441594 celerra file server

1 of 40

Contents

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3Cautions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3

Internal Usermapper Concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6

EMC NAS Interoperability Matrix. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6Planning Considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7User Interface Choices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8

Using Celerra Manager to Configure Usermapper . . . . . . . . . . . . . . .8Internal Usermapper Roadmap. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9Using the Default Single-Celerra Usermapper Configuration . . . . . . . . .10Configuring a Multi-Celerra Usermapper Environment . . . . . . . . . . . . . .11

Task 1: Verify the Status of the Primary Usermapper Service . . . . .12Task 2: Disable the Primary Usermapper Service . . . . . . . . . . . . . . .12Task 3: Configure the Secondary Usermapper Service . . . . . . . . . .13Task 4: Verify the Status of the Secondary Usermapper Service . .13

Managing Usermapper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14Displaying Usermapper Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14Importing and Exporting Database Information . . . . . . . . . . . . . . . .17Modifying the Usermapper Database . . . . . . . . . . . . . . . . . . . . . . . . .20Backing Up Usermapper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20Modifying the usrmap.cfg File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21

Command Syntax Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25Changing Usermapper Default Configuration Settings . . . . . . . . . . . . . .29

What the Parameters Modify . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29Parameter Files and Formats. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31

Troubleshooting Usermapper. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32Error Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32Known Problems and Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . .33Events and Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33

Related Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34Want to Know More? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34

Appendix A: Migrating Windows NT Users to Windows 2000 Domains in Native Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35Appendix B: Usermapper Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38

Configuring Internal Usermapperfor CelerraP/N 300-001-640

Rev A02

Version 5.3August 2004

Configuring Internal Usermapper for Celerra2 of 40 Version 5.3

IntroductionInternal Usermapper is a Celerra® Network Server service that automatically maps each Windows user and group to a UNIX-style user ID (UID) and group ID (GID). Because the Celerra Network Server uses UIDs and GIDs to identify users, Windows users must be assigned UIDs and GIDs so that the Celerra Network Server can determine access to system objects, such as files, as well as enforce CIFS quotas.

This technical module is part of the Celerra Network Server information set and is intended for those users that configure and manage Internal Usermapper.

Note: Internal Usermapper replaces External Usermapper for new installations. New Celerra Network Server installations will use Internal Usermapper by default. External Usermapper Version 3.1 and lower versions will only be maintained for existing customers until they can transition to Internal Usermapper.

Note: All instances of the term Usermapper in this document refer to Internal Usermapper unless otherwise noted.

TerminologyThis section defines terms that are important to understanding Usermapper capabilities on the Celerra Network Server. Refer to the Celerra Network Server User Information Glossary for a complete list of Celerra terminology.

authentication: The process for verifying the identity of a user who is trying to access a resource or object, such as a file or a directory.

CIFS (Common Internet File System): A file-sharing protocol based on the Microsoft Server Message Block (SMB). It allows users to share file systems over the Internet and intranets.

Control Station: A hardware and software component of the Celerra Network Server that manages the system and provides the user interface to all Celerra components.

Data Mover: A Celerra Network Server component running the DART operating system that retrieves files from a storage device and makes the files available to a network client.

GID (group identifier): A number assigned to a particular group of users.

NIS (Network Information System): A distributed data lookup service that shares user and system information across a network, including usernames, passwords, home directories, groups, hostnames, IP addresses, and netgroup definitions.

primary Usermapper service: The instance of the Usermapper service that assigns UIDs and GIDs to Windows users and groups.

quota: A limit on the amount of allocated disk space as well as the number of files (inodes) that a user or group of users can create in a production file system. Quotas control the amount of disk space and the number of files that a user or group of users can consume.

3 of 40Version 5.3Configuring Internal Usermapper for Celerra

secondary Usermapper service: In a multi-Celerra environment, an instance of the Usermapper service that forwards requests for user mappings to the primary Usermapper service and returns those mappings to the Data Movers in addition to storing the mappings it processes.

SID (security identifier): A unique identifier that defines a user or group in a Microsoft Windows environment. Each user or group has its own SID.

UID (user identifier): A number that corresponds to a particular user.

user file: Refers to the passwd file that resides on each Data Mover.

Usermapper service: Software that assigns UIDs and GIDs to Windows users and groups asking the Celerra Network Server for access to system objects.

Restrictions Before you configure and run Usermapper, note these restrictions:

◆ You should have only one primary Usermapper in a Celerra Network Server environment.

◆ In a single Celerra, you should have only one instance of the Usermapper service, either primary or secondary. All the other Data Movers in that Celerra are clients of the primary or secondary service.

◆ In a multiple Celerra environment, the primary Usermapper service must be enabled before you configure any secondary Usermapper services.

◆ By default, Usermapper runs on the Data Mover in slot 2 (server_2). This is the preferred location from which to run the primary or secondary Usermapper service.

◆ You cannot configure a primary or secondary Usermapper service on a Virtual Data Mover (VDM).

◆ Usermapper should only be used in Windows-only environments. In a mixed UNIX and Windows environment, you should use manual mapping methods such as editing the local user and group files.

◆ You should not run Internal Usermapper and External Usermapper simultaneously in the same Celerra environment.

Cautions This section lists cautions for Usermapper.

!! CAUTION!! CAUTION

Do not modify the Usermapper database files. Windows users may have problems accessing files if you have modified the Usermapper database files.


Internal Usermapper Concepts Every user of the Celerra Network Server, either a Windows user or an UNIX user, is identified by a unique UID and GID. The UID and GID are used to authenticate users and allow access to system objects, such as files.

These identifiers are also used to enforce CIFS user quota limits. A quota is a limit placed on the number of allocated disk blocks/bytes as well as the number of files a user can create on a production file system (PFS). In other words, quotas provide a way of controlling the amount of disk space a user can consume.

Note: For connections from Windows users, file access checking is performed using security identifiers (SIDs) only. This is done to prevent errors due to UID mismatches and to reduce dependency on the Usermapper database.

Internal Usermapper is a Celerra service that automatically generates and maintains a database that maps SIDs to UIDs and GIDs for users or groups accessing file systems from a Windows domain. When a Data Mover receives a file access request from a new user or group in a Windows domain, the file access request includes the SID of the new user or group making the request. The following process takes place:

1. The Data Mover first checks its local user and group files for an existing SID to UID/GID mapping.

2. If none is found, and the Network Information Service (NIS) is configured, the Domain Controller is queried for the user or group name associated with the SID. NIS is queried for a UID/GID to associate with the name.

3. If none is found, and making queries to the Active Directory is configured, the Data Mover queries the Active Directory for a SID to UID/GID mapping.

Note: By default, the Active Directory is not queried for user mappings. This behavior can be changed by modifying the cifs.useADMap parameter. Contact your EMC Customer Support Representative for assistance.

4. If none is found, the Data Mover then determines if it has a mapping for the SID in its local Usermapper cache. If there is no such mapping, the Data Mover sends a mapping request to the primary Usermapper service.

5. The primary Usermapper service checks its database to determine if this user or group has already been assigned a UID/GID. If not, the primary Usermapper generates a new UID or GID and adds the new user or group to its database along with the mapping. It then returns the mapping to the Data Mover and the Data Mover permanently caches the mapping.

6. The user is then authenticated and permissions are checked to determine whether the user can access the system object.

7. If the primary Usermapper service is unavailable or if for some reason it cannot map the user or group, an error is logged in the server log and the user is not able to access system objects.


One instance of the Usermapper service serves as the primary Usermapper service, meaning it assigns UIDs and GIDs to Windows users and groups. By default, this instance is configured on the Data Mover in slot 2 (server_2).

The other Data Movers in a single Celerra environment are configured as clients of the primary Usermapper service, meaning they send mapping requests to the primary service when they do not find a mapping for a user or group in their local cache. By default, all the client Data Movers automatically issue a broadcast over the Celerra’s internal interfaces to discover the location of the primary Usermapper service.

In a multi-Celerra environment, other instances of the Usermapper service can serve as secondary Usermapper services. Like a primary Usermapper service, a secondary Usermapper service checks its database to determine if a user or group has already been assigned a UID/GID. If not, it forwards the mapping request to the primary Usermapper service. The primary Usermapper service checks its database and, if necessary, generates a new UID or GID, returning the mapping to the secondary Usermapper service. The secondary Usermapper service then adds the new user or group to its database along with the mapping and returns the mapping to the Data Mover. Secondary Usermapper services provide high availability by allowing mappings to be collected and stored on each Celerra in a multi-Celerra environment. If the secondary Usermapper service is unavailable, new users are not able to access files and existing users are only able to access files if the user is defined on the Data Mover.


System Requirements This section describes the Celerra Network Server software, hardware, network, and storage configurations required for using Usermapper as described in this technical module.

EMC NAS Interoperability MatrixRefer to the EMC NAS Interoperability Matrix for definitive information on supported software and hardware, such as backup software, Fibre Channel switches, and application support for Celerra network-attached storage (NAS) products.

To view the EMC NAS Interoperability Matrix:

1. Go to http://powerlink.emc.com.

2. Search for EMC NAS Interoperability Matrix.

3. In the Sort Search Results by box, select Score.

The EMC NAS Interoperability Matrix appears in the list.

Table 1 System Requirements for Usermapper

Software Celerra Network Server Version 5.3.

Hardware No specific hardware requirements.

Network No specific network requirements.

StorageVerify that there is sufficient space available in the root file system. Contact your EMC Customer Support Representative for assistance with determining size requirements.

https://powerlink.emc.com


Planning Considerations Before you begin using Internal Usermapper, you should consider the following situations:

◆ Usermapper stops mapping new UIDs and GIDs once the root file system of the Data Mover on which the Usermapper database is stored becomes 95% full and new users will not be allowed access to system objects. The size of the root file system that will be required is based on the number of users in your Windows environment. Contact your EMC Customer Support Representative for assistance with determining size requirements.

◆ If you are replicating a Windows environment that uses Usermapper or if you are using SRDF®, special Usermapper restrictions may apply. Contact your EMC Customer Support Representative for more information.

◆ Usermapper automatically assigns new UIDs and GIDs based on the next available value. Consequently it does not need to use a Usermapper configuration file to define UID and GID ranges. However, it is possible to import an existing usrmap.cfg and use this file to define UID and GID ranges. This is referred to as the manual mapping method.

If you do use the manual mapping method, you must manage UID and GID ranges for each domain as in External Usermapper, by modifying the usrmap.cfg file. Refer to Modifying the usrmap.cfg File on page 21 for more information.

Note: If there is no special reason to use particular UID and GID ranges for your environment’s domains, EMC encourages you to use the automatic mapping method and let Internal Usermapper automatically assign new UIDs and GIDs based on the next available values.


User Interface Choices The Celerra Network Server offers flexibility in managing networked storage based on your support environment and interface preferences. This technical module describes how to configure Usermapper using the command line interface (CLI). You can also perform many of these tasks using one of the Celerra management applications:

◆ Celerra Manager - Basic Edition

◆ Celerra Monitor

For more information about Celerra Manager, refer to Getting Started with Celerra Management in the documentation kit.

For instructions on installing Celerra Monitor, refer to the Installing Celerra Management Applications technical module on the Celerra Network Server User Information CD.

For a description of each application’s capabilities, refer to the Celerra Network Server Concepts and the applications’ online help systems on the user information CD.

Using Celerra Manager to Configure UsermapperCelerra Manager can be used to configure Internal Usermapper services as well as upgrade or migrate an existing External Usermapper by transferring the primary Usermapper service from the Control Station to the Data Mover. In addition, the CIFS configuration wizard can assist you in creating a basic Internal Usermapper configuration.

For more information on using Celerra Manager to configure Usermapper, refer to the Celerra Manager online help.


Internal Usermapper Roadmap This roadmap shows the process for configuring and managing Usermapper as described in this technical module. This process contains components that represent the sequential phases of the roadmap. In addition, any nonsequential phases are represented in the blocks at the base of the roadmap. Each phase contains the tasks required to complete the process.

Note: When viewing online, click the text in the roadmap to access that phase. To return to this roadmap from other pages, click the roadmap symbol at the center bottom of the page.

Managing Usermapper

Using the Default Single-Celerra Usermapper

Configuration

Configuring a Multi-Celerra Usermapper Environment


Using the Default Single-Celerra Usermapper ConfigurationWhen a new Celerra Network Server running software Version 5.3 is booted up for the first time, it is automatically configured with the default single-Celerra Usermapper configuration. In this situation, Usermapper is automatically enabled as a NAS service and no additional installation or configuration procedures are required.

The default Usermapper configuration consists of a single Celerra Network Server in which the Data Mover in slot 2 (server_2) is configured with the primary Usermapper service. The remaining Data Movers in the Celerra each cache all the SID-to-UID/GID mappings it has used. However, if one of these Data Movers is accessed by a user for whom it does not have a mapping, it queries the primary Usermapper service. Consequently, these Data Movers are clients of the primary Usermapper service. By default, all the Data Movers in the Celerra automatically issue a broadcast over the Celerra’s internal interfaces to discover the location of the primary Usermapper service.

Certain UID and GID values are reserved and cannot be mapped to SIDs. 0 is reserved for the UNIX root account. Additional numbers are reserved for maintenance. UID and GID values can start at 32K. The maximum possible value for UIDs and GIDs is imposed by the underlying file system. All domain users and groups accessing this file system are assigned UIDs and GIDs based on these definitions.

Note: As in a standard Celerra configuration, you can configure another Data Mover to serve as a failover Data Mover, providing a backup for the primary Usermapper service.

To verify the Usermapper configuration and display its current status, refer to Displaying Usermapper Status on page 14. If the primary Usermapper service is not automatically enabled, refer to Troubleshooting Usermapper on page 32.

Refer to Managing Usermapper on page 14 for information on managing your Usermapper environment.

Managing Usermapper

Using the Default Single-Celerra Usermapper

Configuration

Configuring a Multi-Celerra Usermapper

Environment


Configuring a Multi-Celerra Usermapper EnvironmentIf you have a Celerra Network Server environment in which there is more than one Celerra Network Server that shares the same Windows domain space, the default Usermapper configuration is not suitable. In this situation, you must modify the default Usermapper configuration on all the additional Celerra Network Servers to use one primary Usermapper service. In this situation, EMC recommends a configuration in which the Data Mover located in slot 2 (server_2) of each of the additional Celerras is configured as a secondary Usermapper service. The remaining Data Movers in each Celerra then send mapping requests to their local secondary Usermapper service, and each secondary Usermapper service then forwards these requests to the single primary Usermapper service.

Note: The secondary Usermapper service sends mapping requests to the primary Usermapper service one at a time and only when needed. Consequently, all the secondary Usermapper services in an environment may not have the same entries in their databases.

Note: If you have a Celerra Network Server environment in which there multiple Celerra Network Servers that do not share the same Windows domain, each domain should be configured with its own primary Usermapper service.

Note: In the following description, the Celerra Network Server that supports the primary Usermapper service is referred to as Celerra 1 and the Celerra Network Server that runs the secondary Usermapper service is referred to as Celerra 2.

Managing Usermapper


Environment

Using the Default Single-Celerra Usermapper Configuration

Table 2 Configuring a Multi-Celerra Usermapper Environment Tasks

Task Action Procedure

1. On the first Celerra, verify that the primary Usermapper service is enabled.

Verify the Status of the Primary Usermapper Service on page 12

2. On the second Celerra, disable the default primary Usermapper service.

Disable the Primary Usermapper Service on page 12

3. On the second Celerra, configure a secondary Usermapper service.

Configure the Secondary Usermapper Service on page 13

4. On the second Celerra, verify that the secondary Usermapper service is enabled.

Verify the Status of the Secondary Usermapper Service on page 13


Task 1: Verify the Status of the Primary Usermapper Service On Celerra 1, verify that the primary Usermapper service is enabled on server_2. This is the default configuration.

Task 2: Disable the Primary Usermapper ServiceSince the default Usermapper configuration always designates the Data Mover in slot 2 (server_2) as supporting the primary Usermapper service, you must specifically configure a Data Mover on Celerra 2 to support a secondary Usermapper service.

On Celerra 2, disable the primary Usermapper service that is enabled by default.

Note: No user mapping requests should be sent to the primary Usermapper service on Celerra 2 before you have reconfigured it. Consequently, you should not configure CIFS on the Celerra 2 Data Movers until the Usermapper service is reconfigured as a secondary service.

Action

To verify that the primary Usermapper service is enabled, use this command syntax: $ server_usermapper <movername>

Where: <movername> = name of the specified Data Mover Example:To verify that the primary Usermapper service is enabled on server_2 of Celerra 1, type: $ server_usermapper server_2

Output

server_2 : Usrmapper service: EnabledService Class: Primary

Action

To disable the primary Usermapper service, use this command syntax: $ server_usermapper <movername> -disable

Where: <movername> = name of the specified Data MoverExample:To disable the primary Usermapper service on server_2 of Celerra 2, type: $ server_usermapper server_2 -disable

Output

server_2 : done


Task 3: Configure the Secondary Usermapper ServiceOnce you have disabled the primary Usermapper service on Celerra 2, you can configure server_2 to run as a secondary Usermapper service.

When you enable a secondary Usermapper service, you also indicate the location of the primary Usermapper service to which the secondary service will send mapping requests by specifying the IP address of the Data Mover on which the primary service is located.

Note: The primary Usermapper service must be enabled before you can configure a secondary service.

Task 4: Verify the Status of the Secondary Usermapper Service Verify that the secondary Usermapper service has been enabled on server_2 of Celerra 2.

Action

To enable a secondary Usermapper service, use this command syntax: $ server_usermapper <movername> -enable primary=<ip addr>

Where: <movername> = name of the specified Data Mover <ip addr> = network IP address of the Data Mover on which the primary Usermapper service is runnning Example:To enable a secondary Usermapper service on server_2 of Celerra 2, type: $ server_usermapper server_2 -enable primary=192.168.21.1

Output

server_2 : done

Action

To verify that the secondary Usermapper service is enabled, use this command syntax: $ server_usermapper <movername>

Where: <movername> = name of the specified Data Mover Example:To verify that the secondary Usermapper service is enabled on server_2 of Celerra 2, type: $ server_usermapper server_2

Output

server_2 : Usrmapper service: EnabledService Class: SecondaryPrimary = 192.168.21.1


Managing Usermapper This section describes the tasks you can use to manage Usermapper.

Displaying Usermapper StatusYou can display Usermapper status on your Celerra Network Server using two commands. The server_usermapper command displays the status of Internal Usermapper services running on a Data Mover. The server_cifs command displays a Data Mover’s CIFS configuration, including the Usermapper service it is using.


Environment

Managing Usermapper

Using the Default Single-Celerra Usermapper Configuration

Action Procedure

Display Usermapper status. Displaying Usermapper Status on this page

Import and export user and group information. Importing and Exporting Database Information on page 17

Modify the Usermapper database. Modifying the Usermapper Database on page 20

Back up Usermapper Backing Up Usermapper on page 20

Modify the usrmap.cfg file Modifying the usrmap.cfg File on page 21


Displaying Usermapper Service InformationThe server_usermapper command displays the status of Internal Usermapper services running on a Data Mover, including:

◆ Whether the Usermapper is configured as a primary or secondary service.

◆ The IP address of the primary Usermapper service used by the secondary.

◆ The operational status of the service.

Action

To display the status of the Usermapper service, use this command syntax: $ server_usermapper <movername>

Where: <movername> = name of the specified Data MoverExample: To display the status of the Usermapper service on server_2, type: $ server_usermapper server_2

Output Notes

server_2 : Usrmapper service: EnabledService Class: SecondaryPrimary = 192.168.21.1

Usermapper has three operational states:- Uninitialized—When Usermapper is not available on the Data Mover- Initialized—When Usermapper has been created on the Data Mover but disabled for some reason- Enabled—When Usermapper is running

You should have only one instance of the Usermapper service, either primary or secondary, in a single Celerra. All the other Data Movers in that environment are clients of the primary or secondary service.


Displaying the Usermapper Service a Data Mover is UsingThe server_cifs command displays a Data Mover’s CIFS configuration, including the Usermapper service it is using.

Note: If you issue a server_cifs command for the Data Mover on which the Usermapper service is running (typically server_2), the Usermapper service listed displays the Data Mover’s loopback address (127.0.0.1) as the IP address of its Usermapper service.

Action

To display the Usermapper service used by a Data Mover, use this command syntax: $ server_cifs <movername>

Where: <movername> = name of the specified Data MoverExample:

To display the Usermapper service used by server_3, type: $ server_cifs server_3

Output

server_3 :96 Cifs threads startedSecurity mode = NTMax protocol = NT1I18N mode = UNICODEHome Directory Shares DISABLEDUsermapper auto broadcast enabled

Usermapper[0]=[192.168.1.2] state:active (auto discovered)Usermapper[1]=[192.168.2.2] state:active (auto discovered)

Default WINS servers = 192.168.4.230Enabled interfaces: (All interfaces are enabled)

Disabled interfaces: (No interface disabled)

Notes

This example shows that server_3 is using the Usermapper service located on server_2 at internal IP addresses 192.168.1.2 and 192.168.2.2, the service is available, and the service was located using the auto discovery broadcast.


Importing and Exporting Database InformationYou can import and export user and group information to and from the Usermapper database.

Importing Database InformationTypically, you would import information into the Usermapper database from a user and group file in order to reimport an edited Usermapper database, migrate the primary Usermapper service from one Data Mover to another, or upgrade or migrate your Usermapper configuration. Contact your EMC Customer Support Representative for assistance if you are migrating the primary Usermapper service from one Data Mover to another or if you are upgrading or migrating from External Usermapper to an Internal Usermapper configuration.

You use the -Import option to the server_usermapper command to import a user or group file. Usermapper can import files that use either of two formats: a standard UNIX format that corresponds to the /etc/passwd and /etc/group file formats, or a format that includes the SID in the first field, as shown in the following examples.

Note: These two file formats were referred to as Format 1 and Format 3 in External Usermapper.

Example of a user file entry in standard UNIX format (Format 1):

rob.hilder.dir:*:26831:903:rob.hilder.dir:/usr/rob.hilder.dir:/bin/sh

Example of a user file entry in SID-based format (Format 3):

S-1-5-15-139d2e78-56b177fd-5475b975-3323d:*:26831:903:user rob.hilder from domain dir:/usr/S-1-5-15-139d2e78-56b177fd-5475b975-3323d:/bin/sh

Example of a group file entry in standard UNIX format (Format 1):

people.mass.subscribers.db.dir:*:58362:people.mass.subscribers.db.dir:

Example of a group file entry in SID-based format (Format 3):

S-1-5-15-139d2e78-56b177fd-5475b975-2c3d6:*:58362:people.mass.subscribers.db.dir:


To import user information into the Usermapper database, use the following command syntax.

To import group information into the Usermapper database, use the following command syntax.

Action

To import user information into the Usermapper database, use this command syntax: $ server_usermapper <movername> -Import -user <pathname>

Where: <movername> = name of the specified Data Mover<pathname> = name and location of the user file to be importedExample: To import user information into the Usermapper database on server_2, type: $ server_usermapper server_2 -Import -user /nas/cifs/usrmapperV3/linux/usrmap.passwd

Output

server_2 : done

Action

To import group information into the Usermapper database, use this command syntax: $ server_usermapper <movername> -Import -group <pathname>

Where: <movername> = name of the specified Data Mover<pathname> = name and location of the user file to be importedExample: To import group information into the Usermapper database on server_2, type: $ server_usermapper server_2 -Import -group /nas/cifs/usrmapperV3/linux/usrmap.group

Output

server_2 : done


Exporting Database InformationTypically, you would export user and group information from the Usermapper database in order to migrate the primary Usermapper service, back up the Usermapper database, or collect information for troubleshooting.

You use the -Export option to the server_usermapper command to export a user or group file. Usermapper exports files in a format that includes the SID in the first field, as shown in the following examples.

Note: This file format was referred to as Format 3 in External Usermapper.

Example of a user file entry in SID-based format (Format 3):

S-1-5-15-139d2e78-56b177fd-5475b975-3323d:*:26831:903:user rob.hilder from domain dir:/usr/S-1-5-15-139d2e78-56b177fd-5475b975-3323d:/bin/sh

Example of a group file entry in SID-based format (Format 3):

S-1-5-15-139d2e78-56b177fd-5475b975-2c3d6:*:58362:people.mass.subscribers.db.dir:

To export user information from the Usermapper database, use the following command syntax.

Action

To export user information from the Usermapper database, use this command syntax: $ server_usermapper <movername> -Export -user <pathname>

Where: <movername> = name of the specified Data Mover<pathname> = name and location of the file to which information is to be exportedExample: To export user information from the Usermapper database on server_2, type: $ server_usermapper server_2 -Export -user /home/nasadmin/backup.passwd

Output

server_2 : done


To export group information from the Usermapper database, use the following command syntax.

Modifying the Usermapper DatabaseDo not modify the Usermapper database files. Windows users may have problems accessing files if you modify the Usermapper database files.

If an issue arises and you need to make a change to a Usermapper mapping entry, you must consult your EMC Customer Support Representative to determine the best course of action.

Note: Changes made to the Usermapper database are not reflected by a client Data Mover if the client Data Mover has already cached the existing Usermapper information in its local cache. If files and folders have already been created using the existing UIDs and GIDs, simply changing the UID or GID map will make file objects inaccessible.

Backing Up Usermapper Use the following procedure to backup your Internal Usermapper configuration.

Action

To export group information from the Usermapper database, use this command syntax: $ server_usermapper <movername> -Export -group <pathname>

Where: <movername> = name of the specified Data Mover<pathname> = name and location of the file to which information is to be exported Example: To export group information from the Usermapper database on server_2, type: $ server_usermapper server_2 -Export -group /home/nasadmin/backup.group

Output

server_2 : done

Step Action

1. As root, dump the password and group files to a specified directory, by typing: $ server_usermapper server_2 -Export -user /home/nasadmin/backup.passwd

$ server_usermapper server_2 -Export -group /home/nasadmin/backup.group

2. Make a backup copy of the current usrmap.cfg file (if one is in use), by typing:$ cp /nas/rootfs/slot_2/.etc/usrmapper/usrmap.cfg /home/nasadmin/usrmap.cfg

3. Also make a backup copy of the usrmap.settings file, by typing:$ cp /nas/rootfs/slot_2/.etc/usrmapper/usrmap.settings /home/nasadmin/usrmap.settings


Modifying the usrmap.cfg FileUsermapper automatically assigns new UIDs and GIDs based on the next available value. Consequently it does not need to use a Usermapper configuration file to define UID and GID ranges. However, it is possible to import an existing usrmap.cfg and use this file to define UID and GID ranges. If you use a usrmap.cfg file, you must manage UID and GID ranges for each domain as it was done in External Usermapper, by manually modifying the usrmap.cfg file. Refer to Planning Considerations on page 7 for more information.

Typically, the major reason for modifying the configuration file is to insert an additional GID and UID range to a domain record. Refer to Adding GID/UID Ranges to the usrmap.cfg File on page 23 for instructions.

Note: Use the UNIX text editors vi or Emacs to manually modify the configuration file. You can also use Windows Notepad. Do not use Microsoft Word to edit the configuration file.


If you must modify the Usermapper configuration file, do so with extreme caution and back up the existing Usermapper configuration before you begin. A misconfigured edit of the configuration file can corrupt the Usermapper database, a problem that can be corrected by restoring the database from the backup copy. For a description of the backup procedure, refer to Backing Up Usermapper on page 20.

usrmap.cfg File Format and Syntax The configuration file uses this format:domain_name[,FQDN]:GID_for_domain:start_UID_range:end_UID_ [,start_of_UID_range:end_UID_range],...:start_GID_range:end_GID_range[,start_GID_range:end_GID_range],...

Table 3 defines the record syntax of the usrmap.cfg file.

Table 3 Configuration Record Syntax

Item Meaning

domain_name[,FQDN] Windows NT domain name or Windows NT domain name and the fully qualified domain name (FQDN) in the case of a Windows 2000 domain.

Note: When there are Windows 2000 clients in the domain, you must append the FQDN to the right of the Windows NT domain name and separate the Windows NT domain name and the FQDN by a comma.

GID_for_domain GID for the domain to be configured.

start_UID_range First UID to be assigned from the domain.


The following rules apply to the Usermapper configuration file:

◆ Entries are not case-sensitive.

◆ Blank lines are allowed.

◆ Comment lines must begin the # symbol.

◆ A return is not required at the end of the last line.

Note: The usrmap.cfg file must always include a _history_sid_range_ record.There is only one _history_sid_range_ record regardless of how many domains exist and it must be the last entry in usrmap.cfg. It uses the following syntax:_history_sid_range_:GID_for_domain:start_UID_range:end_UID_range:start_GID_range:end_GID_rangeRefer to Appendix A: Migrating Windows NT Users to Windows 2000 Domains in Native Mode on page 35 for more information on the SID history record.

This is an example of a usrmap.cfg file: # UID range is from 3001 to 3199, GID is from 3001 to 3199domain_a:300:3001:3199:3001:3199# 2 UID ranges: 4001 to 4199 and 4501 to 4599domain_b:400:4001:4199,4501:4599:4001:4199# 2 GID ranges: 5001 to 5199 and 5500 to 5600domain_c:500:5001:5199:5001:5199,5500:5600# Domain alias and Fully Qualified Domain Namedomain_d1,domain_d.dom:700:7001:7199:7001:7199domain_d2,domain_d2.domain_d.dom:900:9001:9099:9001:9099# GIDs in 32bit range:# Note: 32bit GID support MUST be enabled if GIDs larger than 65535 are useddomain_d3,domain_d3.domain_d.dom:920:9201:9299:920100:929900_history_sid_range:1000:20000:25000:20000:25000

Note: The maximum total number of GIDs is 65,534 per file system. Individual GID values may be greater than this number. The largest supported GID value is 231-1 (about 2 billion).

end_UID_range Last UID to be assigned from the domain.

[,start_of_UID_range:end_UID_range],... Optional additional UID ranges separated by a comma between ranges.

Note: The,... denotes one or more occurrences.

start_GID_range First GID to be assigned from the domain.

end_GID_range Last GID to be assigned from the domain.

[,start_GID_range:end_GID_range],... Optional additional UID ranges separated by a comma between ranges.

Note: The,... denotes one or more occurrences.

Table 3 Configuration Record Syntax (Continued)

Item Meaning


Guidelines for Modifying usrmap.cfg Observe these guidelines before you modify the usrmap.cfg file:

◆ Do not reuse GID and UID ranges. If you remove a domain entry in the Usermapper configuration file, you cannot reuse its GID/UID ranges. The Usermapper database files do not recognize the new domain with the GIDs and the UIDs.

◆ Do not change the domain name in the domain record. If you want to change a domain name, add a new domain record to the configuration file with new GID/UID ranges.

◆ Do not move previously designated GID and UID ranges to another domain.

The following example illustrates the format of entries in the usermap.cfg file.cifs:2000:1000:1999,2001:3999:4000:4099,5001:5025

cifsa:6000:5050:5980:6001:6099

cifsb:7000:6200:6899:7001:7299

In this example:

◆ Users from the cifs domain are assigned UIDs from 1000 to 1999 and 2001 to 3999.

◆ Groups from the cifs domain are assigned GIDs from 4000 to 4099 and 5001 to 5025, with a domain GID of 2000.

Note: You can specify multiple UID and GID ranges by placing a comma between start_UID_range:end_UID_range and start_GID_range:end_GID_range pairs. Ensure that you do not add UID or GID ranges previously specified by other domain records.

◆ Two more domains, cifsa and cifsb, with a smaller number of users have been added to the Usermapper configuration file.

◆ The UID and GID ranges do not overlap.

◆ The ranges, as specified, allow for growth and additional UIDs and GIDs can be added from sequential numbers, as yet not specified. In other words, you can add GIDs 5026 through 5999 should later growth require more GIDs.

Adding GID/UID Ranges to the usrmap.cfg File When a domain begins to outgrow its number of GIDs and UIDs, you can insert an additional GID and UID range to the domain record in the configuration file. Do not add another domain record for the domain.

Use this procedure to add an additional GID/UID range to an existing usrmap.cfg file.

Step Action

1. Back up the usrmap.cfg file by copying it to another directory.

2. Log in to the Control Station as root.


3. On the Control Station, open the active Usermapper configuration file with a text editor.

4. With the configuration file open in the text editor, add an additional GID and UID range, subject to these conditions:• The ranges cannot overlap any other ranges in the configuration file.• Set sufficient GID/UID ranges to cover predicted growth.• Use this format:start_UID_range:end_UID_range,start_UID_range:end_UID_range: start_GID_range:end_GID_range,start_GID_range:end_GID_range

For example:Original domain record: ABCD:2000:1000:1999:4000:4099

Updated domain record: ABCD:2000:1000:1999,2001:3999:4000:4099,5001:5099

5. Save and exit the file.

Step Action


Command Syntax Summary This section summarizes the syntax for the server_usermapper command used in this technical module.

For a more detailed synopsis of the command or to view syntax conventions, refer to the Celerra Network Server Command Reference Manual.

Table 4 server_usermapper Syntax Summary

Command Description

server_usermapper { <movername> | ALL }

Displays the status of Internal Usermapper services running on the Data Mover, including: • Whether the Usermapper is configured as a

primary or secondary service.• The IP address of the primary Usermapper

service used by the secondary. • The operational status of the service.The following is an example of the status display: server_2:Usrmapper service: EnabledService Class: SecondaryPrimary = 192.168.1.5

Option Description

-disable Disables the Usermapper service on the specified Data Mover.

Note: Usermapper must be disabled before you make any configuration changes including:- Changing from a primary to a secondary service- Importing a Usermapper database using the -force option. - Issuing the -remove -all command.


-enable [primary=<ip_addr>] | [secondaries=<ip_addr>,...] [config=<pathname>]

Enables the Usermapper service on the specified Data Mover.

CAUTION!Use the -enable command with caution. It changes a Data Mover’s relationship with Usermapper without confirming the change.

Note: You do not need to issue this option if you are using the default Internal Usermapper configuration. In this case, primary Usermapper is automatically enabled when the NAS software is installed. You only need to issue this option if you are modifying a default Internal Usermapper configuration, or if you are upgrading from External to Internal Usermapper. Contact EMC Customer Support for assistance if you are upgrading.

If the instance of Usermapper you are configuring is to serve as a secondary, use the primary option to indicate the primary Usermapper to which this secondary will send mapping requests. The primary Usermapper is identified by its network IP address.

Note: The secondaries option is currently not supported.

Use the config option to indicate an existing Usermapper configuration file that should be accessed by the primary Usermapper service. This option is only relevant if you are upgrading from External to Internal Usermapper. Contact EMC Customer Support for assistance if you are upgrading.

Note: If there is no special reason to use particular UID and GID ranges for your environment’s domains, EMC encourages you to use the automatic mapping method and let Internal Usermapper automatically assign new UIDs/GIDs based on the next available values.If you need to use an existing Usermapper configuration file, you must specify the config option during the upgrade or migration procedure, that is, before Internal Usermapper has begun issuing default UIDs and GIDs. In addition, the primary Usermapper service must be disabled before you can import an existing configuration file.

Option Description


-Export { -user | -group } <pathname>

Exports all the SID, user, and group information from the Usermapper databases to the file specified by <pathname>. The SID appears in the first field of the output file (Usermapper Format 3 dump format). You can specify any filename but the name should include the suffix .passwd or .group depending on the file type. This option is relevant only for a primary Usermapper service.

-Import { -user | -group } [ -force ] <pathname>

Imports Usermapper database information from the file specified by pathname.

Note: The Usermapper service must be disabled before you can import database information.

By default, only new entries are added to the Usermapper database. If an entry in the imported file does not match a similar entry in the existing database, the entry in the imported file is ignored unless the -force option is selected. If -force is selected, the existing database is deleted and replaced with new entries.

CAUTION!EMC recommends that you consult with Customer Support before issuing the -force option. This option overwrites the existing Usermapper database file.

If you decide to use the -force option, you should first back up your existing Usermapper database file and usrmap.cfg file (if one is in use).

Option Description


-remove -all Removes all entries from the Usermapper databases and destroys the database structure.

Note: The Usermapper service must be disabled before you can issue the -remove -all option.

CAUTION!EMC recommends that you consult with Customer Support before issuing the -remove -all option. This option deletes all Usermapper database entries and may result in users losing access to file systems.

If you decide to use the -remove -all option, you should first back up your existing Usermapper database file and usrmap.cfg file (if one is in use).

Option Description


Changing Usermapper Default Configuration SettingsUsermapper configuration settings are set by default but can be changed by modifying the server parameter file, /nas/server/slot_<x>/param (where x is the server number), which resides on the Data Mover. Usermapper uses the following parameters:

◆ usrmap minuid

◆ usrmap maxuid

◆ usrmap mingid

◆ usrmap maxgid

Refer to Parameter Files and Formats on page 31 for information on the parameter files.

What the Parameters ModifyTable 5 shows the Usermapper parameters and their values. For information on other Celerra parameters, refer to the Celerra Network Server Parameters Guide.

Note: If you have imported a pre-existing configuration file, these UID and GID range limits only apply when a new Usermapper database entry is created. Once the database is created, you cannot change maximum UID and GID values.

Use this procedure to modify the Usermapper parameters. Refer to Table 5 on this page for a description of the parameters.

Table 5 Usermapper Parameters

Module Parameter Value Comment/Description

usrmap minuid 16 - 2^31-1Default 16

Minimum UID value. minuid must be less than maxuid.

usrmap maxuid 16 - 2^31-1Default 2^31-1

Maximum UID value. maxuid must be greater than minuid.

usrmap mingid 16 - 2^31-1Default 16

Minimum GID value. mingid must be less than maxgid.

usrmap maxgid 16 - 2^31-1Default 2^31-1

Maximum GID value. maxgid must be greater than mingid.



Do not change other lines in the parameter file without a thorough knowledge of the potential effects on the system. Contact your EMC Customer Support Representative for more information.

Step Action

1. Log in to the Control Station.

2. Open /nas/server/slot_<x>/param with a text editor.

3. To change the range of UID and GID values, add one or more of the following parameters:param usrmap minuid=<min UID> param usrmap maxuid =<max UID>param usrmap mingid=<min GID> param usrmap maxgid =<max GID>If the line appears already, ensure that the parameter has the new value.

4. Close and save the file.

5. Reboot the Data Mover using this command syntax:$ server_cpu <movername> -reboot -monitor now

Where:<movername> = name of Data Mover controlled by the slot_<x>/param file.Example: slot_2/param affects server_2.


Parameter Files and Formats This section describes the parameter files and their formats.

Parameter Files Parameters are stored in text files, /nas/site/slot_param (system) and /nas/server/slot_<x>/param (server) and are read in sequence. Because these files might already contain parameter settings, it is recommended that you search the file for all occurrences of the parameter, and if found, modify one and remove any duplicates. However, if there is more than one entry for the same parameter, the last entry prevails.

To allow you to modify parameters for individual Data Movers, the values in the server file, /nas/server/slot_<x>/param, overwrite the values in the system file, /nas/site/slot_param.

For example, if you want the minimum UID value to be 25, the parameter value for usrmap.minuid must be set up as follows:

In the system parameter file, /nas/site/slot_param, type:

param usrmap minuid=25

Parameter File Format Parameters are formatted as follows:

param <module> <parameter>=<paramvalue>

Where:

<module> = name of module

<parameter> = name of parameter

<paramvalue> = the value associated with the parameter

Note: Parameters and their values are case-sensitive.


Troubleshooting Usermapper You can query the EMC WebSupport database for problem information, obtain release notes, or report a Celerra technical problem to EMC at Powerlink™, EMC's secure extranet site, at http://powerlink.emc.com. For additional information about using Powerlink and resolving problems, refer to the Celerra Problem Resolution Roadmap technical module on the Celerra Network Server User Information CD.

Error Messages Table 6 lists Usermapper error messages and their descriptions. These error messages are written to the Celerra Network Server’s system log (/nas/log/sys_log).

For more information, refer to the Celerra Network Server Error Message Guide.

Table 6 Usermapper Error Messages

Server Log Error Description Corrective Action

No UID mapping available.

(2,000,000,001)

A UID mapping is not available. This error message is only returned if you are using a usrmap.cfg file.

Check the corresponding domain description and allocate new space for UIDs.

No GID mapping available.

(2,000,000,002)

A GID mapping is not available. This error message is only returned if you are using a usrmap.cfg file.

Check the corresponding domain description and allocate new space for GIDs.

Primary down.

(2,000,000,006)

The primary Usermapper service is unreachable. This error message is only returned if the Data Mover is configured as a secondary Usermapper service.

Check the state of the primary Usermapper.

Internal error.

(2,000,000,007)

Generic issue.

No account found.

(2,000,000,010)

Requested reverse mapping for UID or GID cannot be found.

Unsupported request.

(2,000,000,011)

An unknown request has been received.

Invalid input error.

(2,000,000,013)

A V3 request is malformed. This error message is returned to Usermapper clients.



Known Problems and LimitationsTable 7 describes known problems that might occur when using Usermapper and presents solutions workarounds.

Events and NotificationsRefer to Appendix B: Usermapper Events on page 37 for a list of the Usermapper events. Refer to the Configuring Celerra Events and Notifications technical module for a description of how to configure the Celerra Network Server to record and display these events.

Table 7 Usermapper Known Problems and Workarounds

Known Problem Symptom Workaround

The primary Usermapper service must be enabled before secondary services can be configured.

When you issue the server_usermapper <movername> -enable primary= command, you receive the following error:Error 4020: <movername>:failed to complete command

Check the operational state of the primary service and enable it using the server_usermapper <movername> -enable command.

Internal Usermapper stops mapping new UIDs and GIDs once the root file system of the Data Mover where the Usermapper database is stored becomes 95% full. New users will not be allowed access to system objects.

The following errors are entered repeatedly in the server log for any additional mapping requests once root file system capacity is reached:error: -20 for user uid requesterror: -20 for group gid request

You should determine the size of the root file system required based on the number of users in your Windows environment. Contact your EMC Customer Support Representative for assistance with determining size requirements.


Related InformationFor specific information related to the features and functionality described in this technical module, refer to the following technical modules:

◆ Managing Celerra for the Windows Environment

◆ Configuring Celerra for the Windows Environment

◆ Using Windows Administrative Tools with Celerra

◆ Managing User Accounts on Celerra

◆ Configuring External Usermapper for Celerra

For general information on other EMC Celerra publications, refer to the Celerra Network Server User Information CD, which is supplied with your Celerra Network Server and also available at Powerlink at http://powerlink.emc.com.

Want to Know More?EMC Customer Education Courses are designed to help you learn how EMC storage products work together and integrate within your environment in order to maximize your entire infrastructure investment. EMC Customer Education features online, and hands-on training in state-of-the-art labs conveniently located throughout the world. EMC customer training courses are developed and delivered by EMC experts. For course information and registration, refer to EMC Powerlink, our customer and partner website on http://powerlink.emc.com.




Appendix A: Migrating Windows NT Users to Windows 2000 Domains in Native ModeUsermapper supports the SID (security identifier) History functionality in Windows 2000. This aids the migration of users from Windows NT domains to Windows 2000 native mode domains. To use the SID History, it must be enabled in Windows 2000 and on your Celerra system. Refer to your Windows 2000 documentation for the correct procedure for enabling SID History on your Windows 2000 systems. This section describes how to enable SID History on your Celerra Network Server.

How SID History WorksWith SID History enabled, when you are migrating users from a Windows NT domain or a Windows 2000 domain in mixed mode to a Windows 2000 domain in native mode, the Security Access Token contains the SID History from the Windows NT domain and a new SID from the Windows 2000 domain.

If you are using a Usermapper configuration file, you must add a unique record to usrmap.cfg on the Control Station before you begin the migration. This unique record begins with _history_sid_range_ and must be the last entry in usrmap.cfg. There is only one _history_sid_range_ record regardless of how many domains exist. It uses the following syntax:

_history_sid_range_:GID_for_domain:start_UID_range:end_UID_range:start_GID_range:end_GID_range

Note: The use of a usrmap.cfg file is not required in Internal Usermapper. Internal Usermapper automatically assigns UID and GID mappings, including SID history, by default.

The following two cases apply to Usermapper:

◆ A user, AlphaUser, was registered in the Usermapper database prior to the domain migration.

◆ A user, BetaUser, was not registered in the Usermapper database prior to the domain migration.

Previously Registered User

After the migration, the first time that AlphaUser accesses a file, the Data Mover recognizes the Security Access Token with the history and new SIDs. The Data Mover then queries Usermapper for mapping for both SIDs.

Usermapper returns mappings for both SIDs, assigning the original GID and UID to the history SID and assigning a new UID and GID to AlphaUser as a member of the Windows 2000 domain. Usermapper creates an entry for AlphaUser from the Windows 2000 domain in the Usermapper database files. Now the Data Mover allows AlphaUser to access all files bearing the history SID and the original GID and UID. Any ACLs created in the future bear the AlphaUser’s Windows 2000 SID.


Previously Unregistered User

BetaUser never accessed the Celerra as a member of the Windows NT domain. Consequently, BetaUser does not have an entry in the Usermapper database files. The first time that BetaUser accesses a file as a member of the Windows 2000 domain, the Data Mover does not recognize either SID and queries the Usermapper host. The Usermapper host recognizes the SID from the Windows NT domain and assigns a UID and a GID from the ranges assigned in the _history_SID_range_:GID_for_domain:start_UID_range:end_UID_range:start_GID_range:end_GID_range record in usrmap.cfg. This allows BetaUser to access any migrated information that bears the history SID.

Usermapper also recognizes the Windows 2000 domain name and assigns a new UID and GID to BetaUser as a member of the Windows 2000 domain. Usermapper creates an entry for BetaUser from the Windows 2000 domain in the Usermapper database files, assigning BetaUser from the Windows 2000 domain with a new UID and GID. Any files created in the future bear BetaUser’s new attributes.

Using the SID History RecordWhen you use the _history_sid_range_ record, use:

◆ Numbers for GID_for_domain and the UID and GID ranges that have not been specified in usrmap.cfg.

◆ Quantities for the UID and GID ranges that, as a minimum, equal the total quantities for the preceding UID and GID ranges in usrmap.cfg. For example, the record at the end of this file represents these conditions:domain_a:300:3001:3199:3001:3199domain_b:400:4001:4199:4001:4199domain_c:500:5001:5199:5001:5199domain_d,domain_d.dom:700:7001:8099:7001:8099domain_big5:600:6001:6099:6001:6099domain_lt9:610:6101:6199:6101:6199domain_lt1:620:6201:6299:6201:6299domain_jan:630:6301:6399:6301:6399domain_kot:640:6401:6499:6401:6499sirint5:650:6501:6599:6501:6599int_sirint6:660:6601:6699:6601:6699int_sirint7:670:6701:6799:6701:6799int_sirint8:680:6801:6899:6801:6899int_sirint9:690:6901:6999:6901:6999int_sirint1:810:8101:8199:8101:8199int_sirint2:820:8201:8299:8201:8299int_sirint3:830:8301:8399:8301:8399int_sirint4:840:8401:8499:8401:8499int_sirint5:850:8501:8599:8501:8599int_sirint10:860:8601:8699:8601:8699int_sirint11:870:8701:8799:8701:8799int_sirint12:880:8801:8899:8801:8899int_sirint13:890:8901:8999:8901:8999domain_d1,domain_d1.domain_d.dom:900:9001:9099:9001:9099domain_d2,domain_d2.domain_d.dom:910:9101:9199:9101:9199domain_d3,domain_d3.domain_d.dom:920:9201:9299:9201:9299_history_sid_range:1000:20000:25000:20000:25000

Note: Usermapper must be running before and during the migration.


Appendix B: Usermapper EventsTable 8 lists the Usermapper events. Refer to the Configuring Celerra Events and Notifications technical module for a description of how to configure the Celerra Network Server to record and display these events.

Table 8 USRMAP Events

FacilityName

Facility ID

FacilityDescription Event ID Event

Description

USRMAP 93 Monitors Usermapper events

0 Usermapper OK

1 Usermapper database created

2 Usermapper service enabled

3 Usermapper service stopped

4 Usermapper database destroyed

5 Usermapper available

6 Usermapper unreachable

7 Usermapper file system quota exceeded


Index

Symbols_history_sid_range_ 35

Ccautions 3command syntax 25configuration

default 10multicabinet 11secondary 11

configuration settings, modifying 29

Ddatabase, modifying 20

Eerror messages 32events, list of

USRMAP 37exporting database information 19External Usermapper 2

FFQDN 21

Hhistory SID, using in usrmap.cfg 35

Iimporting database information 17installation 10Internal Usermapper, see Usermapper

Mmapping process 4multiple GID and UID ranges 23

Pparameters 29

Sserver parameters, file format 31server_usermapper command 25SID history 35system requirements 6

Ttroubleshooting 32

UUsermapper

cautions 3configuration file

_history_sid_range_ 22, 35format 21GID range 21guidelines 23multiple GID and UID ranges 23UID range 21

default configuration 10error messages 32exporting database information 19importing database information 17mapping process 4modifying

database 20default settings 29

multicabinet configuration 11restrictions 3secondary configuration 11server_usermapper command 25user migration to Windows 2000 native mode domains 35using secondary service 5, 11

usrmap.cfg_history_sid_range_ 22, 35adding GID and UID ranges to a domain record 23format and syntax 21manually modifying 23


Notes

Copyright © 1998–2004 EMC® Corporation. All rights reserved.

EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice.

THE INFORMATION IN THIS PUBLICATION IS PROVIDED “AS IS.” EMC CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.

About This Technical ModuleAs part of its effort to continuously improve and enhance the performance and capabilities of the Celerra Network Server product line, EMC from time to time releases new revisions of Celerra hardware and software. Therefore, some functions described in this document may not be supported by all revisions of Celerra software or hardware presently in use. For the most up-to-date information on product features, see your product release notes. If your Celerra system does not offer a function described in this document, please contact your EMC representative for a hardware upgrade or software update.

Comments and Suggestions About the DocumentationYour suggestions will help us continue to improve the accuracy, organization, and overall quality of the user publications. Please send a message to [email protected] with your opinions of this document.

Version 5.3 40 of 40

441594 celerra file server

Documents