This content has been marked as final. Show 3 replies
Am back to sorting out ID mapping now and have asked a similar NFSv4 question in the Solaris forum.
Still, any pointers as to how to successfully configure ID mapping for NFS/SMB would very useful.
we are using Windows 2008 R2 ADS with SFU/IDMU.
Our 7310 connects via LDAP to the Global Catalog to fetch any PosixAccounts/GroupAccounts.
1.) LDAP Service:
2.) AD Service:
XXX:configuration services ldap> show Properties: <status> = online default_servers = <DC01_IPv4>:3268,<DC02_IPv4>:3268 proxy_dn = proxy_password = base_dn = dc=foobar,dc=org search_scope = sub cred_level = self auth_method = sasl/GSSAPI use_tls = false user_mapattr = homeDirectory=unixHomeDirectory,gecos=name user_mapobjclass = posixAccount=user user_search = DC=foobar,DC=org group_mapattr = cn=msSFU30Name group_mapobjclass = posixGroup=group group_search = DC=foobar,DC=org Servers: SERVER ADDRESS SOURCE EXPIRES server-000 <DC01_IPv4>:3268 none server-001 <DC02_IPv4>:3268 none XXX:configuration services ldap>
3.) IMAP Serivce:
XXX:configuration services ad> show Properties: <status> = online mode = domain domain = foobar.org server = dc01 (<DC01_IPv4>) Children: domain => Join an Active Directory domain workgroup => Join a Windows workgroup XXX:configuration services ad>
4.) SMB Service (+ Autohome Rule):
XXX:configuration services idmap> show Properties: <status> = online ad_unixuser_attr = ad_unixgroup_attr = nldap_winname_attr = directory_based_mapping = idmu Idmaps: MAPPING WINDOWS ENTITY DIRECTION UNIX ENTITY idmap-000 ""@"" <= sys (G) idmap-001 ""@"" <= other (G) idmap-002 *@FOOBAR => "" (G) idmap-003 *@FOOBAR => "" (U) idmap-004 ""@"" <= * (G) idmap-005 ""@"" <= * (U) idmap-006 Domain Admins@FOOBAR == root (G) idmap-007 Administrator@FOOBAR == root (U) idmap-008 *@FOOBAR == * (G) idmap-009 *@FOOBAR == * (U) XXX:configuration services idmap>
5.) NFS Service:
XXX:configuration services smb> show Properties: <status> = online lmauth_level = 4 system_comment = fileserver wins_server_1 = <DC01_IPv4> wins_server_2 = <DC02_IPv4> wins_exclude = pdc = <DC01_IPv4> ads_site = foobar max_workers = 1024 keep_alive = 5400 ddns_enable = false oplock_enable = true restrict_anonymous = false signing_enabled = true signing_required = false Rules: RULE NSS USER DIRECTORY CONTAINER rule-000 false * /export/foobar/home/& CN=Users,DC=foobar,DC=org Children: groups => Configure SMB local groups meganova:configuration services smb>
XXX:configuration services nfs> show Properties: <status> = online version_min = 3 version_max = 4 nfsd_servers = 500 grace_period = 15 mapid_dns = true mapid_domain = enable_delegation = true krb5_realm = krb5_kdc = krb5_kdc2 = krb5_admin = XXX:configuration services nfs>
Wow thanks for this, only just checked back as am not receiving notifications.
Will give it a shot on the test box later today.