1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

Document the new hash and adex idmap/nss_info plugins.

(cherry picked from commit 77bc0be053)
This commit is contained in:
Gerald W. Carter 2008-09-23 11:43:05 -07:00
parent 73769e136e
commit a089b3bb99
2 changed files with 165 additions and 0 deletions

View File

@ -0,0 +1,89 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="idmap_adex.8">
<refmeta>
<refentrytitle>idmap_adex</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>idmap_adex</refname>
<refpurpose>Samba's idmap_adex Backend for Winbind</refpurpose>
</refnamediv>
<refsynopsisdiv>
<title>DESCRIPTION</title>
<para>
The idmap_adex plugin provides a way for Winbind to read
id mappings from an AD server that uses RFC2307 schema
extensions. This module implements both the idmap and nss_info
APIs and supports domain trustes as well as two-way cross
forest trusts. It is a read-only plugin requiring that the
administrator provide mappings in advance by adding the
POSIX attribute information to the users and groups objects
in AD. The most common means of doing this is using &quot;Identity
Services for Unix&quot; support on Windows 2003 R2 and later.
</para>
<para>
Note that you must add the uidNumber, gidNumber, and uid
attributes to the partial attribute set of the forest global
catalog servers. This can be done using the Active Directory Schema
Management MMC plugin (schmmgmt.dll).
</para>
</refsynopsisdiv>
<refsynopsisdiv>
<title>NSS_INFO</title>
<para>
The nss_info plugin supports reading the unixHomeDirectory,
gidNumber, loginShell, and uidNumber attributes from the user
object and the gidNumber attribute from the group object to
fill in information required by the libc getpwnam() and
getgrnam() family of functions. Group membership is filled in
according to the Windows group membership and not the
msSFU30PosixMember attribute.
</para>
<para>
Username aliases are implement by setting the uid attribute
on the user object. While group name aliases are implemented
by reading the displayname attribute from the group object.
</para>
</refsynopsisdiv>
<refsect1>
<title>EXAMPLES</title>
<para>
The following example shows how to retrieve idmappings and NSS data
from our principal and trusted AD domains.
</para>
<programlisting>
[global]
idmap backend = adex
idmap uid = 1000-4000000000
idmap gid = 1000-4000000000
winbind nss info = adex
winbind normalize names = yes
</programlisting>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>
The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.
</para>
</refsect1>
</refentry>

View File

@ -0,0 +1,76 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="idmap_hash.8">
<refmeta>
<refentrytitle>idmap_hash</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>idmap_hash</refname>
<refpurpose>Samba's idmap_hash Backend for Winbind</refpurpose>
</refnamediv>
<refsynopsisdiv>
<title>DESCRIPTION</title>
<para>The idmap_hash plugin implements a hashing algorithm used
map SIDs for domain users and groups to a 31-bit uid and gid.
This plugin also implements the nss_info API and can be used
to support a local name mapping files if enabled via the
&quot;winbind normlaize names&quot; and &quot;winbind nss info&quot;
parameters in smb.conf.
</para>
</refsynopsisdiv>
<refsect1>
<title>IDMAP OPTIONS</title>
<variablelist>
<varlistentry>
<term>name_map</term>
<listitem><para>
Specifies the absolute path to the name mapping
file used by the nss_info API. Entries in the file
are of the form &quot;<replaceable>unix name</replaceable>
= <replaceable>qualified domain name</replaceable>&quote;.
Mapping of both user and group names is supported.
</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>EXAMPLES</title>
<para>The following example utilizes the idmap_hash plugin for
the idmap and nss_info information.
</para>
<programlisting>
[global]
idmap backend = hash
idmap uid = 1000-4000000000
idmap gid = 1000-4000000000
winbind nss info = hash
winbind normalize names = yes
idmap_hash:name_map = /etc/samba/name_map.cfg
</programlisting>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>
The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.
</para>
</refsect1>
</refentry>