This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
ReadyNASOS 6.5.0-T322 (Beta 1): ADS ID Map export not available in RID mode
This is a test machine, synchronised into AD. I wanted to test export/import "ADS ID Map" but EXPORT is not available and has the message "NO ADS ID Map export in RID mode" - anyone have a clue what this means?
The default behavior (when trusted domains are not enabled) is now to not use a database at all, and instead provide consistent SID -> UID/GID mapping using an algorithmic mapping scheme. So UIDs and GIDs will naturally be consistent across all ReadyNAS systems in the domain. That's clearly not explained well in that message though.
The default behavior (when trusted domains are not enabled) is now to not use a database at all, and instead provide consistent SID -> UID/GID mapping using an algorithmic mapping scheme. So UIDs and GIDs will naturally be consistent across all ReadyNAS systems in the domain. That's clearly not explained well in that message though.
This sounds better than I even expected (if it works!) as this is a major issue for us if the primary file server (NAS) goes down because, even though the secondary NAS has all the shares and files from an rysync, the permissions are all over the place and it takes hours to recreate them all!
Looking forward to seeing this in action.
Incidentally, the "Export" option is suddenly available again.
Will the new permissions mappings correct themselves when each server refreshes from the AD server?
If you have an existing NAS that was using the old mapping scheme, it will continue to use it on upgrade. In this case, the old box should allow you to export the ID map, which you can import on the new box and it will switch to the original ID mapping method. Unfortunately there isn't a way for us to automatically convert and existing system to the new scheme.
I'm not sure if I understand the question. But I'll try to explain a little more.
The NAS must convert Windows SIDs to UNIX UID/GIDs. Before, it would do this by storing mappings in a database whenever an account is first authenticated, in sequential fashion based on login order. Now, the mapping is done by running the RID (part of the SID, and unique for each account in the domain) through an algorithm to calculate a static UID or GID on the NAS. Since the algorthm is the same on every NAS, the UID or GID will be univerally consistent between NAS units.
