JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Solaris SMB and Windows Interoperability Administration Guide     Oracle Solaris 11 Express 11/10
search filter icon
search icon

Document Information


1.  Windows Interoperability (Overview)

2.  Identity Mapping Administration (Tasks)

Mapping User and Group Identities

Creating Your Identity Mapping Strategy

Mapping Well-Known Account Names

Managing Directory-Based Name Mapping for Users and Groups (Task Map)

How to Extend the Active Directory Schema, and User and Group Entries

How to Extend the Native LDAP Schema, and User and Group Entries

How to Configure Directory-Based Mapping

How to Add a Directory-Based Name Mapping to a User Object

How to Add a Directory-Based Name Mapping to a Group Object

How to Remove a Directory-Based Name Mapping From a User Object

How to Remove a Directory-Based Name Mapping From a Group Object

Managing Directory-Based Identity Mapping by Using Identity Management for UNIX (Task Map)

How to Enable Identity Management for UNIX Support

Managing Rule-Based Identity Mapping for Users and Groups (Task Map)

How to Add a User Mapping Rule

How to Add a Group Mapping Rule

How to Import User Mappings From a Rule-Mapping File

How to Show Mappings

How to Show a Mapping for a Particular Identity

How to Show All Established Mappings

How to Remove a User Mapping Rule

How to Remove a Group Mapping Rule

3.  Solaris SMB Server Administration (Tasks)

4.  Solaris SMB Client Administration (Tasks)



Creating Your Identity Mapping Strategy

Your Solaris SMB server can use directory-based mapping, rule-based mapping, both, or neither. By default, Windows users and groups do not need to be associated with Oracle Solaris users and groups. Without any mapping, Windows users and groups can still own files, be listed in ACLs, and such. Identity mapping is required when users need access to files from both Windows and Oracle Solaris operating systems or NFS. These mappings enable a user to be treated the same whether locally logged in or connected from a Windows system or through NFS.

If your Windows environment includes a parallel Oracle Solaris naming service infrastructure, such as NIS, consider using name-based mappings to associate Windows users with Oracle Solaris users, and Windows groups with Oracle Solaris groups.

A directory-based mapping uses name mapping information that is stored in user or group objects in the Active Directory (AD), in the native LDAP directory service, or both, to map users and groups.

Mapping Well-Known Account Names

The idmap service supports the mapping of well-known Windows account names, such as the following:

When idmap rules are added, these well-known account names are expanded to canonical form, which adds either the default domain name (for names that are not well known) or an appropriate built-in domain name. Depending on the particular well-known name, this domain name might be null, BUILTIN, or the local host name.

The following sequence of idmap commands shows the treatment of the name dana, which is not well known, and the well-known names administrator and guest:

# idmap add winname:dana unixuser:danam
add     winname:dana    unixuser:danam
# idmap add winname:administrator unixuser:root
add     winname:administrator   unixuser:root
# idmap add winname:guest unixuser:nobody
add     winname:guest   unixuser:nobody
# idmap add wingroup:administrators sysadmin
add     wingroup:administrators unixgroup:sysadmin
# idmap list
add     winname:Administrator@examplehost  unixuser:root
add     winname:Guest@examplehost  unixuser:nobody
add     wingroup:Administrators@BUILTIN unixgroup:sysadmin
add       unixuser:danam