diff options
author | John Terpstra <jht@samba.org> | 2003-03-28 00:50:49 +0000 |
---|---|---|
committer | John Terpstra <jht@samba.org> | 2003-03-28 00:50:49 +0000 |
commit | c2f285e6b15c0c3ca36849d33c17ea108470fd95 (patch) | |
tree | 41b5515af97ee792906715c651887d199a76c870 /docs/docbook/projdoc/winbind.sgml | |
parent | 00934b5d0062fce3fbaffabde6d5c10b8447f369 (diff) | |
download | samba-c2f285e6b15c0c3ca36849d33c17ea108470fd95.tar.gz samba-c2f285e6b15c0c3ca36849d33c17ea108470fd95.tar.bz2 samba-c2f285e6b15c0c3ca36849d33c17ea108470fd95.zip |
Updating projdoc from HEAD brach.
(This used to be commit d4545b9154162a0a340ef52bfe8443b86dae9e56)
Diffstat (limited to 'docs/docbook/projdoc/winbind.sgml')
-rw-r--r-- | docs/docbook/projdoc/winbind.sgml | 90 |
1 files changed, 69 insertions, 21 deletions
diff --git a/docs/docbook/projdoc/winbind.sgml b/docs/docbook/projdoc/winbind.sgml index d2bfb8ab67..2d38ea44d4 100644 --- a/docs/docbook/projdoc/winbind.sgml +++ b/docs/docbook/projdoc/winbind.sgml @@ -2,6 +2,7 @@ <chapterinfo> + <authorgroup> <author> <firstname>Tim</firstname><surname>Potter</surname> <affiliation> @@ -10,7 +11,7 @@ </affiliation> </author> <author> - <firstname>Andrew</firstname><surname>Trigdell</surname> + <firstname>Andrew</firstname><surname>Tridgell</surname> <affiliation> <orgname>Samba Team</orgname> <address><email>tridge@linuxcare.com.au</email></address> @@ -35,6 +36,7 @@ <address><email>jelmer@nl.linux.org</email></address> </affiliation> </author> + </authorgroup> <pubdate>27 June 2002</pubdate> </chapterinfo> @@ -173,7 +175,7 @@ <sect2> <title>Microsoft Remote Procedure Calls</title> - <para>Over the last two years, efforts have been underway + <para>Over the last few years, efforts have been underway by various Samba Team members to decode various aspects of the Microsoft Remote Procedure Call (MSRPC) system. This system is used for most network related operations between @@ -192,6 +194,21 @@ </sect2> <sect2> + <title>Microsoft Active Directory Services</title> + + <para> + Since late 2001, Samba has gained the ability to + interact with Microsoft Windows 2000 using its 'Native + Mode' protocols, rather than the NT4 RPC services. + Using LDAP and Kerberos, a domain member running + winbind can enumerate users and groups in exactly the + same way as a Win2k client would, and in so doing + provide a much more efficient and + effective winbind implementation. + </para> + </sect2> + + <sect2> <title>Name Service Switch</title> <para>The Name Service Switch, or NSS, is a feature that is @@ -334,15 +351,6 @@ to control access and authenticate users on your Linux box using the winbind services which come with SAMBA 2.2.2. </para> -<para> -There is also some Solaris specific information in -<filename>docs/textdocs/Solaris-Winbind-HOWTO.txt</filename>. -Future revisions of this document will incorporate that -information. -</para> - - - <sect2> <title>Introduction</title> @@ -464,7 +472,7 @@ whether or not you have previously built the Samba binaries. <prompt>root#</prompt> <command>autoconf</command> <prompt>root#</prompt> <command>make clean</command> <prompt>root#</prompt> <command>rm config.cache</command> -<prompt>root#</prompt> <command>./configure --with-winbind</command> +<prompt>root#</prompt> <command>./configure</command> <prompt>root#</prompt> <command>make</command> <prompt>root#</prompt> <command>make install</command> </programlisting></para> @@ -552,7 +560,7 @@ include the following entries in the [global] section: <para><programlisting> [global] - <...> + <...> # separate domain and username with '+', like DOMAIN+username <ulink url="winbindd.8.html#WINBINDSEPARATOR">winbind separator</ulink> = + # use uids from 10000 to 20000 for domain users @@ -582,7 +590,7 @@ a domain user who has administrative privileges in the domain. <para> -<prompt>root#</prompt> <command>/usr/local/samba/bin/net rpc join -S PDC -U Administrator</command> +<prompt>root#</prompt> <command>/usr/local/samba/bin/net join -S PDC -U Administrator</command> </para> @@ -611,6 +619,19 @@ command as root: </para> <para> +Winbindd can now also run in 'dual daemon mode'. This will make it +run as 2 processes. The first will answer all requests from the cache, +thus making responses to clients faster. The other will +update the cache for the query that the first has just responded. +Advantage of this is that responses stay accurate and are faster. +You can enable dual daemon mode by adding '-B' to the commandline: +</para> + +<para> +<prompt>root#</prompt> <command>/usr/local/samba/bin/winbindd -B</command> +</para> + +<para> I'm always paranoid and like to make sure the daemon is really running... </para> @@ -733,15 +754,28 @@ start() { daemon /usr/local/samba/bin/winbindd RETVAL3=$? echo - [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 -a $RETVAL3 -eq 0 ] && touch /var/lock/subsys/smb || \ + [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 -a $RETVAL3 -eq 0 ] && touch /var/lock/subsys/smb || \ RETVAL=1 return $RETVAL } </programlisting></para> +<para>If you would like to run winbindd in dual daemon mode, replace +the line +<programlisting> + daemon /usr/local/samba/bin/winbindd +</programlisting> + +in the example above with: + +<programlisting> + daemon /usr/local/samba/bin/winbindd -B +</programlisting>. +</para> + <para> The 'stop' function has a corresponding entry to shut down the -services and look s like this: +services and looks like this: </para> <para><programlisting> @@ -760,7 +794,7 @@ stop() { echo -n $"Shutting down $KIND services: " killproc winbindd RETVAL3=$? - [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 -a $RETVAL3 -eq 0 ] && rm -f /var/lock/subsys/smb + [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 -a $RETVAL3 -eq 0 ] && rm -f /var/lock/subsys/smb echo "" return $RETVAL } @@ -791,7 +825,7 @@ killproc() { # kill the named process(es) pid=`/usr/bin/ps -e | /usr/bin/grep -w $1 | /usr/bin/sed -e 's/^ *//' -e 's/ .*//'` - [ "$pid" != "" ] && kill $pid + [ "$pid" != "" ] && kill $pid } # Start/stop processes required for samba server @@ -825,6 +859,19 @@ echo Starting Winbind Daemon ;; esac </programlisting></para> + +<para>Again, if you would like to run samba in dual daemon mode, replace +<programlisting> + /usr/local/samba/bin/winbindd +</programlisting> + +in the script above with: + +<programlisting> + /usr/local/samba/bin/winbindd -B +</programlisting> +</para> + </sect4> <sect4> @@ -1042,7 +1089,7 @@ annoying double prompts for passwords. </para> <para> -Now restart your Samba & try connecting through your application that you +Now restart your Samba and try connecting through your application that you configured in the pam.conf. </para> @@ -1063,7 +1110,7 @@ configured in the pam.conf. <itemizedlist> <listitem><para>Winbind is currently only available for - the Linux operating system, although ports to other operating + the Linux, Solaris and IRIX operating systems, although ports to other operating systems are certainly possible. For such ports to be feasible, we require the C library of the target operating system to support the Name Service Switch and Pluggable Authentication @@ -1079,7 +1126,8 @@ configured in the pam.conf. <listitem><para>Currently the winbind PAM module does not take into account possible workstation and logon time restrictions - that may be been set for Windows NT users.</para></listitem> + that may be been set for Windows NT users, this is + instead up to the PDC to enforce.</para></listitem> </itemizedlist> </sect1> |