NFS and CIFS access

I think you should contact your EMC NAS specialists

It really depends on your user config and how controlled you want/need multi-protocol

For example if the same users that currently have files/ACLs on your CIFS shares also need access to the new shares you might have to fix the mappings.

usermapper didnt do a "controlled" mapping - it just gave each CIFS user a unique UID/GUID from its range. If you want to do real mapping you would have to create static mappings and maybe fix the UID/GID on your existing CIFS file system. For CIFS only it normally doesnt matter, but quotas might use it.

On the hand if the the users are not the same you could use both - even though it is recommend to either do usermapper or static mapping for clarity and supportability

Also depends on the access policies you are using

Yes. Assuming the passwd files are formatted correctly, DART will resolve user/group names and map them to UIDs/GIDs. New users, however, who are not listed in the passwd file will not get access, as they cannot be mapped.

Also note: Secmap cache is active by default. It is not necessary if you are using static passwd/group files, so that should be disabled.




Usermapper can make backups readily. For Internal Usermapper:

server_usermapper { | ALL } -Export { -user | -group } pathname

For External Usermapper, just take a copy of the entire directory. Assuming your Usermapper directory is the default /nas/cifs/usermapperV3/linux, from that directory, you can run:

[nasadmin@cs0 linux]# tar zcvf /home/nasadmin/usrmap.tar.gz .

If you want to export the database contents rather than taking the entire database, use:

[nasadmin@cs0 linux]# ./usrmap_control dumpfilesall 3

Two files, usrmap.passwd and usrmap.group, will be produced. Save these as they can be used to re-import into Usermapper later.

See the manual entitled "Configuring External Usermapper for Celerra" in the 5.5 doc set for more detailed information on working with External Usermapper.

are there any issues if I run the ntmigrate.exe on the Windows server to get the user accounts for windows? Will this have to be run during the off-hours?

It needs to be run on an Active Directory domain controller, as it needs to parse the list of users from the domain. It cannot be run from a workstation.



NTMIGRAT.EXE should not put too much strain on AD, but I would never advocate doing it during production hours. At the very least, you should do it during a low I/O period.

Thanks. This was very helpful.

Hopefully, this will be the last question on this Multiprotocol.

Even if there is no passwd and group file on the Data Mover, can I use the Active Directory?

According to the doc emc69401, I can use the AD as the standalong mechanism to map Users/Groups to Celerra which would no longer require Usrmapper, Local Password/Group or NIS.

Using the Celerra Management Console, it says that I can manually add UID/GID of the Unix users as long as they are the same. I know that a setting has to be set for the ADMap=1 on the Data mover.

You absolutely can use Active Directory to serve your Unix UIDs and GIDs. There are two tools which can be found on the Apps & Tools CD. You'll need to install both applications.

"Celerra UNIX User Management" is an MMC snap-in to the Celerra Management view that you can use to assign, remove, or modify UNIX UID/GIDs for a single Windows user or group on the local domain and on remote domains. You also use this snap-in to select the location of the attribute database. This location can either be in a local or a remote domain. You would choose to store the attribute database in the Active Directory of a local domain if:
◆ You have only one domain.
◆ Trusts are not allowed.
◆ You have no need to centralize your UNIX user management information.

You would choose a remote domain if:
◆ You have multiple domains.
◆ Bidirectional trusts between domains that need to access the attribute database already exist.
◆ You want to centralize your UNIX user management.

The second tool is the Celerra UNIX Users and Groups property pages extensions. These are extensions to Active Directory Users and Computers Properties page views. You can use these property pages to assign, remove, or modify UNIX UID/GIDs for a single Windows user or group on the local domain. You cannot modify UID/GIDs for a remote domain.

Also note: If you choose to use the AD schema extension to manage Celerra users, you would not use NTMigrate. Instead, you would use the Celerra UNIX Attributes Migration tool. This is a tool that enables you to migrate existing UNIX users from the Celerra Network Server (local files) or NIS to the Active Directory. You can select the UNIX attributes (UIDs and GIDs) to add to the Active Directory. However, you cannot add new users or groups, nor can you modify existing UNIX UIDs/GIDs. Once they are migrated, you can use the UNIX User Management MMC snap-in to assign, remove, or modify the UNIX UID/GIDs per user.

Another important note: Once you run the UNIX Attributes Migration tool, your AD schema will be extended to accommodate the user's UNIX UID/GIDs. Once the schema is extended, it cannot be shrunk.

And yes, you will have to set the ADMap=1 parameter on the Data Mover in order to tell it to look in AD for the usermapping information.

Please read through the manual "Configuring Celerra User Mapping" in the Documentation CD for more information about your available user mapping options as well as management tools and migration tools.

HTH