This post is more than 5 years old
25 Posts
0
1403
June 1st, 2010 08:00
ntxmap and windows local users
Hi,
Is it possible to map a Celerra windows local user to a unix user ?
I tried but it seems to not work. The documentation does not mention this case.
The local user has been created with windows mmc.
This user is not meant to be used to log-in. The only goal is to grant access to a specific unix account by using a mapping rule and NT access policy.
I know it would work with a regular AD account.
Can't it work with a local account ?
I've done the following tests:
TESTMAPPING2 is CIFSSRV local user
nobody_60001 is defined in local passwd file, with UID 60001.
nsswitch.conf points files first.
1/ with the ntxmap rule "*:TESTMAPPING2:=:nobody_60001"
- add an ACL entry for CIFSSRV\TESTMAPPING2 on an existing object
-> no entry created in SECMAP (normaly it should)
- make CIFSSRV\TESTMAPPING2 the ower of an existing object
-> no entry created in SECMAP (normaly it should)
-> the owner UID of the object is now 2155873260, but still no SECMAP entry
- try to build the cred for my unix user (server_cifssupport server_2 -cred -uid 60001 -build)
-> Error 13160939531: server_2 : The NT credential for the user nobody_60001 uid 60001 cannot be built. Error 0xc0000064: NO_SUCH_USER.
2/ with the ntxmap rule ":TESTMAPPING2:=:nobody_60001"
(removed the leading "*")
- try to build the cred for my unix user (server_cifssupport server_2 -cred -uid 60001 -build)
-> crash of the data mover
Any chance to make this work ?
Thanks
Eric
Rainer_EMC
4 Operator
•
8.6K Posts
0
June 3rd, 2010 06:00
A
I know its possible for standalone CIFS servers since it is used for some special configs where the Celerra is used as integrated storage where no domain controller is available and multi-protocol is needed for a few local accounts.
The setup isnt user-friendly and its up to engineering to allow it on a case-by-case basis.
They might also require that its setup by an EMC technician.
Rainer
Rainer_EMC
4 Operator
•
8.6K Posts
1
June 1st, 2010 13:00
Local Windos users of a Celerra CIFS server (like often used for standalone CIFS servers) are a special case and do NOT use any of the mapping methods
They get a high-value UID/GID assigned from a fixed reserved rage when they are created
You cant influence - but for special cases and a few users it is possible to ask for a procedure via RPQ
Please also take a minute to open a Product Enhancement Request
Rainer
whoreallycares
25 Posts
0
June 2nd, 2010 00:00
Hi,
Thanks for the feedback and confirmation.
I'm not very familiar with EMC acronyms.
What's a RPQ ? how should I proceed ?
Eric
Rainer_EMC
4 Operator
•
8.6K Posts
1
June 2nd, 2010 07:00
Hi Eric,
RPQ is an internal EMC process to ask engineering to things like non-standard configs.
You would need to get in touch with your local EMC technical contact and ask him to file one for your system.
Rainer
P.S.: giving enough details for why, what, how much, ... helps getting approval
whoreallycares
25 Posts
0
June 3rd, 2010 01:00
Hi,
Sorry to bother you with that, but there is one aspect I'd like to clarify.
What is exactly the situation regarding my request ?
A/ Based on your experience, or internal documentation, it should be technicaly possible but it's totaly beyond standard usage.
So it requires to be discussed with EMC technical staff to confirm, prepare and perform this very specific setup (hopefuly).
B/ No confirmation it can be done. Last hope is to discuss this request with EMC technical specialist
C/ other ?
Eric
whoreallycares
25 Posts
0
June 3rd, 2010 08:00
Thanks for the clairification.
Eric