From 5ced307a46674f0d484db0d3201d64e70b44787d Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Wed, 15 Feb 2017 08:55:24 +0100 Subject: docs: Improve the idmap_hash manpage BUG: https://bugzilla.samba.org/show_bug.cgi?id=12582 Signed-off-by: Andreas Schneider Reviewed-by: Michael Adam --- docs-xml/manpages/idmap_hash.8.xml | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) (limited to 'docs-xml') diff --git a/docs-xml/manpages/idmap_hash.8.xml b/docs-xml/manpages/idmap_hash.8.xml index 9f4f1d1933c..311319d806b 100644 --- a/docs-xml/manpages/idmap_hash.8.xml +++ b/docs-xml/manpages/idmap_hash.8.xml @@ -13,17 +13,35 @@ idmap_hash - Samba's idmap_hash Backend for Winbind + DO NOT USE THIS BACKEND DESCRIPTION - The idmap_hash plugin implements a hashing algorithm used to map + DO NOT USE THIS PLUGIN + + The idmap_hash plugin implements a hashing algorithm used to map SIDs for domain users and groups to 31-bit uids and gids, respectively. This plugin also implements the nss_info API and can be used to support a local name mapping files if enabled via the "winbind normalize names" and "winbind nss info" parameters in smb.conf. + The module divides the range into subranges for each domain that is being + handled by the idmap config. + + The module needs the complete UID and GID range to be able to map all + SIDs. The lowest value for the range should be the smallest ID + available in the system. This is normally 1000. The highest ID should + be set to 2147483647. + + A smaller range will lead to issues because of the hashing algorithm + used. The overall range to map all SIDs is 0 - 2147483647. Any range + smaller than 0 - 2147483647 will filter some SIDs. As we can normally + only start with 1000, we are not able to map 1000 SIDs. This already + can lead to issues. The smaller the range the less SIDs can be mapped. + + We do not recommend to use this plugin. It will be removed in a future + release of Samba. @@ -53,7 +71,7 @@ [global] idmap config * : backend = hash - idmap config * : range = 1000-4000000000 + idmap config * : range = 1000-2147483647 winbind nss info = hash winbind normalize names = yes -- cgit v1.2.1