diff options
| -rw-r--r-- | docs/Samba-Guide/Chap04-SecureOfficeServer.xml | 4 | ||||
| -rw-r--r-- | docs/Samba-Guide/Chap05-500UserNetwork.xml | 2 | ||||
| -rw-r--r-- | docs/Samba-Guide/Chap06-MakingHappyUsers.xml | 4 | ||||
| -rw-r--r-- | docs/Samba-Guide/Chap07-2000UserNetwork.xml | 10 | ||||
| -rw-r--r-- | docs/Samba-Guide/Chap09-AddingUNIXClients.xml | 4 | ||||
| -rw-r--r-- | docs/Samba-HOWTO-Collection/IDMAP.xml | 80 | ||||
| -rw-r--r-- | docs/Samba-HOWTO-Collection/index.xml | 2 |
7 files changed, 84 insertions, 22 deletions
diff --git a/docs/Samba-Guide/Chap04-SecureOfficeServer.xml b/docs/Samba-Guide/Chap04-SecureOfficeServer.xml index 13a264a0dc..8cd0cfb0ec 100644 --- a/docs/Samba-Guide/Chap04-SecureOfficeServer.xml +++ b/docs/Samba-Guide/Chap04-SecureOfficeServer.xml @@ -160,7 +160,7 @@ <image id="ch04net"> <imagedescription>Abmas Network Topology &smbmdash; 130 Users</imagedescription> - <imagefile scale="90">chap4-net</imagefile> + <imagefile scale="60">chap4-net</imagefile> </image> <para> @@ -896,7 +896,7 @@ echo -e "\nNAT firewall done.\n" <smbconfoption><name>delete group script</name><value>/usr/sbin/groupdel '%g'</value></smbconfoption> <smbconfoption><name>add user to group script</name><value>/usr/sbin/usermod -G '%g' '%u'</value></smbconfoption> <smbconfoption><name>add machine script</name><value>/usr/sbin/useradd</value></smbconfoption> -<member><parameter>-s /bin/false -d /dev/null %u</parameter></member> +<member><parameter>-s /bin/false -d /tmp '%u'</parameter></member> <smbconfoption><name>shutdown script</name><value>/var/lib/samba/scripts/shutdown.sh</value></smbconfoption> <smbconfoption><name>abort shutdown script</name><value>/sbin/shutdown -c</value></smbconfoption> <smbconfoption><name>logon script</name><value>scripts\logon.bat</value></smbconfoption> diff --git a/docs/Samba-Guide/Chap05-500UserNetwork.xml b/docs/Samba-Guide/Chap05-500UserNetwork.xml index 4c761332bc..dbbbe4ece5 100644 --- a/docs/Samba-Guide/Chap05-500UserNetwork.xml +++ b/docs/Samba-Guide/Chap05-500UserNetwork.xml @@ -323,7 +323,7 @@ <image id="chap05net"> <imagedescription>Network Topology &smbmdash; 500 User Network Using tdbsam passdb backend.</imagedescription> - <imagefile scale="80">chap5-net</imagefile> + <imagefile scale="60">chap5-net</imagefile> </image> <sect2 id="ch5-dnshcp-setup"> diff --git a/docs/Samba-Guide/Chap06-MakingHappyUsers.xml b/docs/Samba-Guide/Chap06-MakingHappyUsers.xml index d27aced071..bf21fe5b1a 100644 --- a/docs/Samba-Guide/Chap06-MakingHappyUsers.xml +++ b/docs/Samba-Guide/Chap06-MakingHappyUsers.xml @@ -572,7 +572,7 @@ <image id="ch6-LDAPdiag"> <imagedescription>The Interaction of LDAP, UNIX Posix Accounts and Samba Accounts</imagedescription> - <imagefile scale="70">UNIX-Samba-and-LDAP</imagefile> + <imagefile scale="60">UNIX-Samba-and-LDAP</imagefile> </image> <para><indexterm> @@ -956,7 +956,7 @@ <image id="chap6net"> <imagedescription>Network Topology &smbmdash; 500 User Network Using ldapsam passdb backend.</imagedescription> - <imagefile scale="70">chap6-net</imagefile> + <imagefile scale="60">chap6-net</imagefile> </image> <para><indexterm> diff --git a/docs/Samba-Guide/Chap07-2000UserNetwork.xml b/docs/Samba-Guide/Chap07-2000UserNetwork.xml index 8be46d92c3..bb5134f353 100644 --- a/docs/Samba-Guide/Chap07-2000UserNetwork.xml +++ b/docs/Samba-Guide/Chap07-2000UserNetwork.xml @@ -756,7 +756,7 @@ <image id="chap7idres"> <imagedescription>Samba and Authentication Backend Search Pathways</imagedescription> - <imagefile scale="80">chap7-idresol</imagefile> + <imagefile scale="60">chap7-idresol</imagefile> </image> <para><indexterm> @@ -797,7 +797,7 @@ passdb backend = ldapsam:ldap://master.abmas.biz <link linkend="ch7singleLDAP"/>. <image id="ch7singleLDAP"> <imagedescription>Samba Configuration to Use a Single LDAP Server</imagedescription> - <imagefile scale="100">ch7-singleLDAP</imagefile> + <imagefile scale="60">ch7-singleLDAP</imagefile> </image> <indexterm> <primary>LDAP</primary> @@ -819,7 +819,7 @@ passdb backend = ldapsam:"ldap://master.abmas.biz \ as shown in <link linkend="ch7dualLDAP"/>. <image id="ch7dualLDAP"> <imagedescription>Samba Configuration to Use a Dual (Fail-over) LDAP Server</imagedescription> - <imagefile scale="100">ch7-fail-overLDAP</imagefile> + <imagefile scale="60">ch7-fail-overLDAP</imagefile> </image> </para> @@ -844,7 +844,7 @@ passdb backend = ldapsam:ldap://master.abmas.biz \ <image id="ch7dualadd"> <imagedescription>Samba Configuration to Use Dual LDAP Databases - Broken - Do Not Use!</imagedescription> - <imagefile scale="80">ch7-dual-additive-LDAP</imagefile> + <imagefile scale="60">ch7-dual-additive-LDAP</imagefile> </image> <para> @@ -856,7 +856,7 @@ passdb backend = ldapsam:ldap://master.abmas.biz \ <image id="ch7dualok"> <imagedescription>Samba Configuration to Use Two LDAP Databases - The result is additive.</imagedescription> - <imagefile scale="80">ch7-dual-additive-LDAP-Ok</imagefile> + <imagefile scale="60">ch7-dual-additive-LDAP-Ok</imagefile> </image> <note><para> diff --git a/docs/Samba-Guide/Chap09-AddingUNIXClients.xml b/docs/Samba-Guide/Chap09-AddingUNIXClients.xml index 4e2297f640..0755f7cd55 100644 --- a/docs/Samba-Guide/Chap09-AddingUNIXClients.xml +++ b/docs/Samba-Guide/Chap09-AddingUNIXClients.xml @@ -513,7 +513,7 @@ <image id="ch9-sambadc"> <imagedescription>Samba Domain: Samba Member Server</imagedescription> - <imagefile scale="75">chap9-SambaDC</imagefile> + <imagefile scale="60">chap9-SambaDC</imagefile> </image> <para><indexterm> @@ -1106,7 +1106,7 @@ aliases: files <image id="ch9-adsdc"> <imagedescription>Active Directory Domain: Samba Member Server</imagedescription> - <imagefile scale="75">chap9-ADSDC</imagefile> + <imagefile scale="60">chap9-ADSDC</imagefile> </image> <procedure> diff --git a/docs/Samba-HOWTO-Collection/IDMAP.xml b/docs/Samba-HOWTO-Collection/IDMAP.xml index f7fb2f4b92..cb1df6b7ff 100644 --- a/docs/Samba-HOWTO-Collection/IDMAP.xml +++ b/docs/Samba-HOWTO-Collection/IDMAP.xml @@ -9,10 +9,11 @@ ]> <chapter id="idmapper"> -<chapterinfo> - &author.jht; -</chapterinfo> -<title>Identity Mapping &smbmdash; IDMAP</title> + <chapterinfo> + &author.jht; + </chapterinfo> + +<title>Identity Mapping (IDMAP)</title> <note><para> THIS IS A WORK IN PROGRESS - it is a preparation for the release of Samba-3.0.8. @@ -20,7 +21,7 @@ THIS IS A WORK IN PROGRESS - it is a preparation for the release of Samba-3.0.8. <para> The Microsoft Windows operating system has a number of features that impose specific challenges -for interoperability with operaing system on which Samba is implemented. This chapter deals +for interoperability with operating system on which Samba is implemented. This chapter deals explicitly with the mechanisms Samba-3 (version 3.0.8 and later) has to overcome one of the key challenges in the integration of Samba servers into an MS Windows networking environment. This chapter deals with IDentity MAPping (IDMAP) of Windows Security IDentifiers (SIDs) @@ -28,7 +29,7 @@ to UNIX UIDs and GIDs. </para> <para> -So that this area is covered sufficiently, eash possible Samba deployment type will be discussed. +So that this area is covered sufficiently, each possible Samba deployment type will be discussed. This is followed by an overview of how the IDMAP facility may be implemented. </para> @@ -79,16 +80,78 @@ on Server Types and Security Modes</link>. <para> Samba-3 can act as a Windows NT4 PDC or BDC thereby providing domain control protocols that are based on Windows NT4. Thus, where Samba-3 is a Domain Member server or client the matter - if SID to UID/GID resolution is equivalent with the same configuration with a Windows NT4 or - earlier domain environment. + of SID to UID/GID resolution is equivalent to configuration with a Windows NT4 or earlier + domain environment. When Samba-3 is acting as a Domain Member of an Active Directory (ADS) + domain it will also be necessary to resolve domain user and group identities (SIDs) to UNIX + UIDs and GIDs. </para> + <para> + A Samba member of a Windows networking domain (NT4-style or ADS) can be configured to handle + identity mapping in a variety of ways. The mechanism is will use depends on whether or not + the <command>winbindd</command> daemon is used, and how the winbind functionality is configured. + The configuration options are briefly described here: + </para> + + <variablelist> + <varlistentry><term>Winbind is not used, users and groups are local: &smbmdash </term> + <listitem> + <para> + + </para> + </listitem> + </varlistentry> + + <varlistentry><term>Winbind is not used, users and groups resolved via NSS: &smbmdash; </term> + <listitem> + <para> + </para> + </listitem> + </varlistentry> + + <varlistentry><term>Winbind maintains local IDMAP table: &smbmdash; </term> + <listitem> + <para> + </para> + </listitem> + </varlistentry> + + <varlistentry><term>Winbind uses LDAP backend based IDMAP: &smbmdash; </term> + <listitem> + <para> + </para> + </listitem> + </varlistentry> + + <varlistentry><term>Winbind uses NSS to resolve UNIX/Linux user and group IDs: &smbmdash; </term> + <listitem> + <para> + </para> + </listitem> + </varlistentry> + + <varlistentry><term>Winbind uses RID based IDMAP: &smbmdash; </term> + <listitem> + <para> + </para> + </listitem> + </varlistentry> + + </variablelist> + </sect2> <sect2> <title>Primary Domain Controller</title> <para> + Microsoft Windows domain security systems generate the user and group security identifier (SID) as part + of the process of creation of an account. Windows does not have a concept of a UID or a GID. + </para> + + <para> + MS Active Directory Server (ADS) uses a directory schema that can be extended to accommodate additional + account attributes such as UIDs and GIDs. </para> </sect2> @@ -159,5 +222,4 @@ on Server Types and Security Modes</link>. </sect1> - </chapter> diff --git a/docs/Samba-HOWTO-Collection/index.xml b/docs/Samba-HOWTO-Collection/index.xml index 318b370f3c..0ebb2877f1 100644 --- a/docs/Samba-HOWTO-Collection/index.xml +++ b/docs/Samba-HOWTO-Collection/index.xml @@ -135,7 +135,7 @@ Samba has several features that you might want or might not want to use. The cha <xi:include href="NetworkBrowsing.xml"/> <xi:include href="Passdb.xml"/> <xi:include href="Group-Mapping.xml"/> -<xi:include hred="IDMAP.xml"/> +<xi:include href="IDMAP.xml"/> <xi:include href="AccessControls.xml"/> <xi:include href="locking.xml"/> <xi:include href="Securing.xml"/> |