Examples of 7MTT 3.2 Translating 7-Mode Name Mappings to ONTAP

I’ve borrowed the examples from this article here (also see Appendix A), to see how 7MTT 3.2 converts name mappings from the 7-Mode usermap.cfg to (Clustered) ONTAP vserver name-mapping. In my lab I’m going from 7-Mode 8.2.3 to ONTAP 9.1.

Testing

For more information on the testing method, see Appendix C.

7-Mode: "Bob Garj" == bobg

ONTAP 9.1::> vserver name-mapping show -instance

Vserver: SVM1

Direction: win-unix

Position: 1

Pattern: Bob Garj

Replacement: bobg

IP Address with Subnet Mask: -

Hostname: -

Vserver: SVM1

Direction: unix-win

Position: 1

Pattern: bobg

Replacement: Bob Garj

IP Address with Subnet Mask: -

Hostname: -

7-Mode: mktg\Roy => nobody

ONTAP 9.1::> vserver name-mapping show -instance

Vserver: SVM1

Direction: win-unix

Position: 1

Pattern: mktg\\Roy

Replacement: nobody

IP Address with Subnet Mask: -

Hostname: -

7-Mode: engr\Tom => ""

7MTT Warning 20273: Failed to create the following CIFS name-mapping entries...

Error code 13115: Invalid value specified for "replacement" element within "name-mapping-create": "".

7-Mode: uguest <= *

ONTAP 9.1::> vserver name-mapping show -instance

Vserver: SVM1

Direction: unix-win

Position: 1

Pattern: *

Replacement: uguest

IP Address with Subnet Mask: -

Hostname: -

7-Mode: *\root => ""

7MTT 20273 Warning: Failed to create the following CIFS name-mapping entries...

Error code 13115: Invalid value specified for "replacement" element within "name-mapping-create": "".

7-Mode: corporate\* == pcuser

ONTAP 9.1::> vserver name-mapping show -instance

Vserver: SVM1

Direction: win-unix

Position: 1

Pattern: corporate\\*

Replacement: pcuser

IP Address with Subnet Mask: -

Hostname: -

Vserver: SVM1

Direction: unix-win

Position: 1

Pattern: pcuser

Replacement: corporate\\*

IP Address with Subnet Mask: -

Hostname: -

7-Mode: Engineer == *

ONTAP 9.1::> vserver name-mapping show -instance

Vserver: SVM1

Direction: win-unix

Position: 1

Pattern: Engineer

Replacement: *

IP Address with Subnet Mask: -

Hostname: -

Vserver: SVM1

Direction: unix-win

Position: 1

Pattern: *

Replacement: Engineer

IP Address with Subnet Mask: -

Hostname: -

7-Mode: homeusers\* *

7MTT didn’t translate this, nor did it error (on the ‘Apply Configuration’ stage).

7-Mode: homeusers\* == *

ONTAP 9.1::*> vserver name-mapping show -instance

Vserver: SVM1

Direction: win-unix

Position: 1

Pattern: homeusers\\*

Replacement: *

IP Address with Subnet Mask: -

Hostname: -

Vserver: SVM1

Direction: unix-win

Position: 1

Pattern: *

Replacement: homeusers\\*

IP Address with Subnet Mask: -

Hostname: -

7-Mode: Engineering\* <= sunbox2:*

7MTT 20103 Warning: The following usermap entries in the '/etc/usermap.cfg' file have IP addresses, host names, network names, or network names with subnet specified in dotted notation. 7-Mode Transition Tool does not support the transition of such usermap entries and these usermap entries must be transitioned manually. You must manually configure these entries on the target SVM by using the following commands::>

vserver name-mapping create -vserver {SVM_NAME} -direction {krb-unix|win-unix|unix-win} -position {INTEGER} -pattern {TEXT} -replacement {TEXT} -address {IP-Address/Mask}

vserver name-mapping create -vserver {SVM_NAME} -direction {krb-unix|win-unix|unix-win} -position {INTEGER} -pattern {TEXT} -replacement {TEXT} -hostname {host-name}

We stop here since the other examples use IP/HOSTNAME qualifiers which are not supported with 7MTT (these are supported in ONTAP 9.1, just need to be applied manually.)

Appendix A: Examples of usermap.cfg entries

From: https://library.netapp.com/ecmdocs/ECMP1196993/html/GUID-83730CE4-A3FC-46B5-918D-2790D205A22B.html

The following gives meanings for some simple /etc/usermap.cfg entries:

Entry: "Bob Garj" == bobg

Win -> UNIX: The Windows name Bob Garj maps to the UNIX name bobg.

UNIX -> Win: The UNIX name bobg maps to the Windows name Bob Garg.

Entry: mktg\Roy => nobody

Win -> UNIX: The Windows name Roy in the mktg domain maps to the UNIX name nobody.

Entry: engr\Tom => ""

Win -> UNIX: Disallow login by the user named Tom in the engr domain.

The following provides some examples with asterisks in the Windows names:

Entry: uguest <= *

UNIX -> Win: All UNIX names not yet matched map to Windows user uguest.

Entry: *\root => ""

Win -> UNIX: Disallow logins using the Windows name root from all domains.

Entry: corporate\* == pcuser

Win -> UNIX: Any user in the corporate domain maps to the UNIX name pcuser.

UNIX -> Win: No mapping is done for the UNIX name pcuser because an asterisk is used in the Windows user name.

Entry: Engineer == *

Win -> UNIX: No mapping is done for the Windows name Engineer because an asterisk is used in the UNIX user name.

UNIX -> Win: Any UNIX name maps to the Windows name Engineer in the storage system’s domain.

Entry: homeusers\* *

Entry: homeusers\* == *

Win -> UNIX: All Windows users from the homeusers domain map to their corresponding UNIX names. For example, a Windows user named john in the homeusers domain maps to the UNIX name john.

UNIX -> Win: All UNIX users map to the corresponding names in the homeusers domain. For example, a UNIX user named bob maps to homeusers\bob.

The following provides some examples with IP qualifiers.

Entry: Engineering\* <= sunbox2:*

UNIX -> Win: UNIX names from the host named sunbox2 map to the same names in the Engineering domain.

Entry: Engineering\* <= 192.9.200.70:*

UNIX -> Win: UNIX names from the IP address 192.9.200.70 map to the same names in the Engineering domain.

Entry: ""<= 192.9.200.0/24:*

UNIX -> Win: All NFS requests from the 192.9.200.0 subnet are denied because UNIX names from this subnet map to a null string.

Entry: 192.9.200.0/24:test-dom\* => ""

Win -> UNIX: All users in the test-dom domain are denied access from the 192.9.200.0 subnet.

Appendix B: Original Contents of Usermap.cfg File

# These are some sample "defensive" entries you may wish to use.

# They can be uncommented and placed as needed. See the System

# Administrator's Guide for a full description of this file.

# *\root => nobody # Map all NT users named "root" to have no

# # UNIX perms. They can still log in though.

# guest <= administrator # Map UNIX user "administrator" to NT guest.

# guest <= root # Map UNIX root user to guest. This should be

# # placed after any real "root" mappings.

# The next two mappings can be used to defeat the default mapping of

# the user names. That way only entries that are mapped previously in

# this file will be allowed.

# *\* => "" # Map all other NT requests to fail.

# "" <= * # Map all other UNIX requests to fail.

# The pound sign "#" is used as a comment character in map entries. The

# next three mappings show how to handle an NT user name which includes

# a pound sign. The name must be quoted. If the user account contains

# both domain and name, the username must be quoted separately.

# "#jdoe" => joed # Map NT user #jdoe to UNIX user joed.

# NTDOM\"#jdoe" <= joed # Map UNIX user joed to NT user NTDOM\#jdoe.

# "nt-domain\#jdoe" <= joed # BAD, won't work.

Appendix C: Testing Method

The testing method consisted of the following 7-Mode commands>

rdfile /etc/usermap.cfg

wrfile /etc/usermap.cfg

{Enter Name Map}

Ctrl+C

Then clicking ‘Apply Configuration’ in 7MTT. And in ONTAP::>

vserver name-mapping show -instance

vserver name-mapping delete *

And repeat!

Image: Testing

Cosonok's IT Blog

Search This Blog

Examples of 7MTT 3.2 Translating 7-Mode Name Mappings to ONTAP

Comments

Post a Comment