Context Navigation

← Previous Revision
Next Revision →
Blame
Revision Log

idmap_autorid.8

Visit:

Last change on this file was 862, checked in by Silvan Scherrer, 11 years ago
Samba Server: update trunk to 3.6.23
File size: 4.7 KB

Line
1	'\" t
2	.\" Title: idmap_autorid
3	.\" Author: [see the "AUTHOR" section]
4	.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
5	.\" Date: 09/18/2013
6	.\" Manual: System Administration tools
7	.\" Source: Samba 3.6
8	.\" Language: English
9	.\"
10	.TH "IDMAP_AUTORID" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
11	.\" -----------------------------------------------------------------
12	.\" * Define some portability stuff
13	.\" -----------------------------------------------------------------
14	.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
15	.\" http://bugs.debian.org/507673
16	.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
17	.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
18	.ie \n(.g .ds Aq \(aq
19	.el .ds Aq '
20	.\" -----------------------------------------------------------------
21	.\" * set default formatting
22	.\" -----------------------------------------------------------------
23	.\" disable hyphenation
24	.nh
25	.\" disable justification (adjust text to left margin only)
26	.ad l
27	.\" -----------------------------------------------------------------
28	.\" * MAIN CONTENT STARTS HERE *
29	.\" -----------------------------------------------------------------
30	.SH "NAME"
31	idmap_autorid \- Samba\*(Aqs idmap_autorid Backend for Winbind
32	.SH "DESCRIPTION"
33	.PP
34	The idmap_autorid backend provides a way to use an algorithmic mapping scheme to map UIDs/GIDs and SIDs that is more deterministic than idmap_tdb and easier to configure than idmap_rid\&.
35	.PP
36	The module works similar to idmap_rid, but it automatically configures the range to be used for each domain, so there is no need to specify a specific range for each domain in the forest, the only configuration that is needed is the range of uid/gids that shall be used for user/group mappings and an optional size of the ranges to be used\&.
37	.PP
38	The mappings of which domain is mapped to which range is stored in autorid\&.tdb, thus you should backup this database regularly\&.
39	.PP
40	Due to the algorithm being used, it is the module that is most easy to use as it only requires a minimal configuration\&.
41	.SH "IDMAP OPTIONS"
42	.PP
43	rangesize = numberofidsperdomain
44	.RS 4
45	Defines the available number of uids/gids per domain\&. The minimum needed value is 2000\&. SIDs with RIDs larger than this value cannot be mapped, are ignored and the corresponding map is discarded\&. Choose this value carefully, as this should not be changed after the first ranges for domains have been defined, otherwise mappings between domains will get intermixed leading to unpredictable results\&. Please note that RIDs in Windows Domains usually start with 500 for builtin users and 1000 for regular users\&. As the parameter cannot be changed later, please plan accordingly for your expected number of users in a domain with safety margins\&.
46	.sp
47	One range will be used for local users and groups\&. Thus the number of local users and groups that can be created is limited by this option as well\&. If you plan to create a large amount of local users or groups, you will need set this parameter accordingly\&.
48	.sp
49	The default value is 100000\&.
50	.RE
51	.SH "THE MAPPING FORMULAS"
52	.PP
53	The Unix ID for a RID is calculated this way:
54	.sp
55	.if n \{\
56	.RS 4
57	.\}
58	.nf
59	ID = IDMAP UID LOW VALUE + DOMAINRANGENUMBER * RANGESIZE + RID
60
61	.fi
62	.if n \{\
63	.RE
64	.\}
65	.PP
66	Correspondingly, the formula for calculating the RID for a given Unix ID is this:
67	.sp
68	.if n \{\
69	.RS 4
70	.\}
71	.nf
72	RID = ID \- IDMAP UID LOW VALUE \- DOMAINRANGENUMBER * RANGESIZE
73
74	.fi
75	.if n \{\
76	.RE
77	.\}
78	.sp
79	.SH "EXAMPLES"
80	.PP
81	This example shows you the minimal configuration that will work for the principial domain and 19 trusted domains\&.
82	.sp
83	.if n \{\
84	.RS 4
85	.\}
86	.nf
87	[global]
88	security = ads
89	workgroup = CUSTOMER
90	realm = CUSTOMER\&.COM
91
92	idmap config * : backend = autorid
93	idmap config * : range = 1000000\-1999999
94
95
96	.fi
97	.if n \{\
98	.RE
99	.\}
100	.PP
101	This example shows how to configure idmap_autorid as default for all domains with a potentially large amount of users plus a specific configuration for a trusted domain that uses the SFU mapping scheme\&. Please note that idmap ranges and sfu ranges are not allowed to overlap\&.
102	.sp
103	.if n \{\
104	.RS 4
105	.\}
106	.nf
107	[global]
108	security = ads
109	workgroup = CUSTOMER
110	realm = CUSTOMER\&.COM
111
112	idmap config * : backend = autorid
113	idmap config * : range = 1000000\-19999999
114	idmap config * : rangesize = 1000000
115
116	idmap config TRUSTED : backend = ad
117	idmap config TRUSTED : range = 50000 \- 99999
118	idmap config TRUSTED : schema_mode = sfu
119
120	.fi
121	.if n \{\
122	.RE
123	.\}
124	.SH "AUTHOR"
125	.PP
126	The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.

Note: See TracBrowser for help on using the repository browser.

Download in other formats:

Original Format