使用 BUI 配置身份映射
- 确保您至少加入一个活动目录域。有关活动目录的信息,请参见 Active Directory。
- 在 "Configuration"(配置)> "Services"(服务)> "Identity Mapping"(身份映射)> "Properties"(属性)页面上,选择要使用的映射模式。有关映射模式的信息,请参见 Properties(属性)。
- 如果选择基于目录的映射,必须配置其他属性。有关这些属性的更多信息,请参见基于目录的映射。
- 要保存设置,请单击 "Apply"(应用)或单击 "Revert"(恢复)重新开始。
- 要创建映射,请单击 "Rules"(规则)。
-
在 "Rules"(规则)页面上,请单击添加
图标。
- 在 "Add Mapping Rule"(添加映射规则)框中,请输入所需的信息。有关更多信息,请参见 Rules(规则)。
- 要保存设置,请单击 "Add"(添加)或单击 "Cancel"(取消)。创建映射后,它将显示在 "Rules"(规则)列表中。
该示例在 Windows 用户与 Unix 用户之间创建了一个基于名称的双向映射。
twofish:> configuration services idmap twofish:configuration services idmap> create twofish:configuration services idmap (uncommitted)> set windomain=eng.fishworks.com twofish:configuration services idmap (uncommitted)> set winname=Bill twofish:configuration services idmap (uncommitted)> set direction=bi twofish:configuration services idmap (uncommitted)> set unixname=wdp twofish:configuration services idmap (uncommitted)> set unixtype=user twofish:configuration services idmap (uncommitted)> commit twofish:configuration services idmap> list MAPPING WINDOWS ENTITY DIRECTION UNIX ENTITY idmap-000 Bill@eng.fishworks.com (U) == wdp (U)示例 10 创建拒绝映射示例
下一个示例创建了一个拒绝映射,来阻止某域中的所有 Windows 用户获取凭证。
twofish:configuration services idmap> create
twofish:configuration services idmap (uncommitted)> list
Properties:
windomain = (unset)
winname = (unset)
direction = (unset)
unixname = (unset)
unixtype = (unset)
twofish:configuration services idmap (uncommitted)> set
windomain=guest.fishworks.com
twofish:configuration services idmap (uncommitted)> set winname=*
twofish:configuration services idmap (uncommitted)> set direction=win2unix
twofish:configuration services idmap (uncommitted)> set unixname=
twofish:configuration services idmap (uncommitted)> set unixtype=user
twofish:configuration services idmap (uncommitted)> commit
twofish:configuration services idmap> list
MAPPING WINDOWS ENTITY DIRECTION UNIX ENTITY
idmap-000 Bill@eng.fishworks.com (U) == wdp (U)
idmap-001 *@guest.fishworks.com (U) => "" (U)