Dell PowerStore 1000T EMC PowerStore Security Configuration Guide - Page 20
Windows resolvers, secmap, ntxmap, SID to UID, primary GID mapping
![]() |
View all Dell PowerStore 1000T manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 20 highlights
Windows resolvers Windows resolvers are used to do the following for user mapping: • Return the corresponding Windows account name for a particular security identifier (SID) • Return the corresponding SID for a particular Windows account name The Windows resolvers are: • The domain controller (DC) of the domain • The local group database (LGDB) of the SMB server secmap The function of secmap is to store all SID-to-UID and primary GID and UID-to-SID mappings to ensure coherency across all file systems of the NAS server. ntxmap ntxmap is used to associate a Windows account to a UNIX account when the name is different. For example, if there is a user who has an account that is called Gerald on Windows but the account on UNIX is called Gerry, ntxmap is used to make the correlation between the two. SID to UID, primary GID mapping The following sequence is the process used to resolve an SID to a UID, primary GID mapping: 1. secmap is searched for the SID. If the SID is found, the UID and GID mapping is resolved. 2. If the SID is not found in secmap, the Windows name related to the SID must be found. a. The local group databases of the SMB servers of the NAS are searched for the SID. If the SID is found, the related Windows name is the local user name along with the SMB server name. b. If the SID is not found in the local group database, the DC of the domain is searched. If the SID is found, the related Windows name is the user name. If the SID is not resolvable, access is denied. 3. The Windows name is translated into a UNIX name. The ntxmap is used for this purpose. a. If the Windows name is found in ntxmap, the entry is used as the UNIX name. b. If the Windows name is not found in ntxmap, the Windows name is used as the UNIX name. 4. The UDS (NIS server, LDAP server, or local files) is searched using the UNIX name. a. If the UNIX user name is found in the UDS, the UID and GID mapping is resolved. b. If the UNIX name is not found, but the automatic mapping for unmapped Windows accounts feature is enabled, the UID is automatically assigned. c. If the UNIX user name is not found in the UDS but there is a default UNIX account, the UID and GID mapping is resolved to that of the default UNIX account. d. If the SID is not resolvable, access is denied. If the mapping is found, it is added in the persistent secmap database. If the mapping is not found, the failed mapping is added to the persistent secmap database. The following diagram illustrates the process used to resolve an SID to a UID, primary GID mapping: 20 Authentication and access
![](/manual_guide/products/dell-powerstore-1000t-emc-powerstore-security-configuration-guide-305ca97/20.png)