JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle® ZFS Storage Appliance Administration Guide
Oracle Technology Network
Library
PDF
Print View
Feedback
search filter icon
search icon

Document Information

Using This Documentation

Chapter 1 Oracle ZFS Storage Appliance Overview

Chapter 2 Status

Chapter 3 Initial Configuration

Chapter 4 Network Configuration

Chapter 5 Storage Configuration

Chapter 6 Storage Area Network Configuration

Chapter 7 User Configuration

Chapter 8 Setting ZFSSA Preferences

Chapter 9 Alert Configuration

Chapter 10 Cluster Configuration

Chapter 11 ZFSSA Services

Available Services

Data Services

Directory Services

Service Settings

Remote Access Services

Security Services

Minimum Needed Ports

Configuring Services Using the BUI

Viewing a Specific Service Screen

Viewing a Specific Service Screen

Enabling a Service

Disabling a Service

Defining Properties

Viewing Service Logs

Configuring Services Using the CLI

Selecting a Service

Viewing a Service's State

Enabling a Service

Disabling a Service

Setting Properties

Viewing Service Help

NFS

Properties

Kerberos Realms

Service Logs

NFS Analytics

NFS BUI and CLI Properties

Sharing a Filesystem over NFS

iSCSI Service

iSCSI Service Properties

iSCSI Service Authentication

iSCSI Service Authorization

iSCSI Service Targets and Initiators

iSCSI Troubleshooting

SMB Service

SMB Service Properties

SMB Share Properties

NFS/SMB Interoperability

SMB DFS Namespaces

SMB Microsoft Stand-alone DFS Namespace Management Tools Support Matrix

Example: Manipulating DFS Namespaces

SMB Autohome Service

Adding SMB Autohome Rules

SMB Local Groups

Adding a User to an SMB Local Group

SMB Local Accounts

SMB MMC Integration

SMB Event Viewer

SMB Share Management

SMB Users, Groups, and Connections

Listing SMB Services

Configuring SMB Using the BUI

Initial Configuration

Active Directory Configuration

Project and Share Configuration

SMB Data Service Configuration

FTP Service

FTP Properties

FTP General Settings

FTP Security Settings

FTP Logs

Configuring FTP Using the BUI

Allowing FTP Access to a share

HTTP Service

HTTP Properties

HTTP Authentication and Access Control

HTTP Logs

Configuring HTTP

Allowing HTTP access to a share

NDMP Service

NDMP Local vs. Remote Configurations

NDMP Backup Formats and Types

NDMP Back up with

NDMP Back up with

NDMP Incremental backups

NDMP Properties

NDMP Logs

Remote Replication

Shadow Migration

Shadow Migration Properties

SFTP Service

SFTP Properties

SFTP Port

SFTP Logs

Configuring SFTP

Allowing SFTP access to a share

Configuring SFTP Services for Remote Access

SRP Service

TFTP Service

TFTP Properties

Configuring TFTP

Allowing TFTP access to a share

Virus Scan Service

Virus Scan Properties

Virus Scan File Extensions

Scanning Engines

Virus Scan Logs

Configuring Virus Scan

Configuring virus scanning for a share

NIS Service

NIS Properties

NIS Logs

Configuring NIS

Adding an appliance administrator from NIS

LDAP Service

LDAP Properties

LDAP Custom Mappings

LDAP Logs

Configuring LDAP

Adding an appliance administrator

Active Directory

Active Directory Properties

Active Directory Join Domain

Active Directory Join Workgroup

Active Directory Domains and Workgroups

Active Directory LDAP Signing

Active Directory Windows Server 2012 Support

Active Directory Windows Server 2008 Support

Active Directory Windows Server 2008 Support Section A: Kerberos issue (KB951191)

Active Directory Windows Server 2008 Support Section B: NTLMv2 issue (KB957441)

Active Directory Windows Server 2008 Support Section C: Note on NTLMv2

Configuring Active Directory Using the BUI

Joining a Domain

Joining a Workgroup

Configuring Active Directory Using the CLI

Example - Configuring Active Directory Using the CLI

Identity Mapping Service

Identity Mapping Properties

Identity Mapping Rule-based Mapping

Identity Mapping Directory-based Mapping

Identity Mapping IDMU

Identity Mapping Rules

Deny Mappings

Mapping Rule Directional Symbols

Identity Mapping Mappings

Identity Mapping Logs

Identity Mapping Best Practices

Identity Mapping Concepts

Identity Mapping Case Sensitivity

Mapping Persistence

Identity Mapping Domain-Wide Rules

Ephemeral Mapping

Identity Mapping Examples

Configuring Identity Mapping

Configuring Identity Mapping

Viewing or Flushing Mappings

DNS Service

DNS Properties

Configuring DNS

DNS Logs

Active Directory and DNS

Non-DNS Resolution

DNS-Less Operation

Dynamic Routing Service

RIP and RIPng Dynamic Routing Protocols

Dynamic Routing Logs

IPMP Service

IPMP Properties

IPMP Logs

NTP Service

NTP Properties

NTP Validation

NTP Authentication

NTP BUI Clock

NTP Tips

Configuring NTP Using the BUI

BUI Clock Synchronization

Configuring NTP Using the CLI

Phone Home Service

Oracle Single Sign-On Account

Phone Home Properties

Phone Home Web Proxy

Registering the Appliance

Registering the Appliance Using the BUI

Registering the Appliance Using the CLI

Changing Account Information

Phone Home Status

Phone Home State

Phone Home Logs

REST

RESTful API

Service Tags

Service Tag Properties

SMTP Service

SMTP Properties

SMTP Logs

SNMP Service

SNMP Properties

SNMP MIBs

Sun FM MIB

Sun AK MIB

Confinguring SNMP

Configuring SNMP to Serve Appliance Status

Configuring SNMP to Send Traps

Syslog Service

Syslog Properties

Classic Syslog: RFC 3164

Updated Syslog: RFC 5424

SYSLOG Message Format

SYSLOG Alert Message Format

Receiver Configuration Examples

Configuring a Solaris Receiver

Configuring a Linux Receiver

System Identity

System Identity Properties

System Identity Logs

SSH Service

SSH Properties

SSH Logs

Configuring SSH

Disabling root SSH access

Chapter 12 Shares, Projects, and Schema

Chapter 13 Replication

Chapter 14 Shadow Migration

Chapter 15 CLI Scripting

Chapter 16 Maintenance Workflows

Chapter 17 Integration

Index

Identity Mapping Properties

The identity mapping service creates and maintains a database of mappings between SIDs, UIDs, and GIDs. Three different mapping approaches are available, if mappings are available for a given identity, the service creates an ephemeral mapping. The following mapping modes are available:

Identity Mapping Rule-based Mapping

The Rule-based mapping approach involves creating various rules which map identities by name. These rules establish equivalences between Windows identities and Unix identities.

Identity Mapping Directory-based Mapping

Directory-based mapping involves annotating an LDAP or Active Directory object with information about how the identity maps to an equivalent identity on the opposite platform. The following attributes must be assigned when using directory-based mapping:

The CLI property names are shorter versions of those listed above.

For information on augmenting the Active Directory or the LDAP schemas, see the Managing Directory-Based Identity Mapping for Users and Groups (Task Map) section in the Solaris CIFS Administration Guide.

Identity Mapping IDMU

Microsoft offers a feature called "Identity Management for Unix", or IDMU. This software is available for Windows Server 2003, and is bundled with Windows Server 2003 R2 and later. This feature is part of what was called "Services For Unix" in its unbundled form.

The primary use of IDMU is to support Windows as a NIS/NFS server. IDMU adds a "UNIX Attributes" panel to the Active Directory Users and Computers user interface that lets the administrator specify a number of UNIX-related parameters: UID, GID, login shell, home directory, and similar for groups. These parameters are made available through AD through a schema similar to (but not the same as) RFC2307, and through the NIS service.

When the IDMU mapping mode is selected, the identity mapping service consumes these Unix attributes to establish mappings between Windows and Unix identities. This approach is very similar to directory-based mapping, only the identity mapping service queries the property schema established by the IDMU software instead of allowing a custom schema. When this approach is used, no other directory-based mapping may take place.