SUMMARY

UNIX-based domains and Windows-based domains have different user identities and group identities, even if the user names are the same. You can use the User Name Mapping service to map Windows security identifications (SIDs) to UNIX user identifications (UIDs) and UNIX group identifications (GIDs). This is true whether the user names are the same or different. Additionally, you can use the User Name Mapping service to map multiple Windows accounts to a single UNIX account. This simplifies the account management process for administrators who must provide Windows users with UNIX resources during the migration.

back to the top

Install the User Name Mapping Service

Because Microsoft Windows Services for UNIX version 3.0 uses Microsoft Installer for installation, you can install individual modules of the product from the command prompt. If you have installed previous components of Windows Services for UNIX, you must include them in the addlocal parameter of the installation command (separated by commas). Otherwise you remove the previous components when you install the User Name Mapping service. You must install one or more User Name Mapping servers on your network to support User Name Mapping functions in Interix, in Client for UNIX Network File Service (NFS), in Server for NFS, and in Gateway for NFS.

To install the User Name Mapping service from the command prompt:

1. Log on with an administrative-level account to a Windows-based computer.
2. To open a command prompt, click Start, click Run, type cmd, and then click OK.
3. Insert the Windows Services for UNIX version 3.0 CD into the CD-ROM drive (in this example, drive D).
4. To install the User Name Mapping service, type msiexec /I D:\sfusetup.msi /qb addlocal=" Mapsvc" [targetdir="installation path"] at the command prompt, and then press ENTER.
   
   NOTE: By default, the installation path is "\SFU".
5. To include the Product Key as part of the command, type pidkey="key", and then press ENTER, where key is the 25-character product key.
   
   NOTE: You do not have to restart computers that are running Windows 2000 or Windows XP after the installation has been completed.
   
   If you install from a telnet prompt or by means of a script, where no graphic user interface (GUI) is available, type or paste the following command to complete the installation without any additional interaction from the user, and then press ENTER:

   msiexec /I D:\sfusetup.msi /q addlocal=" Mapsvc " pidkey="key" [targetdir="install path"]

NOTE: To prevent problems with some components of Windows Services for UNIX, you must install Windows Services for UNIX in a folder without spaces in the path. The addlocal parameter of the Msiexec.exe program that is shown in steps 4 and 5 is case-sensitive and space-sensitive. To correctly install the User Name Mapping service, you must type the case and spacing exactly as they are shown in this example.

back to the top

Configure the User Name Mapping Service

You can configure the User Name Mapping service either through the Windows Services for UNIX Administration Microsoft Management Console (MMC) or through the Mapadmin.exe utility at the command prompt. Because of the built-in abilities of the Interix subsystem, you can easily script even complex maps through the Mapadmin.exe utility. For example, you can create a simple script that reads a text-file list of Windows users and maps them to a corresponding list of UNIX users.

The basic format of the Mapadmin.exe command is

where command options include the following:

Options          Details
--------------   ----------------------------------------------------------
blank            Returns the information about the current configuration
config           Sets the configuration options
start            Starts the User Name Mapping service on the specified 
                 server (by default, the local computer is used)
stop             Stops the User Name Mapping service on the specified 
                 server (by default, the local computer is used)
add              Adds a mapping, either user or group
setprimary       Sets the primary user or group mapping
delete           Deletes a mapping
list             Displays information about current user and group mappings
backup           Creates a backup of current mappings to a text file
restore          Restores a previously backed-up user name mapping file
adddomainmap     Adds a simple map between the Windows domain and the 
                 NIS domain or PCNFS passwd and group files      
listdomainmaps   Lists the Windows domains that are mapped to PCNFS files
                 or NIS domains
                

To configure mapping between Windows domain MSFT and PCNFS:

1. Log on with an administrative-level account to a Windows-based computer.
2. To open a command prompt, click Start, click Run, type cmd, and then click OK.
3. At the command prompt, type or paste the following command, and then press ENTER:

   mapadmin adddomainmap -d MSFT -f c:\etc.

   NOTE: In this example, the passwd and group files are located in the c:\etc folder.

To start the User Name Mapping service:

1. Log on with an administrative-level account to a Windows-based computer.
2. To open a command prompt, click Start, click Run, type cmd, and then click OK.
3. At the command prompt, type or paste the following:

   mapadmin start

To add a user map between a Windows user (in this example, "MSFT\RLJones") and a UNIX user (in this example, "rlj"):

1. Log on with an administrative-level account to a Windows-based computer.
2. To open a command prompt, click Start, click Run, type cmd, and then click OK.
3. At the command prompt, type or paste the following command, and then press ENTER:

   mapadmin add -wu MSFT\RLJones -uu PCNFS\rlj

NOTE: The Mapadmin.exe backup files and restore files are pure ASCII text, but the passwords that they include are encrypted. In Mapadmin.exe, you must type a full path for the backup-file destination.

back to the top