Configuring Internal Usermapper for Celerra

P/N 300-001-640 Rev A02

Version 5.3
August 2004

Contents
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2 Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2 Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3 Cautions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3 Internal Usermapper Concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4 System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6 EMC NAS Interoperability Matrix. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6 Planning Considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7 User Interface Choices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8 Using Celerra Manager to Configure Usermapper . . . . . . . . . . . . . . .8 Internal Usermapper Roadmap. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9 Using the Default Single-Celerra Usermapper Configuration . . . . . . . . .10 Configuring a Multi-Celerra Usermapper Environment . . . . . . . . . . . . . .11 Task 1: Verify the Status of the Primary Usermapper Service . . . . .12 Task 2: Disable the Primary Usermapper Service . . . . . . . . . . . . . . .12 Task 3: Configure the Secondary Usermapper Service . . . . . . . . . .13 Task 4: Verify the Status of the Secondary Usermapper Service . .13 Managing Usermapper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14 Displaying Usermapper Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14 Importing and Exporting Database Information . . . . . . . . . . . . . . . .17 Modifying the Usermapper Database . . . . . . . . . . . . . . . . . . . . . . . . .20 Backing Up Usermapper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20 Modifying the usrmap.cfg File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21 Command Syntax Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25 Changing Usermapper Default Configuration Settings . . . . . . . . . . . . . .29 What the Parameters Modify . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29 Parameter Files and Formats. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31 Troubleshooting Usermapper. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32 Error Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32 Known Problems and Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . .33 Events and Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33 Related Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34 Want to Know More? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34 Appendix A: Migrating Windows NT Users to Windows 2000 Domains in Native Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35 Appendix B: Usermapper Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38
1 of 40

Introduction
Internal Usermapper is a Celerra Network Server service that automatically maps each Windows user and group to a UNIX-style user ID (UID) and group ID (GID). Because the Celerra Network Server uses UIDs and GIDs to identify users, Windows users must be assigned UIDs and GIDs so that the Celerra Network Server can determine access to system objects, such as files, as well as enforce CIFS quotas. This technical module is part of the Celerra Network Server information set and is intended for those users that configure and manage Internal Usermapper.
Note: Internal Usermapper replaces External Usermapper for new installations. New Celerra Network Server installations will use Internal Usermapper by default. External Usermapper Version 3.1 and lower versions will only be maintained for existing customers until they can transition to Internal Usermapper. Note: All instances of the term Usermapper in this document refer to Internal Usermapper unless otherwise noted.

Terminology
This section defines terms that are important to understanding Usermapper capabilities on the Celerra Network Server. Refer to the Celerra Network Server User Information Glossary for a complete list of Celerra terminology.
authentication: The process for verifying the identity of a user who is trying to

access a resource or object, such as a file or a directory.

CIFS (Common Internet File System): A file-sharing protocol based on the Microsoft Server Message Block (SMB). It allows users to share file systems over the Internet and intranets. Control Station: A hardware and software component of the Celerra Network Server that manages the system and provides the user interface to all Celerra components. Data Mover: A Celerra Network Server component running the DART operating

system that retrieves files from a storage device and makes the files available to a network client.
GID (group identifier): A number assigned to a particular group of users. NIS (Network Information System): A distributed data lookup service that shares user and system information across a network, including usernames, passwords, home directories, groups, hostnames, IP addresses, and netgroup definitions. primary Usermapper service: The instance of the Usermapper service that assigns UIDs and GIDs to Windows users and groups. quota: A limit on the amount of allocated disk space as well as the number of files

(inodes) that a user or group of users can create in a production file system. Quotas control the amount of disk space and the number of files that a user or group of users can consume.

2 of 40 Version 5.3

Configuring Internal Usermapper for Celerra

secondary Usermapper service: In a multi-Celerra environment, an instance of the Usermapper service that forwards requests for user mappings to the primary Usermapper service and returns those mappings to the Data Movers in addition to storing the mappings it processes. SID (security identifier): A unique identifier that defines a user or group in a

Microsoft Windows environment. Each user or group has its own SID.
UID (user identifier): A number that corresponds to a particular user. user file: Refers to the passwd file that resides on each Data Mover. Usermapper service: Software that assigns UIDs and GIDs to Windows users and

groups asking the Celerra Network Server for access to system objects.

Restrictions
Before you configure and run Usermapper, note these restrictions:

You should have only one primary Usermapper in a Celerra Network Server environment. In a single Celerra, you should have only one instance of the Usermapper service, either primary or secondary. All the other Data Movers in that Celerra are clients of the primary or secondary service. In a multiple Celerra environment, the primary Usermapper service must be enabled before you configure any secondary Usermapper services. By default, Usermapper runs on the Data Mover in slot 2 (server_2). This is the preferred location from which to run the primary or secondary Usermapper service. You cannot configure a primary or secondary Usermapper service on a Virtual Data Mover (VDM). Usermapper should only be used in Windows-only environments. In a mixed UNIX and Windows environment, you should use manual mapping methods such as editing the local user and group files. You should not run Internal Usermapper and External Usermapper simultaneously in the same Celerra environment.

Cautions
This section lists cautions for Usermapper.

CAUTION

Do not modify the Usermapper database files. Windows users may have problems accessing files if you have modified the Usermapper database files.

Configuring Internal Usermapper for Celerra

Version 5.3

3 of 40

Internal Usermapper Concepts

Every user of the Celerra Network Server, either a Windows user or an UNIX user, is identified by a unique UID and GID. The UID and GID are used to authenticate users and allow access to system objects, such as files. These identifiers are also used to enforce CIFS user quota limits. A quota is a limit placed on the number of allocated disk blocks/bytes as well as the number of files a user can create on a production file system (PFS). In other words, quotas provide a way of controlling the amount of disk space a user can consume.
Note: For connections from Windows users, file access checking is performed using security identifiers (SIDs) only. This is done to prevent errors due to UID mismatches and to reduce dependency on the Usermapper database.

Internal Usermapper is a Celerra service that automatically generates and maintains a database that maps SIDs to UIDs and GIDs for users or groups accessing file systems from a Windows domain. When a Data Mover receives a file access request from a new user or group in a Windows domain, the file access request includes the SID of the new user or group making the request. The following process takes place: 1. The Data Mover first checks its local user and group files for an existing SID to UID/GID mapping. 2. If none is found, and the Network Information Service (NIS) is configured, the Domain Controller is queried for the user or group name associated with the SID. NIS is queried for a UID/GID to associate with the name. 3. If none is found, and making queries to the Active Directory is configured, the Data Mover queries the Active Directory for a SID to UID/GID mapping.
Note: By default, the Active Directory is not queried for user mappings. This behavior can be changed by modifying the cifs.useADMap parameter. Contact your EMC Customer Support Representative for assistance.

4. If none is found, the Data Mover then determines if it has a mapping for the SID in its local Usermapper cache. If there is no such mapping, the Data Mover sends a mapping request to the primary Usermapper service. 5. The primary Usermapper service checks its database to determine if this user or group has already been assigned a UID/GID. If not, the primary Usermapper generates a new UID or GID and adds the new user or group to its database along with the mapping. It then returns the mapping to the Data Mover and the Data Mover permanently caches the mapping. 6. The user is then authenticated and permissions are checked to determine whether the user can access the system object. 7. If the primary Usermapper service is unavailable or if for some reason it cannot map the user or group, an error is logged in the server log and the user is not able to access system objects.

4 of 40 Version 5.3

Configuring Internal Usermapper for Celerra

One instance of the Usermapper service serves as the primary Usermapper service, meaning it assigns UIDs and GIDs to Windows users and groups. By default, this instance is configured on the Data Mover in slot 2 (server_2). The other Data Movers in a single Celerra environment are configured as clients of the primary Usermapper service, meaning they send mapping requests to the primary service when they do not find a mapping for a user or group in their local cache. By default, all the client Data Movers automatically issue a broadcast over the Celerras internal interfaces to discover the location of the primary Usermapper service. In a multi-Celerra environment, other instances of the Usermapper service can serve as secondary Usermapper services. Like a primary Usermapper service, a secondary Usermapper service checks its database to determine if a user or group has already been assigned a UID/GID. If not, it forwards the mapping request to the primary Usermapper service. The primary Usermapper service checks its database and, if necessary, generates a new UID or GID, returning the mapping to the secondary Usermapper service. The secondary Usermapper service then adds the new user or group to its database along with the mapping and returns the mapping to the Data Mover. Secondary Usermapper services provide high availability by allowing mappings to be collected and stored on each Celerra in a multi-Celerra environment. If the secondary Usermapper service is unavailable, new users are not able to access files and existing users are only able to access files if the user is defined on the Data Mover.

Configuring Internal Usermapper for Celerra

Version 5.3

5 of 40

System Requirements
This section describes the Celerra Network Server software, hardware, network, and storage configurations required for using Usermapper as described in this technical module.
Table 1 System Requirements for Usermapper Celerra Network Server Version 5.3. No specific hardware requirements. No specific network requirements. Verify that there is sufficient space available in the root file system. Contact your EMC Customer Support Representative for assistance with determining size requirements.

Software Hardware Network Storage

EMC NAS Interoperability Matrix

Refer to the EMC NAS Interoperability Matrix for definitive information on supported software and hardware, such as backup software, Fibre Channel switches, and application support for Celerra network-attached storage (NAS) products. To view the EMC NAS Interoperability Matrix: 1. Go to http://powerlink.emc.com. 2. Search for EMC NAS Interoperability Matrix. 3. In the Sort Search Results by box, select Score. The EMC NAS Interoperability Matrix appears in the list.

6 of 40 Version 5.3

Configuring Internal Usermapper for Celerra

Planning Considerations
Before you begin using Internal Usermapper, you should consider the following situations:

Usermapper stops mapping new UIDs and GIDs once the root file system of the Data Mover on which the Usermapper database is stored becomes 95% full and new users will not be allowed access to system objects. The size of the root file system that will be required is based on the number of users in your Windows environment. Contact your EMC Customer Support Representative for assistance with determining size requirements. If you are replicating a Windows environment that uses Usermapper or if you are using SRDF, special Usermapper restrictions may apply. Contact your EMC Customer Support Representative for more information. Usermapper automatically assigns new UIDs and GIDs based on the next available value. Consequently it does not need to use a Usermapper configuration file to define UID and GID ranges. However, it is possible to import an existing usrmap.cfg and use this file to define UID and GID ranges. This is referred to as the manual mapping method. If you do use the manual mapping method, you must manage UID and GID ranges for each domain as in External Usermapper, by modifying the usrmap.cfg file. Refer to Modifying the usrmap.cfg File on page 21 for more information.
Note: If there is no special reason to use particular UID and GID ranges for your environments domains, EMC encourages you to use the automatic mapping method and let Internal Usermapper automatically assign new UIDs and GIDs based on the next available values.

Configuring Internal Usermapper for Celerra

Version 5.3

7 of 40

User Interface Choices

The Celerra Network Server offers flexibility in managing networked storage based on your support environment and interface preferences. This technical module describes how to configure Usermapper using the command line interface (CLI). You can also perform many of these tasks using one of the Celerra management applications:

Celerra Manager - Basic Edition Celerra Monitor

For more information about Celerra Manager, refer to Getting Started with Celerra Management in the documentation kit. For instructions on installing Celerra Monitor, refer to the Installing Celerra Management Applications technical module on the Celerra Network Server User Information CD. For a description of each applications capabilities, refer to the Celerra Network Server Concepts and the applications online help systems on the user information CD.

Using Celerra Manager to Configure Usermapper

Celerra Manager can be used to configure Internal Usermapper services as well as upgrade or migrate an existing External Usermapper by transferring the primary Usermapper service from the Control Station to the Data Mover. In addition, the CIFS configuration wizard can assist you in creating a basic Internal Usermapper configuration. For more information on using Celerra Manager to configure Usermapper, refer to the Celerra Manager online help.

8 of 40 Version 5.3

Configuring Internal Usermapper for Celerra

Internal Usermapper Roadmap

This roadmap shows the process for configuring and managing Usermapper as described in this technical module. This process contains components that represent the sequential phases of the roadmap. In addition, any nonsequential phases are represented in the blocks at the base of the roadmap. Each phase contains the tasks required to complete the process.
Note: When viewing online, click the text in the roadmap to access that phase. To return to this roadmap from other pages, click the roadmap symbol at the center bottom of the page.

Using the Default SingleCelerra Usermapper Configuration Configuring a Multi-Celerra Usermapper Environment

Managing Usermapper

Configuring Internal Usermapper for Celerra

Version 5.3

9 of 40

Using the Default Single-Celerra Usermapper Configuration

When a new Celerra Network Server running software Version 5.3 is booted up for the first time, it is automatically configured with the default single-Celerra Usermapper configuration. In this situation, Usermapper is automatically enabled as a NAS service and no additional installation or configuration procedures are required. The default Usermapper configuration consists of a single Celerra Network Server in which the Data Mover in slot 2 (server_2) is configured with the primary Usermapper service. The remaining Data Movers in the Celerra each cache all the SID-to-UID/GID mappings it has used. However, if one of these Data Movers is accessed by a user for whom it does not have a mapping, it queries the primary Usermapper service. Consequently, these Data Movers are clients of the primary Usermapper service. By default, all the Data Movers in the Celerra automatically issue a broadcast over the Celerras internal interfaces to discover the location of the primary Usermapper service. Certain UID and GID values are reserved and cannot be mapped to SIDs. 0 is reserved for the UNIX root account. Additional numbers are reserved for maintenance. UID and GID values can start at 32K. The maximum possible value for UIDs and GIDs is imposed by the underlying file system. All domain users and groups accessing this file system are assigned UIDs and GIDs based on these definitions.
Note: As in a standard Celerra configuration, you can configure another Data Mover to serve as a failover Data Mover, providing a backup for the primary Usermapper service.

Using the Default Single-Celerra Usermapper Configuration Configuring a MultiCelerra Usermapper Environment

Managing Usermapper

To verify the Usermapper configuration and display its current status, refer to Displaying Usermapper Status on page 14. If the primary Usermapper service is not automatically enabled, refer to Troubleshooting Usermapper on page 32. Refer to Managing Usermapper on page 14 for information on managing your Usermapper environment.

10 of 40 Version 5.3

Configuring Internal Usermapper for Celerra

Configuring a Multi-Celerra Usermapper Environment

If you have a Celerra Network Server environment in which there is more than one Celerra Network Server that shares the same Windows domain space, the default Usermapper configuration is not suitable. In this situation, you must modify the default Usermapper configuration on all the additional Celerra Network Servers to use one primary Usermapper service. In this situation, EMC recommends a configuration in which the Data Mover located in slot 2 (server_2) of each of the additional Celerras is configured as a secondary Usermapper service. The remaining Data Movers in each Celerra then send mapping requests to their local secondary Usermapper service, and each secondary Usermapper service then forwards these requests to the single primary Usermapper service.
Note: The secondary Usermapper service sends mapping requests to the primary Usermapper service one at a time and only when needed. Consequently, all the secondary Usermapper services in an environment may not have the same entries in their databases.
Managing Usermapper

Using the Default Single-Celerra Usermapper Configuration Configuring a MultiCelerra Usermapper Environment

Note: If you have a Celerra Network Server environment in which there multiple Celerra Network Servers that do not share the same Windows domain, each domain should be configured with its own primary Usermapper service.
Table 2 Configuring a Multi-Celerra Usermapper Environment Tasks

Task
1.

Action
On the first Celerra, verify that the primary Usermapper service is enabled. On the second Celerra, disable the default primary Usermapper service. On the second Celerra, configure a secondary Usermapper service. On the second Celerra, verify that the secondary Usermapper service is enabled.

Procedure
Verify the Status of the Primary Usermapper Service on page 12 Disable the Primary Usermapper Service on page 12 Configure the Secondary Usermapper Service on page 13 Verify the Status of the Secondary Usermapper Service on page 13

2.

3.

4.

Note: In the following description, the Celerra Network Server that supports the primary Usermapper service is referred to as Celerra 1 and the Celerra Network Server that runs the secondary Usermapper service is referred to as Celerra 2.

Configuring Internal Usermapper for Celerra

Version 5.3

11 of 40

Task 1: Verify the Status of the Primary Usermapper Service

On Celerra 1, verify that the primary Usermapper service is enabled on server_2. This is the default configuration.
Action
To verify that the primary Usermapper service is enabled, use this command syntax: $ server_usermapper <movername> Where: <movername> = name of the specified Data Mover Example: To verify that the primary Usermapper service is enabled on server_2 of Celerra 1, type: $ server_usermapper server_2

Output
server_2 : Usrmapper service: Enabled Service Class: Primary

Task 2: Disable the Primary Usermapper Service

Since the default Usermapper configuration always designates the Data Mover in slot 2 (server_2) as supporting the primary Usermapper service, you must specifically configure a Data Mover on Celerra 2 to support a secondary Usermapper service. On Celerra 2, disable the primary Usermapper service that is enabled by default.
Action
To disable the primary Usermapper service, use this command syntax: $ server_usermapper <movername> -disable Where: <movername> = name of the specified Data Mover Example: To disable the primary Usermapper service on server_2 of Celerra 2, type: $ server_usermapper server_2 -disable

Output
server_2 : done

Note: No user mapping requests should be sent to the primary Usermapper service on Celerra 2 before you have reconfigured it. Consequently, you should not configure CIFS on the Celerra 2 Data Movers until the Usermapper service is reconfigured as a secondary service.

12 of 40 Version 5.3

Configuring Internal Usermapper for Celerra

Task 3: Configure the Secondary Usermapper Service

Once you have disabled the primary Usermapper service on Celerra 2, you can configure server_2 to run as a secondary Usermapper service. When you enable a secondary Usermapper service, you also indicate the location of the primary Usermapper service to which the secondary service will send mapping requests by specifying the IP address of the Data Mover on which the primary service is located.
Note: The primary Usermapper service must be enabled before you can configure a secondary service. Action
To enable a secondary Usermapper service, use this command syntax: $ server_usermapper <movername> -enable primary=<ip addr> Where: <movername> = name of the specified Data Mover <ip addr> = network IP address of the Data Mover on which the primary Usermapper service is runnning Example: To enable a secondary Usermapper service on server_2 of Celerra 2, type: $ server_usermapper server_2 -enable primary=192.168.21.1

Output
server_2 : done

Task 4: Verify the Status of the Secondary Usermapper Service

Verify that the secondary Usermapper service has been enabled on server_2 of Celerra 2.
Action
To verify that the secondary Usermapper service is enabled, use this command syntax: $ server_usermapper <movername> Where: <movername> = name of the specified Data Mover Example: To verify that the secondary Usermapper service is enabled on server_2 of Celerra 2, type: $ server_usermapper server_2

Output
server_2 : Usrmapper service: Enabled Service Class: Secondary Primary = 192.168.21.1

Configuring Internal Usermapper for Celerra

Version 5.3

13 of 40

Managing Usermapper
This section describes the tasks you can use to manage Usermapper.
Action
Display Usermapper status. Import and export user and group information.
Configuring a MultiCelerra Usermapper Environment

Using the Default Single-Celerra Usermapper Configuration

Procedure
Displaying Usermapper Status on this page Importing and Exporting Database Information on page 17 Modifying the Usermapper Database on page 20 Backing Up Usermapper on page 20 Modifying the usrmap.cfg File on page 21

Modify the Usermapper database.

Back up Usermapper Modify the usrmap.cfg file

Managing Usermapper

Displaying Usermapper Status

You can display Usermapper status on your Celerra Network Server using two commands. The server_usermapper command displays the status of Internal Usermapper services running on a Data Mover. The server_cifs command displays a Data Movers CIFS configuration, including the Usermapper service it is using.

14 of 40 Version 5.3

Configuring Internal Usermapper for Celerra

Displaying Usermapper Service Information

The server_usermapper command displays the status of Internal Usermapper services running on a Data Mover, including:

Whether the Usermapper is configured as a primary or secondary service. The IP address of the primary Usermapper service used by the secondary. The operational status of the service.

Action
To display the status of the Usermapper service, use this command syntax: $ server_usermapper <movername> Where: <movername> = name of the specified Data Mover Example: To display the status of the Usermapper service on server_2, type: $ server_usermapper server_2

Output
server_2 : Usrmapper service: Enabled Service Class: Secondary Primary = 192.168.21.1

Notes
Usermapper has three operational states: - UninitializedWhen Usermapper is not available on the Data Mover - InitializedWhen Usermapper has been created on the Data Mover but disabled for some reason - EnabledWhen Usermapper is running You should have only one instance of the Usermapper service, either primary or secondary, in a single Celerra. All the other Data Movers in that environment are clients of the primary or secondary service.

Configuring Internal Usermapper for Celerra

Version 5.3

15 of 40

Displaying the Usermapper Service a Data Mover is Using

The server_cifs command displays a Data Movers CIFS configuration, including the Usermapper service it is using.
Note: If you issue a server_cifs command for the Data Mover on which the Usermapper service is running (typically server_2), the Usermapper service listed displays the Data Movers loopback address (127.0.0.1) as the IP address of its Usermapper service.

Action
To display the Usermapper service used by a Data Mover, use this command syntax: $ server_cifs <movername> Where: <movername> = name of the specified Data Mover Example: To display the Usermapper service used by server_3, type: $ server_cifs server_3

Output
server_3 : 96 Cifs threads started Security mode = NT Max protocol = NT1 I18N mode = UNICODE Home Directory Shares DISABLED Usermapper auto broadcast enabled Usermapper[0]=[192.168.1.2] state:active (auto discovered) Usermapper[1]=[192.168.2.2] state:active (auto discovered) Default WINS servers = 192.168.4.230 Enabled interfaces: (All interfaces are enabled) Disabled interfaces: (No interface disabled)

Notes
This example shows that server_3 is using the Usermapper service located on server_2 at internal IP addresses 192.168.1.2 and 192.168.2.2, the service is available, and the service was located using the auto discovery broadcast.

16 of 40 Version 5.3

Configuring Internal Usermapper for Celerra

Importing and Exporting Database Information

You can import and export user and group information to and from the Usermapper database.

Importing Database Information

Typically, you would import information into the Usermapper database from a user and group file in order to reimport an edited Usermapper database, migrate the primary Usermapper service from one Data Mover to another, or upgrade or migrate your Usermapper configuration. Contact your EMC Customer Support Representative for assistance if you are migrating the primary Usermapper service from one Data Mover to another or if you are upgrading or migrating from External Usermapper to an Internal Usermapper configuration. You use the -Import option to the server_usermapper command to import a user or group file. Usermapper can import files that use either of two formats: a standard UNIX format that corresponds to the /etc/passwd and /etc/group file formats, or a format that includes the SID in the first field, as shown in the following examples.
Note: These two file formats were referred to as Format 1 and Format 3 in External Usermapper.

Example of a user file entry in standard UNIX format (Format 1): rob.hilder.dir:*:26831:903:rob.hilder.dir:/usr/ rob.hilder.dir:/bin/sh Example of a user file entry in SID-based format (Format 3): S-1-5-15-139d2e78-56b177fd-5475b975-3323d:*:26831:903:user rob.hilder from domain dir:/usr/S-1-5-15-139d2e78-56b177fd5475b975-3323d:/bin/sh Example of a group file entry in standard UNIX format (Format 1): people.mass.subscribers.db.dir:*:58362:people.mass.subscriber s.db.dir: Example of a group file entry in SID-based format (Format 3): S-1-5-15-139d2e78-56b177fd-5475b9752c3d6:*:58362:people.mass.subscribers.db.dir:

Configuring Internal Usermapper for Celerra

Version 5.3

17 of 40

To import user information into the Usermapper database, use the following command syntax.
Action
To import user information into the Usermapper database, use this command syntax: $ server_usermapper <movername> -Import -user <pathname> Where: <movername> = name of the specified Data Mover <pathname> = name and location of the user file to be imported Example: To import user information into the Usermapper database on server_2, type: $ server_usermapper server_2 -Import -user /nas/cifs/usrmapperV3/linux/ usrmap.passwd

Output
server_2 : done

To import group information into the Usermapper database, use the following command syntax.
Action
To import group information into the Usermapper database, use this command syntax: $ server_usermapper <movername> -Import -group <pathname> Where: <movername> = name of the specified Data Mover <pathname> = name and location of the user file to be imported Example: To import group information into the Usermapper database on server_2, type: $ server_usermapper server_2 -Import -group /nas/cifs/usrmapperV3/linux/ usrmap.group

Output
server_2 : done

18 of 40 Version 5.3

Configuring Internal Usermapper for Celerra

Exporting Database Information

Typically, you would export user and group information from the Usermapper database in order to migrate the primary Usermapper service, back up the Usermapper database, or collect information for troubleshooting. You use the -Export option to the server_usermapper command to export a user or group file. Usermapper exports files in a format that includes the SID in the first field, as shown in the following examples.
Note: This file format was referred to as Format 3 in External Usermapper.

Example of a user file entry in SID-based format (Format 3): S-1-5-15-139d2e78-56b177fd-5475b975-3323d:*:26831:903:user rob.hilder from domain dir:/usr/S-1-5-15-139d2e78-56b177fd5475b975-3323d:/bin/sh Example of a group file entry in SID-based format (Format 3): S-1-5-15-139d2e78-56b177fd-5475b9752c3d6:*:58362:people.mass.subscribers.db.dir: To export user information from the Usermapper database, use the following command syntax.
Action
To export user information from the Usermapper database, use this command syntax: $ server_usermapper <movername> -Export -user <pathname> Where: <movername> = name of the specified Data Mover <pathname> = name and location of the file to which information is to be exported Example: To export user information from the Usermapper database on server_2, type: $ server_usermapper server_2 -Export -user /home/nasadmin/backup.passwd

Output
server_2 : done

Configuring Internal Usermapper for Celerra

Version 5.3

19 of 40

To export group information from the Usermapper database, use the following command syntax.
Action
To export group information from the Usermapper database, use this command syntax: $ server_usermapper <movername> -Export -group <pathname> Where: <movername> = name of the specified Data Mover <pathname> = name and location of the file to which information is to be exported Example: To export group information from the Usermapper database on server_2, type: $ server_usermapper server_2 -Export -group /home/nasadmin/backup.group

Output
server_2 : done

Modifying the Usermapper Database

Do not modify the Usermapper database files. Windows users may have problems accessing files if you modify the Usermapper database files. If an issue arises and you need to make a change to a Usermapper mapping entry, you must consult your EMC Customer Support Representative to determine the best course of action.
Note: Changes made to the Usermapper database are not reflected by a client Data Mover if the client Data Mover has already cached the existing Usermapper information in its local cache. If files and folders have already been created using the existing UIDs and GIDs, simply changing the UID or GID map will make file objects inaccessible.

Backing Up Usermapper
Use the following procedure to backup your Internal Usermapper configuration.
Step
1.

Action
As root, dump the password and group files to a specified directory, by typing: $ server_usermapper server_2 -Export -user /home/nasadmin/ backup.passwd $ server_usermapper server_2 -Export -group /home/nasadmin/ backup.group

2.

Make a backup copy of the current usrmap.cfg file (if one is in use), by typing: $ cp /nas/rootfs/slot_2/.etc/usrmapper/usrmap.cfg /home/nasadmin/ usrmap.cfg

3.

Also make a backup copy of the usrmap.settings file, by typing: $ cp /nas/rootfs/slot_2/.etc/usrmapper/usrmap.settings /home/ nasadmin/usrmap.settings

20 of 40 Version 5.3

Configuring Internal Usermapper for Celerra

Modifying the usrmap.cfg File

Usermapper automatically assigns new UIDs and GIDs based on the next available value. Consequently it does not need to use a Usermapper configuration file to define UID and GID ranges. However, it is possible to import an existing usrmap.cfg and use this file to define UID and GID ranges. If you use a usrmap.cfg file, you must manage UID and GID ranges for each domain as it was done in External Usermapper, by manually modifying the usrmap.cfg file. Refer to Planning Considerations on page 7 for more information. Typically, the major reason for modifying the configuration file is to insert an additional GID and UID range to a domain record. Refer to Adding GID/UID Ranges to the usrmap.cfg File on page 23 for instructions.
Note: Use the UNIX text editors vi or Emacs to manually modify the configuration file. You can also use Windows Notepad. Do not use Microsoft Word to edit the configuration file.

CAUTION

If you must modify the Usermapper configuration file, do so with extreme caution and back up the existing Usermapper configuration before you begin. A misconfigured edit of the configuration file can corrupt the Usermapper database, a problem that can be corrected by restoring the database from the backup copy. For a description of the backup procedure, refer to Backing Up Usermapper on page 20.

usrmap.cfg File Format and Syntax

The configuration file uses this format:
domain_name[,FQDN]:GID_for_domain:start_UID_range:end_UID_ [,start_of_UID_range:end_UID_range],...:start_GID_range:end_GID_range [,start_GID_range:end_GID_range],...

Table 3 defines the record syntax of the usrmap.cfg file.

Table 3 Configuration Record Syntax

Item
domain_name[,FQDN]

Meaning
Windows NT domain name or Windows NT domain name and the fully qualified domain name (FQDN) in the case of a Windows 2000 domain. Note: When there are Windows 2000 clients in the domain, you must append the FQDN to the right of the Windows NT domain name and separate the Windows NT domain name and the FQDN by a comma.

GID_for_domain start_UID_range

GID for the domain to be configured. First UID to be assigned from the domain.

Configuring Internal Usermapper for Celerra

Version 5.3

21 of 40

Table 3

Configuration Record Syntax (Continued)

Item
end_UID_range [,start_of_UID_range:end_UID_range],...

Meaning
Last UID to be assigned from the domain. Optional additional UID ranges separated by a comma between ranges. Note: The,... denotes one or more occurrences. First GID to be assigned from the domain. Last GID to be assigned from the domain. Optional additional UID ranges separated by a comma between ranges. Note: The,... denotes one or more occurrences.

start_GID_range end_GID_range [,start_GID_range:end_GID_range],...

The following rules apply to the Usermapper configuration file:

Entries are not case-sensitive. Blank lines are allowed. Comment lines must begin the # symbol. A return is not required at the end of the last line.

Note: The usrmap.cfg file must always include a _history_sid_range_ record.There is only one _history_sid_range_ record regardless of how many domains exist and it must be the last entry in usrmap.cfg. It uses the following syntax: _history_sid_range_:GID_for_domain:start_UID_range:end_UID_range: start_GID_range:end_GID_range Refer to Appendix A: Migrating Windows NT Users to Windows 2000 Domains in Native Mode on page 35 for more information on the SID history record.

This is an example of a usrmap.cfg file:

# UID range is from 3001 to 3199, GID is from 3001 to 3199 domain_a:300:3001:3199:3001:3199 # 2 UID ranges: 4001 to 4199 and 4501 to 4599 domain_b:400:4001:4199,4501:4599:4001:4199 # 2 GID ranges: 5001 to 5199 and 5500 to 5600 domain_c:500:5001:5199:5001:5199,5500:5600 # Domain alias and Fully Qualified Domain Name domain_d1,domain_d.dom:700:7001:7199:7001:7199 domain_d2,domain_d2.domain_d.dom:900:9001:9099:9001:9099 # GIDs in 32bit range: # Note: 32bit GID support MUST be enabled if GIDs larger than 65535 are used domain_d3,domain_d3.domain_d.dom:920:9201:9299:920100:929900 _history_sid_range:1000:20000:25000:20000:25000

Note: The maximum total number of GIDs is 65,534 per file system. Individual GID values may be greater than this number. The largest supported GID value is 231-1 (about 2 billion).

22 of 40 Version 5.3

Configuring Internal Usermapper for Celerra

Guidelines for Modifying usrmap.cfg

Observe these guidelines before you modify the usrmap.cfg file:

Do not reuse GID and UID ranges. If you remove a domain entry in the Usermapper configuration file, you cannot reuse its GID/UID ranges. The Usermapper database files do not recognize the new domain with the GIDs and the UIDs. Do not change the domain name in the domain record. If you want to change a domain name, add a new domain record to the configuration file with new GID/ UID ranges. Do not move previously designated GID and UID ranges to another domain.

The following example illustrates the format of entries in the usermap.cfg file.
cifs:2000:1000:1999,2001:3999:4000:4099,5001:5025 cifsa:6000:5050:5980:6001:6099 cifsb:7000:6200:6899:7001:7299

In this example:

Users from the cifs domain are assigned UIDs from 1000 to 1999 and 2001 to 3999. Groups from the cifs domain are assigned GIDs from 4000 to 4099 and 5001 to 5025, with a domain GID of 2000.
Note: You can specify multiple UID and GID ranges by placing a comma between start_UID_range:end_UID_range and start_GID_range:end_GID_range pairs. Ensure that you do not add UID or GID ranges previously specified by other domain records.

Two more domains, cifsa and cifsb, with a smaller number of users have been added to the Usermapper configuration file. The UID and GID ranges do not overlap. The ranges, as specified, allow for growth and additional UIDs and GIDs can be added from sequential numbers, as yet not specified. In other words, you can add GIDs 5026 through 5999 should later growth require more GIDs.

Adding GID/UID Ranges to the usrmap.cfg File

When a domain begins to outgrow its number of GIDs and UIDs, you can insert an additional GID and UID range to the domain record in the configuration file. Do not add another domain record for the domain. Use this procedure to add an additional GID/UID range to an existing usrmap.cfg file.
Step
1. 2.

Action
Back up the usrmap.cfg file by copying it to another directory. Log in to the Control Station as root.

Configuring Internal Usermapper for Celerra

Version 5.3

23 of 40

Step
3. 4.

Action
On the Control Station, open the active Usermapper configuration file with a text editor. With the configuration file open in the text editor, add an additional GID and UID range, subject to these conditions: The ranges cannot overlap any other ranges in the configuration file. Set sufficient GID/UID ranges to cover predicted growth. Use this format: start_UID_range:end_UID_range,start_UID_range:end_UID_range: start_GID_range:end_GID_range,start_GID_range:end_GID_range For example: Original domain record: ABCD:2000:1000:1999:4000:4099 Updated domain record: ABCD:2000:1000:1999,2001:3999:4000:4099,5001:5099

5.

Save and exit the file.

24 of 40 Version 5.3

Configuring Internal Usermapper for Celerra

Command Syntax Summary

This section summarizes the syntax for the server_usermapper command used in this technical module. For a more detailed synopsis of the command or to view syntax conventions, refer to the Celerra Network Server Command Reference Manual.
Table 4 server_usermapper Syntax Summary

Command
server_usermapper { <movername> | ALL }

Description
Displays the status of Internal Usermapper services running on the Data Mover, including: Whether the Usermapper is configured as a primary or secondary service. The IP address of the primary Usermapper service used by the secondary. The operational status of the service. The following is an example of the status display: server_2:Usrmapper service: Enabled Service Class: Secondary Primary = 192.168.1.5

Option
-disable

Description
Disables the Usermapper service on the specified Data Mover. Note: Usermapper must be disabled before you make any configuration changes including: - Changing from a primary to a secondary service - Importing a Usermapper database using the -force option. - Issuing the -remove -all command.

Configuring Internal Usermapper for Celerra

Version 5.3

25 of 40

Option
-enable [primary=<ip_addr>] | [secondaries=<ip_addr>,...] [config=<pathname>]

Description
Enables the Usermapper service on the specified Data Mover.

CAUTION

Use the -enable command with caution. It changes a Data Movers relationship with Usermapper without confirming the change.

Note: You do not need to issue this option if you are using the default Internal Usermapper configuration. In this case, primary Usermapper is automatically enabled when the NAS software is installed. You only need to issue this option if you are modifying a default Internal Usermapper configuration, or if you are upgrading from External to Internal Usermapper. Contact EMC Customer Support for assistance if you are upgrading. If the instance of Usermapper you are configuring is to serve as a secondary, use the primary option to indicate the primary Usermapper to which this secondary will send mapping requests. The primary Usermapper is identified by its network IP address. Note: The secondaries option is currently not supported. Use the config option to indicate an existing Usermapper configuration file that should be accessed by the primary Usermapper service. This option is only relevant if you are upgrading from External to Internal Usermapper. Contact EMC Customer Support for assistance if you are upgrading. Note: If there is no special reason to use particular UID and GID ranges for your environments domains, EMC encourages you to use the automatic mapping method and let Internal Usermapper automatically assign new UIDs/GIDs based on the next available values. If you need to use an existing Usermapper configuration file, you must specify the config option during the upgrade or migration procedure, that is, before Internal Usermapper has begun issuing default UIDs and GIDs. In addition, the primary Usermapper service must be disabled before you can import an existing configuration file.

26 of 40 Version 5.3

Configuring Internal Usermapper for Celerra

Option
-Export { -user | -group } <pathname>

Description
Exports all the SID, user, and group information from the Usermapper databases to the file specified by <pathname>. The SID appears in the first field of the output file (Usermapper Format 3 dump format). You can specify any filename but the name should include the suffix .passwd or .group depending on the file type. This option is relevant only for a primary Usermapper service.

-Import { -user | -group } [ -force ] <pathname>

Imports Usermapper database information from the file specified by pathname. Note: The Usermapper service must be disabled before you can import database information. By default, only new entries are added to the Usermapper database. If an entry in the imported file does not match a similar entry in the existing database, the entry in the imported file is ignored unless the -force option is selected. If -force is selected, the existing database is deleted and replaced with new entries.

CAUTION

EMC recommends that you consult with Customer Support before issuing the -force option. This option overwrites the existing Usermapper database file. If you decide to use the -force option, you should first back up your existing Usermapper database file and usrmap.cfg file (if one is in use).

Configuring Internal Usermapper for Celerra

Version 5.3

27 of 40

Option
-remove -all

Description
Removes all entries from the Usermapper databases and destroys the database structure. Note: The Usermapper service must be disabled before you can issue the -remove -all option. CAUTION

EMC recommends that you consult with Customer Support before issuing the -remove -all option. This option deletes all Usermapper database entries and may result in users losing access to file systems. If you decide to use the -remove -all option, you should first back up your existing Usermapper database file and usrmap.cfg file (if one is in use).

28 of 40 Version 5.3

Configuring Internal Usermapper for Celerra

Changing Usermapper Default Configuration Settings

Usermapper configuration settings are set by default but can be changed by modifying the server parameter file, /nas/server/slot_<x>/param (where x is the server number), which resides on the Data Mover. Usermapper uses the following parameters:

usrmap minuid usrmap maxuid usrmap mingid usrmap maxgid

Refer to Parameter Files and Formats on page 31 for information on the parameter files.

What the Parameters Modify

Table 5 shows the Usermapper parameters and their values. For information on other Celerra parameters, refer to the Celerra Network Server Parameters Guide.
Table 5 Usermapper Parameters

Module
usrmap

Parameter
minuid

Value
16 - 2^31-1 Default 16

Comment/Description
Minimum UID value. minuid must be less than maxuid. Maximum UID value. maxuid must be greater than minuid. Minimum GID value. mingid must be less than maxgid. Maximum GID value. maxgid must be greater than mingid.

usrmap

maxuid

16 - 2^31-1 Default 2^31-1

usrmap

mingid

16 - 2^31-1 Default 16

usrmap

maxgid

16 - 2^31-1 Default 2^31-1

Note: If you have imported a pre-existing configuration file, these UID and GID range limits only apply when a new Usermapper database entry is created. Once the database is created, you cannot change maximum UID and GID values.

Use this procedure to modify the Usermapper parameters. Refer to Table 5 on this page for a description of the parameters.

Configuring Internal Usermapper for Celerra

Version 5.3

29 of 40

CAUTION

Do not change other lines in the parameter file without a thorough knowledge of the potential effects on the system. Contact your EMC Customer Support Representative for more information.

Step
1. 2. 3.

Action
Log in to the Control Station. Open /nas/server/slot_<x>/param with a text editor. To change the range of UID and GID values, add one or more of the following parameters: param usrmap minuid=<min UID> param usrmap maxuid =<max UID> param usrmap mingid=<min GID> param usrmap maxgid =<max GID> If the line appears already, ensure that the parameter has the new value.

4. 5.

Close and save the file. Reboot the Data Mover using this command syntax: $ server_cpu <movername> -reboot -monitor now Where: <movername> = name of Data Mover controlled by the slot_<x>/param file. Example: slot_2/param affects server_2.

30 of 40 Version 5.3

Configuring Internal Usermapper for Celerra

Parameter Files and Formats

This section describes the parameter files and their formats.

Parameter Files
Parameters are stored in text files, /nas/site/slot_param (system) and /nas/ server/slot_<x>/param (server) and are read in sequence. Because these files might already contain parameter settings, it is recommended that you search the file for all occurrences of the parameter, and if found, modify one and remove any duplicates. However, if there is more than one entry for the same parameter, the last entry prevails. To allow you to modify parameters for individual Data Movers, the values in the server file, /nas/server/slot_<x>/param, overwrite the values in the system file, /nas/site/slot_param. For example, if you want the minimum UID value to be 25, the parameter value for usrmap.minuid must be set up as follows: In the system parameter file, /nas/site/slot_param, type: param usrmap minuid=25

Parameter File Format

Parameters are formatted as follows: param <module> <parameter>=<paramvalue> Where: <module> = name of module <parameter> = name of parameter <paramvalue> = the value associated with the parameter
Note: Parameters and their values are case-sensitive.

Configuring Internal Usermapper for Celerra

Version 5.3

31 of 40

Troubleshooting Usermapper
You can query the EMC WebSupport database for problem information, obtain release notes, or report a Celerra technical problem to EMC at Powerlink, EMC's secure extranet site, at http://powerlink.emc.com. For additional information about using Powerlink and resolving problems, refer to the Celerra Problem Resolution Roadmap technical module on the Celerra Network Server User Information CD.

Error Messages
Table 6 lists Usermapper error messages and their descriptions. These error messages are written to the Celerra Network Servers system log (/nas/log/ sys_log).
Table 6 Usermapper Error Messages

Server Log Error

No UID mapping available. (2,000,000,001)

Description
A UID mapping is not available. This error message is only returned if you are using a usrmap.cfg file. A GID mapping is not available. This error message is only returned if you are using a usrmap.cfg file. The primary Usermapper service is unreachable. This error message is only returned if the Data Mover is configured as a secondary Usermapper service. Generic issue.

Corrective Action
Check the corresponding domain description and allocate new space for UIDs.

No GID mapping available. (2,000,000,002)

Check the corresponding domain description and allocate new space for GIDs.

Primary down. (2,000,000,006)

Check the state of the primary Usermapper.

Internal error. (2,000,000,007) No account found. (2,000,000,010) Unsupported request. (2,000,000,011) Invalid input error. (2,000,000,013)

Requested reverse mapping for UID or GID cannot be found. An unknown request has been received. A V3 request is malformed. This error message is returned to Usermapper clients.

For more information, refer to the Celerra Network Server Error Message Guide.

32 of 40 Version 5.3

Configuring Internal Usermapper for Celerra

Known Problems and Limitations

Table 7 describes known problems that might occur when using Usermapper and presents solutions workarounds.
Table 7 Usermapper Known Problems and Workarounds

Known Problem
The primary Usermapper service must be enabled before secondary services can be configured.

Symptom
When you issue the server_usermapper <movername> -enable primary= command, you receive the following error: Error 4020: <movername>:failed to complete command

Workaround
Check the operational state of the primary service and enable it using the server_usermapper <movername> -enable command.

Internal Usermapper stops mapping new UIDs and GIDs once the root file system of the Data Mover where the Usermapper database is stored becomes 95% full. New users will not be allowed access to system objects.

The following errors are entered repeatedly in the server log for any additional mapping requests once root file system capacity is reached: error: -20 for user uid request error: -20 for group gid request

You should determine the size of the root file system required based on the number of users in your Windows environment. Contact your EMC Customer Support Representative for assistance with determining size requirements.

Events and Notifications

Refer to Appendix B: Usermapper Events on page 37 for a list of the Usermapper events. Refer to the Configuring Celerra Events and Notifications technical module for a description of how to configure the Celerra Network Server to record and display these events.

Configuring Internal Usermapper for Celerra

Version 5.3

33 of 40

Related Information
For specific information related to the features and functionality described in this technical module, refer to the following technical modules:

Managing Celerra for the Windows Environment Configuring Celerra for the Windows Environment Using Windows Administrative Tools with Celerra Managing User Accounts on Celerra Configuring External Usermapper for Celerra

For general information on other EMC Celerra publications, refer to the Celerra Network Server User Information CD, which is supplied with your Celerra Network Server and also available at Powerlink at http://powerlink.emc.com.

Want to Know More?

EMC Customer Education Courses are designed to help you learn how EMC storage products work together and integrate within your environment in order to maximize your entire infrastructure investment. EMC Customer Education features online, and hands-on training in state-of-the-art labs conveniently located throughout the world. EMC customer training courses are developed and delivered by EMC experts. For course information and registration, refer to EMC Powerlink, our customer and partner website on http://powerlink.emc.com.

34 of 40 Version 5.3

Configuring Internal Usermapper for Celerra

Appendix A: Migrating Windows NT Users to Windows 2000 Domains in Native Mode

Usermapper supports the SID (security identifier) History functionality in Windows 2000. This aids the migration of users from Windows NT domains to Windows 2000 native mode domains. To use the SID History, it must be enabled in Windows 2000 and on your Celerra system. Refer to your Windows 2000 documentation for the correct procedure for enabling SID History on your Windows 2000 systems. This section describes how to enable SID History on your Celerra Network Server.

How SID History Works

With SID History enabled, when you are migrating users from a Windows NT domain or a Windows 2000 domain in mixed mode to a Windows 2000 domain in native mode, the Security Access Token contains the SID History from the Windows NT domain and a new SID from the Windows 2000 domain. If you are using a Usermapper configuration file, you must add a unique record to usrmap.cfg on the Control Station before you begin the migration. This unique record begins with _history_sid_range_ and must be the last entry in usrmap.cfg. There is only one _history_sid_range_ record regardless of how many domains exist. It uses the following syntax:
_history_sid_range_:GID_for_domain:start_UID_range:end_UID_range: start_GID_range:end_GID_range

Note: The use of a usrmap.cfg file is not required in Internal Usermapper. Internal Usermapper automatically assigns UID and GID mappings, including SID history, by default.

The following two cases apply to Usermapper:

A user, AlphaUser, was registered in the Usermapper database prior to the domain migration. A user, BetaUser, was not registered in the Usermapper database prior to the domain migration.

Previously Registered User After the migration, the first time that AlphaUser accesses a file, the Data Mover recognizes the Security Access Token with the history and new SIDs. The Data Mover then queries Usermapper for mapping for both SIDs. Usermapper returns mappings for both SIDs, assigning the original GID and UID to the history SID and assigning a new UID and GID to AlphaUser as a member of the Windows 2000 domain. Usermapper creates an entry for AlphaUser from the Windows 2000 domain in the Usermapper database files. Now the Data Mover allows AlphaUser to access all files bearing the history SID and the original GID and UID. Any ACLs created in the future bear the AlphaUsers Windows 2000 SID.

Configuring Internal Usermapper for Celerra

Version 5.3

35 of 40

Previously Unregistered User BetaUser never accessed the Celerra as a member of the Windows NT domain. Consequently, BetaUser does not have an entry in the Usermapper database files. The first time that BetaUser accesses a file as a member of the Windows 2000 domain, the Data Mover does not recognize either SID and queries the Usermapper host. The Usermapper host recognizes the SID from the Windows NT domain and assigns a UID and a GID from the ranges assigned in the _history_SID_range_:GID_for_domain:start_UID_range: end_UID_range:start_GID_range:end_GID_range record in usrmap.cfg. This allows BetaUser to access any migrated information that bears the history SID. Usermapper also recognizes the Windows 2000 domain name and assigns a new UID and GID to BetaUser as a member of the Windows 2000 domain. Usermapper creates an entry for BetaUser from the Windows 2000 domain in the Usermapper database files, assigning BetaUser from the Windows 2000 domain with a new UID and GID. Any files created in the future bear BetaUsers new attributes.

Using the SID History Record

When you use the _history_sid_range_ record, use:

Numbers for GID_for_domain and the UID and GID ranges that have not been specified in usrmap.cfg. Quantities for the UID and GID ranges that, as a minimum, equal the total quantities for the preceding UID and GID ranges in usrmap.cfg. For example, the record at the end of this file represents these conditions:
domain_a:300:3001:3199:3001:3199 domain_b:400:4001:4199:4001:4199 domain_c:500:5001:5199:5001:5199 domain_d,domain_d.dom:700:7001:8099:7001:8099 domain_big5:600:6001:6099:6001:6099 domain_lt9:610:6101:6199:6101:6199 domain_lt1:620:6201:6299:6201:6299 domain_jan:630:6301:6399:6301:6399 domain_kot:640:6401:6499:6401:6499 sirint5:650:6501:6599:6501:6599 int_sirint6:660:6601:6699:6601:6699 int_sirint7:670:6701:6799:6701:6799 int_sirint8:680:6801:6899:6801:6899 int_sirint9:690:6901:6999:6901:6999 int_sirint1:810:8101:8199:8101:8199 int_sirint2:820:8201:8299:8201:8299 int_sirint3:830:8301:8399:8301:8399 int_sirint4:840:8401:8499:8401:8499 int_sirint5:850:8501:8599:8501:8599 int_sirint10:860:8601:8699:8601:8699 int_sirint11:870:8701:8799:8701:8799 int_sirint12:880:8801:8899:8801:8899 int_sirint13:890:8901:8999:8901:8999 domain_d1,domain_d1.domain_d.dom:900:9001:9099:9001:9099 domain_d2,domain_d2.domain_d.dom:910:9101:9199:9101:9199 domain_d3,domain_d3.domain_d.dom:920:9201:9299:9201:9299 _history_sid_range:1000:20000:25000:20000:25000

Note: Usermapper must be running before and during the migration.

36 of 40 Version 5.3

Configuring Internal Usermapper for Celerra

Appendix B: Usermapper Events

Table 8 lists the Usermapper events. Refer to the Configuring Celerra Events and Notifications technical module for a description of how to configure the Celerra Network Server to record and display these events.
Table 8 USRMAP Events

Facility Name
USRMAP

Facility ID
93

Facility Description
Monitors Usermapper events

Event ID
0 1

Event Description
Usermapper OK Usermapper database created Usermapper service enabled Usermapper service stopped Usermapper database destroyed Usermapper available Usermapper unreachable Usermapper file system quota exceeded

5 6 7

Configuring Internal Usermapper for Celerra

Version 5.3

37 of 40

Index
Symbols
_history_sid_range_ 35

U
Usermapper cautions 3 configuration file _history_sid_range_ 22, 35 format 21 GID range 21 guidelines 23 multiple GID and UID ranges 23 UID range 21 default configuration 10 error messages 32 exporting database information 19 importing database information 17 mapping process 4 modifying database 20 default settings 29 multicabinet configuration 11 restrictions 3 secondary configuration 11 server_usermapper command 25 user migration to Windows 2000 native mode domains 35 using secondary service 5, 11 usrmap.cfg _history_sid_range_ 22, 35 adding GID and UID ranges to a domain record 23 format and syntax 21 manually modifying 23

C
cautions 3 command syntax 25 configuration default 10 multicabinet 11 secondary 11 configuration settings, modifying 29

D
database, modifying 20

E
error messages 32 events, list of USRMAP 37 exporting database information 19 External Usermapper 2

F
FQDN 21

H
history SID, using in usrmap.cfg 35

I
importing database information 17 installation 10 Internal Usermapper, see Usermapper

M
mapping process 4 multiple GID and UID ranges 23

P
parameters 29

S
server parameters, file format 31 server_usermapper command 25 SID history 35 system requirements 6

T
troubleshooting 32

Configuring Internal Usermapper for Celerra

Version 5.3

38 of 40

Notes

Configuring Internal Usermapper for Celerra

Version 5.3

39 of 40

About This Technical Module

As part of its effort to continuously improve and enhance the performance and capabilities of the Celerra Network Server product line, EMC from time to time releases new revisions of Celerra hardware and software. Therefore, some functions described in this document may not be supported by all revisions of Celerra software or hardware presently in use. For the most up-to-date information on product features, see your product release notes. If your Celerra system does not offer a function described in this document, please contact your EMC representative for a hardware upgrade or software update.

Comments and Suggestions About the Documentation

Your suggestions will help us continue to improve the accuracy, organization, and overall quality of the user publications. Please send a message to celerradoc_comments@emc.com with your opinions of this document.

Copyright 19982004 EMC Corporation. All rights reserved.

EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice. THE INFORMATION IN THIS PUBLICATION IS PROVIDED AS IS. EMC CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.

40 of 40 Version 5.3