diff options
author | Gerald Carter <jerry@samba.org> | 2007-03-21 15:10:58 +0000 |
---|---|---|
committer | Gerald W. Carter <jerry@samba.org> | 2008-04-23 08:47:29 -0500 |
commit | 2abb46e2457d060965a0ae7340d2b4f99b5d2fd3 (patch) | |
tree | 6132c38087981efebc0d0f5382b46324b384ccbf /docs/smbdotconf | |
parent | 714235d358cc5ae4790bc554bed1db8fa43703f7 (diff) | |
download | samba-2abb46e2457d060965a0ae7340d2b4f99b5d2fd3.tar.gz samba-2abb46e2457d060965a0ae7340d2b4f99b5d2fd3.tar.bz2 samba-2abb46e2457d060965a0ae7340d2b4f99b5d2fd3.zip |
man page updates for new idmap options (still a work in progress)
(This used to be commit c88062d21899e67ba031d6a2da48c50be567ebfd)
Diffstat (limited to 'docs/smbdotconf')
-rw-r--r-- | docs/smbdotconf/winbind/idmapbackend.xml | 39 | ||||
-rw-r--r-- | docs/smbdotconf/winbind/idmapconfig.xml | 32 | ||||
-rw-r--r-- | docs/smbdotconf/winbind/idmapdomains.xml | 27 | ||||
-rw-r--r-- | docs/smbdotconf/winbind/winbindtrusteddomainsonly.xml | 18 |
4 files changed, 88 insertions, 28 deletions
diff --git a/docs/smbdotconf/winbind/idmapbackend.xml b/docs/smbdotconf/winbind/idmapbackend.xml index 75c61fbec0..c8ca077aed 100644 --- a/docs/smbdotconf/winbind/idmapbackend.xml +++ b/docs/smbdotconf/winbind/idmapbackend.xml @@ -1,37 +1,30 @@ <samba:parameter name="idmap backend" context="G" - type="string" + type="string" advanced="1" developer="1" hide="1" xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> <para> - The purpose of the idmap backend parameter is to allow idmap to NOT use the local idmap - tdb file to obtain SID to UID / GID mappings for unmapped SIDs, but instead to obtain them from a common - LDAP backend. This way all domain members and controllers will have the same UID and GID - to SID mappings. This avoids the risk of UID / GID inconsistencies across UNIX / Linux - systems that are sharing information over protocols other than SMB/CIFS (ie: NFS). + The idmap backend provides a plugin interface for Winbind to use + varying backends to store SID/uid/gid mapping tables. This + option is mutually exclusive with the newer and more flexible + <smbconfoption name="idmap domains"/> parameter. The main difference + between the "idmap backend" and the "idmap domains" + is that the former only allows on backend for all domains while the + latter supports configuring backends on a per domain basis. </para> + <para>Examples of SID/uid/gid backends include tdb (<citerefentry> + <refentrytitle>idmap_tdb</refentrytitle><manvolnum>8</manvolnum></citerefentry>), + ldap (<citerefentry><refentrytitle>idmap_ldap</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>), rid (<citerefentry> + <refentrytitle>idmap_rid</refentrytitle><manvolnum>8</manvolnum></citerefentry>), + and ad (<citerefentry><refentrytitle>idmap_tdb</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>). <para> - An alternate method of SID to UID / GID mapping can be achieved using the rid - plug-in. This plug-in uses the account RID to derive the UID and GID by adding the - RID to a base value specified. This utility requires that the parameter - <quote>allow trusted domains = No</quote> must be specified, as it is not compatible - with multiple domain environments. The idmap uid and idmap gid ranges must also be - specified. - </para> - - <para> - Finally, using the ad module, the UID and GID can directly - be retrieved from an Active Directory LDAP Server that supports an - RFC2307 compliant LDAP schema. ad supports "Services for Unix" - (SFU) version 2.x and 3.0. - </para> - </description> <value type="default"></value> -<value type="example">ldap:ldap://ldapslave.example.com</value> -<value type="example">rid:"BUILTIN=1000-1999,DOMNAME=2000-100000000"</value> +<value type="example">ldap:ldap://ldapslave.example.com/</value> <value type="example">ad</value> </samba:parameter> diff --git a/docs/smbdotconf/winbind/idmapconfig.xml b/docs/smbdotconf/winbind/idmapconfig.xml new file mode 100644 index 0000000000..7e96445962 --- /dev/null +++ b/docs/smbdotconf/winbind/idmapconfig.xml @@ -0,0 +1,32 @@ +<samba:parameter name="idmap config" + context="G" + type="string" + advanced="1" developer="1" hide="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para> + The idmap config prefix provides a means of managing each domain + defined by the <smbconfoption name="idmap domains"/> option using Samba's + parameteric option support. The idmap config prefix should be + followed by the name of the domain, a colon, and either the option + name "backend" or a setting specific to the chosen + backend.</para> + + <para> + The following example illustrates how to configure the <citerefentry> + <refentrytitle>idmap_ad</refentrytitle><manvolnum>8</manvolnum></citerefentry> + for the CORP domain and the <citerefentry><refentrytitle>idmap_tdb</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> backend for all other domains. + </para> + + <programlisting> + idmap domains = CORP default + idmap config CORP:backend = ad + idmap config CORP:read_only = yes + idmap config default:backend = tdb + idmap config default:default = yes + idmap config default:range = 1000 - 9999 + </programlisting> + +</description> +</samba:parameter> diff --git a/docs/smbdotconf/winbind/idmapdomains.xml b/docs/smbdotconf/winbind/idmapdomains.xml new file mode 100644 index 0000000000..515a91ba79 --- /dev/null +++ b/docs/smbdotconf/winbind/idmapdomains.xml @@ -0,0 +1,27 @@ +<samba:parameter name="idmap domains" + context="G" + type="string" + advanced="1" developer="1" hide="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para> + The idmap domains option defines a list of Windows domains which will each + have a separately configured backend for managing Winbind's SID/uid/gid + tables. This parameter is mutually exclusive with the older <smbconfoption + name="idmap backend"/> option. + </para> + + <para> + Values constist of the short domain name for Winbind's primary or collection + of trusted domains. The keyword "default" is used to + represent all domains not explicitly listed. + </para> + + <para> + Refer to the <smbconfoption name="idmap config"/> for details about + managing the SID/uid/gid backend for each domain. + </para> +</description> + +<value type="example">default AD CORP</value> +</samba:parameter> diff --git a/docs/smbdotconf/winbind/winbindtrusteddomainsonly.xml b/docs/smbdotconf/winbind/winbindtrusteddomainsonly.xml index b6c5754f5b..49ae4458c3 100644 --- a/docs/smbdotconf/winbind/winbindtrusteddomainsonly.xml +++ b/docs/smbdotconf/winbind/winbindtrusteddomainsonly.xml @@ -1,14 +1,22 @@ <samba:parameter name="winbind trusted domains only" context="G" - type="boolean" + type="boolean" advanced="1" developer="1" xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> <para> - This parameter is designed to allow Samba servers that are members of a Samba controlled domain to use - UNIX accounts distributed via NIS, rsync, or LDAP as the uid's for winbindd users in the hosts primary domain. - Therefore, the user <literal>DOMAIN\user1</literal> would be mapped to the account user1 in /etc/passwd - instead of allocating a new uid for him or her. + This parameter is designed to allow Samba servers that are members + of a Samba controlled domain to use UNIX accounts distributed via NIS, + rsync, or LDAP as the uid's for winbindd users in the hosts primary domain. + Therefore, the user <literal>DOMAIN\user1</literal> would be mapped to + the account user1 in /etc/passwd instead of allocating a new uid for him or her. + </para> + + <para> + This parameter is not deprecated in favor of the newer idmap_nss backend. + Refer to the <smbconfoption name="idmap domains"/> smb.conf option and + the <citerefentry><refentrytitle>idmap_nss</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> man page for more information. </para> </description> |