User name mapping performs one-to-many mappings in a single direction only (269736)


The information in this article applies to:

  • Microsoft Windows Services for UNIX 3.5
  • Microsoft Windows Services for UNIX 3.0
  • Microsoft Windows Services for UNIX 2.3 OEM Only
  • Microsoft Windows Services for UNIX 2.2 OEM Only
  • Microsoft Windows Services for UNIX 2.1 OEM Only
  • Microsoft Windows Services for UNIX 2.0
  • Microsoft Windows Server 2003 R2 Enterprise Edition (32-Bit x86)
  • Microsoft Windows Server 2003 R2 Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003 R2 Datacenter Edition (32-Bit x86)
  • Microsoft Windows Server 2003 R2 Enterprise x64 Edition
  • Microsoft Windows Server 2003 R2 Standard x64 Edition
  • Microsoft Windows Server 2003 R2 Datacenter x64 Edition
  • Microsoft Windows Storage Server 2003
This article was previously published under Q269736

SUMMARY

This article discusses the User Name Mapping component of Microsoft Windows Services for UNIX. The User Name Mapping component can perform one-to-many mapping, but User Name Mapping can perform this task only one way, from a Windows-based computer to a UNIX-based computer.

MORE INFORMATION

You can map a Windows-based account to a single UNIX-based account, but not the reverse. When you map a Windows-based account to a UNIX-based account, it cannot be mapped to any other UNIX-based account, but you can only map the same UNIX-based account to multiple Windows-based accounts in one direction. The following illustration clarifies this behavior:

Illustration 1a: Mapping multiple Windows users to a single UNIX account (valid)
Windows UsersUNIX Users
User-Aaccount1
User-Baccount1
User-Caccount1

Illustration 1b: Mapping multiple Windows groups to a single UNIX group (valid)
Windows GroupsUNIX Groups
Group-Agroup1
Group-Bgroup1
Group-Cgroup1

The following illustrations demonstrate what you cannot do:

Illustration 2a: Mapping Multiple UNIX accounts to a single Windows user (invalid)
Windows UsersUNIX Users
User-Aaccount1
User-Aaccount2
User-Aaccount3

Illustration 2b: Mapping multiple UNIX groups to a single Windows group (invalid):
Windows GroupsUNIX Groups
Group-Agroup1
Group-Agroup2
Group-Agroup3
This behavior is by design. The group or user to which you are mapping contains the User Identifier (UID) or Group Identifier (GID) that you want to impersonate.

Note You cannot map one-to-many relationships from a UNIX-based computer to a Windows-based computer.

When you map multiple Windows users or groups to a single UNIX user or group, you have to designate one of mappings as primary. This primary mapping is used when the UNIX account or group is mapped back to a Windows account or group. For example, this mapping is used when a UNIX client uses NFS to write a file. By default, the first mapping that is created is automatically designated as the primary mapping. To set a different mapping as the primary mapping, use the Services for UNIX administration console. Or, use the -setprimary flag with the Mapadmin.exe file when you create the mapping.
Modification Type:MajorLast Reviewed:1/25/2006
Keywords:kbinfo KB269736 kbAudEndUser kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.