diff options
author | Gerald W. Carter <jerry@samba.org> | 2008-09-25 10:42:31 -0700 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2008-09-29 16:50:08 +0200 |
commit | 946fdda6cc8d9fa1b278f085e7bc81c0e862f4ae (patch) | |
tree | 1975ace0bef1aaf718cd137ae8ba89f623fc6dbf /WHATSNEW.txt | |
parent | 48ad9f59d43514b67376b39b62c23826181185d2 (diff) | |
download | samba-946fdda6cc8d9fa1b278f085e7bc81c0e862f4ae.tar.gz samba-946fdda6cc8d9fa1b278f085e7bc81c0e862f4ae.tar.xz samba-946fdda6cc8d9fa1b278f085e7bc81c0e862f4ae.zip |
WHATSNEW: Add summary of the idmap_hash plugin and Winbind's "name aliasing"
(cherry picked from commit bddc2956634194d7daedbf5cd18964811ef6fe5e)
Diffstat (limited to 'WHATSNEW.txt')
-rw-r--r-- | WHATSNEW.txt | 50 |
1 files changed, 46 insertions, 4 deletions
diff --git a/WHATSNEW.txt b/WHATSNEW.txt index b5c6d8c9c0d..60ec63cfdc3 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -18,8 +18,8 @@ Major enhancements in Samba 3.3.0 include: o Extended Cluster support. Winbind: - o Simplyfied idmap configuration. - o New idmap backend "adex". + o Simplified idmap configuration. + o New idmap backends "adex" and "hash". o Added new parameter "winbind reconnect delay". o Added support for user and group aliasing. @@ -73,10 +73,50 @@ daemon will wait between attempts to contact a Domain controller for a domain that is determined to be down or not contactable. +Winbind's Name Aliasing +======================= + +Name aliasing in Winbind is a feature that allows an administrator to +map a fully qualified user or group name from a Windows domain to a +convenient short name for Unix access. This is similar to the username +map functionality supported by smbd but is primary intended for +clients and servers making use of Winbind's PAM and NSS libraries. + +For example, the user "DOMAIN\fred" has been mapped to the Unix name +"freddie". + + $ getent passwd "DOMAIN\fred" + freddie:x:1000:1001:Fred Jones:/home/freddie:/bin/bash + + $ getent passwd freddie + freddie:x:1000:1001:Fred Jones:/home/freddie:/bin/bash + +The name aliasing support is provided by individual nss_info plugins. +For example, the new "adex" plugin reads the uid attribute from Active +Directory to make a short login name to the fully qualified name. +While the new "hash" module utilizes a local file to map "short_name += QUALIFIED\name". Both user and group name mapping is supported. +Please refer to the "winbind nss info" option in smb.conf(5) and +to individual plugin man pages for further details. + + +idmap_hash +========== + +The idmap_hash plugin provides similar support as the idmap_rid +module. However, uids and gids are generated from the full domain +SID using a hashing algorithm that maps the lower 19 bits from the user +or group RID to bits 0 - 19 in the Unix id and hashes 96 bits from +the domain SID to bits 20 - 30 in the Unix id. The result is a 31 bit +uid or gid that is consistent across machines and provides support for +trusted domains. + +Please refer to the idmap_hash(8) man page for more details. + idmap_adex ========== -The adex idmap/nss_info plugin is an adapation of the Likewise +The adex idmap/nss_info plugin is an adaptation of the Likewise Enterprise plugin with support for OU based cells removed (since the Windows pieces to manage the cells are not available). @@ -88,7 +128,7 @@ This plugin supports * Cross forest trusts * User and group aliases -Prerequiste: Add the following attributes to the Partial Attribute +Prerequisite: Add the following attributes to the Partial Attribute Set in global catalog: * uidNumber @@ -108,6 +148,8 @@ A basic config using the current trunk code would look like: template homedir = /home/%D/%U template shell = /bin/bash +Please refer to the idmap_adex(8) man page for more details. + ###################################################################### Changes |