This article describes the procedure on how to create and understand SVM name-mapping rules in ONTAP 9.
ONTAP 9 can be accessed by Common Internet File System protocol (CIFS) and Network File System (NFS).
Name-mapping is used to map CIFS users to UNIX users and vice versa
Note: Name mapping is required for all CIFS/NFS access except for NFS access to UNIX security style volumes
- In the CIFS world, for example, it is known as NETAPP\jdoe, but in NFS (NIS) it is just jdoe
- Name-mappings are rules (actually, regular expressions), which are interpreted by the authentication system during login to resolve your identity and gather the credentials you need to access your files
- Name-mapping is the first step in the process of ensuring that the person logging in can get to their files, regardless of which protocol they use to access the file server
Note: the similarity of the CIFS and NIS usernames; many organizations that buy NetApp products use a naming convention such as this
- If they do, they can use a very simple regular expression that just strips off the CIFS domain name, and the delimiting to leave just the username
- In other cases, where the correspondence between user names is not direct, they may need to enter a mapping for each and every user
- The name mapping rule syntax has extra features that can be used to adjust the case of user names, in case that is an issue
- Name mapping rules use regular expressions to match the source user name, and substitute the matched expression for the destination
- The source and destination are specified as the mapping direction: Either Windows - UNIX, UNIX - Windows, or Kerb - UNIX
Note: Kerberos mappings are only necessary if using a Kerberized NFS UNIX client. Most UNIX clients are not Kerberized