From 280553e3d6e03af4598829a0811c3799b6380834 Mon Sep 17 00:00:00 2001 From: John Terpstra Date: Sun, 31 Oct 2004 16:56:21 +0000 Subject: [PATCH] Updates. (This used to be commit f5566ff234bd0b1ba84767d546d7060499526759) --- .../Samba-Guide/Chap04-SecureOfficeServer.xml | 4 +- docs/Samba-Guide/Chap05-500UserNetwork.xml | 2 +- docs/Samba-Guide/Chap06-MakingHappyUsers.xml | 4 +- docs/Samba-Guide/Chap07-2000UserNetwork.xml | 10 +-- docs/Samba-Guide/Chap09-AddingUNIXClients.xml | 4 +- docs/Samba-HOWTO-Collection/IDMAP.xml | 80 ++++++++++++++++--- docs/Samba-HOWTO-Collection/index.xml | 2 +- 7 files changed, 84 insertions(+), 22 deletions(-) diff --git a/docs/Samba-Guide/Chap04-SecureOfficeServer.xml b/docs/Samba-Guide/Chap04-SecureOfficeServer.xml index 13a264a0dcd..8cd0cfb0ec1 100644 --- a/docs/Samba-Guide/Chap04-SecureOfficeServer.xml +++ b/docs/Samba-Guide/Chap04-SecureOfficeServer.xml @@ -160,7 +160,7 @@ Abmas Network Topology &smbmdash; 130 Users - chap4-net + chap4-net @@ -896,7 +896,7 @@ echo -e "\nNAT firewall done.\n" delete group script/usr/sbin/groupdel '%g' add user to group script/usr/sbin/usermod -G '%g' '%u' add machine script/usr/sbin/useradd --s /bin/false -d /dev/null %u +-s /bin/false -d /tmp '%u' shutdown script/var/lib/samba/scripts/shutdown.sh abort shutdown script/sbin/shutdown -c logon scriptscripts\logon.bat diff --git a/docs/Samba-Guide/Chap05-500UserNetwork.xml b/docs/Samba-Guide/Chap05-500UserNetwork.xml index 4c761332bc0..dbbbe4ece51 100644 --- a/docs/Samba-Guide/Chap05-500UserNetwork.xml +++ b/docs/Samba-Guide/Chap05-500UserNetwork.xml @@ -323,7 +323,7 @@ Network Topology &smbmdash; 500 User Network Using tdbsam passdb backend. - chap5-net + chap5-net diff --git a/docs/Samba-Guide/Chap06-MakingHappyUsers.xml b/docs/Samba-Guide/Chap06-MakingHappyUsers.xml index d27aced071b..bf21fe5b1ad 100644 --- a/docs/Samba-Guide/Chap06-MakingHappyUsers.xml +++ b/docs/Samba-Guide/Chap06-MakingHappyUsers.xml @@ -572,7 +572,7 @@ The Interaction of LDAP, UNIX Posix Accounts and Samba Accounts - UNIX-Samba-and-LDAP + UNIX-Samba-and-LDAP @@ -956,7 +956,7 @@ Network Topology &smbmdash; 500 User Network Using ldapsam passdb backend. - chap6-net + chap6-net diff --git a/docs/Samba-Guide/Chap07-2000UserNetwork.xml b/docs/Samba-Guide/Chap07-2000UserNetwork.xml index 8be46d92c3b..bb5134f3530 100644 --- a/docs/Samba-Guide/Chap07-2000UserNetwork.xml +++ b/docs/Samba-Guide/Chap07-2000UserNetwork.xml @@ -756,7 +756,7 @@ Samba and Authentication Backend Search Pathways - chap7-idresol + chap7-idresol @@ -797,7 +797,7 @@ passdb backend = ldapsam:ldap://master.abmas.biz . Samba Configuration to Use a Single LDAP Server - ch7-singleLDAP + ch7-singleLDAP LDAP @@ -819,7 +819,7 @@ passdb backend = ldapsam:"ldap://master.abmas.biz \ as shown in . Samba Configuration to Use a Dual (Fail-over) LDAP Server - ch7-fail-overLDAP + ch7-fail-overLDAP @@ -844,7 +844,7 @@ passdb backend = ldapsam:ldap://master.abmas.biz \ Samba Configuration to Use Dual LDAP Databases - Broken - Do Not Use! - ch7-dual-additive-LDAP + ch7-dual-additive-LDAP @@ -856,7 +856,7 @@ passdb backend = ldapsam:ldap://master.abmas.biz \ Samba Configuration to Use Two LDAP Databases - The result is additive. - ch7-dual-additive-LDAP-Ok + ch7-dual-additive-LDAP-Ok diff --git a/docs/Samba-Guide/Chap09-AddingUNIXClients.xml b/docs/Samba-Guide/Chap09-AddingUNIXClients.xml index 4e2297f640f..0755f7cd553 100644 --- a/docs/Samba-Guide/Chap09-AddingUNIXClients.xml +++ b/docs/Samba-Guide/Chap09-AddingUNIXClients.xml @@ -513,7 +513,7 @@ Samba Domain: Samba Member Server - chap9-SambaDC + chap9-SambaDC @@ -1106,7 +1106,7 @@ aliases: files Active Directory Domain: Samba Member Server - chap9-ADSDC + chap9-ADSDC diff --git a/docs/Samba-HOWTO-Collection/IDMAP.xml b/docs/Samba-HOWTO-Collection/IDMAP.xml index f7fb2f4b921..cb1df6b7fff 100644 --- a/docs/Samba-HOWTO-Collection/IDMAP.xml +++ b/docs/Samba-HOWTO-Collection/IDMAP.xml @@ -9,10 +9,11 @@ ]> - - &author.jht; - -Identity Mapping &smbmdash; IDMAP + + &author.jht; + + +Identity Mapping (IDMAP) THIS IS A WORK IN PROGRESS - it is a preparation for the release of Samba-3.0.8. @@ -20,7 +21,7 @@ THIS IS A WORK IN PROGRESS - it is a preparation for the release of Samba-3.0.8. The Microsoft Windows operating system has a number of features that impose specific challenges -for interoperability with operaing system on which Samba is implemented. This chapter deals +for interoperability with operating system on which Samba is implemented. This chapter deals explicitly with the mechanisms Samba-3 (version 3.0.8 and later) has to overcome one of the key challenges in the integration of Samba servers into an MS Windows networking environment. This chapter deals with IDentity MAPping (IDMAP) of Windows Security IDentifiers (SIDs) @@ -28,7 +29,7 @@ to UNIX UIDs and GIDs. -So that this area is covered sufficiently, eash possible Samba deployment type will be discussed. +So that this area is covered sufficiently, each possible Samba deployment type will be discussed. This is followed by an overview of how the IDMAP facility may be implemented. @@ -79,16 +80,78 @@ on Server Types and Security Modes. Samba-3 can act as a Windows NT4 PDC or BDC thereby providing domain control protocols that are based on Windows NT4. Thus, where Samba-3 is a Domain Member server or client the matter - if SID to UID/GID resolution is equivalent with the same configuration with a Windows NT4 or - earlier domain environment. + of SID to UID/GID resolution is equivalent to configuration with a Windows NT4 or earlier + domain environment. When Samba-3 is acting as a Domain Member of an Active Directory (ADS) + domain it will also be necessary to resolve domain user and group identities (SIDs) to UNIX + UIDs and GIDs. + + A Samba member of a Windows networking domain (NT4-style or ADS) can be configured to handle + identity mapping in a variety of ways. The mechanism is will use depends on whether or not + the winbindd daemon is used, and how the winbind functionality is configured. + The configuration options are briefly described here: + + + + Winbind is not used, users and groups are local: &smbmdash + + + + + + + + Winbind is not used, users and groups resolved via NSS: &smbmdash; + + + + + + + Winbind maintains local IDMAP table: &smbmdash; + + + + + + + Winbind uses LDAP backend based IDMAP: &smbmdash; + + + + + + + Winbind uses NSS to resolve UNIX/Linux user and group IDs: &smbmdash; + + + + + + + Winbind uses RID based IDMAP: &smbmdash; + + + + + + + + Primary Domain Controller + Microsoft Windows domain security systems generate the user and group security identifier (SID) as part + of the process of creation of an account. Windows does not have a concept of a UID or a GID. + + + + MS Active Directory Server (ADS) uses a directory schema that can be extended to accommodate additional + account attributes such as UIDs and GIDs. @@ -159,5 +222,4 @@ on Server Types and Security Modes. - diff --git a/docs/Samba-HOWTO-Collection/index.xml b/docs/Samba-HOWTO-Collection/index.xml index 318b370f3cc..0ebb2877f1b 100644 --- a/docs/Samba-HOWTO-Collection/index.xml +++ b/docs/Samba-HOWTO-Collection/index.xml @@ -135,7 +135,7 @@ Samba has several features that you might want or might not want to use. The cha - +