Creating a Kerberos User Mapping

Set the Kerberos-to-UNIX mapping for the NFS Kerberos service and set the mapping rule between the source and target users as required.

Procedure

  1. Choose Resources > Access > Authentication User > User Mappings > Kerberos to UNIX.
  2. Select the desired account from the Account drop-down list in the upper left corner.
  3. Click Create.

    The Create User Mapping page is displayed on the right.

  4. Set basic user mapping parameters.

    Table 1 describes related parameters.

    Table 1 Basic user mapping parameters

    Parameter

    Description

    Mapping Mode

    Kerberos to UNIX: When accessing UNIX shares using Kerberos authentication through a client, a Kerberos user has all the permission granted to the target user.

    Source User

    Indicates the source user in the mapping. The source user must be a uppercase client host name. If KDC Vendor is set to Windows, add $ as the suffix. Example, HOSTNAME$. If KDC Vendor is set to Non-Windows, add the domain name as the suffix. Example, HOSTNAME.example.com, where HOSTNAME is the uppercase client host name. Wildcard character * is supported. For example, * indicates all client hosts, and CLIENT* indicates hosts whose names start with CLINET.

    Target User

    Indicates the target user in the mapping.

    The target user can be:

    • A UNIX local user on the storage system: Map the permissions of the source users to the UNIX local user on the storage system. If there is no local UNIX user, create one.
    • An LDAP or NIS domain user: Map the permissions of the source users to the LDAP or NIS domain user.

    Set this parameter based on the permission requirements of the target user.

    Priority

    Indicates the priority of the mapping. A smaller value indicates a higher priority. When multiple mappings share the same source user, the system uses the mapping with the highest priority.

    [Value range]

    1 to 32

  5. Click Add to Mapping List to add the mapping to the list below.

    You can set user mapping parameters and click Add to Mapping List to configure multiple user mappings.

  6. Test, modify, or delete a user mapping.

    • Testing a user mapping

      Select a user mapping and click Test to check whether the target user in the user mapping exists.

      You can also click More on the right of a desired user mapping and select Test.

    • Modifying a user mapping
      1. Click More on the right of the desired user mapping and select Modify.

        The Modify User Mapping page is displayed on the right.

      2. Set basic user mapping parameters.

        Table 1 describes related parameters.

      3. Click OK.
    • Deleting a user mapping
      Select one or more desired user mappings and click Delete.

      You can also click More on the right of a desired user mapping and select Delete.

  7. Click OK.
Parent topic: Managing Kerberos User Mappings