Manualshelf

HP CIFS Server 3.0f Administrator's Guide verison A.02.03

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
111112113114115116117118119120
idmap Backend Support in Winbind
This section describe the idmap_rid backend and LDAP backend for idmap support when using winbind.
Examples of configuration files for each backend are provided.
idmap_rid Backend Support
The idmap_rid facility with winbind provides a unique mapping of Windows SIDs to local UNIX UIDs and
GIDs. The idmap_rid facility uses the RID of the user SID to generate the UID and GID by adding the RID
number to a configurable base value. Since the RIDs are allocated by the centrally managed Windows
Domain Controller, this tool permits the CIFS winbind daemons to generate unique HP-UX UIDs and GIDs
across the domain. It can be used for synchronization of mappings across multiple CIFS servers without an
LDAP directory. You can use idmap_rid in a Windows NT domain or a Windows 2000/2003 ADS
domain, but it can not be used in Windows trusted domains.
In HP CIFS Server A.02.03, the idmap_rid shared library, idmaprid.sl(so), is changed to
rid.sl(so).
Limitations Using idmap_rid
The idmap_rid facility is only used in a single Windows domain. It doesn't work with Windows trusted
domains. Using idmap_rid requires that you set the allow trusted domains parameter to No.
You must set the idmap_rid range to be equal to both idmap uid and idmap gid ranges in the
smb.conf file.
When you set the idmap backend parameter to idmap_rid, UIDs and GIDs mapping data is only
stored locally.
Configuring and Using idmap_rid
To use idmap_rid, you must configure the following parameters in the smb.conf file:
Set idmap backend to idmap_rid:<domain name>=<idmap_rid range>.
Set allow trusted domains to No.
An example of smb.conf using idmap_rid is shown below:
[global]
workgroup = DomainA # Doamin name
security = domain or ADS
# idmap section
idmap uid = 50000-60000
idmap gid = 50000-60000
idmap backend = idmap_rid:DomainA=50000-60000
allow trusted domains = no
Check the log file to see if the idmap_rid shared library is loaded after you configure and setup idmap_rid.
idmap Backend Support in Winbind 111