diff options
Diffstat (limited to 'docs/htmldocs/manpages/winbindd.8.html')
| -rw-r--r-- | docs/htmldocs/manpages/winbindd.8.html | 48 |
1 files changed, 24 insertions, 24 deletions
diff --git a/docs/htmldocs/manpages/winbindd.8.html b/docs/htmldocs/manpages/winbindd.8.html index 3bba193e49..3ac65897cc 100644 --- a/docs/htmldocs/manpages/winbindd.8.html +++ b/docs/htmldocs/manpages/winbindd.8.html @@ -1,5 +1,5 @@ -<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>winbindd</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" title="winbindd"><a name="winbindd.8"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>winbindd — Name Service Switch daemon for resolving names - from NT servers</p></div><div class="refsynopsisdiv" title="Synopsis"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="literal">winbindd</code> [-D] [-F] [-S] [-i] [-Y] [-d <debug level>] [-s <smb config file>] [-n]</p></div></div><div class="refsect1" title="DESCRIPTION"><a name="id2489326"></a><h2>DESCRIPTION</h2><p>This program is part of the <a class="citerefentry" href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a> suite.</p><p><code class="literal">winbindd</code> is a daemon that provides +<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>winbindd</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="winbindd.8"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>winbindd — Name Service Switch daemon for resolving names + from NT servers</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="literal">winbindd</code> [-D] [-F] [-S] [-i] [-Y] [-d <debug level>] [-s <smb config file>] [-n]</p></div></div><div class="refsect1" lang="en"><a name="id2483342"></a><h2>DESCRIPTION</h2><p>This program is part of the <a class="citerefentry" href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a> suite.</p><p><code class="literal">winbindd</code> is a daemon that provides a number of services to the Name Service Switch capability found in most modern C libraries, to arbitrary applications via PAM and <code class="literal">ntlm_auth</code> and to Samba itself.</p><p>Even if winbind is not used for nsswitch, it still provides a @@ -11,7 +11,7 @@ parameters are not required. (This is known as `netlogon proxy only mode'.)</p><p> The Name Service Switch allows user and system information to be obtained from different databases services such as NIS or DNS. The exact behaviour can be configured - throught the <code class="filename">/etc/nsswitch.conf</code> file. + through the <code class="filename">/etc/nsswitch.conf</code> file. Users and groups are allocated as they are resolved to a range of user and group ids specified by the administrator of the Samba system.</p><p>The service provided by <code class="literal">winbindd</code> is called `winbind' and @@ -60,7 +60,7 @@ hosts: files dns wins resolve hostnames from <code class="filename">/etc/hosts</code> and then from the WINS server.</p><pre class="programlisting"> hosts: files wins -</pre></div><div class="refsect1" title="OPTIONS"><a name="id2487530"></a><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">-F</span></dt><dd><p>If specified, this parameter causes +</pre></div><div class="refsect1" lang="en"><a name="id2481549"></a><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">-F</span></dt><dd><p>If specified, this parameter causes the main <code class="literal">winbindd</code> process to not daemonize, i.e. double-fork and disassociate with the terminal. Child processes are still created as normal to service @@ -113,7 +113,7 @@ log.smbd, etc...). The log file is never removed by the client. as a single process (the mode of operation in Samba 2.2). Winbindd's default behavior is to launch a child process that is responsible for updating expired cache entries. - </p></dd></dl></div></div><div class="refsect1" title="NAME AND ID RESOLUTION"><a name="id2487789"></a><h2>NAME AND ID RESOLUTION</h2><p>Users and groups on a Windows NT server are assigned + </p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id2481808"></a><h2>NAME AND ID RESOLUTION</h2><p>Users and groups on a Windows NT server are assigned a security id (SID) which is globally unique when the user or group is created. To convert the Windows NT user or group into a unix user or group, a mapping between SIDs and unix user @@ -127,24 +127,24 @@ log.smbd, etc...). The log file is never removed by the client. where the user and group mappings are stored by winbindd. If this store is deleted or corrupted, there is no way for winbindd to determine which user and group ids correspond to Windows NT user - and group rids. </p></div><div class="refsect1" title="CONFIGURATION"><a name="id2487827"></a><h2>CONFIGURATION</h2><p>Configuration of the <code class="literal">winbindd</code> daemon + and group rids. </p></div><div class="refsect1" lang="en"><a name="id2481846"></a><h2>CONFIGURATION</h2><p>Configuration of the <code class="literal">winbindd</code> daemon is done through configuration parameters in the <a class="citerefentry" href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> file. All parameters should be specified in the - [global] section of smb.conf. </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p> - <a class="link" href="smb.conf.5.html#WINBINDSEPARATOR" target="_top">winbind separator</a></p></li><li class="listitem"><p> - <a class="link" href="smb.conf.5.html#IDMAPUID" target="_top">idmap uid</a></p></li><li class="listitem"><p> - <a class="link" href="smb.conf.5.html#IDMAPGID" target="_top">idmap gid</a></p></li><li class="listitem"><p> - <a class="link" href="smb.conf.5.html#IDMAPBACKEND" target="_top">idmap backend</a></p></li><li class="listitem"><p> - <a class="link" href="smb.conf.5.html#WINBINDCACHETIME" target="_top">winbind cache time</a></p></li><li class="listitem"><p> - <a class="link" href="smb.conf.5.html#WINBINDENUMUSERS" target="_top">winbind enum users</a></p></li><li class="listitem"><p> - <a class="link" href="smb.conf.5.html#WINBINDENUMGROUPS" target="_top">winbind enum groups</a></p></li><li class="listitem"><p> - <a class="link" href="smb.conf.5.html#TEMPLATEHOMEDIR" target="_top">template homedir</a></p></li><li class="listitem"><p> - <a class="link" href="smb.conf.5.html#TEMPLATESHELL" target="_top">template shell</a></p></li><li class="listitem"><p> - <a class="link" href="smb.conf.5.html#WINBINDUSEDEFAULTDOMAIN" target="_top">winbind use default domain</a></p></li><li class="listitem"><p> + [global] section of smb.conf. </p><div class="itemizedlist"><ul type="disc"><li><p> + <a class="link" href="smb.conf.5.html#WINBINDSEPARATOR" target="_top">winbind separator</a></p></li><li><p> + <a class="link" href="smb.conf.5.html#IDMAPUID" target="_top">idmap uid</a></p></li><li><p> + <a class="link" href="smb.conf.5.html#IDMAPGID" target="_top">idmap gid</a></p></li><li><p> + <a class="link" href="smb.conf.5.html#IDMAPBACKEND" target="_top">idmap backend</a></p></li><li><p> + <a class="link" href="smb.conf.5.html#WINBINDCACHETIME" target="_top">winbind cache time</a></p></li><li><p> + <a class="link" href="smb.conf.5.html#WINBINDENUMUSERS" target="_top">winbind enum users</a></p></li><li><p> + <a class="link" href="smb.conf.5.html#WINBINDENUMGROUPS" target="_top">winbind enum groups</a></p></li><li><p> + <a class="link" href="smb.conf.5.html#TEMPLATEHOMEDIR" target="_top">template homedir</a></p></li><li><p> + <a class="link" href="smb.conf.5.html#TEMPLATESHELL" target="_top">template shell</a></p></li><li><p> + <a class="link" href="smb.conf.5.html#WINBINDUSEDEFAULTDOMAIN" target="_top">winbind use default domain</a></p></li><li><p> <a class="link" href="smb.conf.5.html#WINBIND:RPCONLY" target="_top">winbind: rpc only</a> Setting this parameter forces winbindd to use RPC instead of LDAP to retrieve information from Domain Controllers. - </p></li></ul></div></div><div class="refsect1" title="EXAMPLE SETUP"><a name="id2538486"></a><h2>EXAMPLE SETUP</h2><p> + </p></li></ul></div></div><div class="refsect1" lang="en"><a name="id2532502"></a><h2>EXAMPLE SETUP</h2><p> To setup winbindd for user and group lookups plus authentication from a domain controller use something like the following setup. This was tested on an early Red Hat Linux box. @@ -163,7 +163,7 @@ auth sufficient /lib/security/pam_winbind.so auth required /lib/security/pam_unix.so \ use_first_pass shadow nullok </pre><p> - </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> + </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> The PAM module pam_unix has recently replaced the module pam_pwdb. Some Linux systems use the module pam_unix2 in place of pam_unix. </p></div><p>Note in particular the use of the <em class="parameter"><code>sufficient @@ -195,7 +195,7 @@ auth required /lib/security/pam_unix.so \ and that you can login to your unix box as a domain user, using the DOMAIN+user syntax for the username. You may wish to use the commands <code class="literal">getent passwd</code> and <code class="literal">getent group - </code> to confirm the correct operation of winbindd.</p></div><div class="refsect1" title="NOTES"><a name="id2538677"></a><h2>NOTES</h2><p>The following notes are useful when configuring and + </code> to confirm the correct operation of winbindd.</p></div><div class="refsect1" lang="en"><a name="id2532693"></a><h2>NOTES</h2><p>The following notes are useful when configuring and running <code class="literal">winbindd</code>: </p><p><a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> must be running on the local machine for <code class="literal">winbindd</code> to work. </p><p>PAM is really easy to misconfigure. Make sure you know what you are doing when modifying PAM configuration files. It is possible @@ -203,7 +203,7 @@ auth required /lib/security/pam_unix.so \ then in general the user and groups ids allocated by winbindd will not be the same. The user and group ids will only be valid for the local machine, unless a shared <a class="link" href="smb.conf.5.html#IDMAPBACKEND" target="_top">idmap backend</a> is configured.</p><p>If the the Windows NT SID to UNIX user and group id mapping - file is damaged or destroyed then the mappings will be lost. </p></div><div class="refsect1" title="SIGNALS"><a name="id2538742"></a><h2>SIGNALS</h2><p>The following signals can be used to manipulate the + file is damaged or destroyed then the mappings will be lost. </p></div><div class="refsect1" lang="en"><a name="id2532758"></a><h2>SIGNALS</h2><p>The following signals can be used to manipulate the <code class="literal">winbindd</code> daemon. </p><div class="variablelist"><dl><dt><span class="term">SIGHUP</span></dt><dd><p>Reload the <a class="citerefentry" href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> file and apply any parameter changes to the running version of winbindd. This signal also clears any cached @@ -211,7 +211,7 @@ auth required /lib/security/pam_unix.so \ by winbindd is also reloaded. </p></dd><dt><span class="term">SIGUSR2</span></dt><dd><p>The SIGUSR2 signal will cause <code class="literal"> winbindd</code> to write status information to the winbind log file.</p><p>Log files are stored in the filename specified by the - log file parameter.</p></dd></dl></div></div><div class="refsect1" title="FILES"><a name="id2538805"></a><h2>FILES</h2><div class="variablelist"><dl><dt><span class="term"><code class="filename">/etc/nsswitch.conf(5)</code></span></dt><dd><p>Name service switch configuration file.</p></dd><dt><span class="term">/tmp/.winbindd/pipe</span></dt><dd><p>The UNIX pipe over which clients communicate with + log file parameter.</p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id2532821"></a><h2>FILES</h2><div class="variablelist"><dl><dt><span class="term"><code class="filename">/etc/nsswitch.conf(5)</code></span></dt><dd><p>Name service switch configuration file.</p></dd><dt><span class="term">/tmp/.winbindd/pipe</span></dt><dd><p>The UNIX pipe over which clients communicate with the <code class="literal">winbindd</code> program. For security reasons, the winbind client will only attempt to connect to the winbindd daemon if both the <code class="filename">/tmp/.winbindd</code> directory @@ -232,8 +232,8 @@ auth required /lib/security/pam_unix.so \ compiled using the <em class="parameter"><code>--with-lockdir</code></em> option. This directory is by default <code class="filename">/usr/local/samba/var/locks </code>. </p></dd><dt><span class="term">$LOCKDIR/winbindd_cache.tdb</span></dt><dd><p>Storage for cached user and group information. - </p></dd></dl></div></div><div class="refsect1" title="VERSION"><a name="id2538950"></a><h2>VERSION</h2><p>This man page is correct for version 3 of - the Samba suite.</p></div><div class="refsect1" title="SEE ALSO"><a name="id2538961"></a><h2>SEE ALSO</h2><p><code class="filename">nsswitch.conf(5)</code>, <a class="citerefentry" href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a>, <a class="citerefentry" href="wbinfo.1.html"><span class="citerefentry"><span class="refentrytitle">wbinfo</span>(1)</span></a>, <a class="citerefentry" href="ntlm_auth.8.html"><span class="citerefentry"><span class="refentrytitle">ntlm_auth</span>(8)</span></a>, <a class="citerefentry" href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a>, <a class="citerefentry" href="pam_winbind.8.html"><span class="citerefentry"><span class="refentrytitle">pam_winbind</span>(8)</span></a></p></div><div class="refsect1" title="AUTHOR"><a name="id2539017"></a><h2>AUTHOR</h2><p>The original Samba software and related utilities + </p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id2532966"></a><h2>VERSION</h2><p>This man page is correct for version 3 of + the Samba suite.</p></div><div class="refsect1" lang="en"><a name="id2532977"></a><h2>SEE ALSO</h2><p><code class="filename">nsswitch.conf(5)</code>, <a class="citerefentry" href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a>, <a class="citerefentry" href="wbinfo.1.html"><span class="citerefentry"><span class="refentrytitle">wbinfo</span>(1)</span></a>, <a class="citerefentry" href="ntlm_auth.8.html"><span class="citerefentry"><span class="refentrytitle">ntlm_auth</span>(8)</span></a>, <a class="citerefentry" href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a>, <a class="citerefentry" href="pam_winbind.8.html"><span class="citerefentry"><span class="refentrytitle">pam_winbind</span>(8)</span></a></p></div><div class="refsect1" lang="en"><a name="id2533033"></a><h2>AUTHOR</h2><p>The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.</p><p><code class="literal">wbinfo</code> and <code class="literal">winbindd</code> were |