Reference Guide
ntxmap
ntxmap is used to associate a Windows account to a UNIX account when the name is different. For example, if there is a user
who has an account that is called Gerald on Windows but the account on UNIX is called Gerry, ntxmap is used to make the
correlation between the two.
SID to UID, primary GID mapping
The following sequence is the process used to resolve an SID to a UID, primary GID mapping:
1. secmap is searched for the SID. If the SID is found, the UID and GID mapping is resolved.
2. If the SID is not found in secmap, the Windows name related to the SID must be found.
a. The local group databases of the SMB servers of the NAS are searched for the SID. If the SID is found, the related
Windows name is the local user name along with the SMB server name.
b. If the SID is not found in the local group database, the DC of the domain is searched. If the SID is found, the related
Windows name is the user name. If the SID is not resolvable, access is denied.
3. The Windows name is translated into a UNIX name. The ntxmap is used for this purpose.
a. If the Windows name is found in ntxmap, the entry is used as the UNIX name.
b. If the Windows name is not found in ntxmap, the Windows name is used as the UNIX name.
4. The UDS (NIS server, LDAP server, or local files) is searched using the UNIX name.
a. If the UNIX user name is found in the UDS, the UID and GID mapping is resolved.
b. If the UNIX name is not found, but the automatic mapping for unmapped Windows accounts feature is enabled, the UID is
automatically assigned.
c. If the UNIX user name is not found in the UDS but there is a default UNIX account, the UID and GID mapping is resolved
to that of the default UNIX account.
d. If the SID is not resolvable, access is denied.
If the mapping is found, it is added in the persistent secmap database. If the mapping is not found, the failed mapping is added
to the persistent secmap database.
The following diagram illustrates the process used to resolve an SID to a UID, primary GID mapping:
SID
secmap
UID and
Primary
GID
In
secmap?
Yes
In Local
Group
Database?
In
Domain
Controller?
Windows Name
used for SMB-only
access
Windows
Name
Unknown SID
Access Denied
In
ntxmap?
No
Windows Name =
UNIX Name
In Local Files
or UDS?
Yes
Yes Yes UNIX Name
UID and
Primary
GID
Yes
No
No
No No
Automatic
Mapping?
UID and
Primary
GID
Yes
No
Default UNIX
Account?
UID and
Primary
GID
No
Yes
Failed Mapping
Access Denied
Figure 1. Process for resolving an SID to a UID, primary GID mapping
UID to SID mapping
The following sequence is the process used to resolve a UID to an SID mapping:
Authentication and access
21