mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
man page updates for new idmap options (still a work in progress)
(This used to be commit c88062d218
)
This commit is contained in:
parent
714235d358
commit
2abb46e245
@ -1,37 +1,30 @@
|
||||
<samba:parameter name="idmap backend"
|
||||
context="G"
|
||||
type="string"
|
||||
type="string"
|
||||
advanced="1" developer="1" hide="1"
|
||||
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
|
||||
<description>
|
||||
<para>
|
||||
The purpose of the idmap backend parameter is to allow idmap to NOT use the local idmap
|
||||
tdb file to obtain SID to UID / GID mappings for unmapped SIDs, but instead to obtain them from a common
|
||||
LDAP backend. This way all domain members and controllers will have the same UID and GID
|
||||
to SID mappings. This avoids the risk of UID / GID inconsistencies across UNIX / Linux
|
||||
systems that are sharing information over protocols other than SMB/CIFS (ie: NFS).
|
||||
The idmap backend provides a plugin interface for Winbind to use
|
||||
varying backends to store SID/uid/gid mapping tables. This
|
||||
option is mutually exclusive with the newer and more flexible
|
||||
<smbconfoption name="idmap domains"/> parameter. The main difference
|
||||
between the "idmap backend" and the "idmap domains"
|
||||
is that the former only allows on backend for all domains while the
|
||||
latter supports configuring backends on a per domain basis.
|
||||
</para>
|
||||
|
||||
<para>Examples of SID/uid/gid backends include tdb (<citerefentry>
|
||||
<refentrytitle>idmap_tdb</refentrytitle><manvolnum>8</manvolnum></citerefentry>),
|
||||
ldap (<citerefentry><refentrytitle>idmap_ldap</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry>), rid (<citerefentry>
|
||||
<refentrytitle>idmap_rid</refentrytitle><manvolnum>8</manvolnum></citerefentry>),
|
||||
and ad (<citerefentry><refentrytitle>idmap_tdb</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry>).
|
||||
<para>
|
||||
An alternate method of SID to UID / GID mapping can be achieved using the rid
|
||||
plug-in. This plug-in uses the account RID to derive the UID and GID by adding the
|
||||
RID to a base value specified. This utility requires that the parameter
|
||||
<quote>allow trusted domains = No</quote> must be specified, as it is not compatible
|
||||
with multiple domain environments. The idmap uid and idmap gid ranges must also be
|
||||
specified.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Finally, using the ad module, the UID and GID can directly
|
||||
be retrieved from an Active Directory LDAP Server that supports an
|
||||
RFC2307 compliant LDAP schema. ad supports "Services for Unix"
|
||||
(SFU) version 2.x and 3.0.
|
||||
</para>
|
||||
|
||||
</description>
|
||||
|
||||
<value type="default"></value>
|
||||
<value type="example">ldap:ldap://ldapslave.example.com</value>
|
||||
<value type="example">rid:"BUILTIN=1000-1999,DOMNAME=2000-100000000"</value>
|
||||
<value type="example">ldap:ldap://ldapslave.example.com/</value>
|
||||
<value type="example">ad</value>
|
||||
</samba:parameter>
|
||||
|
32
docs/smbdotconf/winbind/idmapconfig.xml
Normal file
32
docs/smbdotconf/winbind/idmapconfig.xml
Normal file
@ -0,0 +1,32 @@
|
||||
<samba:parameter name="idmap config"
|
||||
context="G"
|
||||
type="string"
|
||||
advanced="1" developer="1" hide="1"
|
||||
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
|
||||
<description>
|
||||
<para>
|
||||
The idmap config prefix provides a means of managing each domain
|
||||
defined by the <smbconfoption name="idmap domains"/> option using Samba's
|
||||
parameteric option support. The idmap config prefix should be
|
||||
followed by the name of the domain, a colon, and either the option
|
||||
name "backend" or a setting specific to the chosen
|
||||
backend.</para>
|
||||
|
||||
<para>
|
||||
The following example illustrates how to configure the <citerefentry>
|
||||
<refentrytitle>idmap_ad</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||||
for the CORP domain and the <citerefentry><refentrytitle>idmap_tdb</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry> backend for all other domains.
|
||||
</para>
|
||||
|
||||
<programlisting>
|
||||
idmap domains = CORP default
|
||||
idmap config CORP:backend = ad
|
||||
idmap config CORP:read_only = yes
|
||||
idmap config default:backend = tdb
|
||||
idmap config default:default = yes
|
||||
idmap config default:range = 1000 - 9999
|
||||
</programlisting>
|
||||
|
||||
</description>
|
||||
</samba:parameter>
|
27
docs/smbdotconf/winbind/idmapdomains.xml
Normal file
27
docs/smbdotconf/winbind/idmapdomains.xml
Normal file
@ -0,0 +1,27 @@
|
||||
<samba:parameter name="idmap domains"
|
||||
context="G"
|
||||
type="string"
|
||||
advanced="1" developer="1" hide="1"
|
||||
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
|
||||
<description>
|
||||
<para>
|
||||
The idmap domains option defines a list of Windows domains which will each
|
||||
have a separately configured backend for managing Winbind's SID/uid/gid
|
||||
tables. This parameter is mutually exclusive with the older <smbconfoption
|
||||
name="idmap backend"/> option.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Values constist of the short domain name for Winbind's primary or collection
|
||||
of trusted domains. The keyword "default" is used to
|
||||
represent all domains not explicitly listed.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Refer to the <smbconfoption name="idmap config"/> for details about
|
||||
managing the SID/uid/gid backend for each domain.
|
||||
</para>
|
||||
</description>
|
||||
|
||||
<value type="example">default AD CORP</value>
|
||||
</samba:parameter>
|
@ -1,14 +1,22 @@
|
||||
<samba:parameter name="winbind trusted domains only"
|
||||
context="G"
|
||||
type="boolean"
|
||||
type="boolean"
|
||||
advanced="1" developer="1"
|
||||
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
|
||||
<description>
|
||||
<para>
|
||||
This parameter is designed to allow Samba servers that are members of a Samba controlled domain to use
|
||||
UNIX accounts distributed via NIS, rsync, or LDAP as the uid's for winbindd users in the hosts primary domain.
|
||||
Therefore, the user <literal>DOMAIN\user1</literal> would be mapped to the account user1 in /etc/passwd
|
||||
instead of allocating a new uid for him or her.
|
||||
This parameter is designed to allow Samba servers that are members
|
||||
of a Samba controlled domain to use UNIX accounts distributed via NIS,
|
||||
rsync, or LDAP as the uid's for winbindd users in the hosts primary domain.
|
||||
Therefore, the user <literal>DOMAIN\user1</literal> would be mapped to
|
||||
the account user1 in /etc/passwd instead of allocating a new uid for him or her.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
This parameter is not deprecated in favor of the newer idmap_nss backend.
|
||||
Refer to the <smbconfoption name="idmap domains"/> smb.conf option and
|
||||
the <citerefentry><refentrytitle>idmap_nss</refentrytitle>
|
||||
<manvolnum>8</manvolnum></citerefentry> man page for more information.
|
||||
</para>
|
||||
</description>
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user