Simple and advanced maps

User Name Mapping can be used to map Windows and UNIX users to each other in a variety of ways. In a simple user map, users in a Windows domain are implicitly mapped one-to-one to UNIX users on the basis of user name. When the Windows domain and the UNIX passwd and group files or Network Information Services (NIS) domain are identified, User Name Mapping maps users and groups who have the same name in both the Windows and UNIX or NIS domain. If there is no match for a user or group name in either place, that user or group is not mapped to anything.

You can use advanced maps to set up one-to-one or many-to-one mappings between UNIX users and groups and Windows users and groups. For example, several Windows user names could be mapped to one UNIX user name, or several Windows groups could be mapped to a UNIX group. Advanced maps can also be used when the same person or group has different names on Windows and UNIX.

Once maps are set up, users can log on to Windows using their Windows user name and password, and can then access UNIX resources without having to supply a UNIX user name and password. User Name Mapping checks the authenticity of the Windows user and issues the appropriate user identifier (UID) and group identifier (GID) for use with the UNIX system.

Likewise, UNIX users can log on to their computers and then access Windows files, with User Name Mapping providing the credentials.

If the same user appears in both a simple and an advanced map, the advanced map is used for authentication.

You can use both NIS maps and PCNFS passwd and group files to create advanced maps, and you can create multiple simple maps between Windows domains and NIS domains. When using PCNFS passwd and group maps, however, you can only create a simple map between one Windows domain and one set of passwd and group files.

For information about creating simple and advanced maps, see To configure simple maps, To create advanced maps for users, and To create advanced maps for groups.

For information about administering User Name Mapping, see Administering User Name Mapping.