From cd6517abeae38753494fcd64acabe7d15f779864 Mon Sep 17 00:00:00 2001 From: bubulle Date: Sun, 13 Jul 2008 06:30:49 +0000 Subject: merge upstream 3.0.31 git-svn-id: svn://svn.debian.org/svn/pkg-samba/trunk/samba@2035 fc4039ab-9d04-0410-8cac-899223bdd6b0 --- docs/htmldocs/manpages/winbindd.8.html | 41 +++++++++++++++++----------------- 1 file changed, 21 insertions(+), 20 deletions(-) (limited to 'docs/htmldocs/manpages/winbindd.8.html') diff --git a/docs/htmldocs/manpages/winbindd.8.html b/docs/htmldocs/manpages/winbindd.8.html index 06d074363a..e85c53dca1 100644 --- a/docs/htmldocs/manpages/winbindd.8.html +++ b/docs/htmldocs/manpages/winbindd.8.html @@ -5,23 +5,21 @@ and ntlm_auth and to Samba itself.

Even if winbind is not used for nsswitch, it still provides a service to smbd, ntlm_auth and the pam_winbind.so PAM module, by managing connections to - domain controllers. In this configuraiton the - idmap uid and - idmap gid - parameters are not required. (This is known as `netlogon proxy only mode'.)

The Name Service Switch allows user + domain controllers. In this configuration the + idmap uid and idmap gid + parameters are not required. (This is known as `netlogon proxy only mode'.)

The Name Service Switch allows user and system information to be obtained from different databases services such as NIS or DNS. The exact behaviour can be configured - throught the /etc/nsswitch.conf file. + through the /etc/nsswitch.conf file. Users and groups are allocated as they are resolved to a range of user and group ids specified by the administrator of the Samba system.

The service provided by winbindd is called `winbind' and can be used to resolve user and group information from a Windows NT server. The service can also provide authentication - services via an associated PAM module.

+ services via an associated PAM module.

The pam_winbind module supports the auth, account - and password - module-types. It should be noted that the + and password module-types. It should be noted that the account module simply performs a getpwnam() to verify that the system can obtain a uid for the user, as the domain controller has already performed access control. If the @@ -47,17 +45,20 @@ resolve user and group information from /etc/passwd and /etc/group and then from the Windows NT server. -

+	
 passwd:         files winbind
 group:          files winbind
-## only available on IRIX; Linux users should us libnss_wins.so
-hosts:          files dns winbind
+## only available on IRIX: use winbind to resolve hosts:
+# hosts:        files dns winbind
+## All other NSS enabled systems should use libnss_wins.so like this:
+hosts:          files dns wins
+
 
The following simple configuration in the
 	/etc/nsswitch.conf file can be used to initially
 	resolve hostnames from /etc/hosts and then from the
 	WINS server.
 hosts:		files wins
-
OPTIONS
-F
If specified, this parameter causes
+

OPTIONS

-F

If specified, this parameter causes the main winbindd process to not daemonize, i.e. double-fork and disassociate with the terminal. Child processes are still created as normal to service @@ -110,7 +111,7 @@ log.smbd, etc...). The log file is never removed by the client. as a single process (the mode of operation in Samba 2.2). Winbindd's default behavior is to launch a child process that is responsible for updating expired cache entries. -

NAME AND ID RESOLUTION

Users and groups on a Windows NT server are assigned +

NAME AND ID RESOLUTION

Users and groups on a Windows NT server are assigned a security id (SID) which is globally unique when the user or group is created. To convert the Windows NT user or group into a unix user or group, a mapping between SIDs and unix user @@ -126,7 +127,7 @@ log.smbd, etc...). The log file is never removed by the client. determine which user and group ids correspond to Windows NT user and group rids.

See the idmap domains or the old idmap backend parameters in smb.conf for options for sharing this - database, such as via LDAP.

CONFIGURATION

Configuration of the winbindd daemon + database, such as via LDAP.

CONFIGURATION

Configuration of the winbindd daemon is done through configuration parameters in the smb.conf(5) file. All parameters should be specified in the [global] section of smb.conf.

  • winbind separator

  • @@ -143,7 +144,7 @@ log.smbd, etc...). The log file is never removed by the client. Setting this parameter forces winbindd to use RPC instead of LDAP to retrieve information from Domain Controllers. -

EXAMPLE SETUP

+

EXAMPLE SETUP

To setup winbindd for user and group lookups plus authentication from a domain controller use something like the following setup. This was tested on an early Red Hat Linux box. @@ -194,7 +195,7 @@ auth required /lib/security/pam_unix.so \ and that you can login to your unix box as a domain user, using the DOMAIN+user syntax for the username. You may wish to use the commands getent passwd and getent group - to confirm the correct operation of winbindd.

NOTES

The following notes are useful when configuring and + to confirm the correct operation of winbindd.

NOTES

The following notes are useful when configuring and running winbindd:

nmbd(8) must be running on the local machine for winbindd to work.

PAM is really easy to misconfigure. Make sure you know what you are doing when modifying PAM configuration files. It is possible @@ -202,7 +203,7 @@ auth required /lib/security/pam_unix.so \ then in general the user and groups ids allocated by winbindd will not be the same. The user and group ids will only be valid for the local machine, unless a shared idmap backend is configured.

If the the Windows NT SID to UNIX user and group id mapping - file is damaged or destroyed then the mappings will be lost.

SIGNALS

The following signals can be used to manipulate the + file is damaged or destroyed then the mappings will be lost.

SIGNALS

The following signals can be used to manipulate the winbindd daemon.

SIGHUP

Reload the smb.conf(5) file and apply any parameter changes to the running version of winbindd. This signal also clears any cached @@ -210,7 +211,7 @@ auth required /lib/security/pam_unix.so \ by winbindd is also reloaded.

SIGUSR2

The SIGUSR2 signal will cause winbindd to write status information to the winbind log file.

Log files are stored in the filename specified by the - log file parameter.

FILES

/etc/nsswitch.conf(5)

Name service switch configuration file.

/tmp/.winbindd/pipe

The UNIX pipe over which clients communicate with + log file parameter.

FILES

/etc/nsswitch.conf(5)

Name service switch configuration file.

/tmp/.winbindd/pipe

The UNIX pipe over which clients communicate with the winbindd program. For security reasons, the winbind client will only attempt to connect to the winbindd daemon if both the /tmp/.winbindd directory @@ -231,8 +232,8 @@ auth required /lib/security/pam_unix.so \ compiled using the --with-lockdir option. This directory is by default /usr/local/samba/var/locks .

$LOCKDIR/winbindd_cache.tdb

Storage for cached user and group information. -

VERSION

This man page is correct for version 3.0 of - the Samba suite.

SEE ALSO

nsswitch.conf(5), samba(7), wbinfo(1), ntlm_auth(8), smb.conf(5), pam_winbind(8)

AUTHOR

The original Samba software and related utilities +

VERSION

This man page is correct for version 3 of + the Samba suite.

SEE ALSO

nsswitch.conf(5), samba(7), wbinfo(1), ntlm_auth(8), smb.conf(5), pam_winbind(8)

AUTHOR

The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

wbinfo and winbindd were -- cgit v1.2.3