Check and update user mappings for multiprotocol NAS servers
A multiprotocol environment requires the following types of user mappings:
A Windows user name that maps to a corresponding Unix user name
A Unix user name that maps to a corresponding Windows user name which uses NFS to access a file system configured with a Windows access policy
A Unix user name that is not mapped to a corresponding Windows user name which uses NFS to access a file system configured with a Unix or native access policy.
This command uses information from LDAP, NIS, or local files to parse all file systems associated with the NAS server and to update the SID/UID mapping in all nodes.
For all CIFS (SMB) file systems on the NAS server, update the UID/GID and generate a user mapping report. A new UID/GID will be obtained from a Unix Directory Service for the user name of the object owner. The user name will be resolved from Active Directory by the Windows SID.
NOTE:Quota management and correct multiprotocol file access require correct mappings between SIDs and UIDs/GIDs at the NAS server level. Because this operation can take a significant amount of time for large file systems, it is recommended to use the
-async
qualifier.
-dryRun
Generate a user mapping report for downloading. Once users access a file or folder on the NAS server from the SMB protocol, their SID to UID/GID mapping is stored in an internal mapping database. This operation parses the mapping database, and for each mapped user, queries the existing Unix Directory Service and Active Directory Domain Controller to report any inconsistencies between the UID/GID in the Unix Directory Service and the UID/GID stored in the database.
It is recommended that you generate and review the user mapping report right before enabling multiprotocol. This enables you to ensure that your Unix Directory Service can return a UID/GID for every user whose mapping is inconsistent. Otherwise, after multiprotocol is enabled, users with inconsistent mappings may not be able to access files, because their permissions cannot be determined. Also, access to objects created by these users from SMB/CIFS cannot be granted, because the owners cannot be mapped to Unix.
When the UID/GID mapping for all NAS server file systems are updated, the mapping report is re-generated automatically.
NOTE:Once a user successfully accesses any file or folder on the NAS server from Windows, the UID/GID in the mapping database for this user is updated. The UID/GID is also updated if the user is accessing a file from Unix for a file system with a Windows access policy.
-confView
Force an immediate refresh of the NAS server configuration snapshot. When the NAS server is acting as replication destination of synchronous replication session, its configuration snapshot is updated every 15 minutes by default.
Example 1
The following command generates a user mapping report for NAS server nas_1.