Ignore:
Timestamp:
Oct 30, 2009, 9:39:05 AM (16 years ago)
Author:
Herwig Bauernfeind
Message:

Update 3.3 to 3.3.9

File:
1 edited

Legend:

Unmodified
Added
Removed

  • branches/samba-3.3.x/docs/htmldocs/Samba3-HOWTO/idmapper.html

    r274 r342  
    1 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 14. Identity Mapping (IDMAP)</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="index.html" title="The Official Samba 3.3.x HOWTO and Reference Guide"><link rel="up" href="optional.html" title="Part III. Advanced Configuration"><link rel="prev" href="NetCommand.html" title="Chapter 13. Remote and Local Management: The Net Command"><link rel="next" href="rights.html" title="Chapter 15. User Rights and Privileges"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 14. Identity Mapping (IDMAP)</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="NetCommand.html">Prev</a> </td><th width="60%" align="center">Part III. Advanced Configuration</th><td width="20%" align="right"> <a accesskey="n" href="rights.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="idmapper"></a>Chapter 14. Identity Mapping (IDMAP)</h2></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="orgname">Samba Team</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><code class="email">&lt;<a class="email" href="mailto:jht@samba.org">jht@samba.org</a>&gt;</code></p></div></div></div></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="idmapper.html#id2604468">Samba Server Deployment Types and IDMAP</a></span></dt><dd><dl><dt><span class="sect2"><a href="idmapper.html#id2604493">Standalone Samba Server</a></span></dt><dt><span class="sect2"><a href="idmapper.html#id2604555">Domain Member Server or Domain Member Client</a></span></dt><dt><span class="sect2"><a href="idmapper.html#id2605507">Primary Domain Controller</a></span></dt><dt><span class="sect2"><a href="idmapper.html#id2605741">Backup Domain Controller</a></span></dt></dl></dd><dt><span class="sect1"><a href="idmapper.html#id2605813">Examples of IDMAP Backend Usage</a></span></dt><dd><dl><dt><span class="sect2"><a href="idmapper.html#id2605876">Default Winbind TDB</a></span></dt><dt><span class="sect2"><a href="idmapper.html#id2606598">IDMAP_RID with Winbind</a></span></dt><dt><span class="sect2"><a href="idmapper.html#id2607188">IDMAP Storage in LDAP Using Winbind</a></span></dt><dt><span class="sect2"><a href="idmapper.html#id2607774">IDMAP and NSS Using LDAP from ADS with RFC2307bis Schema Extension</a></span></dt></dl></dd></dl></div><p>
     1<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 14. Identity Mapping (IDMAP)</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="index.html" title="The Official Samba 3.3.x HOWTO and Reference Guide"><link rel="up" href="optional.html" title="Part III. Advanced Configuration"><link rel="prev" href="NetCommand.html" title="Chapter 13. Remote and Local Management: The Net Command"><link rel="next" href="rights.html" title="Chapter 15. User Rights and Privileges"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 14. Identity Mapping (IDMAP)</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="NetCommand.html">Prev</a> </td><th width="60%" align="center">Part III. Advanced Configuration</th><td width="20%" align="right"> <a accesskey="n" href="rights.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="idmapper"></a>Chapter 14. Identity Mapping (IDMAP)</h2></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="orgname">Samba Team</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><code class="email">&lt;<a class="email" href="mailto:jht@samba.org">jht@samba.org</a>&gt;</code></p></div></div></div></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="idmapper.html#id2604468">Samba Server Deployment Types and IDMAP</a></span></dt><dd><dl><dt><span class="sect2"><a href="idmapper.html#id2604493">Standalone Samba Server</a></span></dt><dt><span class="sect2"><a href="idmapper.html#id2604555">Domain Member Server or Domain Member Client</a></span></dt><dt><span class="sect2"><a href="idmapper.html#id2605507">Primary Domain Controller</a></span></dt><dt><span class="sect2"><a href="idmapper.html#id2605741">Backup Domain Controller</a></span></dt></dl></dd><dt><span class="sect1"><a href="idmapper.html#id2605813">Examples of IDMAP Backend Usage</a></span></dt><dd><dl><dt><span class="sect2"><a href="idmapper.html#id2605876">Default Winbind TDB</a></span></dt><dt><span class="sect2"><a href="idmapper.html#id2606598">IDMAP_RID with Winbind</a></span></dt><dt><span class="sect2"><a href="idmapper.html#id2607189">IDMAP Storage in LDAP Using Winbind</a></span></dt><dt><span class="sect2"><a href="idmapper.html#id2607774">IDMAP and NSS Using LDAP from ADS with RFC2307bis Schema Extension</a></span></dt></dl></dd></dl></div><p>
    22<a class="indexterm" name="id2604193"></a>
    33<a class="indexterm" name="id2604200"></a>
     
    3131<a class="indexterm" name="id2604314"></a>
    3232<a class="indexterm" name="id2604321"></a>
    33 <a class="indexterm" name="id2604327"></a>
     33<a class="indexterm" name="id2604328"></a>
    3434<a class="indexterm" name="id2604334"></a>
    3535<a class="indexterm" name="id2604341"></a>
     
    4545to the way that the IDMAP facility is configured.
    4646</p><p>
    47 <a class="indexterm" name="id2604404"></a>
     47<a class="indexterm" name="id2604405"></a>
    4848<a class="indexterm" name="id2604411"></a>
    4949<a class="indexterm" name="id2604418"></a>
     
    6363</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2604493"></a>Standalone Samba Server</h3></div></div></div><p>
    6464        <a class="indexterm" name="id2604501"></a>
    65         <a class="indexterm" name="id2604507"></a>
     65        <a class="indexterm" name="id2604508"></a>
    6666        <a class="indexterm" name="id2604514"></a>
    6767        A standalone Samba server is an implementation that is not a member of a Windows NT4 domain,
     
    8787        </p><p>
    8888        <a class="indexterm" name="id2604606"></a>
    89         <a class="indexterm" name="id2604612"></a>
     89        <a class="indexterm" name="id2604613"></a>
    9090        <a class="indexterm" name="id2604619"></a>
    9191        Samba-3 domain member servers and clients must interact correctly with MS Windows SIDs. Incoming
     
    9393        server must provide to MS Windows clients and servers appropriate SIDs.
    9494        </p><p>
    95         <a class="indexterm" name="id2604633"></a>
     95        <a class="indexterm" name="id2604634"></a>
    9696        <a class="indexterm" name="id2604640"></a>
    9797        A Samba member of a Windows networking domain (NT4-style or ADS) can be configured to handle
     
    101101        </p><div class="variablelist"><dl><dt><span class="term">Winbind is not used; users and groups are local: </span></dt><dd><p>
    102102                                <a class="indexterm" name="id2604671"></a>
    103                                 <a class="indexterm" name="id2604677"></a>
     103                                <a class="indexterm" name="id2604678"></a>
    104104                                <a class="indexterm" name="id2604684"></a>
    105105                                <a class="indexterm" name="id2604691"></a>
     
    130130                                <a class="indexterm" name="id2604826"></a>
    131131                                <a class="indexterm" name="id2604833"></a>
    132                                 <a class="indexterm" name="id2604839"></a>
     132                                <a class="indexterm" name="id2604840"></a>
    133133                                <a class="indexterm" name="id2604846"></a>
    134                                 <a class="indexterm" name="id2604852"></a>
     134                                <a class="indexterm" name="id2604853"></a>
    135135                                <a class="indexterm" name="id2604859"></a>
    136136                                <a class="indexterm" name="id2604866"></a>
     
    144144                                <a class="indexterm" name="id2604910"></a>
    145145                                <a class="indexterm" name="id2604917"></a>
    146                                 <a class="indexterm" name="id2604923"></a>
     146                                <a class="indexterm" name="id2604924"></a>
    147147                                In this situation user and group accounts are treated as if they are local
    148148                                accounts. The only way in which this differs from having local accounts is
     
    153153                                <a class="indexterm" name="id2604946"></a>
    154154                                <a class="indexterm" name="id2604953"></a>
    155                                 <a class="indexterm" name="id2604959"></a>
     155                                <a class="indexterm" name="id2604960"></a>
    156156                                <a class="indexterm" name="id2604966"></a>
    157                                 <a class="indexterm" name="id2604972"></a>
     157                                <a class="indexterm" name="id2604973"></a>
    158158                                <a class="indexterm" name="id2604979"></a>
    159159                                This configuration may be used with standalone Samba servers, domain member
     
    172172                                Active Directory.
    173173                                </p><p>
    174                                 <a class="indexterm" name="id2605040"></a>
     174                                <a class="indexterm" name="id2605041"></a>
    175175                                <a class="indexterm" name="id2605047"></a>
    176176                                <a class="indexterm" name="id2605054"></a>
     
    186186                                <a class="indexterm" name="id2605108"></a>
    187187                                <a class="indexterm" name="id2605115"></a>
    188                                 <a class="indexterm" name="id2605121"></a>
     188                                <a class="indexterm" name="id2605122"></a>
    189189                                This configuration is not convenient or practical in sites that have more than one
    190190                                Samba server and that require the same UID or GID for the same user or group across
     
    209209                                <a class="indexterm" name="id2605196"></a>
    210210                                <a class="indexterm" name="id2605203"></a>
    211                                 <a class="indexterm" name="id2605209"></a>
     211                                <a class="indexterm" name="id2605210"></a>
    212212                                <a class="indexterm" name="id2605216"></a>
    213                                 <a class="indexterm" name="id2605222"></a>
     213                                <a class="indexterm" name="id2605223"></a>
    214214                                <a class="indexterm" name="id2605229"></a>
    215215                                <a class="indexterm" name="id2605236"></a>
     
    226226                                <a class="indexterm" name="id2605311"></a>
    227227                                <a class="indexterm" name="id2605318"></a>
    228                                 <a class="indexterm" name="id2605324"></a>
     228                                <a class="indexterm" name="id2605325"></a>
    229229                                <a class="indexterm" name="id2605331"></a>
    230230                                <a class="indexterm" name="id2605338"></a>
     
    257257                                </p><p>
    258258                                <a class="indexterm" name="id2605470"></a>
    259                                 <a class="indexterm" name="id2605476"></a>
     259                                <a class="indexterm" name="id2605477"></a>
    260260                                <a class="indexterm" name="id2605483"></a>
    261261                                The nss_ldap tool set can be used to access UIDs and GIDs via LDAP as well as via Active
     
    308308        </p><p>
    309309        <a class="indexterm" name="id2605706"></a>
    310         <a class="indexterm" name="id2605712"></a>
    311         <a class="indexterm" name="id2605719"></a>
     310        <a class="indexterm" name="id2605713"></a>
     311        <a class="indexterm" name="id2605720"></a>
    312312        <a class="indexterm" name="id2605726"></a>
    313313        Security identifiers used within a domain must be managed to avoid conflict and to preserve itegrity.
     
    320320        <a class="indexterm" name="id2605763"></a>
    321321        <a class="indexterm" name="id2605770"></a>
    322         <a class="indexterm" name="id2605776"></a>
    323         <a class="indexterm" name="id2605783"></a>
     322        <a class="indexterm" name="id2605777"></a>
     323        <a class="indexterm" name="id2605784"></a>
    324324        <a class="indexterm" name="id2605790"></a>
    325325        BDCs have read-only access to security credentials that are stored in LDAP.
     
    381381</pre><p>
    382382                A failed join would report an error message like the following:
    383                 <a class="indexterm" name="id2606124"></a>
     383                <a class="indexterm" name="id2606125"></a>
    384384</p><pre class="screen">
    385385<code class="prompt">root# </code> net rpc testjoin
     
    397397        The procedure for joining an ADS domain is similar to the NT4 domain join, except the <code class="filename">smb.conf</code> file
    398398        will have the contents shown in <a class="link" href="idmapper.html#idmapadsdms" title="Example 14.2. ADS Domain Member Server smb.conf">ADS Domain Member Server smb.conf</a>
    399         </p><div class="example"><a name="idmapadsdms"></a><p class="title"><b>Example 14.2. ADS Domain Member Server smb.conf</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2606254"></a><em class="parameter"><code>workgroup = BUTTERNET</code></em></td></tr><tr><td><a class="indexterm" name="id2606266"></a><em class="parameter"><code>netbios name = GARGOYLE</code></em></td></tr><tr><td><a class="indexterm" name="id2606278"></a><em class="parameter"><code>realm = BUTTERNET.BIZ</code></em></td></tr><tr><td><a class="indexterm" name="id2606289"></a><em class="parameter"><code>security = ADS</code></em></td></tr><tr><td><a class="indexterm" name="id2606301"></a><em class="parameter"><code>template shell = /bin/bash</code></em></td></tr><tr><td><a class="indexterm" name="id2606313"></a><em class="parameter"><code>idmap uid = 500-10000000</code></em></td></tr><tr><td><a class="indexterm" name="id2606324"></a><em class="parameter"><code>idmap gid = 500-10000000</code></em></td></tr><tr><td><a class="indexterm" name="id2606336"></a><em class="parameter"><code>winbind use default domain = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2606348"></a><em class="parameter"><code>winbind nested groups = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2606360"></a><em class="parameter"><code>printer admin = "BUTTERNET\Domain Admins"</code></em></td></tr></table></div></div><br class="example-break"><p>
     399        </p><div class="example"><a name="idmapadsdms"></a><p class="title"><b>Example 14.2. ADS Domain Member Server smb.conf</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2606254"></a><em class="parameter"><code>workgroup = BUTTERNET</code></em></td></tr><tr><td><a class="indexterm" name="id2606266"></a><em class="parameter"><code>netbios name = GARGOYLE</code></em></td></tr><tr><td><a class="indexterm" name="id2606278"></a><em class="parameter"><code>realm = BUTTERNET.BIZ</code></em></td></tr><tr><td><a class="indexterm" name="id2606289"></a><em class="parameter"><code>security = ADS</code></em></td></tr><tr><td><a class="indexterm" name="id2606301"></a><em class="parameter"><code>template shell = /bin/bash</code></em></td></tr><tr><td><a class="indexterm" name="id2606313"></a><em class="parameter"><code>idmap uid = 500-10000000</code></em></td></tr><tr><td><a class="indexterm" name="id2606325"></a><em class="parameter"><code>idmap gid = 500-10000000</code></em></td></tr><tr><td><a class="indexterm" name="id2606336"></a><em class="parameter"><code>winbind use default domain = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2606348"></a><em class="parameter"><code>winbind nested groups = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2606360"></a><em class="parameter"><code>printer admin = "BUTTERNET\Domain Admins"</code></em></td></tr></table></div></div><br class="example-break"><p>
    400400        <a class="indexterm" name="id2606376"></a>
    401401        <a class="indexterm" name="id2606383"></a>
    402         <a class="indexterm" name="id2606389"></a>
     402        <a class="indexterm" name="id2606390"></a>
    403403        <a class="indexterm" name="id2606396"></a>
    404404        <a class="indexterm" name="id2606403"></a>
     
    437437Join to domain is not valid
    438438</pre><p>
    439                 <a class="indexterm" name="id2606531"></a>
     439                <a class="indexterm" name="id2606532"></a>
    440440                <a class="indexterm" name="id2606538"></a>
    441441                <a class="indexterm" name="id2606545"></a>
     
    460460        <a class="indexterm" name="id2606656"></a>
    461461        <a class="indexterm" name="id2606663"></a>
    462         <a class="indexterm" name="id2606669"></a>
     462        <a class="indexterm" name="id2606670"></a>
    463463        This alternate method of SID to UID/GID  mapping can be achieved using the idmap_rid
    464464        plug-in. This plug-in uses the RID of the user SID to derive the UID and GID by adding the
     
    476476        An example <code class="filename">smb.conf</code> file for and ADS domain environment is shown in <a class="link" href="idmapper.html#idmapadsridDMS" title="Example 14.3. ADS Domain Member smb.conf using idmap_rid">ADS
    477477        Domain Member smb.conf using idmap_rid</a>.
    478         </p><div class="example"><a name="idmapadsridDMS"></a><p class="title"><b>Example 14.3. ADS Domain Member smb.conf using idmap_rid</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2606776"></a><em class="parameter"><code>workgroup = KPAK</code></em></td></tr><tr><td><a class="indexterm" name="id2606788"></a><em class="parameter"><code>netbios name = BIGJOE</code></em></td></tr><tr><td><a class="indexterm" name="id2606800"></a><em class="parameter"><code>realm = CORP.KPAK.COM</code></em></td></tr><tr><td><a class="indexterm" name="id2606811"></a><em class="parameter"><code>server string = Office Server</code></em></td></tr><tr><td><a class="indexterm" name="id2606823"></a><em class="parameter"><code>security = ADS</code></em></td></tr><tr><td><a class="indexterm" name="id2606835"></a><em class="parameter"><code>allow trusted domains = No</code></em></td></tr><tr><td><a class="indexterm" name="id2606847"></a><em class="parameter"><code>idmap backend = idmap_rid:KPAK=500-100000000</code></em></td></tr><tr><td><a class="indexterm" name="id2606859"></a><em class="parameter"><code>idmap uid = 500-100000000</code></em></td></tr><tr><td><a class="indexterm" name="id2606871"></a><em class="parameter"><code>idmap gid = 500-100000000</code></em></td></tr><tr><td><a class="indexterm" name="id2606883"></a><em class="parameter"><code>template shell = /bin/bash</code></em></td></tr><tr><td><a class="indexterm" name="id2606894"></a><em class="parameter"><code>winbind use default domain = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2606907"></a><em class="parameter"><code>winbind enum users = No</code></em></td></tr><tr><td><a class="indexterm" name="id2606918"></a><em class="parameter"><code>winbind enum groups = No</code></em></td></tr><tr><td><a class="indexterm" name="id2606930"></a><em class="parameter"><code>winbind nested groups = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2606942"></a><em class="parameter"><code>printer admin = "Domain Admins"</code></em></td></tr></table></div></div><br class="example-break"><p>
     478        </p><div class="example"><a name="idmapadsridDMS"></a><p class="title"><b>Example 14.3. ADS Domain Member smb.conf using idmap_rid</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2606776"></a><em class="parameter"><code>workgroup = KPAK</code></em></td></tr><tr><td><a class="indexterm" name="id2606788"></a><em class="parameter"><code>netbios name = BIGJOE</code></em></td></tr><tr><td><a class="indexterm" name="id2606800"></a><em class="parameter"><code>realm = CORP.KPAK.COM</code></em></td></tr><tr><td><a class="indexterm" name="id2606811"></a><em class="parameter"><code>server string = Office Server</code></em></td></tr><tr><td><a class="indexterm" name="id2606823"></a><em class="parameter"><code>security = ADS</code></em></td></tr><tr><td><a class="indexterm" name="id2606835"></a><em class="parameter"><code>allow trusted domains = No</code></em></td></tr><tr><td><a class="indexterm" name="id2606847"></a><em class="parameter"><code>idmap backend = idmap_rid:KPAK=500-100000000</code></em></td></tr><tr><td><a class="indexterm" name="id2606859"></a><em class="parameter"><code>idmap uid = 500-100000000</code></em></td></tr><tr><td><a class="indexterm" name="id2606871"></a><em class="parameter"><code>idmap gid = 500-100000000</code></em></td></tr><tr><td><a class="indexterm" name="id2606883"></a><em class="parameter"><code>template shell = /bin/bash</code></em></td></tr><tr><td><a class="indexterm" name="id2606895"></a><em class="parameter"><code>winbind use default domain = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2606907"></a><em class="parameter"><code>winbind enum users = No</code></em></td></tr><tr><td><a class="indexterm" name="id2606919"></a><em class="parameter"><code>winbind enum groups = No</code></em></td></tr><tr><td><a class="indexterm" name="id2606930"></a><em class="parameter"><code>winbind nested groups = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2606942"></a><em class="parameter"><code>printer admin = "Domain Admins"</code></em></td></tr></table></div></div><br class="example-break"><p>
    479479        <a class="indexterm" name="id2606958"></a>
    480         <a class="indexterm" name="id2606964"></a>
    481         <a class="indexterm" name="id2606971"></a>
     480        <a class="indexterm" name="id2606965"></a>
     481        <a class="indexterm" name="id2606972"></a>
    482482        <a class="indexterm" name="id2606978"></a>
    483483        In a large domain with many users it is imperative to disable enumeration of users and groups.
     
    537537administrator:x:1000:1013:Administrator:/home/BE/administrator:/bin/bash
    538538</pre><p>
    539                 </p></li></ol></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2607188"></a>IDMAP Storage in LDAP Using Winbind</h3></div></div></div><p>
     539                </p></li></ol></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2607189"></a>IDMAP Storage in LDAP Using Winbind</h3></div></div></div><p>
    540540        <a class="indexterm" name="id2607197"></a>
    541         <a class="indexterm" name="id2607203"></a>
     541        <a class="indexterm" name="id2607204"></a>
    542542        The storage of IDMAP information in LDAP can be used with both NT4/Samba-3-style domains and
    543543        ADS domains. OpenLDAP is a commonly used LDAP server for this purpose, although any
     
    548548        An example is for an ADS domain is shown in <a class="link" href="idmapper.html#idmapldapDMS" title="Example 14.4. ADS Domain Member Server using LDAP">ADS Domain Member Server using
    549549        LDAP</a>.
    550         </p><div class="example"><a name="idmapldapDMS"></a><p class="title"><b>Example 14.4. ADS Domain Member Server using LDAP</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2607257"></a><em class="parameter"><code>workgroup = SNOWSHOW</code></em></td></tr><tr><td><a class="indexterm" name="id2607269"></a><em class="parameter"><code>netbios name = GOODELF</code></em></td></tr><tr><td><a class="indexterm" name="id2607281"></a><em class="parameter"><code>realm = SNOWSHOW.COM</code></em></td></tr><tr><td><a class="indexterm" name="id2607293"></a><em class="parameter"><code>server string = Samba Server</code></em></td></tr><tr><td><a class="indexterm" name="id2607305"></a><em class="parameter"><code>security = ADS</code></em></td></tr><tr><td><a class="indexterm" name="id2607316"></a><em class="parameter"><code>log level = 1 ads:10 auth:10 sam:10 rpc:10</code></em></td></tr><tr><td><a class="indexterm" name="id2607328"></a><em class="parameter"><code>ldap admin dn = cn=Manager,dc=SNOWSHOW,dc=COM</code></em></td></tr><tr><td><a class="indexterm" name="id2607340"></a><em class="parameter"><code>ldap idmap suffix = ou=Idmap</code></em></td></tr><tr><td><a class="indexterm" name="id2607352"></a><em class="parameter"><code>ldap suffix = dc=SNOWSHOW,dc=COM</code></em></td></tr><tr><td><a class="indexterm" name="id2607364"></a><em class="parameter"><code>idmap backend = ldap:ldap://ldap.snowshow.com</code></em></td></tr><tr><td><a class="indexterm" name="id2607377"></a><em class="parameter"><code>idmap uid = 150000-550000</code></em></td></tr><tr><td><a class="indexterm" name="id2607388"></a><em class="parameter"><code>idmap gid = 150000-550000</code></em></td></tr><tr><td><a class="indexterm" name="id2607400"></a><em class="parameter"><code>template shell = /bin/bash</code></em></td></tr><tr><td><a class="indexterm" name="id2607412"></a><em class="parameter"><code>winbind use default domain = Yes</code></em></td></tr></table></div></div><br class="example-break"><p>
     550        </p><div class="example"><a name="idmapldapDMS"></a><p class="title"><b>Example 14.4. ADS Domain Member Server using LDAP</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2607257"></a><em class="parameter"><code>workgroup = SNOWSHOW</code></em></td></tr><tr><td><a class="indexterm" name="id2607269"></a><em class="parameter"><code>netbios name = GOODELF</code></em></td></tr><tr><td><a class="indexterm" name="id2607281"></a><em class="parameter"><code>realm = SNOWSHOW.COM</code></em></td></tr><tr><td><a class="indexterm" name="id2607293"></a><em class="parameter"><code>server string = Samba Server</code></em></td></tr><tr><td><a class="indexterm" name="id2607305"></a><em class="parameter"><code>security = ADS</code></em></td></tr><tr><td><a class="indexterm" name="id2607316"></a><em class="parameter"><code>log level = 1 ads:10 auth:10 sam:10 rpc:10</code></em></td></tr><tr><td><a class="indexterm" name="id2607328"></a><em class="parameter"><code>ldap admin dn = cn=Manager,dc=SNOWSHOW,dc=COM</code></em></td></tr><tr><td><a class="indexterm" name="id2607341"></a><em class="parameter"><code>ldap idmap suffix = ou=Idmap</code></em></td></tr><tr><td><a class="indexterm" name="id2607353"></a><em class="parameter"><code>ldap suffix = dc=SNOWSHOW,dc=COM</code></em></td></tr><tr><td><a class="indexterm" name="id2607364"></a><em class="parameter"><code>idmap backend = ldap:ldap://ldap.snowshow.com</code></em></td></tr><tr><td><a class="indexterm" name="id2607377"></a><em class="parameter"><code>idmap uid = 150000-550000</code></em></td></tr><tr><td><a class="indexterm" name="id2607388"></a><em class="parameter"><code>idmap gid = 150000-550000</code></em></td></tr><tr><td><a class="indexterm" name="id2607400"></a><em class="parameter"><code>template shell = /bin/bash</code></em></td></tr><tr><td><a class="indexterm" name="id2607412"></a><em class="parameter"><code>winbind use default domain = Yes</code></em></td></tr></table></div></div><br class="example-break"><p>
    551551        <a class="indexterm" name="id2607427"></a>
    552552        In the case of an NT4 or Samba-3-style domain the <em class="parameter"><code>realm</code></em> is not used, and the
     
    680680        reason for failure.
    681681        </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2607774"></a>IDMAP and NSS Using LDAP from ADS with RFC2307bis Schema Extension</h3></div></div></div><p>
    682         <a class="indexterm" name="id2607782"></a>
     682        <a class="indexterm" name="id2607783"></a>
    683683        <a class="indexterm" name="id2607789"></a>
    684684        The use of this method is messy. The information provided in the following is for guidance only
     
    688688        An example <code class="filename">smb.conf</code> file is shown in <a class="link" href="idmapper.html#idmaprfc2307" title="Example 14.5. ADS Domain Member Server using RFC2307bis Schema Extension Date via NSS">ADS Domain Member Server using
    689689RFC2307bis Schema Extension Date via NSS</a>.
    690         </p><div class="example"><a name="idmaprfc2307"></a><p class="title"><b>Example 14.5. ADS Domain Member Server using RFC2307bis Schema Extension Date via NSS</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2607849"></a><em class="parameter"><code>workgroup = BOBBY</code></em></td></tr><tr><td><a class="indexterm" name="id2607861"></a><em class="parameter"><code>realm = BOBBY.COM</code></em></td></tr><tr><td><a class="indexterm" name="id2607872"></a><em class="parameter"><code>security = ADS</code></em></td></tr><tr><td><a class="indexterm" name="id2607884"></a><em class="parameter"><code>idmap uid = 150000-550000</code></em></td></tr><tr><td><a class="indexterm" name="id2607896"></a><em class="parameter"><code>idmap gid = 150000-550000</code></em></td></tr><tr><td><a class="indexterm" name="id2607907"></a><em class="parameter"><code>template shell = /bin/bash</code></em></td></tr><tr><td><a class="indexterm" name="id2607919"></a><em class="parameter"><code>winbind cache time = 5</code></em></td></tr><tr><td><a class="indexterm" name="id2607931"></a><em class="parameter"><code>winbind use default domain = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2607943"></a><em class="parameter"><code>winbind trusted domains only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2607955"></a><em class="parameter"><code>winbind nested groups = Yes</code></em></td></tr></table></div></div><br class="example-break"><p>
     690        </p><div class="example"><a name="idmaprfc2307"></a><p class="title"><b>Example 14.5. ADS Domain Member Server using RFC2307bis Schema Extension Date via NSS</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2607849"></a><em class="parameter"><code>workgroup = BOBBY</code></em></td></tr><tr><td><a class="indexterm" name="id2607861"></a><em class="parameter"><code>realm = BOBBY.COM</code></em></td></tr><tr><td><a class="indexterm" name="id2607872"></a><em class="parameter"><code>security = ADS</code></em></td></tr><tr><td><a class="indexterm" name="id2607884"></a><em class="parameter"><code>idmap uid = 150000-550000</code></em></td></tr><tr><td><a class="indexterm" name="id2607896"></a><em class="parameter"><code>idmap gid = 150000-550000</code></em></td></tr><tr><td><a class="indexterm" name="id2607907"></a><em class="parameter"><code>template shell = /bin/bash</code></em></td></tr><tr><td><a class="indexterm" name="id2607919"></a><em class="parameter"><code>winbind cache time = 5</code></em></td></tr><tr><td><a class="indexterm" name="id2607931"></a><em class="parameter"><code>winbind use default domain = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2607943"></a><em class="parameter"><code>winbind trusted domains only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2607956"></a><em class="parameter"><code>winbind nested groups = Yes</code></em></td></tr></table></div></div><br class="example-break"><p>
    691691        <a class="indexterm" name="id2607971"></a>
    692692        The DMS must be joined to the domain using the usual procedure. Additionally, it is necessary
Note: See TracChangeset for help on using the changeset viewer.