Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. User name mapping performs one-to-many mappings in a single direction only

User name mapping performs one-to-many mappings in a single direction only

View products that this article applies to.

This article was previously published under Q269736

↑ Back to the top

Summary

This article discusses the User Name Mapping component of Microsoft Windows Services for UNIX. The User Name Mapping component can perform one-to-many mapping, but User Name Mapping can perform this task only one way, from a Windows-based computer to a UNIX-based computer.

Note We can use the User Name Mapping (UNM) component to map Windows accounts to UNIX accounts and vice versa. In this article, the one-to-many mappings in a single direction means that you are mapping one UNIX-based computer account to many Windows-based computer accounts. For more information about how to use the UNM component, visit the following Microsoft Web site:
http://technet.microsoft.com/en-us/library/bb463221.aspx

↑ Back to the top

More information

You can map a Windows-based account to a single UNIX-based account, but not the reverse. When you map a Windows-based account to a UNIX-based account, it cannot be mapped to any other UNIX-based account, but you can only map the same UNIX-based account to multiple Windows-based accounts in one direction. The following illustration clarifies this behavior:

Illustration 1a: Mapping multiple Windows users to a single UNIX account (valid)
Collapse this tableExpand this table
Windows UsersUNIX Users
User-Aaccount1
User-Baccount1
User-Caccount1

Illustration 1b: Mapping multiple Windows groups to a single UNIX group (valid)
Collapse this tableExpand this table
Windows GroupsUNIX Groups
Group-Agroup1
Group-Bgroup1
Group-Cgroup1

The following illustrations demonstrate what you cannot do:

Illustration 2a: Mapping Multiple UNIX accounts to a single Windows user (invalid)
Collapse this tableExpand this table
Windows UsersUNIX Users
User-Aaccount1
User-Aaccount2
User-Aaccount3

Illustration 2b: Mapping multiple UNIX groups to a single Windows group (invalid):
Collapse this tableExpand this table
Windows GroupsUNIX Groups
Group-Agroup1
Group-Agroup2
Group-Agroup3
This behavior is by design. The group or user to which you are mapping contains the User Identifier (UID) or Group Identifier (GID) that you want to impersonate.

Note You cannot map one-to-many relationships from a Windows-based computer to a UNIX-based computer.

When you map multiple Windows users or groups to a single UNIX user or group, you have to designate one of mappings as primary. This primary mapping is used when the UNIX account or group is mapped back to a Windows account or group. For example, this mapping is used when a UNIX client uses NFS to write a file. By default, the first mapping that is created is automatically designated as the primary mapping. To set a different mapping as the primary mapping, use the Services for UNIX administration console. Or, use the -setprimary flag with the Mapadmin.exe file when you create the mapping.

↑ Back to the top

Keywords: KB269736, kbinfo

↑ Back to the top

Article Info
Article ID : 269736
Revision : 4
Created on : 2/9/2009
Published on : 2/9/2009
Exists online : False
Views : 463