FreeBSD manual
download PDF document: idmap_hash.8.pdf
IDMAP_HASH(8) System Administration tools IDMAP_HASH(8)
NAME
idmap_hash - DO NOT USE THIS BACKEND
DESCRIPTION
DO NOT USE THIS PLUGIN The idmap_hash plugin implements a hashing
algorithm used to map SIDs for domain users and groups to 31-bit uids
and gids, respectively. This plugin also implements the nss_info API
and can be used to support a local name mapping files if enabled via
the "winbind normalize names" and "winbind nss info" parameters in
smb.conf. The module divides the range into subranges for each domain
that is being handled by the idmap config. The module needs the
complete UID and GID range to be able to map all SIDs. The lowest value
for the range should be the smallest ID available in the system. This
is normally 1000. The highest ID should be set to 2147483647. A smaller
range will lead to issues because of the hashing algorithm used. The
overall range to map all SIDs is 0 - 2147483647. Any range smaller than
0 - 2147483647 will filter some SIDs. As we can normally only start
with 1000, we are not able to map 1000 SIDs. This already can lead to
issues. The smaller the range the less SIDs can be mapped. We do not
recommend to use this plugin. It will be removed in a future release of
Samba.
IDMAP OPTIONS
name_map
Specifies the absolute path to the name mapping file used by the
nss_info API. Entries in the file are of the form "unix name =
qualified domain name". Mapping of both user and group names is
supported.
EXAMPLES
The following example utilizes the idmap_hash plugin for the idmap and
nss_info information.
[global]
idmap config * : backend = hash
idmap config * : range = 1000-2147483647
winbind nss info = hash
winbind normalize names = yes
idmap_hash:name_map = /etc/samba/name_map.cfg
AUTHOR
The original Samba software and related utilities were created by
Andrew Tridgell. Samba is now developed by the Samba Team as an Open
Source project similar to the way the Linux kernel is developed.
Samba 4.16.11 07/17/2023 IDMAP_HASH(8)