Updates.

(This used to be commit f5566ff234bd0b1ba84767d546d7060499526759)

docs/Samba-Guide/Chap04-SecureOfficeServer.xml

@@ -160,7 +160,7 @@
 
 		<image id="ch04net">
 			<imagedescription>Abmas Network Topology &smbmdash; 130 Users</imagedescription>
-			<imagefile scale="90">chap4-net</imagefile>
+			<imagefile scale="60">chap4-net</imagefile>
 		</image>
 
 		<para>
@@ -896,7 +896,7 @@ echo -e "\nNAT firewall done.\n"
 <smbconfoption><name>delete group script</name><value>/usr/sbin/groupdel '%g'</value></smbconfoption>
 <smbconfoption><name>add user to group script</name><value>/usr/sbin/usermod -G '%g' '%u'</value></smbconfoption>
 <smbconfoption><name>add machine script</name><value>/usr/sbin/useradd</value></smbconfoption>
-<member><parameter>-s /bin/false -d /dev/null %u</parameter></member>
+<member><parameter>-s /bin/false -d /tmp '%u'</parameter></member>
 <smbconfoption><name>shutdown script</name><value>/var/lib/samba/scripts/shutdown.sh</value></smbconfoption>
 <smbconfoption><name>abort shutdown script</name><value>/sbin/shutdown -c</value></smbconfoption>
 <smbconfoption><name>logon script</name><value>scripts\logon.bat</value></smbconfoption>

docs/Samba-Guide/Chap05-500UserNetwork.xml

@@ -323,7 +323,7 @@
 
 	<image id="chap05net">
 		<imagedescription>Network Topology &smbmdash; 500 User Network Using tdbsam passdb backend.</imagedescription>
-		<imagefile scale="80">chap5-net</imagefile>
+		<imagefile scale="60">chap5-net</imagefile>
 	</image>
 
 	<sect2 id="ch5-dnshcp-setup">

docs/Samba-Guide/Chap06-MakingHappyUsers.xml

@@ -572,7 +572,7 @@
 
 	<image id="ch6-LDAPdiag">
 		<imagedescription>The Interaction of LDAP, UNIX Posix Accounts and Samba Accounts</imagedescription>
-		<imagefile scale="70">UNIX-Samba-and-LDAP</imagefile>
+		<imagefile scale="60">UNIX-Samba-and-LDAP</imagefile>
 	</image>
 
 	<para><indexterm>
@@ -956,7 +956,7 @@
 
 	<image id="chap6net">
 		<imagedescription>Network Topology &smbmdash; 500 User Network Using ldapsam passdb backend.</imagedescription>
-		<imagefile scale="70">chap6-net</imagefile>
+		<imagefile scale="60">chap6-net</imagefile>
 	</image>
 
       <para><indexterm>

docs/Samba-Guide/Chap07-2000UserNetwork.xml

@@ -756,7 +756,7 @@
 
 	<image id="chap7idres">
 		<imagedescription>Samba and Authentication Backend Search Pathways</imagedescription>
-		<imagefile scale="80">chap7-idresol</imagefile>
+		<imagefile scale="60">chap7-idresol</imagefile>
 	</image>
 
       <para><indexterm>
@@ -797,7 +797,7 @@ passdb backend = ldapsam:ldap://master.abmas.biz
 	<link linkend="ch7singleLDAP"/>.
 	<image id="ch7singleLDAP">
 		<imagedescription>Samba Configuration to Use a Single LDAP Server</imagedescription>
-		<imagefile scale="100">ch7-singleLDAP</imagefile>
+		<imagefile scale="60">ch7-singleLDAP</imagefile>
 	</image>
 	<indexterm>
 	  <primary>LDAP</primary>
@@ -819,7 +819,7 @@ passdb backend = ldapsam:"ldap://master.abmas.biz \
 	as shown in <link linkend="ch7dualLDAP"/>.
 	<image id="ch7dualLDAP">
 		<imagedescription>Samba Configuration to Use a Dual (Fail-over) LDAP Server</imagedescription>
-		<imagefile scale="100">ch7-fail-overLDAP</imagefile>
+		<imagefile scale="60">ch7-fail-overLDAP</imagefile>
 	</image>
       </para>
 
@@ -844,7 +844,7 @@ passdb backend = ldapsam:ldap://master.abmas.biz \
 
 	<image id="ch7dualadd">
 		<imagedescription>Samba Configuration to Use Dual LDAP Databases - Broken - Do Not Use!</imagedescription>
-		<imagefile scale="80">ch7-dual-additive-LDAP</imagefile>
+		<imagefile scale="60">ch7-dual-additive-LDAP</imagefile>
 	</image>
 
 	<para>
@@ -856,7 +856,7 @@ passdb backend = ldapsam:ldap://master.abmas.biz \
 
 		<image id="ch7dualok">
 			<imagedescription>Samba Configuration to Use Two LDAP Databases - The result is additive.</imagedescription>
-			<imagefile scale="80">ch7-dual-additive-LDAP-Ok</imagefile>
+			<imagefile scale="60">ch7-dual-additive-LDAP-Ok</imagefile>
 		</image>
 
 	<note><para>

docs/Samba-Guide/Chap09-AddingUNIXClients.xml

@@ -513,7 +513,7 @@
 
 <image id="ch9-sambadc">
 	<imagedescription>Samba Domain: Samba Member Server</imagedescription>
-	<imagefile scale="75">chap9-SambaDC</imagefile>
+	<imagefile scale="60">chap9-SambaDC</imagefile>
 </image>
 
 	<para><indexterm>
@@ -1106,7 +1106,7 @@ aliases:        files
 
 	<image id="ch9-adsdc">
 		<imagedescription>Active Directory Domain: Samba Member Server</imagedescription>
-		<imagefile scale="75">chap9-ADSDC</imagefile>
+		<imagefile scale="60">chap9-ADSDC</imagefile>
 	</image>
 
 	<procedure>

docs/Samba-HOWTO-Collection/IDMAP.xml

@@ -9,10 +9,11 @@
 ]>
 
 <chapter id="idmapper">
-<chapterinfo>
+	<chapterinfo>
-	&author.jht;
+		&author.jht;
-</chapterinfo>
+	</chapterinfo>
-<title>Identity Mapping &smbmdash; IDMAP</title>
+
+<title>Identity Mapping (IDMAP)</title>
 
 <note><para>
 THIS IS A WORK IN PROGRESS - it is a preparation for the release of Samba-3.0.8.
@@ -20,7 +21,7 @@ THIS IS A WORK IN PROGRESS - it is a preparation for the release of Samba-3.0.8.
 
 <para>
 The Microsoft Windows operating system has a number of features that impose specific challenges
-for interoperability with operaing system on which Samba is implemented. This chapter deals
+for interoperability with operating system on which Samba is implemented. This chapter deals
 explicitly with the mechanisms Samba-3 (version 3.0.8 and later) has to overcome one of the
 key challenges in the integration of Samba servers into an MS Windows networking
 environment. This chapter deals with IDentity MAPping (IDMAP) of Windows Security IDentifiers (SIDs)
@@ -28,7 +29,7 @@ to UNIX UIDs and GIDs.
 </para>
 
 <para>
-So that this area is covered sufficiently, eash possible Samba deployment type will be discussed.
+So that this area is covered sufficiently, each possible Samba deployment type will be discussed.
 This is followed by an overview of how the IDMAP facility may be implemented.
 </para>
 
@@ -79,16 +80,78 @@ on Server Types and Security Modes</link>.
 	<para>
 	Samba-3 can act as a Windows NT4 PDC or BDC thereby providing domain control protocols that
 	are based on Windows NT4. Thus, where Samba-3 is a Domain Member server or client the matter
-	if SID to UID/GID resolution is equivalent with the same configuration with a Windows NT4 or
+	of SID to UID/GID resolution is equivalent to configuration with a Windows NT4 or earlier 	
-	earlier domain environment.
+	domain environment. When Samba-3 is acting as a Domain Member of an Active Directory (ADS)
+	domain it will also be necessary to resolve domain user and group identities (SIDs) to UNIX
+	UIDs and GIDs.
 	</para>
 
+	<para>
+	A Samba member of a Windows networking domain (NT4-style or ADS)  can be configured to handle 
+	identity mapping in a variety of ways. The mechanism is will use depends on whether or not
+	the <command>winbindd</command> daemon is used, and how the winbind functionality is configured.
+	The configuration options are briefly described here:
+	</para>
+
+	<variablelist>
+		<varlistentry><term>Winbind is not used, users and groups are local: &smbmdash </term>
+			<listitem>
+				<para>
+				
+				</para>
+			</listitem>
+		</varlistentry>
+	
+		<varlistentry><term>Winbind is not used, users and groups resolved via NSS: &smbmdash; </term>
+			<listitem>
+				<para>
+				</para>
+			</listitem>
+		</varlistentry>
+
+		<varlistentry><term>Winbind maintains local IDMAP table: &smbmdash; </term>
+			<listitem>
+				<para>
+				</para>
+			</listitem>
+		</varlistentry>
+
+		<varlistentry><term>Winbind uses LDAP backend based IDMAP: &smbmdash; </term>
+			<listitem>
+				<para>
+				</para>
+			</listitem>
+		</varlistentry>
+
+		<varlistentry><term>Winbind uses NSS to  resolve UNIX/Linux user and group IDs: &smbmdash; </term>
+			<listitem>
+				<para>
+				</para>
+			</listitem>
+		</varlistentry>
+
+		<varlistentry><term>Winbind uses RID based IDMAP: &smbmdash; </term>
+			<listitem>
+				<para>
+				</para>
+			</listitem>
+		</varlistentry>
+
+	</variablelist>
+
 	</sect2>
 
 	<sect2>
 	<title>Primary Domain Controller</title>
 
 	<para>
+	Microsoft Windows domain security systems generate the user and group security identifier (SID) as part
+	of the process of creation of an account. Windows does not have a concept of a UID or a GID.
+	</para>
+
+	<para>
+	MS Active Directory Server (ADS) uses a directory schema that can be extended to accommodate additional
+	account attributes such as UIDs and GIDs.
 	</para>
 
 	</sect2>
@@ -159,5 +222,4 @@ on Server Types and Security Modes</link>.
 
 </sect1>
 
-
 </chapter>

docs/Samba-HOWTO-Collection/index.xml

@@ -135,7 +135,7 @@ Samba has several features that you might want or might not want to use. The cha
 <xi:include href="NetworkBrowsing.xml"/>
 <xi:include href="Passdb.xml"/>
 <xi:include href="Group-Mapping.xml"/>
-<xi:include hred="IDMAP.xml"/>
+<xi:include href="IDMAP.xml"/>
 <xi:include href="AccessControls.xml"/>
 <xi:include href="locking.xml"/>
 <xi:include href="Securing.xml"/>