data. Isilon uses a user mapping service to combine a user's identities from different directory services into a single access "token" to determine access and permissions.
When a user logs in to an Isilon cluster, this service expands the user identity to include all Active Directory, LDAP and NIS information. A token includes UNIX user identifier (UID), a UNIX group identifier (GID), a Windows Security Identifier (SID) and a Windows primary group Security Identifier.
The Token can also contain privileges that allow a user or group permission to do something on the Cluster.
The command:
isi auth mapping token --user=domain\user
will give you the complete access token of a user that lists every identity that Isilon knows about.
ScottPhelps
31 Posts
0
September 10th, 2013 09:00
The Token can also contain privileges that allow a user or group permission to do something on the Cluster.
The command:
isi auth mapping token --user=domain\user
will give you the complete access token of a user that lists every identity that Isilon knows about.