Auto-generated ID mappings
Auto-generated ID mappings are the default. If no explicit mappings are created by the system administrator in the Active Directory using RFC 2307 attributes, all mappings between security identifiers (SIDs) and UNIX IDs will be created automatically using a reserved range in UNIX ID space.
Note: If you have a mix of GPFS running
on Windows and other Windows clients accessing the
integrated SMB server function, the ability to share data between
these clients has not been tested or validated. With protocol support,
the SMB server may also be configured to automatically generate ID
mapping. If you want to ensure that SMB users do not access data (share
ID mapping) with Windows users,
ensure that the automatic range for SMB server is different from this
range. The range of IDs automatically generated for the SMB server
can be controlled by mmuserauth.
Unless the default reserved ID range overlaps with an ID already in use, no further configuration is needed to use the auto-generated mapping function. If you have a specific file system or subtree that are only accessed by user applications from Windows nodes (even if AIX® or Linux nodes are used as NSD servers), auto-generated mappings will be sufficient for all application needs.
The default reserved ID range used by GPFS starts
with ID 15,000,000 and covers 15,000,000 IDs. The reserved range should
not overlap with any user or group ID in use on any AIX or Linux nodes.
To change the starting location or the size of the reserved ID range,
use the following GPFS configuration
parameters:
- sidAutoMapRangeLength
- Controls the length of the reserved range for Windows SID to UNIX ID mapping.
- sidAutoMapRangeStart
- Specifies the start of the reserved range for Windows SID to UNIX ID mapping.
Note: For planning purposes, remember that auto-generated ID mappings
are stored permanently with file system metadata. A change in the sidAutoMapRangeStart value
is only effective for file systems created after the configuration
change.