Skip to main content

vserver name-mapping insert

Create a name mapping at a specified position

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

Description

The vserver name-mapping insert command creates a name mapping at a specified position in the priority list. The command rearranges the list as needed to accommodate the new entry. For instance, if you have a priority list of five mappings and insert a new mapping at position 3, the mapping previously at position 3 is moved to position 4, the mapping previously at position 4 is moved to position 5, and the mapping previously at position 5 is moved to position 6. Each mapping direction (Kerberos-to-UNIX, Windows-to-UNIX, and UNIX-to-Windows) has its own priority list.

You can specify patterns as POSIX regular expressions. For information about regular expressions, see the UNIX reference page for regex(7).

Each Vserver can have up to 1024 name mappings in each direction.

Note
If you are using the CLI, you must delimit all regular expressions with double quotation marks ("). For instance, to enter the regular expression (.+) in the CLI, type "(.+)" at the command prompt. To add a "?" to the expression, press ESC followed by the "?".

Parameters

-vserver <vserver name> - Vserver
This parameter specifies the Vserver on which you want to create the name mapping.
-direction {krb-unix|win-unix|unix-win} - Direction
This parameter specifies the direction of the name mapping. Possible values are krb-unix for a Kerberos-to-UNIX name mapping, win-unix for a Windows-to-UNIX name mapping, and unix-win for a UNIX-to-Windows name mapping.
-position <integer> - Position
This parameter specifies the position in the priority list at which you want to insert the new name mapping. Specify a position as a positive integer.
-pattern <text> - Pattern
This parameter specifies the pattern you want to match. Refer to the command description section for details. The pattern can be up to 256 characters in length.
-replacement <text> - Replacement
This parameter specifies the replacement pattern. The replacement pattern can be up to 256 characters in length.
{ [-address <IP Address/Mask>] - IP Address with Subnet Mask
This optional parameter specifies the IP address that can be used to match the client's workstation IP address with the pattern.
| [-hostname <text>]} - Hostname
This optional parameter specifies the hostname that can be used to match the corresponding client's workstation IP address with the list of IP addresses with the pattern.

Examples

The following example creates a name mapping on a Vserver named vs1. It is a user mapping from Kerberos to UNIX. It is inserted into the priority list at position 2. The name mapping maps any principal in the Kerberos realm SEC.EXAMPLE.COM to the UNIX user name corresponding to the principal's base name with any instance names removed; for example, tom/admin@SEC.EXAMPLE.COM is mapped to tom. 

cluster1::> vserver name-mapping insert -vserver vs1 -direction krb-unix -position 2 
-pattern "([^@/]+)(/[^@]+)?@SEC.EXAMPLE.COM" -replacement "\1"
      cluster1::> vserver name-mapping insert -vserver vs1 -direction krb-unix -position 3 -pattern
      "([^@/]+)(/[^@]+)?@SEC.EXAMPLE.COM" -replacement "\1 -address 10.238.33.245/24