'\" te '\" t .\" Title: idmap_autorid .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.76.1 .\" Date: 09/18/2013 .\" Manual: System Administration tools .\" Source: Samba 3.6 .\" Language: English .\" .TH "IDMAP_AUTORID" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" idmap_autorid \- Samba\*(Aqs idmap_autorid Backend for Winbind .SH "DESCRIPTION" .PP The idmap_autorid backend provides a way to use an algorithmic mapping scheme to map UIDs/GIDs and SIDs that is more deterministic than idmap_tdb and easier to configure than idmap_rid\&. .PP The module works similar to idmap_rid, but it automatically configures the range to be used for each domain, so there is no need to specify a specific range for each domain in the forest, the only configuration that is needed is the range of uid/gids that shall be used for user/group mappings and an optional size of the ranges to be used\&. .PP The mappings of which domain is mapped to which range is stored in autorid\&.tdb, thus you should backup this database regularly\&. .PP Due to the algorithm being used, it is the module that is most easy to use as it only requires a minimal configuration\&. .SH "IDMAP OPTIONS" .PP rangesize = numberofidsperdomain .RS 4 Defines the available number of uids/gids per domain\&. The minimum needed value is 2000\&. SIDs with RIDs larger than this value cannot be mapped, are ignored and the corresponding map is discarded\&. Choose this value carefully, as this should not be changed after the first ranges for domains have been defined, otherwise mappings between domains will get intermixed leading to unpredictable results\&. Please note that RIDs in Windows Domains usually start with 500 for builtin users and 1000 for regular users\&. As the parameter cannot be changed later, please plan accordingly for your expected number of users in a domain with safety margins\&. .sp One range will be used for local users and groups\&. Thus the number of local users and groups that can be created is limited by this option as well\&. If you plan to create a large amount of local users or groups, you will need set this parameter accordingly\&. .sp The default value is 100000\&. .RE .SH "THE MAPPING FORMULAS" .PP The Unix ID for a RID is calculated this way: .sp .if n \{\ .RS 4 .\} .nf ID = IDMAP UID LOW VALUE + DOMAINRANGENUMBER * RANGESIZE + RID .fi .if n \{\ .RE .\} .PP Correspondingly, the formula for calculating the RID for a given Unix ID is this: .sp .if n \{\ .RS 4 .\} .nf RID = ID \- IDMAP UID LOW VALUE \- DOMAINRANGENUMBER * RANGESIZE .fi .if n \{\ .RE .\} .sp .SH "EXAMPLES" .PP This example shows you the minimal configuration that will work for the principial domain and 19 trusted domains\&. .sp .if n \{\ .RS 4 .\} .nf [global] security = ads workgroup = CUSTOMER realm = CUSTOMER\&.COM idmap config * : backend = autorid idmap config * : range = 1000000\-1999999 .fi .if n \{\ .RE .\} .PP This example shows how to configure idmap_autorid as default for all domains with a potentially large amount of users plus a specific configuration for a trusted domain that uses the SFU mapping scheme\&. Please note that idmap ranges and sfu ranges are not allowed to overlap\&. .sp .if n \{\ .RS 4 .\} .nf [global] security = ads workgroup = CUSTOMER realm = CUSTOMER\&.COM idmap config * : backend = autorid idmap config * : range = 1000000\-19999999 idmap config * : rangesize = 1000000 idmap config TRUSTED : backend = ad idmap config TRUSTED : range = 50000 \- 99999 idmap config TRUSTED : schema_mode = sfu .fi .if n \{\ .RE .\} .SH "AUTHOR" .PP The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&. .\" Oracle has added the ARC stability level to this manual page .SH ATTRIBUTES See .BR attributes (5) for descriptions of the following attributes: .sp .TS box; cbp-1 | cbp-1 l | l . ATTRIBUTE TYPE ATTRIBUTE VALUE = Availability service/network/samba = Stability Volatile .TE .PP .SH NOTES .\" Oracle has added source availability information to this manual page This software was built from source available at https://java.net/projects/solaris-userland. The original community source was downloaded from http://ftp.samba.org/pub/samba/stable/samba-3.6.25.tar.gz Further information about this software can be found on the open source community website at http://www.samba.org/.