idmap_tdb2 man page on SunOS

Man page or keyword search:  
man Server   20652 pages
apropos Keyword Search (all sections)
Output format
SunOS logo
[printable version]

IDMAP_TDB2(1M)		  System Administration tools		IDMAP_TDB2(1M)

NAME
       idmap_tdb2 - Samba's idmap_tdb2 Backend for Winbind

DESCRIPTION
       The idmap_tdb2 plugin is a substitute for the default idmap_tdb backend
       used by winbindd for storing SID/uid/gid mapping tables in clustered
       environments with Samba and CTDB.

       In contrast to read only backends like idmap_rid, it is an allocating
       backend: This means that it needs to allocate new user and group IDs in
       order to create new mappings.

IDMAP OPTIONS
       range = low - high
	   Defines the available matching uid and gid range for which the
	   backend is authoritative.

       script
	   This option can be used to configure an external program for
	   performing id mappings instead of using the tdb counter. The
	   mappings are then stored int tdb2 idmap database. For details see
	   the section on IDMAP SCRIPT below.

IDMAP SCRIPT
       The tdb2 idmap backend supports an external program for performing id
       mappings through the smb.conf option idmap config * : script or its
       deprecated legacy form idmap : script.

       The mappings obtained by the script are then stored in the idmap tdb2
       database instead of mappings created by the incrementing id counters.
       It is therefore important that the script covers the complete range of
       SIDs that can be passed in for SID to Unix ID mapping, since otherwise
       SIDs unmapped by the script might get mapped to IDs that had previously
       been mapped by the script.

       The script should accept the following command line options.

		SIDTOID S-1-xxxx
		IDTOSID UID xxxx
		IDTOSID GID xxxx

       And it should return one of the following responses as a single line of
       text.

		UID:yyyy
		GID:yyyy
		SID:yyyy
		ERR:yyyy

EXAMPLES
       This example shows how tdb2 is used as a the default idmap backend.

		[global]
		idmap config * : backend = tdb2
		idmap config * : range = 1000000-2000000

       This example shows how tdb2 is used as a the default idmap backend
       using an external program via the script parameter:

		[global]
		idmap config * : backend = tdb2
		idmap config * : range = 1000000-2000000
		idmap config * : script = /usr/local/samba/bin/idmap_script.sh

AUTHOR
       The original Samba software and related utilities were created by
       Andrew Tridgell. Samba is now developed by the Samba Team as an Open
       Source project similar to the way the Linux kernel is developed.

ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:

       ┌────────────────────┬─────────────────────────────────┐
       │  ATTRIBUTE TYPE    │	      ATTRIBUTE VALUE	      │
       ├────────────────────┼─────────────────────────────────┤
       │Availability	    │ SUNWsmbar, SUNWsmbac, SUNWsmbau │
       ├────────────────────┼─────────────────────────────────┤
       │Interface Stability │ External			      │
       └────────────────────┴─────────────────────────────────┘
NOTES
       Source code for Samba is available in the SUNWsmbaS package.

       Samba(7) delivers the set of four SMF(5) services as can be seen from
       the following example:

	    $ svcs samba wins winbind swat
	   STATE	  STIME	   FMRI
	   disabled	  Apr_21   svc:/network/samba:default
	   disabled	  Apr_21   svc:/network/winbind:default
	   disabled	  Apr_21   svc:/network/wins:default
	   disabled	  Apr_21   svc:/network/swat:default

       where the services are:

	"samba"
	   runs the smbd daemon managing the CIFS sessions

	"wins"
	   runs the nmbd daemon enabling the browsing (WINS)

	"winbind"
	   runs the winbindd daemon making the domain idmap

	"swat"
	   Samba Web Administration Tool is a service providing access to
	   browser-based Samba administration interface and on-line
	   documentation.  The service runs on software loopback network
	   interface on port 901/tcp, i.e. opening "http://localhost:901/" in
	   browser will access the SWAT service on local machine.

       Please note: SWAT uses HTTP Basic Authentication scheme where user name
       and passwords are sent over the network in clear text. In the SWAT case
       the user name is root. Transferring such sensitive data is advisable
       only on the software loopback network interface or over secure
       networks.

Samba 3.6			  04/10/2012			IDMAP_TDB2(1M)
[top]

List of man pages available for SunOS

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net