SUMMARY
UNIX-based domains and Windows-based domains have different user identities and group identities, even if the user names are the same. You can use the User Name Mapping service to map Windows security identifications (SIDs) to UNIX user identifications (UIDs) and UNIX group identifications (GIDs). This is true whether the user names are the same or different. Additionally, you can use the User Name Mapping service to map multiple Windows accounts to a single UNIX account. This simplifies the account management process for administrators who must provide Windows users with UNIX resources during the migration.
back to the top
Install the User Name Mapping Service
Because Microsoft Windows Services for UNIX version 3.0 uses Microsoft Installer for installation, you can install individual modules of the product from the command prompt. If you have installed previous components of Windows Services for UNIX, you must include them in the
addlocal parameter of the installation command (separated by commas). Otherwise you remove the previous components when you install the User Name Mapping service. You must install one or more User Name Mapping servers on your network to support User Name Mapping functions in Interix, in Client for UNIX Network File Service (NFS), in Server for NFS, and in Gateway for NFS.
To install the User Name Mapping service from the command prompt:
- Log on with an administrative-level account to a Windows-based computer.
- To open a command prompt, click Start, click Run, type cmd, and then click OK.
- Insert the Windows Services for UNIX version 3.0 CD into the CD-ROM drive (in this example, drive D).
- To install the User Name Mapping service, type msiexec /I D:\sfusetup.msi /qb addlocal=" Mapsvc" [targetdir="installation path"] at the command prompt, and then press ENTER.
NOTE: By default, the installation path is "\SFU".
- To include the Product Key as part of the command,
type pidkey="key", and then press ENTER, where key is the 25-character product key.
NOTE: You do not have to restart computers that are running Windows 2000 or Windows XP after the installation has been completed.
If you install from a telnet prompt or by means of a script, where no graphic user interface (GUI) is available, type or paste the following command to complete the installation without any additional interaction from the user, and then press ENTER: msiexec /I D:\sfusetup.msi /q addlocal=" Mapsvc " pidkey="key"
[targetdir="install path"]
NOTE: To prevent problems with some components of Windows Services for UNIX, you must install Windows Services for UNIX in a folder without spaces in the path. The
addlocal parameter of the Msiexec.exe program that is shown in steps 4 and 5 is case-sensitive and space-sensitive. To correctly install the User Name Mapping service, you must type the case and spacing exactly as they are shown in this example.
back to the top
Configure the User Name Mapping Service
You can configure the User Name Mapping service either through the Windows Services for UNIX Administration Microsoft Management Console (MMC) or through the Mapadmin.exe utility at the command prompt. Because of the built-in abilities of the Interix subsystem, you can easily script even complex maps through the Mapadmin.exe utility. For example, you can create a simple script that reads a text-file list of Windows users and maps them to a corresponding list of UNIX users.
The basic format of the Mapadmin.exe command is
mapadmin [server] [-u user [-p pword]] command options
where
command options include the following:
Options Details
-------------- ----------------------------------------------------------
blank Returns the information about the current configuration
config Sets the configuration options
start Starts the User Name Mapping service on the specified
server (by default, the local computer is used)
stop Stops the User Name Mapping service on the specified
server (by default, the local computer is used)
add Adds a mapping, either user or group
setprimary Sets the primary user or group mapping
delete Deletes a mapping
list Displays information about current user and group mappings
backup Creates a backup of current mappings to a text file
restore Restores a previously backed-up user name mapping file
adddomainmap Adds a simple map between the Windows domain and the
NIS domain or PCNFS passwd and group files
listdomainmaps Lists the Windows domains that are mapped to PCNFS files
or NIS domains
To configure mapping between Windows domain MSFT and PCNFS:
- Log on with an administrative-level account to a Windows-based computer.
- To open a command prompt, click Start, click Run, type cmd, and then click OK.
- At the command prompt, type or paste the following command, and then press ENTER:
mapadmin adddomainmap -d MSFT -f c:\etc.
To start the User Name Mapping service:
- Log on with an administrative-level account to a Windows-based computer.
- To open a command prompt, click Start, click Run, type cmd, and then click OK.
- At the command prompt, type or paste the following:
To add a user map between a Windows user (in this example, "MSFT\RLJones") and a UNIX user (in this example, "rlj"):
- Log on with an administrative-level account to a Windows-based computer.
- To open a command prompt, click Start, click Run, type cmd, and then click OK.
- At the command prompt, type or paste the following command, and then press ENTER:
mapadmin add -wu MSFT\RLJones -uu PCNFS\rlj
NOTE: The Mapadmin.exe backup files and restore files are pure ASCII text, but the passwords that they include are encrypted. In Mapadmin.exe, you must type a full path for the backup-file destination.
back to the top