Table of ContentsLibraryView in Frames

Examples of usermap.cfg entries

Here are some examples of usermap.cfg entries.

The following table describes some simple /etc/usermap.cfg entries.
Entry Meaning
"Bob Garj" == bobg The Windows name Bob Garj maps to the UNIX name bobg and vice versa.
mktg\Roy => nobody The Windows name Roy in the mktg domain maps to the UNIX name nobody. This entry enables Roy to log in with limited access to files with UNIX-style security.
engr\Tom => "" Disallow login by the user named Tom in the engr domain.
The following table provides some examples with asterisks in the Windows names.
Entry Meaning
uguest <= * All UNIX names not yet matched map to Windows user uguest.
*\root => "" Disallow logins using the Windows name root from all domains.
corporate\* == pcuser Any user in the corporate domain maps to the UNIX name pcuser. No mapping is done for the UNIX name pcuser because an asterisk is used in the Windows user name.
Engineer == * Any UNIX name maps to the Windows name Engineer in the storage system’s domain. No mapping is done for the Windows name Engineer because an asterisk is used in the UNIX user name.

Either of the following entries:

  • homeusers\* *
  • homeusers\* == *

All UNIX users map to the corresponding names in the homeusers domain. For example, a UNIX user named bob maps to homeusers\bob.

All Windows users from the homeusers domain map to their corresponding UNIX names. For example, a Windows user named john in the homeusers domain maps to the UNIX name john.

The following table provides some examples with IP qualifiers.
Entry Meaning
Engineering\* <= sunbox2:* UNIX names from the host named sunbox2 map to the same names in the Engineering domain.
Engineering\* <= 192.9.200.70:* UNIX names from the IP address 192.9.200.70 map to the same names in the Engineering domain.
""<= 192.9.200.0/24:* All NFS requests from the 192.9.200.0 subnet are denied because UNIX names from this subnet map to a null string.
192.9.200.0/24:test-dom\* => "" All users in the test-dom domain are denied access from the 192.9.200.0 subnet.
*\* == corpnet/255.255.0.0:*

All user names from all domains map to the corresponding UNIX names. If user names are not unique across domains, this entry might cause different Windows names to map to the same UNIX name.

Because IP qualifiers are only for matching, specifying corpnet/255.255.0.0: does not affect the result of Windows to UNIX mapping.

Because the mapping is bidirectional, all UNIX names from the corpnet/255.255.0.0 network map to the same names in one of the storage system’s trusted domains.