Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP CIFS Server 3.0g Administrator's Guide version A.02.03.01: HP-UX 11i v1, v2 and v3 > Chapter 7 Winbind Support

idmap Backend Support in Winbind
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

This section describe the idmap rid backend and LDAP backend for idmap support when using winbind. Examples of configuration files for each backend are provided.

idmap rid Backend Support

The idmap rid facility with winbind provides a unique mapping of Windows SIDs to local UNIX UIDs and GIDs. The idmap rid facility uses the RID of the user SID to generate the UID and GID by adding the RID number to a configurable base value. Since the RIDs are allocated by the centrally managed Windows Domain Controller, this tool permits the CIFS winbind daemons to generate unique HP-UX UIDs and GIDs across the domain. It can be used for synchronization of mappings across multiple CIFS servers without an LDAP directory. You can use the idmap rid facility in a Windows NT domain or a Windows 2000/2003 ADS domain, but it can not be used in Windows trusted domains.

In HP CIFS Server A.02.03 or later, the idmap rid shared library, idmap_rid.sl(so), is changed to rid.sl(so).

Limitations Using idmap rid

  • The idmap rid facility is only used in a single Windows domain. It doesn't work with Windows trusted domains. Using the idmap rid method requires that you set the allow trusted domains parameter to No.

  • You must set the idmap_rid range to be equal to both idmap uid and idmap gid ranges in the smb.conf file.

  • When you set the idmap backend parameter to rid, UIDs and GIDs mapping data is only stored locally.

Configuring and Using idmap rid

To use the idmap rid method, you must configure the following parameters in the smb.conf file:

  • Set idmap backend to rid:<domain name>=<idmap_rid range>.

  • Set allow trusted domains to No.

An example of smb.conf using rid is shown below:

[global]
workgroup = DomainA  # Doamin name
security = domain or ADS

# idmap section
idmap uid = 50000-60000
idmap gid = 50000-60000
idmap backend = rid:DomainA=50000-60000
allow trusted domains = no

Check the log file to see if the rid shared library is loaded after you configure and setup rid.

LDAP Backend Support

When multiple CIFS Servers participate in a Windows NT or Windows ADS domain and make use of winbind, you can configure multiple CIFS Servers to store ID maps in an LDAP directory. Making use of an LDAP server and configuring CIFS servers with the idmap backend parameter in smb.conf will ensure that all UIDs and GIDs are unique across the domain. This is important in order to support Windows access to NFS shares.

NOTE: The HP CIFS Server does not support the ad option for idmap backend. For Windows ADS environments, you can consider to use idmap rid. See the “idmap rid Backend Support” section for detailed information

Configuring the LDAP Backend

To manage ID maps in an LDAP backend server, set idmap backend = ldap:ldap://<LDAP server name>. The following is an example of /etc/smb.conf file which has machine ldaphostA.company.com as the idmap backend:

[global]
workgroup = DomainA  # Doamin name
security = domain

# idmap section
ldap user suffix = ou=Pepole
ldap grup suffix = ou=Groups
idmap uid = 50000-60000
idmap gid = 50000-60000
idmap backend = ldap:ldap://ldaphostA.company.com
ldap idmap suffix = Idmap
ldap admin dn = "cn=Directory Manager"
ldap suffix = dc=org, dc=company, dc=com


Configuring HP CIFS Server with Winbind
  		 


Starting and Stopping Winbind  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2007 Hewlett-Packard Development Company, L.P.