idmap_nss — Samba's idmap_nss Backend for Winbind
The idmap_nss plugin provides a means to map Unix users and groups to Windows accounts. This provides a simple means of ensuring that the SID for a Unix user named jsmith is reported as the one assigned to DOMAIN\jsmith which is necessary for reporting ACLs on files and printers stored on a Samba member server.
This example shows how to use idmap_nss to obtain the local account ID's for its own domain (SAMBA) from NSS, whilst allocating new mappings for the default domain (*) and any trusted domains.
[global] idmap config * : backend = tdb idmap config * : range = 1000000-1999999 idmap config SAMBA : backend = nss idmap config SAMBA : range = 1000-999999