diff options
Diffstat (limited to 'docs/docbook/smbdotconf/security/usernamemap.xml')
-rw-r--r-- | docs/docbook/smbdotconf/security/usernamemap.xml | 91 |
1 files changed, 91 insertions, 0 deletions
diff --git a/docs/docbook/smbdotconf/security/usernamemap.xml b/docs/docbook/smbdotconf/security/usernamemap.xml new file mode 100644 index 0000000000..583a1a872e --- /dev/null +++ b/docs/docbook/smbdotconf/security/usernamemap.xml @@ -0,0 +1,91 @@ +<samba:parameter name="username map" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This option allows you to specify a file containing + a mapping of usernames from the clients to the server. This can be + used for several purposes. The most common is to map usernames + that users use on DOS or Windows machines to those that the UNIX + box uses. The other is to map multiple users to a single username + so that they can more easily share files.</para> + + <para>The map file is parsed line by line. Each line should + contain a single UNIX username on the left then a '=' followed + by a list of usernames on the right. The list of usernames on the + right may contain names of the form @group in which case they + will match any UNIX username in that group. The special client + name '*' is a wildcard and matches any name. Each line of the + map file may be up to 1023 characters long.</para> + + <para>The file is processed on each line by taking the + supplied username and comparing it with each username on the right + hand side of the '=' signs. If the supplied name matches any of + the names on the right hand side then it is replaced with the name + on the left. Processing then continues with the next line.</para> + + <para>If any line begins with a '#' or a ';' then it is ignored</para> + + <para>If any line begins with an '!' then the processing + will stop after that line if a mapping was done by the line. + Otherwise mapping continues with every line being processed. + Using '!' is most useful when you have a wildcard mapping line + later in the file.</para> + + <para>For example to map from the name <constant>admin</constant> + or <constant>administrator</constant> to the UNIX name <constant> + root</constant> you would use:</para> + + <para><command moreinfo="none">root = admin administrator</command></para> + + <para>Or to map anyone in the UNIX group <constant>system</constant> + to the UNIX name <constant>sys</constant> you would use:</para> + + <para><command moreinfo="none">sys = @system</command></para> + + <para>You can have as many mappings as you like in a username map file.</para> + + + <para>If your system supports the NIS NETGROUP option then + the netgroup database is checked before the <filename moreinfo="none">/etc/group + </filename> database for matching groups.</para> + + <para>You can map Windows usernames that have spaces in them + by using double quotes around the name. For example:</para> + + <para><command moreinfo="none">tridge = "Andrew Tridgell"</command></para> + + <para>would map the windows username "Andrew Tridgell" to the + unix username "tridge".</para> + + <para>The following example would map mary and fred to the + unix user sys, and map the rest to guest. Note the use of the + '!' to tell Samba to stop processing if it gets a match on + that line.</para> + +<para><programlisting format="linespecific"> +!sys = mary fred +guest = * +</programlisting></para> + + <para>Note that the remapping is applied to all occurrences + of usernames. Thus if you connect to \\server\fred and <constant> + fred</constant> is remapped to <constant>mary</constant> then you + will actually be connecting to \\server\mary and will need to + supply a password suitable for <constant>mary</constant> not + <constant>fred</constant>. The only exception to this is the + username passed to the <link linkend="PASSWORDSERVER"><parameter moreinfo="none"> + password server</parameter></link> (if you have one). The password + server will receive whatever username the client supplies without + modification.</para> + + <para>Also note that no reverse mapping is done. The main effect + this has is with printing. Users who have been mapped may have + trouble deleting print jobs as PrintManager under WfWg will think + they don't own the print job.</para> + + <para>Default: <emphasis>no username map</emphasis></para> + + <para>Example: <command moreinfo="none">username map = /usr/local/samba/lib/users.map</command></para> +</listitem> +</samba:parameter> |