UPDATE: Some of the mappings below, even though they don't error and are accepted in the Clustershell, they won't work (essentially, mappings with subnet/IP addresses in, do not work in CDOT!)
On the web there is this article Examples of usermap.cfg entries for Data ONTAP (operating in 7-Mode) and I was curious how they’d look in the world of Clustered ONTAP, which leads onto this post...
On the web there is this article Examples of usermap.cfg entries for Data ONTAP (operating in 7-Mode) and I was curious how they’d look in the world of Clustered ONTAP, which leads onto this post...
Firstly, if you scan the contents of the Clustered
Data ONTAP 8.2 Commands: Manual Page Reference for the word “mapping”, you’ll
find these sections:
vserver cifs domain
name-mapping-search (for
trusted domains)
vserver group-mapping (for
mapping groups to groups)
vserver name-mapping (for
mapping users - including user groups)
Here, we’re only interesting in: vserver name-mapping
Note: “Patterns
(pattern and replacement field) can be expressed as POSIX regular expressions.
For information about regular expressions, see the UNIX reference page for
regex” (the following link is a good starting point http://www.unix-manuals.com/refs/regex/regex.htm)
What is a null character in regex? \x00
The /etc/usermap.cfg entries always have the Windows user
on the left and UNIX user on the right. No explanation here for what the
mappings do - for that there is the original link - I just show how they convert
to Clustered ONTAP commands (at least how I think they should - please let me
know if you come across any errors).
The Examples
1) "Bob
Garj" == bobg
vserver name-mapping create
-direction win-unix -pattern "Bob Garj" -replacement bobg -position 1
-vserver SVM
vserver name-mapping create
-direction unix-win -pattern bobg -replacement “Bob Garg” -position 2 -vserver
SVM
2) mktg\Roy
=> nobody
vserver name-mapping create
-direction win-unix -pattern mktg\Roy -replacement nobody -position 1 -vserver
SVM
3) engr\Tom
=> ""
vserver name-mapping create
-direction win-unix -pattern engr\\Tom -replacement \x00 -position 1 -vserver
SVM
4) uguest
<= *
vserver name-mapping create
-direction unix-win -pattern * -replacement uguest -position 1 -vserver SVM
5) *\root
=> ""
vserver name-mapping create
-direction win-unix -pattern *\\root -replacement \x00 -position 1 -vserver SVM
6) corporate\*
== pcuser
vserver name-mapping create
-direction win-unix -pattern corporate\\* -replacement pcuser -position 1
-vserver SVM
7) Engineer
== *
vserver name-mapping create
-direction unix-win -pattern * -replacement Engineer -position 1 -vserver SVM
8) homeusers\*
== *
vserver name-mapping create
-direction win-unix -pattern homeusers\\(.+) -replacement \1 -position 1
-vserver SVM
9) Engineering\*
<= sunbox2:*
vserver name-mapping create
-direction unix-win -pattern sunbox2:(.+) -replacement Engineering\\\1
-position 1 -vserver SVM
10) Engineering\*
<= 192.9.200.70:*
vserver name-mapping create
-direction unix-win -pattern 192.9.200.70:(.+) -replacement Engineering\\\1
-position 1 -vserver SVM
11) ""
<= 192.9.200.0/24:*
vserver name-mapping create
-direction unix-win -pattern 192.9.200.0/24:* -replacement \x00 -position 1
-vserver SVM
12) 192.9.200.0/24:test-dom\*
=> ""
vserver name-mapping create
-direction win-unix -pattern 192.9.200.0/24:test-dom\\* -replacement \x00
-position 1 -vserver SVM
13) *\*
== corpnet/255.255.0.0:*
vserver name-mapping create
-direction win-unix -pattern *\\(.+) -replacement corpnet/255.255.0.0:\1
-position 1 -vserver SVM
vserver name-mapping create
-direction unix-win -pattern corpnet/255.255.0.0:(.+) -replacement *\\\1 -position 2 -vserver SVM
PS These have not
been tested in anger, just tested in the CDOT CLI and there are no syntax
errors from any of the above!
PPS It would be
interesting if there was a tool to convert “usermap.cfg” to “vserver
name-mapping” - perhaps another post...
Image: Name Mapping
in OnCommand System Manager
Comments
Post a Comment