[SCM] Samba Shared Repository - branch master updated -
a089b3bb99a226e8f99884867a677672cc028f1c
Gerald Carter
jerry at samba.org
Thu Sep 25 16:01:27 GMT 2008
The branch, master has been updated
via a089b3bb99a226e8f99884867a677672cc028f1c (commit)
via 73769e136e85fd1f6d39dad89bd84cdb7d758764 (commit)
from f27774729e8c88615b9d3d25a85cae0a1fc35c4f (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit a089b3bb99a226e8f99884867a677672cc028f1c
Author: Gerald W. Carter <jerry at samba.org>
Date: Tue Sep 23 11:43:05 2008 -0700
Document the new hash and adex idmap/nss_info plugins.
(cherry picked from commit 77bc0be0536bcd6a3ce8283a708828bebbbffee3)
commit 73769e136e85fd1f6d39dad89bd84cdb7d758764
Author: Gerald W. Carter <jerry at samba.org>
Date: Tue Sep 23 11:40:28 2008 -0700
Document how to enable the name aliasing support in Winbind.
(cherry picked from commit 6dc81eb85b11851794619a1f2769d68cd9a54fb6)
-----------------------------------------------------------------------
Summary of changes:
docs-xml/manpages-3/idmap_adex.8.xml | 89 ++++++++++++++++++++
docs-xml/manpages-3/idmap_hash.8.xml | 76 +++++++++++++++++
.../smbdotconf/winbind/winbindnormalizenames.xml | 27 ++++--
3 files changed, 184 insertions(+), 8 deletions(-)
create mode 100644 docs-xml/manpages-3/idmap_adex.8.xml
create mode 100644 docs-xml/manpages-3/idmap_hash.8.xml
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages-3/idmap_adex.8.xml b/docs-xml/manpages-3/idmap_adex.8.xml
new file mode 100644
index 0000000..9eb2ff7
--- /dev/null
+++ b/docs-xml/manpages-3/idmap_adex.8.xml
@@ -0,0 +1,89 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
+<refentry id="idmap_adex.8">
+
+<refmeta>
+ <refentrytitle>idmap_adex</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class="source">Samba</refmiscinfo>
+ <refmiscinfo class="manual">System Administration tools</refmiscinfo>
+ <refmiscinfo class="version">3.2</refmiscinfo>
+</refmeta>
+
+
+<refnamediv>
+ <refname>idmap_adex</refname>
+ <refpurpose>Samba's idmap_adex Backend for Winbind</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+ <title>DESCRIPTION</title>
+ <para>
+ The idmap_adex plugin provides a way for Winbind to read
+ id mappings from an AD server that uses RFC2307 schema
+ extensions. This module implements both the idmap and nss_info
+ APIs and supports domain trustes as well as two-way cross
+ forest trusts. It is a read-only plugin requiring that the
+ administrator provide mappings in advance by adding the
+ POSIX attribute information to the users and groups objects
+ in AD. The most common means of doing this is using "Identity
+ Services for Unix" support on Windows 2003 R2 and later.
+ </para>
+
+ <para>
+ Note that you must add the uidNumber, gidNumber, and uid
+ attributes to the partial attribute set of the forest global
+ catalog servers. This can be done using the Active Directory Schema
+ Management MMC plugin (schmmgmt.dll).
+ </para>
+</refsynopsisdiv>
+
+<refsynopsisdiv>
+ <title>NSS_INFO</title>
+ <para>
+ The nss_info plugin supports reading the unixHomeDirectory,
+ gidNumber, loginShell, and uidNumber attributes from the user
+ object and the gidNumber attribute from the group object to
+ fill in information required by the libc getpwnam() and
+ getgrnam() family of functions. Group membership is filled in
+ according to the Windows group membership and not the
+ msSFU30PosixMember attribute.
+ </para>
+
+ <para>
+ Username aliases are implement by setting the uid attribute
+ on the user object. While group name aliases are implemented
+ by reading the displayname attribute from the group object.
+ </para>
+</refsynopsisdiv>
+
+<refsect1>
+ <title>EXAMPLES</title>
+ <para>
+ The following example shows how to retrieve idmappings and NSS data
+ from our principal and trusted AD domains.
+ </para>
+
+ <programlisting>
+ [global]
+ idmap backend = adex
+ idmap uid = 1000-4000000000
+ idmap gid = 1000-4000000000
+
+ winbind nss info = adex
+ winbind normalize names = yes
+ </programlisting>
+</refsect1>
+
+<refsect1>
+ <title>AUTHOR</title>
+
+ <para>
+ The original Samba software and related utilities
+ were created by Andrew Tridgell. Samba is now developed
+ by the Samba Team as an Open Source project similar
+ to the way the Linux kernel is developed.
+ </para>
+</refsect1>
+
+</refentry>
diff --git a/docs-xml/manpages-3/idmap_hash.8.xml b/docs-xml/manpages-3/idmap_hash.8.xml
new file mode 100644
index 0000000..8e452b3
--- /dev/null
+++ b/docs-xml/manpages-3/idmap_hash.8.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
+<refentry id="idmap_hash.8">
+
+<refmeta>
+ <refentrytitle>idmap_hash</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class="source">Samba</refmiscinfo>
+ <refmiscinfo class="manual">System Administration tools</refmiscinfo>
+ <refmiscinfo class="version">3.2</refmiscinfo>
+</refmeta>
+
+
+<refnamediv>
+ <refname>idmap_hash</refname>
+ <refpurpose>Samba's idmap_hash Backend for Winbind</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+ <title>DESCRIPTION</title>
+ <para>The idmap_hash plugin implements a hashing algorithm used
+ map SIDs for domain users and groups to a 31-bit uid and gid.
+ This plugin also implements the nss_info API and can be used
+ to support a local name mapping files if enabled via the
+ "winbind normlaize names" and "winbind nss info"
+ parameters in smb.conf.
+ </para>
+</refsynopsisdiv>
+
+<refsect1>
+ <title>IDMAP OPTIONS</title>
+
+ <variablelist>
+ <varlistentry>
+ <term>name_map</term>
+ <listitem><para>
+ Specifies the absolute path to the name mapping
+ file used by the nss_info API. Entries in the file
+ are of the form "<replaceable>unix name</replaceable>
+ = <replaceable>qualified domain name</replaceable>"e;.
+ Mapping of both user and group names is supported.
+ </para></listitem>
+ </varlistentry>
+ </variablelist>
+</refsect1>
+
+<refsect1>
+ <title>EXAMPLES</title>
+ <para>The following example utilizes the idmap_hash plugin for
+ the idmap and nss_info information.
+ </para>
+
+ <programlisting>
+ [global]
+ idmap backend = hash
+ idmap uid = 1000-4000000000
+ idmap gid = 1000-4000000000
+
+ winbind nss info = hash
+ winbind normalize names = yes
+ idmap_hash:name_map = /etc/samba/name_map.cfg
+ </programlisting>
+</refsect1>
+
+<refsect1>
+ <title>AUTHOR</title>
+
+ <para>
+ The original Samba software and related utilities
+ were created by Andrew Tridgell. Samba is now developed
+ by the Samba Team as an Open Source project similar
+ to the way the Linux kernel is developed.
+ </para>
+</refsect1>
+
+</refentry>
diff --git a/docs-xml/smbdotconf/winbind/winbindnormalizenames.xml b/docs-xml/smbdotconf/winbind/winbindnormalizenames.xml
index 28826cf..5b68bca 100644
--- a/docs-xml/smbdotconf/winbind/winbindnormalizenames.xml
+++ b/docs-xml/smbdotconf/winbind/winbindnormalizenames.xml
@@ -5,14 +5,25 @@
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>This parameter controls whether winbindd will replace
- whitespace in user and group names with an underscore (_) character.
- For example, whether the name "Space Kadet" should be
- replaced with the string "space_kadet".
- Frequently Unix shell scripts will have difficulty with usernames
- contains whitespace due to the default field separator in the shell.
- Do not enable this option if the underscore character is used in
- account names within your domain
- </para>
+ whitespace in user and group names with an underscore (_) character.
+ For example, whether the name "Space Kadet" should be
+ replaced with the string "space_kadet".
+ Frequently Unix shell scripts will have difficulty with usernames
+ contains whitespace due to the default field separator in the shell.
+ If your domain possesses names containing the underscore character,
+ this option may cause problems unless the name aliasing feature
+ is supported by your nss_info plugin.
+ </para>
+
+ <para>This feature also enables the name aliasing API which can
+ be used to make domain user and group names to a non-qlaified
+ version. Please refer to the manpage for the configured
+ idmap and nss_info plugin for the specifics on how to configure
+ name aliasing for a specific configuration. Name aliasing takes
+ precendence (and is mutually exclusive) over the whitespace
+ replacement mechanism discussed previsouly.
+ </para>
+
</description>
<value type="default">no</value>
--
Samba Shared Repository
More information about the samba-cvs
mailing list