summaryrefslogtreecommitdiff
path: root/docs/smbdotconf
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2007-03-21 15:10:58 +0000
committerGerald W. Carter <jerry@samba.org>2008-04-23 08:47:29 -0500
commit2abb46e2457d060965a0ae7340d2b4f99b5d2fd3 (patch)
tree6132c38087981efebc0d0f5382b46324b384ccbf /docs/smbdotconf
parent714235d358cc5ae4790bc554bed1db8fa43703f7 (diff)
downloadsamba-2abb46e2457d060965a0ae7340d2b4f99b5d2fd3.tar.gz
samba-2abb46e2457d060965a0ae7340d2b4f99b5d2fd3.tar.bz2
samba-2abb46e2457d060965a0ae7340d2b4f99b5d2fd3.zip
man page updates for new idmap options (still a work in progress)
(This used to be commit c88062d21899e67ba031d6a2da48c50be567ebfd)
Diffstat (limited to 'docs/smbdotconf')
-rw-r--r--docs/smbdotconf/winbind/idmapbackend.xml39
-rw-r--r--docs/smbdotconf/winbind/idmapconfig.xml32
-rw-r--r--docs/smbdotconf/winbind/idmapdomains.xml27
-rw-r--r--docs/smbdotconf/winbind/winbindtrusteddomainsonly.xml18
4 files changed, 88 insertions, 28 deletions
diff --git a/docs/smbdotconf/winbind/idmapbackend.xml b/docs/smbdotconf/winbind/idmapbackend.xml
index 75c61fbec0..c8ca077aed 100644
--- a/docs/smbdotconf/winbind/idmapbackend.xml
+++ b/docs/smbdotconf/winbind/idmapbackend.xml
@@ -1,37 +1,30 @@
<samba:parameter name="idmap backend"
context="G"
- type="string"
+ type="string"
advanced="1" developer="1" hide="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>
- The purpose of the idmap backend parameter is to allow idmap to NOT use the local idmap
- tdb file to obtain SID to UID / GID mappings for unmapped SIDs, but instead to obtain them from a common
- LDAP backend. This way all domain members and controllers will have the same UID and GID
- to SID mappings. This avoids the risk of UID / GID inconsistencies across UNIX / Linux
- systems that are sharing information over protocols other than SMB/CIFS (ie: NFS).
+ The idmap backend provides a plugin interface for Winbind to use
+ varying backends to store SID/uid/gid mapping tables. This
+ option is mutually exclusive with the newer and more flexible
+ <smbconfoption name="idmap domains"/> parameter. The main difference
+ between the &quot;idmap backend&quot; and the &quot;idmap domains&quot;
+ is that the former only allows on backend for all domains while the
+ latter supports configuring backends on a per domain basis.
</para>
+ <para>Examples of SID/uid/gid backends include tdb (<citerefentry>
+ <refentrytitle>idmap_tdb</refentrytitle><manvolnum>8</manvolnum></citerefentry>),
+ ldap (<citerefentry><refentrytitle>idmap_ldap</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry>), rid (<citerefentry>
+ <refentrytitle>idmap_rid</refentrytitle><manvolnum>8</manvolnum></citerefentry>),
+ and ad (<citerefentry><refentrytitle>idmap_tdb</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry>).
<para>
- An alternate method of SID to UID / GID mapping can be achieved using the rid
- plug-in. This plug-in uses the account RID to derive the UID and GID by adding the
- RID to a base value specified. This utility requires that the parameter
- <quote>allow trusted domains = No</quote> must be specified, as it is not compatible
- with multiple domain environments. The idmap uid and idmap gid ranges must also be
- specified.
- </para>
-
- <para>
- Finally, using the ad module, the UID and GID can directly
- be retrieved from an Active Directory LDAP Server that supports an
- RFC2307 compliant LDAP schema. ad supports "Services for Unix"
- (SFU) version 2.x and 3.0.
- </para>
-
</description>
<value type="default"></value>
-<value type="example">ldap:ldap://ldapslave.example.com</value>
-<value type="example">rid:"BUILTIN=1000-1999,DOMNAME=2000-100000000"</value>
+<value type="example">ldap:ldap://ldapslave.example.com/</value>
<value type="example">ad</value>
</samba:parameter>
diff --git a/docs/smbdotconf/winbind/idmapconfig.xml b/docs/smbdotconf/winbind/idmapconfig.xml
new file mode 100644
index 0000000000..7e96445962
--- /dev/null
+++ b/docs/smbdotconf/winbind/idmapconfig.xml
@@ -0,0 +1,32 @@
+<samba:parameter name="idmap config"
+ context="G"
+ type="string"
+ advanced="1" developer="1" hide="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>
+ The idmap config prefix provides a means of managing each domain
+ defined by the <smbconfoption name="idmap domains"/> option using Samba's
+ parameteric option support. The idmap config prefix should be
+ followed by the name of the domain, a colon, and either the option
+ name &quot;backend&quot; or a setting specific to the chosen
+ backend.</para>
+
+ <para>
+ The following example illustrates how to configure the <citerefentry>
+ <refentrytitle>idmap_ad</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ for the CORP domain and the <citerefentry><refentrytitle>idmap_tdb</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> backend for all other domains.
+ </para>
+
+ <programlisting>
+ idmap domains = CORP default
+ idmap config CORP:backend = ad
+ idmap config CORP:read_only = yes
+ idmap config default:backend = tdb
+ idmap config default:default = yes
+ idmap config default:range = 1000 - 9999
+ </programlisting>
+
+</description>
+</samba:parameter>
diff --git a/docs/smbdotconf/winbind/idmapdomains.xml b/docs/smbdotconf/winbind/idmapdomains.xml
new file mode 100644
index 0000000000..515a91ba79
--- /dev/null
+++ b/docs/smbdotconf/winbind/idmapdomains.xml
@@ -0,0 +1,27 @@
+<samba:parameter name="idmap domains"
+ context="G"
+ type="string"
+ advanced="1" developer="1" hide="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>
+ The idmap domains option defines a list of Windows domains which will each
+ have a separately configured backend for managing Winbind's SID/uid/gid
+ tables. This parameter is mutually exclusive with the older <smbconfoption
+ name="idmap backend"/> option.
+ </para>
+
+ <para>
+ Values constist of the short domain name for Winbind's primary or collection
+ of trusted domains. The keyword &quot;default&quot; is used to
+ represent all domains not explicitly listed.
+ </para>
+
+ <para>
+ Refer to the <smbconfoption name="idmap config"/> for details about
+ managing the SID/uid/gid backend for each domain.
+ </para>
+</description>
+
+<value type="example">default AD CORP</value>
+</samba:parameter>
diff --git a/docs/smbdotconf/winbind/winbindtrusteddomainsonly.xml b/docs/smbdotconf/winbind/winbindtrusteddomainsonly.xml
index b6c5754f5b..49ae4458c3 100644
--- a/docs/smbdotconf/winbind/winbindtrusteddomainsonly.xml
+++ b/docs/smbdotconf/winbind/winbindtrusteddomainsonly.xml
@@ -1,14 +1,22 @@
<samba:parameter name="winbind trusted domains only"
context="G"
- type="boolean"
+ type="boolean"
advanced="1" developer="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>
- This parameter is designed to allow Samba servers that are members of a Samba controlled domain to use
- UNIX accounts distributed via NIS, rsync, or LDAP as the uid's for winbindd users in the hosts primary domain.
- Therefore, the user <literal>DOMAIN\user1</literal> would be mapped to the account user1 in /etc/passwd
- instead of allocating a new uid for him or her.
+ This parameter is designed to allow Samba servers that are members
+ of a Samba controlled domain to use UNIX accounts distributed via NIS,
+ rsync, or LDAP as the uid's for winbindd users in the hosts primary domain.
+ Therefore, the user <literal>DOMAIN\user1</literal> would be mapped to
+ the account user1 in /etc/passwd instead of allocating a new uid for him or her.
+ </para>
+
+ <para>
+ This parameter is not deprecated in favor of the newer idmap_nss backend.
+ Refer to the <smbconfoption name="idmap domains"/> smb.conf option and
+ the <citerefentry><refentrytitle>idmap_nss</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> man page for more information.
</para>
</description>