Creating a Kerberos User Mapping

Set the Kerberos-to-UNIX mapping for the NFS Kerberos service and set the mapping rule between the source and target users as required.

Procedure

  1. Choose Resources > Access > Authentication User > User Mappings > Kerberos to UNIX.
  2. Select a desired account from the Account drop-down list in the upper left corner.
  3. Click Create.

    The Create User Mapping page is displayed on the right.

  4. Set basic user mapping parameters.

    Table 1 describes related parameters.

    Table 1 Basic user mapping parameters

    Parameter

    Description

    Mapping Mode

    Kerberos to UNIX: When accessing UNIX shares using Kerberos authentication through a client, a Kerberos user has all the permission granted to the target user.

    Source User

    Source user in the mapping. The source user must be an uppercase client host name. If KDC Vendor is set to Windows, add $ as the suffix. Example, HOSTNAME$. If KDC Vendor is set to Non-Windows, add the domain name as the suffix. Example, HOSTNAME.example.com, where HOSTNAME is the uppercase client host name. Wildcard character * is supported. For example, * indicates all client hosts, and CLIENT* indicates hosts whose names start with CLIENT.

    NOTE:

    In the scenario of accessing the audit log namespace, the source user cannot be the same as the local UNIX authentication user under the same account.

    Target User

    Target user in the mapping.

    The target user can be:

    • A local UNIX user on the storage system: Map the permissions of the source users to the local UNIX user on the storage system. If there is no local UNIX user, create one.
    • An LDAP or NIS domain user: Map the permissions of the source users to the LDAP or NIS domain user.

    Set this parameter based on the permission requirements of the target user.

    NOTE:

    To access the audit log namespace, the target user must be a local UNIX authentication user whose ID is 0 with the root permission under the same account.

    Priority

    Priority of the mapping. A smaller value indicates a higher priority. When multiple mappings share the same source user, the system uses the mapping with the highest priority.

    [Value range]

    1 to 32

  5. Click Add to Mapping List to add the mapping to the list below.

    You can set user mapping parameters and click Add to Mapping List to configure multiple user mappings.

  6. Test, modify, or delete a user mapping.

    • Testing a user mapping

      Select a user mapping and click Test to check whether the target user in the user mapping exists.

      You can also click More on the right of a desired user mapping and select Test.

    • Modifying a user mapping
      1. Click More on the right of a desired user mapping and select Modify.

        The Modify User Mapping page is displayed on the right.

      2. Set basic user mapping parameters.

        Table 1 describes related parameters.

      3. Click OK.
    • Deleting a user mapping
      Select one or more desired user mappings and click Delete.

      You can also click More on the right of a desired user mapping and select Delete.

  7. Click OK.
Parent topic: Managing Kerberos User Mappings