summaryrefslogtreecommitdiff
path: root/docs/smbdotconf/winbind
diff options
context:
space:
mode:
Diffstat (limited to 'docs/smbdotconf/winbind')
-rw-r--r--docs/smbdotconf/winbind/idmapbackend.xml11
-rw-r--r--docs/smbdotconf/winbind/winbindnssinfo.xml38
2 files changed, 48 insertions, 1 deletions
diff --git a/docs/smbdotconf/winbind/idmapbackend.xml b/docs/smbdotconf/winbind/idmapbackend.xml
index e1dcadcbc8..071feb2334 100644
--- a/docs/smbdotconf/winbind/idmapbackend.xml
+++ b/docs/smbdotconf/winbind/idmapbackend.xml
@@ -20,9 +20,18 @@
with multiple domain environments. The idmap uid and idmap gid ranges must also be
specified.
</para>
+
+ <para>
+ Finally, using the idmap_ad module, the UID and GID can directly
+ be retrieved from an Active Directory LDAP Server that supports an
+ RFC2307 compliant LDAP schema. idmap_ad supports "Services for Unix"
+ (SFU) version 2.x and 3.0.
+ </para>
+
</description>
<value type="default"></value>
<value type="example">ldap:ldap://ldapslave.example.com</value>
-<value type="example">idmap_rid:DOMNAME=1000-100000000</value>
+<value type="example">idmap_rid:BUILTIN=1000-1999,DOMNAME=2000-100000000</value>
+<value type="example">idmap_ad</value>
</samba:parameter>
diff --git a/docs/smbdotconf/winbind/winbindnssinfo.xml b/docs/smbdotconf/winbind/winbindnssinfo.xml
new file mode 100644
index 0000000000..c21f477275
--- /dev/null
+++ b/docs/smbdotconf/winbind/winbindnssinfo.xml
@@ -0,0 +1,38 @@
+<samba:parameter name="winbind nss info"
+ context="G"
+ type="boolean"
+ advanced="1" developer="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+
+ <para>This parameter is designed to control how Winbind retrieves Name
+ Service Information to construct a user's home directory and login shell.
+ Currently the following settings are available:
+
+ <itemizedlist>
+ <listitem>
+ <para><parameter moreinfo="none">template</parameter>
+ - The default, using the parameters of <parameter moreinfo="none">template
+ shell</parameter> and <parameter moreinfo="none">template homedir</parameter>)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para><parameter moreinfo="none">sfu</parameter>
+ - When Samba is running in security = ads and your Active Directory
+ Domain Controller does support the Microsoft "Services for Unix" (SFU)
+ LDAP schema, winbind can retrieve the login shell and the home
+ directory attributes directly from your Directory Server. Note that
+ retrieving UID and GID from your ADS-Server requires to use
+ <parameter moreinfo="non">idmap backend</parameter> = idmap_ad as well.
+ </para>
+ </listitem>
+
+ </itemizedlist>
+
+</para>
+</description>
+
+<value type="default">template</value>
+<value type="example">template sfu</value>
+</samba:parameter>