Mapping Well-Known Windows Account Names
The idmap
service supports the mapping of well-known Windows account names,
such as the following:
-
Administrator
-
Guest
-
Network
-
Administrators
-
Guests
-
Computers
When idmap
rules are added, these well-known account names are expanded to
canonical form. This process adds either the default domain name for names that are not well known
or an appropriate built-in domain name. Depending on the particular well-known name, this domain
name might be null, BUILTIN
, or the local host name.
The following sequence of idmap
commands shows the treatment of the name
user3
, which is not well known, and the well-known names
administrator
and guest
:
$ idmap add winname:user3 unixuser:uthree add winname:user3 unixuser:uthree $ idmap add winname:administrator unixuser:root add winname:administrator unixuser:root $ idmap add winname:guest unixuser:nobody add winname:guest unixuser:nobody $ idmap add wingroup:administrators sysadmin add wingroup:administrators unixgroup:sysadmin $ idmap list add winname:Administrator@examplehost unixuser:root add winname:Guest@examplehost unixuser:nobody add wingroup:Administrators@BUILTIN unixgroup:sysadmin add winname:user3@example.com unixuser:uthree