summaryrefslogtreecommitdiff
path: root/docs/htmldocs/winbind.html
diff options
context:
space:
mode:
authorJelmer Vernooij <jelmer@samba.org>2002-08-17 14:15:33 +0000
committerJelmer Vernooij <jelmer@samba.org>2002-08-17 14:15:33 +0000
commit21d26afb2af6ae34219a4286eb7a8896d7e04a3a (patch)
treeb114286c87c513c83a66104591bbdee5520608c8 /docs/htmldocs/winbind.html
parent592dd249579511f7ce863a42030d9a51ca026c27 (diff)
downloadsamba-21d26afb2af6ae34219a4286eb7a8896d7e04a3a.tar.gz
samba-21d26afb2af6ae34219a4286eb7a8896d7e04a3a.tar.bz2
samba-21d26afb2af6ae34219a4286eb7a8896d7e04a3a.zip
sync 3_0 branch with HEAD
(This used to be commit 19ab776bf9c91cf4e56887fd7a63d3253b7e36ef)
Diffstat (limited to 'docs/htmldocs/winbind.html')
-rw-r--r--docs/htmldocs/winbind.html260
1 files changed, 238 insertions, 22 deletions
diff --git a/docs/htmldocs/winbind.html b/docs/htmldocs/winbind.html
index 6063828222..7d45b174dd 100644
--- a/docs/htmldocs/winbind.html
+++ b/docs/htmldocs/winbind.html
@@ -410,12 +410,20 @@ for providing the HOWTO for this section.</P
>This HOWTO describes how to get winbind services up and running
to control access and authenticate users on your Linux box using
the winbind services which come with SAMBA 2.2.2.</P
+><P
+>There is also some Solaris specific information in
+<TT
+CLASS="FILENAME"
+>docs/textdocs/Solaris-Winbind-HOWTO.txt</TT
+>.
+Future revisions of this document will incorporate that
+information.</P
><DIV
CLASS="SECT2"
><HR><H2
CLASS="SECT2"
><A
-NAME="AEN76"
+NAME="AEN78"
>Introduction</A
></H2
><P
@@ -468,7 +476,7 @@ CLASS="SECT2"
><HR><H2
CLASS="SECT2"
><A
-NAME="AEN89"
+NAME="AEN91"
>Requirements</A
></H2
><P
@@ -529,7 +537,7 @@ CLASS="SECT2"
><HR><H2
CLASS="SECT2"
><A
-NAME="AEN103"
+NAME="AEN105"
>Testing Things Out</A
></H2
><P
@@ -574,7 +582,7 @@ CLASS="SECT3"
><HR><H3
CLASS="SECT3"
><A
-NAME="AEN114"
+NAME="AEN116"
>Configure and compile SAMBA</A
></H3
><P
@@ -640,7 +648,7 @@ CLASS="SECT3"
><HR><H3
CLASS="SECT3"
><A
-NAME="AEN133"
+NAME="AEN135"
>Configure <TT
CLASS="FILENAME"
>nsswitch.conf</TT
@@ -672,6 +680,30 @@ CLASS="COMMAND"
>ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2</B
></P
><P
+>And, in the case of Sun solaris:</P
+><P
+><TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>ln -s /usr/lib/libnss_winbind.so /usr/lib/libnss_winbind.so.1</B
+>
+<TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.1</B
+>
+<TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.2</B
+></P
+><P
>Now, as root you need to edit <TT
CLASS="FILENAME"
>/etc/nsswitch.conf</TT
@@ -721,7 +753,7 @@ CLASS="SECT3"
><HR><H3
CLASS="SECT3"
><A
-NAME="AEN158"
+NAME="AEN168"
>Configure smb.conf</A
></H3
><P
@@ -796,7 +828,7 @@ CLASS="SECT3"
><HR><H3
CLASS="SECT3"
><A
-NAME="AEN174"
+NAME="AEN184"
>Join the SAMBA server to the PDC domain</A
></H3
><P
@@ -842,7 +874,7 @@ CLASS="SECT3"
><HR><H3
CLASS="SECT3"
><A
-NAME="AEN185"
+NAME="AEN195"
>Start up the winbindd daemon and test it!</A
></H3
><P
@@ -965,12 +997,17 @@ CLASS="SECT3"
><HR><H3
CLASS="SECT3"
><A
-NAME="AEN221"
->Fix the <TT
-CLASS="FILENAME"
->/etc/rc.d/init.d/smb</TT
-> startup files</A
+NAME="AEN231"
+>Fix the init.d startup scripts</A
></H3
+><DIV
+CLASS="SECT4"
+><H4
+CLASS="SECT4"
+><A
+NAME="AEN233"
+>Linux</A
+></H4
><P
>The <B
CLASS="COMMAND"
@@ -983,15 +1020,16 @@ CLASS="COMMAND"
CLASS="COMMAND"
>nmbd</B
> daemons are running.
-To accomplish this task, you need to modify the <TT
+To accomplish this task, you need to modify the startup scripts of your system. They are located at <TT
CLASS="FILENAME"
>/etc/init.d/smb</TT
->
-script to add commands to invoke this daemon in the proper sequence. My
+> in RedHat and
<TT
CLASS="FILENAME"
->/etc/init.d/smb</TT
-> file starts up <B
+>/etc/init.d/samba</TT
+> in Debian.
+script to add commands to invoke this daemon in the proper sequence. My
+startup script starts up <B
CLASS="COMMAND"
>smbd</B
>,
@@ -1057,6 +1095,86 @@ CLASS="PROGRAMLISTING"
return $RETVAL
}</PRE
></P
+></DIV
+><DIV
+CLASS="SECT4"
+><HR><H4
+CLASS="SECT4"
+><A
+NAME="AEN250"
+>Solaris</A
+></H4
+><P
+>On solaris, you need to modify the
+<TT
+CLASS="FILENAME"
+>/etc/init.d/samba.server</TT
+> startup script. It usually
+only starts smbd and nmbd but should now start winbindd too. If you
+have samba installed in <TT
+CLASS="FILENAME"
+>/usr/local/samba/bin</TT
+>,
+the file could contains something like this:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>##
+## samba.server
+##
+
+if [ ! -d /usr/bin ]
+then # /usr not mounted
+ exit
+fi
+
+killproc() { # kill the named process(es)
+ pid=`/usr/bin/ps -e |
+ /usr/bin/grep -w $1 |
+ /usr/bin/sed -e 's/^ *//' -e 's/ .*//'`
+ [ "$pid" != "" ] &#38;&#38; kill $pid
+}
+
+# Start/stop processes required for samba server
+
+case "$1" in
+
+'start')
+#
+# Edit these lines to suit your installation (paths, workgroup, host)
+#
+echo Starting SMBD
+ /usr/local/samba/bin/smbd -D -s \
+ /usr/local/samba/smb.conf
+
+echo Starting NMBD
+ /usr/local/samba/bin/nmbd -D -l \
+ /usr/local/samba/var/log -s /usr/local/samba/smb.conf
+
+echo Starting Winbind Daemon
+ /usr/local/samba/bin/winbindd
+ ;;
+
+'stop')
+ killproc nmbd
+ killproc smbd
+ killproc winbindd
+ ;;
+
+*)
+ echo "Usage: /etc/init.d/samba.server { start | stop }"
+ ;;
+esac</PRE
+></P
+></DIV
+><DIV
+CLASS="SECT4"
+><HR><H4
+CLASS="SECT4"
+><A
+NAME="AEN257"
+>Restarting</A
+></H4
><P
>If you restart the <B
CLASS="COMMAND"
@@ -1072,12 +1190,13 @@ CLASS="COMMAND"
should be able to connect to the samba server as a domain member just as
if you were a local user.</P
></DIV
+></DIV
><DIV
CLASS="SECT3"
><HR><H3
CLASS="SECT3"
><A
-NAME="AEN243"
+NAME="AEN263"
>Configure Winbind and PAM</A
></H3
><P
@@ -1117,7 +1236,11 @@ your other pam security modules. On my RedHat system, this was the
<TT
CLASS="FILENAME"
>/lib/security</TT
-> directory.</P
+> directory. On Solaris, the pam security
+modules reside in <TT
+CLASS="FILENAME"
+>/usr/lib/security</TT
+>.</P
><P
><TT
CLASS="PROMPT"
@@ -1126,6 +1249,14 @@ CLASS="PROMPT"
CLASS="COMMAND"
>cp ../samba/source/nsswitch/pam_winbind.so /lib/security</B
></P
+><DIV
+CLASS="SECT4"
+><HR><H4
+CLASS="SECT4"
+><A
+NAME="AEN280"
+>Linux/FreeBSD-specific PAM configuration</A
+></H4
><P
>The <TT
CLASS="FILENAME"
@@ -1247,6 +1378,91 @@ CLASS="COMMAND"
> line to get rid of annoying
double prompts for passwords.</P
></DIV
+><DIV
+CLASS="SECT4"
+><HR><H4
+CLASS="SECT4"
+><A
+NAME="AEN313"
+>Solaris-specific configuration</A
+></H4
+><P
+>The /etc/pam.conf needs to be changed. I changed this file so that my Domain
+users can logon both locally as well as telnet.The following are the changes
+that I made.You can customize the pam.conf file as per your requirements,but
+be sure of those changes because in the worst case it will leave your system
+nearly impossible to boot.</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>#
+#ident "@(#)pam.conf 1.14 99/09/16 SMI"
+#
+# Copyright (c) 1996-1999, Sun Microsystems, Inc.
+# All Rights Reserved.
+#
+# PAM configuration
+#
+# Authentication management
+#
+login auth required /usr/lib/security/pam_winbind.so
+login auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
+login auth required /usr/lib/security/$ISA/pam_dial_auth.so.1 try_first_pass
+#
+rlogin auth sufficient /usr/lib/security/pam_winbind.so
+rlogin auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
+rlogin auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
+#
+dtlogin auth sufficient /usr/lib/security/pam_winbind.so
+dtlogin auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
+#
+rsh auth required /usr/lib/security/$ISA/pam_rhosts_auth.so.1
+other auth sufficient /usr/lib/security/pam_winbind.so
+other auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
+#
+# Account management
+#
+login account sufficient /usr/lib/security/pam_winbind.so
+login account requisite /usr/lib/security/$ISA/pam_roles.so.1
+login account required /usr/lib/security/$ISA/pam_unix.so.1
+#
+dtlogin account sufficient /usr/lib/security/pam_winbind.so
+dtlogin account requisite /usr/lib/security/$ISA/pam_roles.so.1
+dtlogin account required /usr/lib/security/$ISA/pam_unix.so.1
+#
+other account sufficient /usr/lib/security/pam_winbind.so
+other account requisite /usr/lib/security/$ISA/pam_roles.so.1
+other account required /usr/lib/security/$ISA/pam_unix.so.1
+#
+# Session management
+#
+other session required /usr/lib/security/$ISA/pam_unix.so.1
+#
+# Password management
+#
+#other password sufficient /usr/lib/security/pam_winbind.so
+other password required /usr/lib/security/$ISA/pam_unix.so.1
+dtsession auth required /usr/lib/security/$ISA/pam_unix.so.1
+#
+# Support for Kerberos V5 authentication (uncomment to use Kerberos)
+#
+#rlogin auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
+#login auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
+#dtlogin auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
+#other auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
+#dtlogin account optional /usr/lib/security/$ISA/pam_krb5.so.1
+#other account optional /usr/lib/security/$ISA/pam_krb5.so.1
+#other session optional /usr/lib/security/$ISA/pam_krb5.so.1
+#other password optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass</PRE
+></P
+><P
+>I also added a try_first_pass line after the winbind.so line to get rid of
+annoying double prompts for passwords.</P
+><P
+>Now restart your Samba &#38; try connecting through your application that you
+configured in the pam.conf.</P
+></DIV
+></DIV
></DIV
></DIV
><DIV
@@ -1254,7 +1470,7 @@ CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
-NAME="AEN290"
+NAME="AEN320"
>Limitations</A
></H1
><P
@@ -1295,7 +1511,7 @@ CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
-NAME="AEN300"
+NAME="AEN330"
>Conclusion</A
></H1
><P
generated by cgit (git 2.34.1) at 2024-07-13 07:10:06 +0000