Tuesday, 25 February 2020

Proving UNIX-WIN (Default) Name Mapping Works

Continuing from the previous post - Proving WIN-UNIX (Default) Name Mapping Works -  here we prove UNIX-WIN name mapping works.

I have a UNIX user called user2, and I want it to map to the windows user DEMO\user2. Without doing anything more than we’ve done in the previous post, this is how it maps.


cluster1::*> secd name-mapping show -node cluster1-01 -vserver SVM1 -direction unix-win -name user2

'user2' maps to 'DEMO\user2'

cluster1::*> unix-user show -vserver SVM1
               User            User   Group  Full
Vserver        Name            ID     ID     Name
-------------- --------------- ------ ------ --------------------------------
SVM1           nobody          65535  65535
SVM1           pcuser          65534  65534
SVM1           root            0      1
SVM1           user1           1001   1001
4 entries were displayed.


We did nothing and the default mapping works out-of-the box!

Image: Proof of successful user2 to DEMO\user2 mapping

If you wanted something other than default name-mapping, you’d need to specify the name-mapping.

BONUS Information

What happens if we tried to map UNIX user user22 to DEMO\user22, and DEMO\user22 does not exist.


cluster1::*> secd name-mapping show -node cluster1-01 -vserver SVM1 -direction unix-win -name user22

Vserver: SVM1 (internal ID: 4)

Error: RPC map name request procedure failed
  [0ms] Trying to map 'user22' to Windows user 'user22' usingimplicit mapping
  [  2] Successfully connected to ip 192.168.0.253, port 445 using TCP
  [  5] Unknown error: 12
  [  5] Failed to initiate Kerberos authentication. Trying NTLM.
  [  5] Encountered NT error (NT_STATUS_MORE_PROCESSING_REQUIRED)
        for SMB command SessionSetup
  [  7] Successfully authenticated with DC dc1.demo.corp.com
  [ 12] Could not find Windows name 'user22'
  [ 12] Unable to map 'user22'. No default Windows user defined.
**[ 12] FAILURE: Name mapping for UNIX user 'user22' failed. No mapping found

Error: command failed: Failed to find mapping for the user. Reason: "SecD Error: Name mapping does not exist".

To be expected, the name-mapping fails.

No comments:

Post a Comment