The idmap service supports the mapping of well-known Windows account names, such as the following:
Administrator
Guest
Network
Administrators
Guests
Computers
When idmap rules are added, these well-known account names are expanded to canonical form. This process adds either the default domain name for names that are not well known or an appropriate built-in domain name. Depending on the particular well-known name, this domain name might be null, BUILTIN, or the local host name.
The following sequence of idmap commands shows the treatment of the name mary, which is not well known, and the well-known names administrator and guest:
# idmap add winname:mary unixuser:marym add winname:mary unixuser:marym # idmap add winname:administrator unixuser:root add winname:administrator unixuser:root # idmap add winname:guest unixuser:nobody add winname:guest unixuser:nobody # idmap add wingroup:administrators sysadmin add wingroup:administrators unixgroup:sysadmin # idmap list add winname:Administrator@examplehost unixuser:root add winname:Guest@examplehost unixuser:nobody add wingroup:Administrators@BUILTIN unixgroup:sysadmin add winname:[email protected] unixuser:marym