Changeset 745 for trunk/server/docs-xml/smbdotconf/winbind/idmapconfig.xml
- Timestamp:
- Nov 27, 2012, 4:43:17 PM (13 years ago)
- Location:
- trunk/server
- Files:
-
- 2 edited
-
. (modified) (1 prop)
-
docs-xml/smbdotconf/winbind/idmapconfig.xml (modified) (4 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/server
- Property svn:mergeinfo changed
/vendor/current merged: 581,587,591,594,597,600,615,618,740
- Property svn:mergeinfo changed
-
trunk/server/docs-xml/smbdotconf/winbind/idmapconfig.xml
r414 r745 7 7 8 8 <para> 9 The idmap config prefix provides a means of managing each trusted 10 domain separately. The idmap config prefix should be followed by the 11 name of the domain, a colon, and a setting specific to the chosen 12 backend. There are three options available for all domains: 9 ID mapping in Samba is the mapping between Windows SIDs and Unix user 10 and group IDs. This is performed by Winbindd with a configurable plugin 11 interface. Samba's ID mapping is configured by options starting with the 12 <smbconfoption name="idmap config"/> prefix. 13 An idmap option consists of the <smbconfoption name="idmap config"/> 14 prefix, followed by a domain name or the asterisk character (*), 15 a colon, and the name of an idmap setting for the chosen domain. 13 16 </para> 14 17 15 <variablelist> 18 <para> 19 The idmap configuration is hence divided into groups, one group 20 for each domain to be configured, and one group with the the 21 asterisk instead of a proper domain name, which speifies the 22 default configuration that is used to catch all domains that do 23 not have an explicit idmap configuration of their own. 24 </para> 25 26 <para> 27 There are three general options available: 28 </para> 29 30 <variablelist> 16 31 <varlistentry> 17 32 <term>backend = backend_name</term> 18 33 <listitem><para> 19 Specifies the name of the idmap plugin to use as the 20 SID/uid/gid backend for this domain. 34 This specifies the name of the idmap plugin to use as the 35 SID/uid/gid backend for this domain. The standard backends are 36 tdb 37 (<citerefentry><refentrytitle>idmap_tdb</refentrytitle> <manvolnum>8</manvolnum> </citerefentry>), 38 tdb2 39 (<citerefentry><refentrytitle>idmap_tdb2</refentrytitle> <manvolnum>8</manvolnum></citerefentry>), 40 ldap 41 (<citerefentry><refentrytitle>idmap_ldap</refentrytitle> <manvolnum>8</manvolnum></citerefentry>), 42 , 43 rid 44 (<citerefentry><refentrytitle>idmap_rid</refentrytitle> <manvolnum>8</manvolnum></citerefentry>), 45 , 46 hash 47 (<citerefentry><refentrytitle>idmap_hash</refentrytitle> <manvolnum>8</manvolnum></citerefentry>), 48 , 49 autorid 50 (<citerefentry><refentrytitle>idmap_autorid</refentrytitle> <manvolnum>8</manvolnum></citerefentry>), 51 , 52 ad 53 (<citerefentry><refentrytitle>idmap_ad</refentrytitle> <manvolnum>8</manvolnum></citerefentry>), 54 , 55 adex 56 (<citerefentry><refentrytitle>idmap_adex</refentrytitle> <manvolnum>8</manvolnum></citerefentry>), 57 , 58 and nss. 59 (<citerefentry><refentrytitle>idmap_nss</refentrytitle> <manvolnum>8</manvolnum></citerefentry>), 60 The corresponding manual pages contain the details, but 61 here is a summary. 62 </para> 63 <para> 64 The first three of these create mappings of their own using 65 internal unixid counters and store the mappings in a database. 66 These are suitable for use in the default idmap configuration. 67 The rid and hash backends use a pure algorithmic calculation 68 to determine the unixid for a SID. The autorid module is a 69 mixture of the tdb and rid backend. It creates ranges for 70 each domain encountered and then uses the rid algorithm for each 71 of these automatically configured domains individually. 72 The ad and adex 73 backends both use unix IDs stored in Active Directory via 74 the standard schema extensions. The nss backend reverses 75 the standard winbindd setup and gets the unixids via names 76 from nsswitch which can be useful in an ldap setup. 21 77 </para></listitem> 22 78 </varlistentry> … … 24 80 <varlistentry> 25 81 <term>range = low - high</term> 26 82 <listitem><para> 27 83 Defines the available matching uid and gid range for which the 28 backend is authoritative. Note that the range commonly29 matches the allocation range due to the fact that the same30 backend will store and retrieve SID/uid/gid mapping entries.31 84 backend is authoritative. For allocating backends, this also 85 defines the start and the end of the range for allocating 86 new unid IDs. 87 </para> 32 88 <para> 33 89 winbind uses this parameter to find the backend that is 34 authoritative for a unix ID to SID mapping, so it must be set 35 for each individually configured domain, and it must be 36 disjoint from the ranges set via <smbconfoption name="idmap 37 uid"/> and <smbconfoption name="idmap gid"/>. 90 authoritative for a unix ID to SID mapping, so it must be set 91 for each individually configured domain and for the default 92 configuration. The configured ranges must be mutually disjoint. 38 93 </para></listitem> 94 </varlistentry> 39 95 96 <varlistentry> 97 <term>read only = yes|no</term> 98 <listitem><para> 99 This option can be used to turn the writing backends 100 tdb, tdb2, and ldap into read only mode. This can be useful 101 e.g. in cases where a pre-filled database exists that should 102 not be extended automatically. 103 </para></listitem> 40 104 </varlistentry> 41 105 </variablelist> … … 44 108 The following example illustrates how to configure the <citerefentry> 45 109 <refentrytitle>idmap_ad</refentrytitle> <manvolnum>8</manvolnum> 46 </citerefentry> for the CORP domain and the110 </citerefentry> backend for the CORP domain and the 47 111 <citerefentry><refentrytitle>idmap_tdb</refentrytitle> 48 112 <manvolnum>8</manvolnum></citerefentry> backend for all other … … 54 118 55 119 <programlisting> 56 idmap backend = tdb 57 idmap uid = 1000000-1999999 58 idmap gid = 1000000-1999999 120 idmap config * : backend = tdb 121 idmap config * : range = 1000000-1999999 59 122 60 123 idmap config CORP : backend = ad
Note:
See TracChangeset
for help on using the changeset viewer.
