IDMAP_ADEX(1M) System Administration tools IDMAP_ADEX(1M)NAMEidmap_adex - Samba's idmap_adex Backend for Winbind
DESCRIPTION
The idmap_adex plugin provides a way for Winbind to read id mappings
from an AD server that uses RFC2307 schema extensions. This module
implements both the idmap and nss_info APIs and supports domain trustes
as well as two-way cross forest trusts. It is a read-only plugin
requiring that the administrator provide mappings in advance by adding
the POSIX attribute information to the users and groups objects in AD.
The most common means of doing this is using "Identity Services for
Unix" support on Windows 2003 R2 and later.
Note that you must add the uidNumber, gidNumber, and uid attributes to
the partial attribute set of the forest global catalog servers. This
can be done using the Active Directory Schema Management MMC plugin
(schmmgmt.dll).
NSS_INFO
The nss_info plugin supports reading the unixHomeDirectory, gidNumber,
loginShell, and uidNumber attributes from the user object and the
gidNumber attribute from the group object to fill in information
required by the libc getpwnam() and getgrnam() family of functions.
Group membership is filled in according to the Windows group membership
and not the msSFU30PosixMember attribute.
Username aliases are implement by setting the uid attribute on the user
object. While group name aliases are implemented by reading the
displayname attribute from the group object.
EXAMPLES
The following example shows how to retrieve idmappings and NSS data
from our principal and trusted AD domains.
[global]
idmap config * : backend = adex
idmap config * : range = 1000-4000000000
winbind nss info = adex
winbind normalize names = yes
AUTHOR
The original Samba software and related utilities were created by
Andrew Tridgell. Samba is now developed by the Samba Team as an Open
Source project similar to the way the Linux kernel is developed.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
┌────────────────────┬─────────────────────────────────┐
│ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
├────────────────────┼─────────────────────────────────┤
│Availability │ SUNWsmbar, SUNWsmbac, SUNWsmbau │
├────────────────────┼─────────────────────────────────┤
│Interface Stability │ External │
└────────────────────┴─────────────────────────────────┘
NOTES
Source code for Samba is available in the SUNWsmbaS package.
Samba(7) delivers the set of four SMF(5) services as can be seen from
the following example:
$ svcs samba wins winbind swat
STATE STIME FMRI
disabled Apr_21 svc:/network/samba:default
disabled Apr_21 svc:/network/winbind:default
disabled Apr_21 svc:/network/wins:default
disabled Apr_21 svc:/network/swat:default
where the services are:
"samba"
runs the smbd daemon managing the CIFS sessions
"wins"
runs the nmbd daemon enabling the browsing (WINS)
"winbind"
runs the winbindd daemon making the domain idmap
"swat"
Samba Web Administration Tool is a service providing access to
browser-based Samba administration interface and on-line
documentation. The service runs on software loopback network
interface on port 901/tcp, i.e. opening "http://localhost:901/" in
browser will access the SWAT service on local machine.
Please note: SWAT uses HTTP Basic Authentication scheme where user name
and passwords are sent over the network in clear text. In the SWAT case
the user name is root. Transferring such sensitive data is advisable
only on the software loopback network interface or over secure
networks.
Samba 3.6 04/10/2012 IDMAP_ADEX(1M)