Name

idmap_ad — Samba's idmap_ad Backend for Winbind

DESCRIPTION

The idmap_ad plugin provides a way for Winbind to read id mappings from an AD server that uses RFC2307/SFU schema extensions. This module implements only the "idmap" API, and is READONLY. Mappings must be provided in advance by the administrator by adding the uidNumber attributes for users and gidNumber attributes for groups in the AD. Winbind will only map users that have a uidNumber and whose primary group have a gidNumber attribute set. It is however recommended that all groups in use have gidNumber attributes assigned, otherwise they are not working.

Currently, the ad backend does not work as the the default idmap backend, but one has to configure it separately for each domain for which one wants to use it, using disjoint ranges. One usually needs to configure a writeable default idmap range, using for example the tdb or ldap backend, in order to be able to map the BUILTIN sids and possibly other trusted domains. The writeable default config is also needed in order to be able to create group mappings. This catch-all default idmap configuration should have a range that is disjoint from any explicitly configured domain with idmap backend ad. See the example below.

IDMAP OPTIONS

range = low - high

Defines the available matching UID and GID range for which the backend is authoritative. Note that the range acts as a filter. If specified any UID or GID stored in AD that fall outside the range is ignored and the corresponding map is discarded. It is intended as a way to avoid accidental UID/GID overlaps between local and remotely defined IDs.

schema_mode = <rfc2307 | sfu | sfu20>

Defines the schema that idmap_ad should use when querying Active Directory regarding user and group information. This can be either the RFC2307 schema support included in Windows 2003 R2 or the Service for Unix (SFU) schema. For SFU 3.0 or 3.5 please choose "sfu", for SFU 2.0 please choose "sfu20". Please note that primary group membership is currently always calculated via the "primaryGroupID" LDAP attribute.

EXAMPLES

The following example shows how to retrieve idmappings from our principal and trusted AD domains. If trusted domains are present id conflicts must be resolved beforehand, there is no guarantee on the order conflicting mappings would be resolved at this point. This example also shows how to leave a small non conflicting range for local id allocation that may be used in internal backends like BUILTIN.

	[global]

	workgroup = CORP

	idmap config * : backend = tdb

	idmap config * : range = 1000000-1999999

	idmap config CORP : backend  = ad

	idmap config CORP : range = 1000-999999

AUTHOR

The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

《COPY FROM:http://www.samba.org/samba/docs/man/manpages/idmap_ad.8.html

idmap_ad — Samba's idmap_ad Backend for Winbind《转载》的更多相关文章

  1. 将samba加入到windows域《转载》

    将samba加入到windows域 那什么是域呢? 一台Windows计算机,它要么隶属于工作组,要么隶属于域.所以说到域,我们就不得不提一下工作组,工作组是MS的概念,一般的普遍称谓是对等网. 工作 ...

  2. Linux使用笔记: 使用Samba访问windows的共享目录(转载)

    转自:http://easwy.com/blog/archives/mount-a-windows-shared-folder-on-linux-with-samba/ 通常我们使用Samba都是在W ...

  3. samba服务器加入域控主机所需要修改的配置文件

    samba服务器加入域控主机,成为域成员,当用户访问samba服务器上的共享文件时,直接到域控主机上进行认证.samba服务器上不需要像先前一样创建系统用户,创建samba用户及密码. 1.安装环境( ...

  4. samba服务日志文件-密码文件及启停

    1.Samba服务日志文件日志文件对于samba非常重要,它存储着客户端访问samba服务器的信息,以及samba服务的错误提示信息等,可以通过分析日志,帮助解决客户端访问和服务器维护等问题.在/et ...

  5. cetos6 安装samba共享文件夹

    yum方式安装 yum install samba 修改配置文件 vim /etc/samba/smb.conf [global] comment = global workgroup = QFpay ...

  6. samba企业级实战应用详解-技术流ken

    1.简介 Samba是一套使用SMB(Server Message Block)协议的应用程序, 通过支持这个协议, Samba允许Linux服务器与Windows系统之间进行通信,使跨平台的互访成为 ...

  7. CentOS7-1810 系统Samba配置说明

    Samba是在Linux和UNIX系统上实现SMB协议的一个免费软件.SMB(Server Messages Block,信息服务块)通信协议是微软(Microsoft)和英特尔(Intel)在198 ...

  8. 如何在Linux下部署Samba服务?

    Samba简介 Samba是在Linux和UNIX系统上实现SMB协议的一个免费软件,由服务器及客户端程序构成.SMB(Server Messages Block,信息服务块)是一种在局域网上共享文件 ...

  9. 实现Redhat Linux 6和Windows通过Windows Server AD统一认证并共享访问Oracle ZS存储系统

    Windows Server 2012 AD设置 1.  建立新的组织单位OU 为用户提前建立好OU,是为了AD用户管理简单清晰. 2.  建立新的用户和用户组 建立新的用户的时候,要同时将用户归属到 ...

随机推荐

  1. Responsive Table 利用@media

    html <table> <thead> <tr> <th>First Name</th> <th>Last Name</ ...

  2. FileDirLocationOperator - 文件或目录位置操作.

    using System; using System.Collections.Generic; using System.Linq; using System.Text; namespace Move ...

  3. x++ and ++x

    http://blog.sina.com.cn/s/blog_6c762bb30101ar1w.html 看到个东西,搞不清的时候可以看看 =.=

  4. JSTL核心标签库

    1.set:给web域设置值的 <c:set var="lang" value="Java" scope="page">< ...

  5. (原创) jetson tk1 初始化

    1. 相关的网站: 1. Jetson TK1 support   https://developer.nvidia.com/jetson-tk1-support 2.official Wiki fo ...

  6. Django Meta内部类选项

    http://blog.csdn.net/yelbosh/article/details/7545335

  7. math.h中的常量

    类似于Matlab中经常用到的一些常量,C++里边也是有的.(经查源文件无意中看到) 写入如下代码: #include<iostream> #include<iomanip> ...

  8. C++ 的多重继承

    不能够从对象访问基类的公开方法,真悲剧!只能在类里面提供公共函数! void Mentor::GetInfo(){ cout<<endl<<name<<endl&l ...

  9. JS apply()的使用详解

    首先: apply和call的区别在哪里? 其次: 什么情况下用apply,什么情况下用call? 最后: 一般在什么情况下可以使用apply? *************************** ...

  10. Spark link集合

    Part1. 各种参数的意义及如何配置 Spark官方文档——Spark Configuration(Spark配置) http://www.cnblogs.com/vincent-hv/p/3316 ...