Table of ContentsView in Frames

How name mapping is used to secure SMB file access on SVMs with FlexVol volumes

User mapping between a Windows user and a UNIX user is a fundamental part of multiprotocol access. Multiprotocol access over SMB depends on user mapping between a user’s Windows identity and UNIX identity to evaluate the user’s rights to perform file and folder operations within volumes and qtrees.

Data ONTAP always maps the user’s Windows identity to the user’s UNIX identity during the authentication process. The information about the mapped UNIX user and the UNIX user's groups are saved with the Windows user's credential. Hence, a user credential also contains its mapped UNIX credential.

Data ONTAP maps user names. It does not map groups. However, because group membership is critically important when determining file access, as part of the mapping process the mapped UNIX user’s group membership is retrieved and cached along with the user mapping information.