Mapping Strategies - HP NetStorage 6000 Manual

File Volume
Name
Finance
Marketing
Procurement
Research &
Development
In this example, clients using either a Windows or UNIX protocol can access Marketing and Procurement files.
When clients attempt to mount or access files for the Marketing group they will be challenged for the appropriate
password. In the case of files that belong to the Finance group UNIX users will be unable to mount this volume.
Similarly Windows users will be unable to "see" or access the Research and Development file volume since it is
only available to UNIX clients.

5.2 Mapping Strategies

Mapping strategies are a means for defining users and groups that have both a Windows and UNIX identity.
Mapping is the mechanism that is used to determine whether a user should be granted file access rights in a
different protocol. Recall that the two operating systems use two different methods for securing file objects. By
establishing either user or group equivalence, the proper access controls can be in place while providing users
with greater flexibility in their work.
If mapping is desired it can be selected for users and/or groups. Recall from the previous discussion that the HP
NetStorage 6000 file system uses a UNIX style file system. Therefore, it is necessary to identify all users with a
UID and GID value. Since the Windows protocol does not use UID or GID values, and instead associates a
unique security descriptor with each client, it is necessary to create or associate a UID and GID number with
each Windows user. Assigning UID and GID values is done based upon the mapping strategy that the user
selected. The four possible methods are as follows:
User Mapping
§ No mapping (default) - no association between UNIX and NT accounts. A unique UNIX UID will
be assigned to all Windows users. If the Windows client has previously accessed the HP
NetStorage 6000 the UID value that they were previously assigned will be saved in the passwd
file. If no entry for this client is found in the passwd file, they will be given a UID value that is one
larger than the largest UID value found in this search.
§ Username mapping - users have equivalent UNIX and NT credentials if the user name is the same in
the NT domain and UNIX account.
§ Full name mapping - users have equivalent UNIX and NT credentials if the NT domain full name
matches the UNIX comment field for the UNIX account.
Group Mapping
§ No mapping (default) - no association between UNIX and NT groups
Copyright © 2000 Hewlett-Packard Company
All Rights Reserved
File Volume Access
Windows only; no UNIX
access
Windows & UNIX access
Windows & UNIX access
UNIX access only
Password Restrictions
Read access only
Read & write access for
Windows; Read access for
UNIX
No passwords
Read and write access
Page 19 of 28