Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   20652 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

IDMAP_AD(1M)		  System Administration tools		  IDMAP_AD(1M)

NAME
       idmap_ad - Samba's idmap_ad Backend for Winbind

DESCRIPTION
       The idmap_ad plugin provides a way for Winbind to read id mappings from
       an AD server that uses RFC2307/SFU schema extensions. This module
       implements only the "idmap" API, and is READONLY. Mappings must be
       provided in advance by the administrator by adding the
       posixAccount/posixGroup classes and relative attribute/value pairs to
       the user and group objects in the AD.

       Note that the idmap_ad module has changed considerably since Samba
       versions 3.0 and 3.2. Currently, the ad backend does not work as the
       the default idmap backend, but one has to configure it separately for
       each domain for which one wants to use it, using disjoint ranges. One
       usually needs to configure a writeable default idmap range, using for
       example the tdb or ldap backend, in order to be able to map the BUILTIN
       sids and possibly other trusted domains. The writeable default config
       is also needed in order to be able to create group mappings. This
       catch-all default idmap configuration should have a range that is
       disjoint from any explicitly configured domain with idmap backend ad.
       See the example below.

IDMAP OPTIONS
       range = low - high
	   Defines the available matching UID and GID range for which the
	   backend is authoritative. Note that the range acts as a filter. If
	   specified any UID or GID stored in AD that fall outside the range
	   is ignored and the corresponding map is discarded. It is intended
	   as a way to avoid accidental UID/GID overlaps between local and
	   remotely defined IDs.

       schema_mode = <rfc2307 | sfu >
	   Defines the schema that idmap_ad should use when querying Active
	   Directory regarding user and group information. This can be either
	   the RFC2307 schema support included in Windows 2003 R2 or the
	   Service for Unix (SFU) schema.

EXAMPLES
       The following example shows how to retrieve idmappings from our
       principal and trusted AD domains. If trusted domains are present id
       conflicts must be resolved beforehand, there is no guarantee on the
       order conflicting mappings would be resolved at this point. This
       example also shows how to leave a small non conflicting range for local
       id allocation that may be used in internal backends like BUILTIN.

		[global]
		idmap config * : backend = tdb
		idmap config * : range = 1000000-1999999

		idmap config CORP : backend  = ad
		idmap config CORP : range = 1000-999999

AUTHOR
       The original Samba software and related utilities were created by
       Andrew Tridgell. Samba is now developed by the Samba Team as an Open
       Source project similar to the way the Linux kernel is developed.

ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:

       ┌────────────────────┬─────────────────────────────────┐
       │  ATTRIBUTE TYPE    │	      ATTRIBUTE VALUE	      │
       ├────────────────────┼─────────────────────────────────┤
       │Availability	    │ SUNWsmbar, SUNWsmbac, SUNWsmbau │
       ├────────────────────┼─────────────────────────────────┤
       │Interface Stability │ External			      │
       └────────────────────┴─────────────────────────────────┘
NOTES
       Source code for Samba is available in the SUNWsmbaS package.

       Samba(7) delivers the set of four SMF(5) services as can be seen from
       the following example:

	    $ svcs samba wins winbind swat
	   STATE	  STIME	   FMRI
	   disabled	  Apr_21   svc:/network/samba:default
	   disabled	  Apr_21   svc:/network/winbind:default
	   disabled	  Apr_21   svc:/network/wins:default
	   disabled	  Apr_21   svc:/network/swat:default

       where the services are:

	"samba"
	   runs the smbd daemon managing the CIFS sessions

	"wins"
	   runs the nmbd daemon enabling the browsing (WINS)

	"winbind"
	   runs the winbindd daemon making the domain idmap

	"swat"
	   Samba Web Administration Tool is a service providing access to
	   browser-based Samba administration interface and on-line
	   documentation.  The service runs on software loopback network
	   interface on port 901/tcp, i.e. opening "http://localhost:901/" in
	   browser will access the SWAT service on local machine.

       Please note: SWAT uses HTTP Basic Authentication scheme where user name
       and passwords are sent over the network in clear text. In the SWAT case
       the user name is root. Transferring such sensitive data is advisable
       only on the software loopback network interface or over secure
       networks.

Samba 3.6			  04/10/2012			  IDMAP_AD(1M)

Vote for polarhome