Manual Pages
Table of Contents
na_wcc - manage WAFL credential cache
wcc -a -i ipaddr -u uname [-v]
wcc {-u uname | -s ntname} [-x] [-i ipaddr] [-v]
wcc -x -i ipaddr [-v]
wcc -x [-f] [-v]
wcc -d [-v[v[v]]]
Part of the filer's multiprotocol functionality includes
the ability to map UNIX user identities (UIDs) to NT identities
(SIDs). This mapping involves contacting an NT
domain controller to do name to SID lookups. Because this
translation is time-consuming and must be performed for
every NFS access of a file which has NT security, it is
necessary to cache these mappings. This cache is referred
to as the WAFL cred cache, or "WCC." (A "cred" is a set of
credentials used to identify users and their capabilities.)
WCC entries contain all the identity information
needed to perform security checking for both UNIX-style
and NT-style security, namely the UIDs and GIDs for the
UNIX user and the SIDs for the NT user and groups.
wcc -a -i ipaddr -u uname [-v]
uname can be a UNIX account name or a numeric UID.
ipaddr is an IP address. You can specify it as
either an IP address or as a hostname.
- -a adds the specified uname to the WAFL cred cache.
-
You use -a when you want to pre-load the WCC (at
boot-up time, for example) with one or more cache
entries rather than wait for those entries to be
faulted in under load.
Note that for a UNIX name, you must an IP address.
This is because the WCC is accessed by the combination
of the UID and the IP address.
-v used with -a displays Windows NT groups.
wcc -u uname [-x] [-i ipaddr] [-v]
wcc -s ntname [-x] [-i ipaddr] [-v]
uname can be a UNIX account name or a numeric UID.
ntname is a Windows NT name. It can be uname's NT
account name or a numeric SID.
ipaddr is an IP address. You can specify it as
either an IP address or as a hostname.
-x removes matching entries; used with -s, it
removes all entries referring to that SID.
Omit -x to display what the current mapping of the
specified UNIX or NT name would result in. The
entry is not added to the cache, and the values
displayed do not necessarily reflect what an existing
entry would be, since group assignments, for
example, might have changed since the cache entry
was created. To enter a new value into the cache,
use the wcc -a command.
-v with -x displays how many entries have been
removed.
-v without -x displays numeric SIDs.
wcc -x -i ipaddr [-v]
ipaddr is an IP address. You can specify it as
either an IP address or as a hostname.
This commnand invalidates all WCC entries matching
the specified IP address.
-v displays how many entries have been removed.
wcc -x [-f] [-v] removes all entries from the WCC.
-f does it without confirming. Note that the -f flag only
affects the case where all entries would be removed.
-v displays how many entries have been removed.
wcc -d [-v[v[v]]]
- -v displays the following statistics about the WAFL
-
credential cache:
- -
- Number of entries in the cache
- -
- Age of the oldest entry
- -
- Number of Administrator-privileged entries
The -v option adds mappings for every user. Adding
v's increases the level of detail.
You can have up to three instances of the -v option (-vvv)
per command. Each repetition of the option increases the
level of detail; three instances provide statistics that
are only of interest to Network Appliance Global Services.
When run from a vfiler context, (e.g. via the vfiler run
command), wcc operates on the concerned vfiler.
na_options(1), na_vfiler(1)
Table of Contents