Using Rule-Based Mapping
This strategy uses rules to associate Windows users and groups with equivalent Oracle Solaris users and groups by name rather than by identifier.
These mappings are easy to configure and can be configured with a single wildcard rule. However, the mapping rules are stored only on a particular system rather than being global. Use this method if only one SMB server is being used in your environment.
-
Create a bidirectional rule-based mapping to map all users in the Windows domain to users of the same name in the Oracle Solaris domain.
$ idmap add 'winuser:*@example.com' 'unixuser:*' $ idmap add 'wingroup:*@example.com' 'unixgroup:*'
The first command maps the Windows user called
user4@example.com
to the Oracle Solaris useruser4
. The second command maps the Windows group calledstaff@example.com
to the Oracle Solaris groupstaff
.Note:
You can have only one bidirectional rule-based mapping to map all users in a single Windows domain to all Oracle Solaris users in the local Oracle Solaris domain. Wildcard mappings for two domains would make determining which domain to use when mapping an Oracle Solaris user to a Windows user impossible. -
Create bidirectional rule-based mappings for users and groups whose Windows names do not exactly match the Oracle Solaris names.
$ idmap add winuser:first@example.com unixuser:firstlast
This command maps a Windows user called
first@example.com
to the Oracle Solaris userfirstlast
.