Provided by: winbind_4.21.4+dfsg-1ubuntu3.5_amd64 
NAME
idmap_nss - Samba's idmap_nss Backend for Winbind
DESCRIPTION
The idmap_nss plugin provides a means to map Unix users and groups to Windows accounts. This provides a
simple means of ensuring that the SID for a Unix user named jsmith is reported as the one assigned to
DOMAIN\jsmith which is necessary for reporting ACLs on files and printers stored on a Samba member
server.
IDMAP OPTIONS
range = low - high
Defines the available matching UID and GID range for which the backend is authoritative. Note that
the range acts as a filter. Returned UIDs or GIDs by NSS modules that fall outside the range are
ignored and the corresponding maps discarded. It is intended as a way to avoid accidental UID/GID
overlaps between local and remotely defined IDs.
use_upn = <yes | no>
Some NSS modules can return and handle UPNs and/or down-level logon names (e.g., DOMAIN\user or
user@REALM).
If this parameter is enabled the returned names from NSS will be parsed and the resulting namespace
will be used as the authoritative namespace instead of the IDMAP domain name. Also, down-level logon
names will be sent to NSS instead of the plain username to give NSS modules a hint about the user's
correct domain.
Default: no
EXAMPLES
This example shows how to use idmap_nss to obtain the local account ID's for its own domain (SAMBA) from
NSS, whilst allocating new mappings for the default domain (*) and any trusted domains.
[global]
idmap config * : backend = tdb
idmap config * : range = 1000000-1999999
idmap config SAMBA : backend = nss
idmap config SAMBA : range = 1000-999999
AUTHOR
The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.
Samba 4.21.4-Ubuntu-4.21.4+dfs 10/09/2025 IDMAP_NSS(8)