1. Managing SMB File Sharing and Windows Interoperability in Oracle Solaris 11.4
  2. Setting Up Identity Mapping Between Windows and Oracle Solaris Systems
  3. Creating Your Identity Mapping Strategy
  4. Using Rule-Based Mapping

Using Rule-Based Mapping

This strategy uses rules to associate Windows users and groups with equivalent Oracle Solaris users and groups by name rather than by identifier.

These mappings are easy to configure and can be configured with a single wildcard rule. However, the mapping rules are stored only on a particular system rather than being global. Use this method if only one SMB server is being used in your environment.

  1. Create a bidirectional rule-based mapping to map all users in the Windows domain to users of the same name in the Oracle Solaris domain.

    $ idmap add 'winuser:*@example.com' 'unixuser:*'
$ idmap add 'wingroup:*@example.com' 'unixgroup:*'

    The first command maps the Windows user called user4@example.com to the Oracle Solaris user user4. The second command maps the Windows group called staff@example.com to the Oracle Solaris group staff.

    Note:

    You can have only one bidirectional rule-based mapping to map all users in a single Windows domain to all Oracle Solaris users in the local Oracle Solaris domain. Wildcard mappings for two domains would make determining which domain to use when mapping an Oracle Solaris user to a Windows user impossible.

  2. Create bidirectional rule-based mappings for users and groups whose Windows names do not exactly match the Oracle Solaris names.

    $ idmap add winuser:first@example.com unixuser:firstlast

    This command maps a Windows user called first@example.com to the Oracle Solaris user firstlast.