Hello Toaster Experts!
We are currently mounting an NFS directory, e.g. /home/production from a filer to a Solaris 10 box. Security is done by local passwd entries. We need to export this directory via CIFS with read and write access to a group of windows developers ( a group in Active Directory.) Is there a way to do this without converting the filer security from UNIX to NTFS? The shares is owned by a single unix UID but will be accessed by multiple AD users. Is there a way to translate AD groups into Unix groups since usermap.cfg seems to translate only user IDs. We don't want to run mixed-mode security.
Thanks a lot.
When an AD user logs in with CIFS and maps a Unix security style share, the filer must create Unix style credentials for the AD user. Unix credentials include 1) Unix user id number (uid), 2) Unix primary group id number (gid), and 3) Supplement group list (a list of group gids where the Unix user is a member.)
Note that NFS (ironically) does not require a Unix user database on the filer. This is because the Unix uid, gid, and group list are included by the NFS client in each NFS request, so the filer doesn't need to consult a user database. It just uses the credentials supplied by the NFS client. CIFS, of course, does not provide Unix credentials, so the filer must look them up.
To map an AD user to Unix, the filer uses the file /etc/usermap.cfg to map each Windows user name to a Unix user name. If you are not using NIS or LDAP for the filer's Unix user database, then the filer uses its local /etc/passwd and /etc/group files just like a Unix system.
So all you need to do is edit the filer's /etc/passwd and /etc/group files. No need for any passwords in /etc/passwd because the filer is only interested in the uid and gid fields. Since you are using a Unix group to control access, be sure that you use the same numeric gid in the share and in /etc/group (or /etc/passwd).
You also need to edit /etc/usermap.cfg to map the Windows user names to Unix user names in /etc/passwd. This does not need to be one to one. You could map all of the Windows users to the same Unix user. The usermap.cfg file also lets you use wild cards so you easily map each Windows user name to an identical Unix user name.
Steve Losen scl@virginia.edu phone: 434-924-0640
University of Virginia ITC Unix Support