Name

idmap_ad — Samba's idmap_ad Backend for Winbind

DESCRIPTION

The idmap_ad plugin provides a way for Winbind to read id mappings from an AD server that uses RFC2307/SFU schema extensions. This module implements only the "idmap" API, and is READONLY. Mappings must be provided in advance by the administrator by adding the uidNumber attributes for users and gidNumber attributes for groups in the AD. Winbind will only map users that have a uidNumber and whose primary group have a gidNumber attribute set. It is however recommended that all groups in use have gidNumber attributes assigned, otherwise they are not working.

Currently, the ad backend does not work as the the default idmap backend, but one has to configure it separately for each domain for which one wants to use it, using disjoint ranges. One usually needs to configure a writeable default idmap range, using for example the tdb or ldap backend, in order to be able to map the BUILTIN sids and possibly other trusted domains. The writeable default config is also needed in order to be able to create group mappings. This catch-all default idmap configuration should have a range that is disjoint from any explicitly configured domain with idmap backend ad. See the example below.

IDMAP OPTIONS

range = low - high

Defines the available matching UID and GID range for which the backend is authoritative. Note that the range acts as a filter. If specified any UID or GID stored in AD that fall outside the range is ignored and the corresponding map is discarded. It is intended as a way to avoid accidental UID/GID overlaps between local and remotely defined IDs.

schema_mode = <rfc2307 | sfu | sfu20>

Defines the schema that idmap_ad should use when querying Active Directory regarding user and group information. This can be either the RFC2307 schema support included in Windows 2003 R2 or the Service for Unix (SFU) schema. For SFU 3.0 or 3.5 please choose "sfu", for SFU 2.0 please choose "sfu20". Please note that primary group membership is currently always calculated via the "primaryGroupID" LDAP attribute.

EXAMPLES

The following example shows how to retrieve idmappings from our principal and trusted AD domains. If trusted domains are present id conflicts must be resolved beforehand, there is no guarantee on the order conflicting mappings would be resolved at this point. This example also shows how to leave a small non conflicting range for local id allocation that may be used in internal backends like BUILTIN.

	[global]

	workgroup = CORP

	idmap config * : backend = tdb

	idmap config * : range = 1000000-1999999

	idmap config CORP : backend  = ad

	idmap config CORP : range = 1000-999999

AUTHOR

The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

《COPY FROM:http://www.samba.org/samba/docs/man/manpages/idmap_ad.8.html

idmap_ad — Samba's idmap_ad Backend for Winbind《转载》的更多相关文章

  1. 将samba加入到windows域《转载》

    将samba加入到windows域 那什么是域呢? 一台Windows计算机,它要么隶属于工作组,要么隶属于域.所以说到域,我们就不得不提一下工作组,工作组是MS的概念,一般的普遍称谓是对等网. 工作 ...

  2. Linux使用笔记: 使用Samba访问windows的共享目录(转载)

    转自:http://easwy.com/blog/archives/mount-a-windows-shared-folder-on-linux-with-samba/ 通常我们使用Samba都是在W ...

  3. samba服务器加入域控主机所需要修改的配置文件

    samba服务器加入域控主机,成为域成员,当用户访问samba服务器上的共享文件时,直接到域控主机上进行认证.samba服务器上不需要像先前一样创建系统用户,创建samba用户及密码. 1.安装环境( ...

  4. samba服务日志文件-密码文件及启停

    1.Samba服务日志文件日志文件对于samba非常重要,它存储着客户端访问samba服务器的信息,以及samba服务的错误提示信息等,可以通过分析日志,帮助解决客户端访问和服务器维护等问题.在/et ...

  5. cetos6 安装samba共享文件夹

    yum方式安装 yum install samba 修改配置文件 vim /etc/samba/smb.conf [global] comment = global workgroup = QFpay ...

  6. samba企业级实战应用详解-技术流ken

    1.简介 Samba是一套使用SMB(Server Message Block)协议的应用程序, 通过支持这个协议, Samba允许Linux服务器与Windows系统之间进行通信,使跨平台的互访成为 ...

  7. CentOS7-1810 系统Samba配置说明

    Samba是在Linux和UNIX系统上实现SMB协议的一个免费软件.SMB(Server Messages Block,信息服务块)通信协议是微软(Microsoft)和英特尔(Intel)在198 ...

  8. 如何在Linux下部署Samba服务?

    Samba简介 Samba是在Linux和UNIX系统上实现SMB协议的一个免费软件,由服务器及客户端程序构成.SMB(Server Messages Block,信息服务块)是一种在局域网上共享文件 ...

  9. 实现Redhat Linux 6和Windows通过Windows Server AD统一认证并共享访问Oracle ZS存储系统

    Windows Server 2012 AD设置 1.  建立新的组织单位OU 为用户提前建立好OU,是为了AD用户管理简单清晰. 2.  建立新的用户和用户组 建立新的用户的时候,要同时将用户归属到 ...

随机推荐

  1. 通过 yum update 将系统从CentOS 6.2 升级到 CentOS 6.6 及升级过程中的简单排错

    本文说明 本文写于2014年的WP中,后WP停止维护,今天翻到此记录整理下,记录于此,方便日后查看. 话说那时候写博客真是认真啊~哈哈~ 升级前的系统信息 [root@thatsit ~]# unam ...

  2. C#利用ODP.NET往oracle中高效插入百万数据

    由于工作的原因,要使用winform来处理大量的数据,但是c#自带的System.data.OracleClient效率不是很高,在网上找了很久,找到了ODP.NET,是oracle为c#提供的.貌似 ...

  3. android 自定义view之 TypeArray

    在定义view的时候,我们可以使用系统提供的属性,也可以自定义些额外的属性来设置自定义view的样式,这个时候,我们就需要TypeArray,字面意思就是Type 数组. 今天我们就讲讲如何自定义Vi ...

  4. Mysql的Error 1364

    在安装mysql 5.5.8的最后一步,应用安全配置时, 弹出错误对话框, Error Nr.1364 authentication_string 解决办法: 1.暂时不要关闭该窗口,cmd命令,执行 ...

  5. CF 277E Binary Tree on Plane (拆点 + 费用流) (KM也可做)

    题目大意: 平面上有n个点,两两不同.现在给出二叉树的定义,要求树边一定是从上指向下,即从y坐标大的点指向小的点,并且每个结点至多有两个儿子.现在让你求给出的这些点是否能构成一棵二叉树,如果能,使二叉 ...

  6. .attr()和.prop()和.css()的区别

    是不是新手都会遇到这个问题?遇到过一次,在网上搜一搜,综合成了下面这样.重点参考了dolphin的‘jQuery的attr与prop’, 写的很清楚呢. 一般attribute翻译成中文术语为“特性” ...

  7. 4月13日 php

    用php打印乘法表: <html> <head> <title>我的第一个PHP页面</title> </head> <body> ...

  8. c语言,全局变量,局部变量,外部函数,内部函数,stasic和extern的复习总结

    @import url(http://i.cnblogs.com/Load.ashx?type=style&file=SyntaxHighlighter.css);@import url(/c ...

  9. 模拟Hibernate动态生成SQL语句

    这里有一个xml配置文件,也就是Hibernate框架中会用到的POJO和数据库的映射文件 <?xml version="1.0" encoding="utf-8& ...

  10. 将日期yyyy-MM-dd转为数字大写的形式

    /** * 将日期转大写 * 例如:2013-05-13转为 二0一三年五月十三日 * @param date * @return */ public static String getDxDate( ...