diff options
author | John Terpstra <jht@samba.org> | 2004-10-31 04:09:58 +0000 |
---|---|---|
committer | Gerald W. Carter <jerry@samba.org> | 2008-04-23 08:46:05 -0500 |
commit | e7369bf7f1924546cc105987581a2452c23ad0d4 (patch) | |
tree | 5ee02291ae06b3e58e63a23374bf5025636a7af5 /docs/Samba-HOWTO-Collection | |
parent | a20e7874faa05ef64de0526ce33af75ea338d6b3 (diff) | |
download | samba-e7369bf7f1924546cc105987581a2452c23ad0d4.tar.gz samba-e7369bf7f1924546cc105987581a2452c23ad0d4.tar.bz2 samba-e7369bf7f1924546cc105987581a2452c23ad0d4.zip |
Work in progress commit - Adding IDMAP documentation.
(This used to be commit 7aedb2f549e62b4bf3a3717292c879eecf15abc0)
Diffstat (limited to 'docs/Samba-HOWTO-Collection')
-rw-r--r-- | docs/Samba-HOWTO-Collection/Group-Mapping.xml | 2 | ||||
-rw-r--r-- | docs/Samba-HOWTO-Collection/IDMAP.xml | 136 | ||||
-rw-r--r-- | docs/Samba-HOWTO-Collection/Passdb.xml | 3 | ||||
-rw-r--r-- | docs/Samba-HOWTO-Collection/index.xml | 1 |
4 files changed, 142 insertions, 0 deletions
diff --git a/docs/Samba-HOWTO-Collection/Group-Mapping.xml b/docs/Samba-HOWTO-Collection/Group-Mapping.xml index bad2cfe9d7..93246a7111 100644 --- a/docs/Samba-HOWTO-Collection/Group-Mapping.xml +++ b/docs/Samba-HOWTO-Collection/Group-Mapping.xml @@ -54,6 +54,7 @@ <para> <indexterm><primary>UID</primary></indexterm> <indexterm><primary>GID</primary></indexterm> +<indexterm><primary>idmap uid</primary></indexterm> Group accounts can be managed using the MS Windows NT4 or MS Windows 200x/XP Professional MMC tools. Appropriate interface scripts should be provided in &smb.conf; if it is desired that UNIX/Linux system accounts should be automatically created when these tools are used. In the absence of these scripts, and @@ -73,6 +74,7 @@ </image> <para> + <indexterm><primary>IDMAP</primary></indexterm> In both cases, when winbindd is not running, only locally resolvable groups can be recognized. Please refer to <link linkend="idmap-sid2gid">IDMAP: group SID to GID resolution</link> and <link linkend="idmap-gid2sid">IDMAP: GID resolution to matching SID</link>. The <command>net groupmap</command> is diff --git a/docs/Samba-HOWTO-Collection/IDMAP.xml b/docs/Samba-HOWTO-Collection/IDMAP.xml new file mode 100644 index 0000000000..fa485de495 --- /dev/null +++ b/docs/Samba-HOWTO-Collection/IDMAP.xml @@ -0,0 +1,136 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ + + <!-- entities files to use --> + <!ENTITY % global_entities SYSTEM '../entities/global.entities'> + %global_entities; + +]> + +<chapter id="groupmapping"> +<chapterinfo> + &author.jht; +</chapterinfo> +<title>Identity Mapping &smbmdash; IDMAP</title> + +<para> +The Microsoft Windows operating system has a number of features that impose specific challenges +for interoperability with operaing system on which Samba is implemented. This chapter deals +explicitly with the mechanisms Samba-3 (version 3.0.8 and later) has to overcome one of the +key challenges in the integration of Samba servers into an MS Windows networking +environment. This chapter deals with IDentity MAPping (IDMAP) of Windows Security IDentifiers (SIDs) +to UNIX UIDs and GIDs. +</para> + +<para> +So that this area is covered sufficiently, eash possible Samba deployment type will be discussed. +This is followed by an overview of how the IDMAP facility may be implemented. +</para> + +<para> +The IDMAP facility is usually of concern only where more than one Samba server or Samba network client +is installed in the one Domain. Where there is a single Samba server do not be too concerned regarding +the IDMAP infrastructure - the default behavior of Samba is nearly always sufficient. +</para> + +<sect1> +<title>Samba Server Deployment Types</title> + +<para> +There are four (4) basic server deployment types, as documented in <link linkend="ServerType">the chapter +on Server Types and Security Modes</link>. +</para> + + <sect2> + <title>Stand-Alone Samba Server</title> + + <para> + </para> + + </sect2> + + <sect2> + <title>Domain Member Server or Domain Member Client</title> + + <para> + </para> + + </sect2> + + <sect2> + <title>Primary Domain Controller</title> + + <para> + </para> + + </sect2> + + <sect2> + <title>Backup Domain Controller</title> + + <para> + </para> + + </sect2> + +</sect1> + +<sect1> +<title>IDMAP Backend Usage</title> + +<para> +</para> + + <sect2> + <title>Default Winbind TDB</title> + + <para> + </para> + + </sect2> + + <sect2> + <title>IDMAP Storage in LDAP using Winbind</title> + + <para> + </para> + + </sect2> + + <sect2> + <title>IDMAP and NSS IDMAP Resolution</title> + + <para> + </para> + + <sect3> + <title>IDMAP, Active Directory and MS Services for UNIX 3.5</title> + + <para> + </para> + + </sect3> + + <sect3> + <title>IDMAP, Active Directory and AD4UNIX</title> + + <para> + </para> + + </sect3> + + </sect2> + + <sect2> + <title>IDMAP_RID with Winbind</title> + + <para> + </para> + + </sect2> + +</sect1> + + +</chapter> diff --git a/docs/Samba-HOWTO-Collection/Passdb.xml b/docs/Samba-HOWTO-Collection/Passdb.xml index 62edfb16ff..f9d4f6637a 100644 --- a/docs/Samba-HOWTO-Collection/Passdb.xml +++ b/docs/Samba-HOWTO-Collection/Passdb.xml @@ -372,6 +372,8 @@ Samba-3 introduces a number of new password backend capabilities. </para> <para> + <indexterm><primary>idmap uid</primary></indexterm> + <indexterm><primary>idmap gid</primary></indexterm> The second way to effect Windows SID to UNIX UID mapping is via the <emphasis>idmap uid</emphasis> and <emphasis>idmap gid</emphasis> parameters in &smb.conf;. Please refer to the man page for information about these parameters. @@ -392,6 +394,7 @@ Samba-3 introduces a number of new password backend capabilities. </para> <para> + <indexterm><primary>idmap backend</primary></indexterm> The special facility is enabled using a parameter called <parameter>idmap backend</parameter>. The default setting for this parameter is an empty string. Technically it is possible to use an LDAP based idmap backend for UIDs and GIDs, but it makes most sense when this is done for diff --git a/docs/Samba-HOWTO-Collection/index.xml b/docs/Samba-HOWTO-Collection/index.xml index 082a019849..318b370f3c 100644 --- a/docs/Samba-HOWTO-Collection/index.xml +++ b/docs/Samba-HOWTO-Collection/index.xml @@ -135,6 +135,7 @@ Samba has several features that you might want or might not want to use. The cha <xi:include href="NetworkBrowsing.xml"/> <xi:include href="Passdb.xml"/> <xi:include href="Group-Mapping.xml"/> +<xi:include hred="IDMAP.xml"/> <xi:include href="AccessControls.xml"/> <xi:include href="locking.xml"/> <xi:include href="Securing.xml"/> |