Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The User Name Mapping Protocol maps Windows domain identities (user and group account names) to UNIX user and UNIX group identities (user and group account names and their corresponding UID and GID) and vice versa. Clients of the User Name Mapping Protocol use SUNRPC-formatted messages to enumerate and/or translate user and group account information between a UNIX and a Windows domain. The User Name Mapping Protocol exists to allow a one-to-one mapping of each Windows group account name to a GID number and a one-to-one mapping of each Windows user account name to a user identifier (user ID or UID) number.
The User Name Mapping Protocol is invoked by a client application when the application needs to provide a user map or a group map between a UNIX user or group and the corresponding Windows user or group. This need is application specific and is not specified by the User Name Mapping Protocol. The UNIX or Windows user, or UNIX or Windows group, that needs to be mapped is supplied to the User Name Mapping Protocol by the client application, and the mapped user/group is returned to the client by the User Name Mapping Protocol server. For user mapping and group mapping enumerations, the client application specifies the enumeration parameters, and the User Name Mapping Protocol server returns the enumerated user mappings/group mappings to the client.
These mapping enumerations can be cached by the client application and kept up to date by periodically polling the server to determine if the cached mappings are still valid. The User Name Mapping Protocol does not provide authentication or authorization of the application-provided user/group; to the client, it is a read-only account mapping service.
An example of this authentication behavior is a user on a UNIX machine making a file access request that contains AUTH_UNIX–formatted user credentials to an NFS server implemented on a computer running Windows. The NFS server acts as a User Name Mapping Protocol client (or "user map") to request the Windows domain user and group names (from the User Name Mapping Protocol server) that match the AUTH_UNIX credentials, [RFC1057] section 9.2, supplied by the UNIX user. This action enables the NFS server to authenticate the file access request.
This document specifies the SUNRPC-formatted messages that provide support for the following operations:
Mapping POSIX user and group names and/or UIDs/GIDs to Windows domain and account names.
Mapping Windows domain and account names to POSIX user and group names, and UIDs and GIDs.
Allowing a User Name Mapping Protocol client to authenticate a POSIX user by providing a user name and password.
Enumerating all user mappings and group mappings between POSIX accounts and Windows accounts known to the User Name Mapping Protocol server.
Testing to see if any maps previously enumerated by a client have changed from the time of the last check.
Mapping a Windows domain security identifier (SID) to a POSIX user/group name and UID/GID.
This document specifies versions 1 and 2 of the User Name Mapping Protocol. Version 1 is comprised of a set of nine SUNRPC procedures; version 2 consists of a set of 18 SUNRPC procedures. For a list of these procedures, see the table in section 2.2.5.
There are several differences between User Name Mapping Protocol version 1 and User Name Mapping Protocol version 2. Version 2 added procedures 10–17, which are the wide character (Unicode) counterparts of procedures 1–4 and 6–9. Procedures 1–4 and 6–8 accept multibyte character set (MBCS) character-encoded strings as input. Version 2 includes the additional procedure 9, which takes a Windows account SID and returns an MBCS character-encoded UNIX account map that corresponds to the Windows account represented by that SID. The wide character (Unicode) counterpart to procedure 9 is procedure 17.