Topic
  • 3 replies
  • Latest Post - ‏2014-09-12T22:55:13Z by hoangn
SchelePierre
SchelePierre
20 Posts

Pinned topic GPFS Windows SID UID mapping autogenerated

‏2013-07-04T11:07:15Z |

Hi,

From the GPFS V3.5 Advanced Administration guide, I see in Chapter 9 ("Identity Management on Windows")

Auto-generated ID mappings are the default. If no explicit mappings are created by the system
administrator in the Active Directory using Microsoft Identity Management for UNIX (IMU), all
mappings between security identifiers (SIDs) and UNIX IDs will be created automatically using a
reserved range in UNIX ID space.
...

The default reserved ID range used by GPFS starts with ID 15,000,000 and covers 15,000,000 IDs.
 

My question: is there documentation available on HOW a certain SID maps to an UID?

Is there an algorithm behind it (like Winbind's idmap_rid) - or is the first unknown SID assigned to first unallocated UID in that range?

Can Winbind / Samba SID-UID mapping be configured to behave in the same way as the GPFS auto-generated mappings ?

How can I see all user mappings that have been generated by GPFS so far? (SID<->UID)

Can I manually override / add SID<->UID mappings (eg wbinfo --set-uid-mapping)

 

 

Thanks!

Pieter

  • hoangn
    hoangn
    22 Posts

    Re: GPFS Windows SID UID mapping autogenerated

    ‏2014-09-12T19:56:20Z  

    I also have the same question. I need a way to map the auto-generated UID back to the Windows SID.

    I was trying to do it via wbinfo but no luck.

     

    # wbinfo -u
    MAUI+administrator
    MAUI+guest
    MAUI+krbtgt
    MAUI+root
    MAUI+testuser
    # wbinfo -n testuser
    S-1-5-21-646485082-4284454498-2830906268-1117 SID_USER (1)
    # wbinfo -S S-1-5-21-646485082-4284454498-2830906268-1117
    Could not convert sid S-1-5-21-646485082-4284454498-2830906268-1117 to uid


     

    Updated on 2014-09-12T19:58:13Z at 2014-09-12T19:58:13Z by hoangn
  • vpaul
    vpaul
    89 Posts

    Re: GPFS Windows SID UID mapping autogenerated

    ‏2014-09-12T20:22:37Z  
    • hoangn
    • ‏2014-09-12T19:56:20Z

    I also have the same question. I need a way to map the auto-generated UID back to the Windows SID.

    I was trying to do it via wbinfo but no luck.

     

    # wbinfo -u
    MAUI+administrator
    MAUI+guest
    MAUI+krbtgt
    MAUI+root
    MAUI+testuser
    # wbinfo -n testuser
    S-1-5-21-646485082-4284454498-2830906268-1117 SID_USER (1)
    # wbinfo -S S-1-5-21-646485082-4284454498-2830906268-1117
    Could not convert sid S-1-5-21-646485082-4284454498-2830906268-1117 to uid


     

    Hello,

    The GPFS SID-to-uid mappings can be seen via "mmfsadm  dump  winsec". The algorithm to auto-generate uids for unmapped SIDs is internal and cannot be overridden.

    Thanks.

  • hoangn
    hoangn
    22 Posts

    Re: GPFS Windows SID UID mapping autogenerated

    ‏2014-09-12T20:48:55Z  
    • vpaul
    • ‏2014-09-12T20:22:37Z

    Hello,

    The GPFS SID-to-uid mappings can be seen via "mmfsadm  dump  winsec". The algorithm to auto-generate uids for unmapped SIDs is internal and cannot be overridden.

    Thanks.

    It didn't return any results.

    # ls -l
    total 16
    -rwx------ 1 15000000 15000009  163 Sep 12 09:19 New Rich Text Document.rtf
    -rwxrwxr-x 1 15000000 15000009 8438 Sep 12 09:02 New Text Document.txt
    -rwx------ 1 15000056 15000009    9 Sep 12 13:47 testuser2.txt

     

    # mmfsadm  dump  winsec

    Windows Security data

    Per-filesystem WinSec data:


    Stripe group gpfs:
    winSecP is NULL

    Updated on 2014-09-12T20:49:21Z at 2014-09-12T20:49:21Z by hoangn
  • vpaul
    vpaul
    89 Posts

    Re: GPFS Windows SID UID mapping autogenerated

    ‏2014-09-12T22:40:31Z  
    • hoangn
    • ‏2014-09-12T20:48:55Z

    It didn't return any results.

    # ls -l
    total 16
    -rwx------ 1 15000000 15000009  163 Sep 12 09:19 New Rich Text Document.rtf
    -rwxrwxr-x 1 15000000 15000009 8438 Sep 12 09:02 New Text Document.txt
    -rwx------ 1 15000056 15000009    9 Sep 12 13:47 testuser2.txt

     

    # mmfsadm  dump  winsec

    Windows Security data

    Per-filesystem WinSec data:


    Stripe group gpfs:
    winSecP is NULL

    Did you run the "mmfsadm dum winsec" on a GPFS Windows node?

  • hoangn
    hoangn
    22 Posts

    Re: GPFS Windows SID UID mapping autogenerated

    ‏2014-09-12T22:55:13Z  
    • vpaul
    • ‏2014-09-12T22:40:31Z

    Did you run the "mmfsadm dum winsec" on a GPFS Windows node?

    Sorry, that was the problem. THANK YOU!