ID 매핑 서비스를 통해 특정 사용자에 대해 자격 증명을 부여하거나 거부하려면 다음 절차를 수행합니다. "허용" 매핑 규칙은 UNIX ID에서 Windows ID로 또는 그 반대로 자격 증명을 부여합니다. "거부" 매핑 규칙은 Windows ID가 UNIX ID의 자격 증명을 수신하거나 그 반대로 수신하지 못하도록 차단합니다.
시작하기 전에
ID 매핑 구성(CLI)에 설명된 대로 규칙 기반 매핑을 구성합니다.
hostname:configuration services idmap> create hostname:configuration services idmap (uncommitted)>
list 명령을 사용하여 사용 가능한 등록 정보를 볼 수 있습니다.
hostname:configuration services idmap (uncommitted)> list
Properties:
windomain = (unset)
winname = (unset)
direction = (unset)
unixname = (unset)
unixtype = (unset)
지정된 도메인 내에 있는 모든 사용자를 나타내려면 *를 입력합니다.
win2unix - Windows에서 UNIX로의 매핑
unix2win - UNIX에서 Windows로의 매핑
bi - 양방향 매핑
hostname:configuration services idmap (uncommitted)> set windomain=demo.domain.com hostname:configuration services idmap (uncommitted)> set winname=* hostname:configuration services idmap (uncommitted)> set direction=win2unix hostname:configuration services idmap (uncommitted)> set unixname= hostname:configuration services idmap (uncommitted)> set unixtype=user
hostname:configuration services idmap (uncommitted)> commit hostname:configuration services idmap>
list 명령을 사용하면 규칙 목록에 있는 새 규칙을 볼 수 있습니다.
hostname:configuration services idmap> list MAPPING WINDOWS ENTITY DIRECTION UNIX ENTITY idmap-000 Alice@demo.domain.com (U) == wdp (U) idmap-001 *@demo.domain.com (U) => "" (U)
이 예에서는 Windows 사용자와 UNIX 사용자 간에 양방향 이름 기반 매핑을 만듭니다.
hostname:> configuration services idmap hostname:configuration services idmap> create hostname:configuration services idmap (uncommitted)> set windomain=eng.fishworks.com hostname:configuration services idmap (uncommitted)> set winname=Bill hostname:configuration services idmap (uncommitted)> set direction=bi hostname:configuration services idmap (uncommitted)> set unixname=wdp hostname:configuration services idmap (uncommitted)> set unixtype=user hostname:configuration services idmap (uncommitted)> commit hostname:configuration services idmap> list MAPPING WINDOWS ENTITY DIRECTION UNIX ENTITY idmap-000 Bill@eng.fishworks.com (U) == wdp (U)예 14 거부 매핑 만들기(CLI)
이 예에서는 도메인에 있는 모든 Windows 사용자가 자격 증명을 얻지 못하도록 거부 매핑을 만듭니다.
hostname:configuration services idmap> create
hostname:configuration services idmap (uncommitted)> list
Properties:
windomain = (unset)
winname = (unset)
direction = (unset)
unixname = (unset)
unixtype = (unset)
hostname:configuration services idmap (uncommitted)> set
windomain=guest.fishworks.com
hostname:configuration services idmap (uncommitted)> set winname=*
hostname:configuration services idmap (uncommitted)> set direction=win2unix
hostname:configuration services idmap (uncommitted)> set unixname=
hostname:configuration services idmap (uncommitted)> set unixtype=user
hostname:configuration services idmap (uncommitted)> commit
hostname:configuration services idmap> list
MAPPING WINDOWS ENTITY DIRECTION UNIX ENTITY
idmap-000 Bill@eng.fishworks.com (U) == wdp (U)
idmap-001 *@guest.fishworks.com (U) => "" (U)