Note -
changes, the mapping no longer blocks that user.
Configure rule-based mapping as described in
Before You Begin
(CLI)" on page
1.
Go to configuration services idmap.
2.
Enter create.
hostname:configuration services idmap> create
hostname:configuration services idmap (uncommitted)>
3.
Set the properties appropriately.
You can use the list command to view the available properties.
hostname:configuration services idmap (uncommitted)> list
Properties:
a.
windomain - Active Directory domain of the Windows identity.
b.
winname - Set to one of the following options.
■
■
■
c.
direction - Set to the direction of the mapping:
■
if you create a mapping rule that blocks a particular user and the user's name then
300.
windomain = (unset)
winname = (unset)
direction = (unset)
unixname = (unset)
unixtype = (unset)
To create an "allow" mapping, set winname to the name of the Windows
identity.
Enter
to indicate all users within the specified domain.
*
To create a "deny" mapping that blocks a UNIX identity from receiving
the credentials of a Windows identity, set to the name of the Windows
identity.
To create a "deny" mapping that blocks a Windows identity from
receiving the credentials of a UNIX identity, do not set winname.
- Mapping from Windows to UNIX
win2unix
Creating a Mapping Rule (CLI)
"Configuring Identity Mapping
Appliance Services
303