Continuing from the previous post - Proving
WIN-UNIX (Default) Name Mapping Works - here we prove UNIX-WIN name mapping works.
I have a UNIX user called user2, and I want it to map to
the windows user DEMO\user2. Without doing anything more than we’ve done in the
previous post, this is how it maps.
cluster1::*> secd name-mapping show
-node cluster1-01 -vserver SVM1 -direction unix-win -name user2
'user2' maps to 'DEMO\user2'
cluster1::*> unix-user show -vserver
SVM1
User User Group
Full
Vserver Name ID ID
Name
-------------- --------------- ------ ------
--------------------------------
SVM1 nobody 65535
65535
SVM1 pcuser 65534
65534
SVM1 root 0 1
SVM1 user1 1001 1001
4 entries were displayed.
We did nothing and the default mapping works out-of-the
box!
Image: Proof of successful user2 to DEMO\user2 mapping
If you wanted something other than default name-mapping,
you’d need to specify the name-mapping.
BONUS Information
What happens if we tried to map UNIX user user22 to DEMO\user22,
and DEMO\user22 does not exist.
cluster1::*> secd name-mapping show
-node cluster1-01 -vserver SVM1 -direction unix-win -name user22
Vserver: SVM1 (internal ID: 4)
Error: RPC map name request procedure
failed
[0ms]
Trying to map 'user22' to Windows user 'user22' usingimplicit mapping
[ 2] Successfully connected to ip
192.168.0.253, port 445 using TCP
[ 5] Unknown error: 12
[ 5] Failed to initiate Kerberos
authentication. Trying NTLM.
[ 5] Encountered NT error
(NT_STATUS_MORE_PROCESSING_REQUIRED)
for SMB command SessionSetup
[ 7] Successfully authenticated with DC
dc1.demo.corp.com
[
12] Could not find Windows name 'user22'
[
12] Unable to map 'user22'. No default Windows user defined.
**[ 12] FAILURE: Name mapping for UNIX
user 'user22' failed. No mapping found
Error: command failed: Failed to find
mapping for the user. Reason: "SecD Error: Name mapping does not
exist".
To be expected, the name-mapping fails.
Comments
Post a Comment