http://blogs.msdn.com/sfu/archive/2008/01/24/configuring-user-name-mapping-part-3-advanced-mapping.aspxConfiguring User Name Mapping - Part 3 (Advanced Mapping) Simply said - when you map users and groups manually with their UNIX counterparts, it's called Advanced Mapping. From the last post on User Name Mapping, you may be aware that Simple Mapping automaticallyen-USCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.msdn.com/sfu/archive/2008/01/24/configuring-user-name-mapping-part-3-advanced-mapping.aspx#8015014Tue, 04 Mar 2008 04:32:01 GMT91d46819-8472-40ad-a661-2c78acb4018c:8015014Geoff Kransdorf<p>We're using this, and it works fine for UIDs, but it doesn't seem to work at all for groups. &nbsp;Here is an example:</p> <p>Lets take a Unix Directory</p> <p>drwxrwxr-x &nbsp; unixuser1 unixgroup1 &nbsp; &nbsp; &nbsp; ./test</p> <p>Lets map WINuser1 to unixuser2</p> <p>An AD group which WINuser1 is a member of is mapped to unixgroup1 in advanced mappings. &nbsp;For goos measure, unixuser2 is also in unixgroup1 on Unix (his default group is unixgroup2).</p> <p>If ./test is set to 777, than WINuser1 can write to it. &nbsp;It correctly shows the file ownership as unixuser2:unixgroup2. &nbsp;Otherwise, it ignores both the implicit Unix group membership and also the explicit group mapping. &nbsp;So if ./test is set to 775, than WINuser1 cannot write to it.</p> <p>This is a serious problem. &nbsp;I don't mind having to map users and groups individually, but if I can't use group permissions at all (only user permissions), than it's impossible to set up security properly for mapped users.</p> <p>What is the workaround? </p>http://blogs.msdn.com/sfu/archive/2008/01/24/configuring-user-name-mapping-part-3-advanced-mapping.aspx#8015162Tue, 04 Mar 2008 04:38:37 GMT91d46819-8472-40ad-a661-2c78acb4018c:8015162Ashish<p>I guess I will need a network trace capturing the success and failure you get alongwith mapadmin list -all output.</p> <p>Drop me a mail using the Email link above so that I can share my email ID with you.</p> <p>- Ashish</p> http://blogs.msdn.com/sfu/archive/2008/01/24/configuring-user-name-mapping-part-3-advanced-mapping.aspx#8044911Wed, 05 Mar 2008 08:09:13 GMT91d46819-8472-40ad-a661-2c78acb4018c:8044911Geoffrey Kransdorf<p>We are using files on out SFU NFS gateway server for passwd and group. &nbsp;AFter discussion with Ashish, I added the Unix user id to the groups within the &quot;groups&quot; text file on the gateway and that made it work as expected. &nbsp;I'm still not sure how the Windows to Unix group mapping works though, especially if a Windows user ID is in an AD group but their mapped Unix user ID is not in the corresponding Unix group.</p> <p>Thanks</p> <p>Geoff</p>http://blogs.msdn.com/sfu/archive/2008/01/24/configuring-user-name-mapping-part-3-advanced-mapping.aspx#8398027Tue, 15 Apr 2008 21:24:02 GMT91d46819-8472-40ad-a661-2c78acb4018c:8398027Services for UNIX - Interoperability<p>All (well, almost) about Client for NFS - Configuration and Performance I was looking at the referrals</p>