</para>
<para>
- In order to make available to the Windows environment Samba has a facility by which UNIX groups can
+ In order to make available to the Windows environment, Samba has a facility by which UNIX groups can
be mapped to a logical entity, called a Windows (or domain) group. Samba supports two types of Windows
groups, local and global. Global groups can contain as members, global users. This membership is
affected in the normal UNIX manner, but adding UNIX users to UNIX groups. Windows user accounts consist
Domain Computers
Engineers
</screen>
+ </para>
+
+<?latex \newpage ?>
+ <para>
A Windows group account called <quote>SupportEngrs</quote> can be added by executing the following
command:
<indexterm><primary>net</primary><secondary>rpc</secondary><tertiary>group add</tertiary></indexterm>
and <constant>delete</constant>. An example of each operation is shown here.
</para>
+ <note><para>
+ Commencing with Samba-3.0.23 Windows Domain Groups must be explicitly created. By default, all
+ UNIX groups are exposed to Windows networking as Windows local groups.
+ </para></note>
+
<para>
An existing UNIX group may be mapped to an existing Windows group by this example:
<screen>
<screen>
&rootprompt; net groupmap add ntgroup=Pixies unixgroup=pixies type=l
</screen>
- Supported mapping types are 'd' (domain global) and 'l' (domain local), a domain local group is Samba is
+ Supported mapping types are 'd' (domain global) and 'l' (domain local), a domain local group in Samba is
treated as local to the individual Samba server. Local groups can be used with Samba to enable multiple
nested group support.
</para>
</procedure>
<para>
- This script will be executed every time a user logs onto the network. Therefore every user will
+ This script will be executed every time a user logs on to the network. Therefore every user will
have local Windows workstation management rights. This could of course be assigned using a group,
in which case there is little justification for the use of this procedure. The key justification
for the use of this method is that it will guarantee that all users have appropriate rights on
<para>
The net command looks in the &smb.conf; file to obtain its own configuration settings. Thus, the following
- command 'know' which domain to join from the &smb.conf; file.
+ command 'knows' which domain to join from the &smb.conf; file.
</para>
<para>
<para>
The installation of a new server, as with the migration to a new network environment, often is similar to
building a house; progress is very rapid from the laying of foundations up to the stage at which
- the the house can be locked up, but the finishing off appears to take longer and longer as building
+ the house can be locked up, but the finishing off appears to take longer and longer as building
approaches completion.
</para>
</sect1>
+ <sect1>
+ <title>Managing IDMAP UID/SID Mappings</title>
+
+ <para>
+ The IDMAP UID to SID, and SID to UID, mappings that are created by <command>winbindd</command> can be
+ backed up to a text file. The text file can be manually edited, although it is highly recommended that
+ you attempt this only if you know precisely what you are doing.
+ </para>
+
+ <para>
+ An IDMAP text dump file can be restored (or reloaded). There are two situations that may necessitate
+ this action: a) The existing IDMAP file is corrupt, b) It is necessary to install an editted version
+ of the mapping information.
+ </para>
+
+ <para>
+ Winbind must be shut down to dump the IDMAP file. Before restoring a dump file, shut down
+ <command>winbindd</command> and delete the old <filename>winbindd_idmap.tdb</filename> file.
+ </para>
+
+ <sect2>
+ <title>Creating an IDMAP Database Dump File</title>
+
+ <para>
+ The IDMAP database can be dumped to a text file as shown here:
+<screen>
+net idmap dump <full_path_and_tdb_filename> > dumpfile.txt
+</screen>
+ Where a particular build of Samba the run-time tdb files are stored in the
+ <filename>/var/lib/samba</filename> directory the following commands to create the dump file will suffice:
+<screen>
+net idmap dump /var/lib/samba/winbindd_idmap.tdb > idmap_dump.txt
+</screen>
+ </para>
+
+ </sect2>
+
+ <sect2>
+ <title>Restoring the IDMAP Database Dump File</title>
+
+ <para>
+ The IDMAP dump file can be restored using the following command:
+<screen>
+net idmap restore <full_path_and_tdb_filename> < dumpfile.txt
+</screen>
+ Where the Samba run-time tdb files are stored in the <filename>/var/lib/samba</filename> directory
+ the following command can be used to restore the data to the tdb file:
+<screen>
+net idmap restore /var/lib/samba/winbindd_idmap.tdb < idmap_dump.txt
+</screen>
+ </para>
+
+ </sect2>
+
+ </sect1>
+
<sect1 id="netmisc1">
<title>Other Miscellaneous Operations</title>