Manualshelf

HP CIFS Server 3.0d Administrator's Guide version A.02.02 (Edition 5)

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
181182183184185186187188189190
Winbind Support
idmap_rid with Winbind Support
Chapter 7 173
idmap_rid with Winbind Support
The idmap_rid facility with winbind provides a unique mapping of
Windows SIDs to local UNIX UIDs and GIDs. The idmap_rid facility
uses the RID of the user SID to generate the UID and GID by adding the
RID number to a configurable base value. Since the RIDs are allocated
by the centrally managed Windows Domain Controller, this tool permits
the CIFS winbind daemons to generate unique HP-UX UIDs and GIDs
across the domain. It can be used for synchronization of mappings across
multiple CIFS servers without an LDAP directory. You can use
idmap_rid in a Windows NT domain or a Windows 2000/2003 ADS
domain, but it can not be used in Windows trusted domains.
Limitations Using idmap_rid
The idmap_rid facility is only used in a single Windows domain. It
doesn’t work with Windows trusted domains. Using idmap_rid
requires that the allow trusted domains parameter in the
smb.conf file is set to No.
You must set the idmap_rid range to be equal to both idmap uid
and idmap gid ranges in the smb.conf file.
When you set the idmap backend parameter to idmap_rid, UIDs
and GIDs mapping data is only stored locally.
Setting up and Using idmap_rid
To use idmap_rid, you should set idmap backend to idmap_rid, allow
trusted domains to No in the smb.conf file.
An example of smb.conf using idmap_rid is shown below:
[global]
workgroup = DomainA # Doamin name
security = domain or ADS
# Winbindd section
idmap uid = 50000-60000
idmap gid = 50000-60000
idmap backend = idmap_rid:DomainA=50000-60000
allow trusted domain= no
winbind cache time = 10