From 75484f491140fb86eaee90dde1dc1c9d4ebe8a41 Mon Sep 17 00:00:00 2001 From: Karolin Seeger Date: Mon, 3 Sep 2012 21:49:25 +0200 Subject: docs: Rename manpages-3 -> manpages. This change was suggested by Andrew Bartlett on the samba-technical mailing list. Karolin Autobuild-User(master): Karolin Seeger Autobuild-Date(master): Mon Sep 3 23:35:38 CEST 2012 on sn-devel-104 --- docs-xml/manpages/idmap_rid.8.xml | 132 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 132 insertions(+) create mode 100644 docs-xml/manpages/idmap_rid.8.xml (limited to 'docs-xml/manpages/idmap_rid.8.xml') diff --git a/docs-xml/manpages/idmap_rid.8.xml b/docs-xml/manpages/idmap_rid.8.xml new file mode 100644 index 0000000000..3f8735288c --- /dev/null +++ b/docs-xml/manpages/idmap_rid.8.xml @@ -0,0 +1,132 @@ + + + + + + idmap_rid + 8 + Samba + System Administration tools + 3.6 + + + + + idmap_rid + Samba's idmap_rid Backend for Winbind + + + + DESCRIPTION + The idmap_rid backend provides a way to use an algorithmic + mapping scheme to map UIDs/GIDs and SIDs. No database is required + in this case as the mapping is deterministic. + + + Note that the idmap_rid module has changed considerably since Samba + versions 3.0. and 3.2. + Currently, there should to be an explicit idmap configuration for each + domain that should use the idmap_rid backend, using disjoint ranges. + One usually needs to define a writeable default idmap range, using + a backend like tdb or ldap + that can create unix ids, in order to be able to map the BUILTIN sids + and other domains, and also in order to be able to create group mappings. + See the example below. + + + + Note that the old syntax + idmap backend = rid:"DOM1=range DOM2=range2 ..." + is not supported any more since Samba version 3.0.25. + + + + + IDMAP OPTIONS + + + + range = low - high + + Defines the available matching uid and gid range for which the + backend is authoritative. Note that the range acts as a filter. + If algorithmically determined UID or GID fall outside the + range, they are ignored and the corresponding map is discarded. + It is intended as a way to avoid accidental UID/GID overlaps + between local and remotely defined IDs. + + + + + base_rid = INTEGER + + Defines the base integer used to build SIDs out of a UID or a GID, + and to rebase the UID or GID to be obtained from a SID. + This means SIDs with a RID less than the base rid are filtered. + The default is not to restrict the allowed rids at all, + i.e. a base_rid value of 0. + A good value for the base_rid can be 1000, since user + RIDs by default start at 1000 (512 hexadecimal). + + + Use of this parameter is deprecated. + + + + + + + THE MAPPING FORMULAS + + The Unix ID for a RID is calculated this way: + + ID = RID - BASE_RID + LOW_RANGE_ID. + + + + Correspondingly, the formula for calculating the RID for a + given Unix ID is this: + + RID = ID + BASE_RID - LOW_RANGE_ID. + + + + + + EXAMPLES + + This example shows how to configure two domains with idmap_rid, + the principal domain and a trusted domain, leaving the default + id mapping scheme at tdb. The example also demonstrates the use + of the base_rid parameter for the trusted domain. + + + + [global] + security = domain + workgroup = MAIN + + idmap config * : backend = tdb + idmap config * : range = 1000000-1999999 + + idmap config MAIN : backend = rid + idmap config MAIN : range = 10000 - 49999 + + idmap config TRUSTED : backend = rid + idmap config TRUSTED : range = 50000 - 99999 + idmap config TRUSTED : base_rid = 1000 + + + + + AUTHOR + + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + + + -- cgit