diff options
author | Jelmer Vernooij <jelmer@samba.org> | 2002-10-04 16:36:40 +0000 |
---|---|---|
committer | Jelmer Vernooij <jelmer@samba.org> | 2002-10-04 16:36:40 +0000 |
commit | 42efc1092dcb3042724e280c0bb18e813b3aac98 (patch) | |
tree | 21ff9b7b39f8b390a54deb08ed6e24f56eaed57f /docs/htmldocs/winbind.html | |
parent | 502a960354717bb1d7a2d001cbd1ad918a2f7a33 (diff) | |
download | samba-42efc1092dcb3042724e280c0bb18e813b3aac98.tar.gz samba-42efc1092dcb3042724e280c0bb18e813b3aac98.tar.bz2 samba-42efc1092dcb3042724e280c0bb18e813b3aac98.zip |
Convert GOTCHAS to SGML
(This used to be commit c48207ef0e219680d4e4102256c76189aaf73ebc)
Diffstat (limited to 'docs/htmldocs/winbind.html')
-rw-r--r-- | docs/htmldocs/winbind.html | 123 |
1 files changed, 90 insertions, 33 deletions
diff --git a/docs/htmldocs/winbind.html b/docs/htmldocs/winbind.html index cac9a70a6d..0d816ef052 100644 --- a/docs/htmldocs/winbind.html +++ b/docs/htmldocs/winbind.html @@ -5,11 +5,10 @@ >Unified Logons between Windows NT and UNIX using Winbind</TITLE ><META NAME="GENERATOR" -CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ -"><LINK +CONTENT="Modular DocBook HTML Stylesheet Version 1.77"><LINK REL="HOME" TITLE="SAMBA Project Documentation" -HREF="Samba-HOWTO.html"><LINK +HREF="samba-project-documentation.html"><LINK REL="PREVIOUS" TITLE="security = domain in Samba 2.x" HREF="domain-security.html"><LINK @@ -70,13 +69,17 @@ WIDTH="100%"></DIV CLASS="CHAPTER" ><H1 ><A -NAME="WINBIND">Chapter 11. Unified Logons between Windows NT and UNIX using Winbind</H1 +NAME="WINBIND" +></A +>Chapter 11. Unified Logons between Windows NT and UNIX using Winbind</H1 ><DIV CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN1394">11.1. Abstract</H1 +NAME="AEN1397" +></A +>11.1. Abstract</H1 ><P >Integration of UNIX and Microsoft Windows NT through a unified logon has been considered a "holy grail" in heterogeneous @@ -101,7 +104,9 @@ CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN1398">11.2. Introduction</H1 +NAME="AEN1401" +></A +>11.2. Introduction</H1 ><P >It is well known that UNIX and Microsoft Windows NT have different models for representing user and group information and @@ -153,7 +158,9 @@ CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN1411">11.3. What Winbind Provides</H1 +NAME="AEN1414" +></A +>11.3. What Winbind Provides</H1 ><P >Winbind unifies UNIX and Windows NT account management by allowing a UNIX box to become a full member of a NT domain. Once @@ -193,7 +200,9 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN1418">11.3.1. Target Uses</H2 +NAME="AEN1421" +></A +>11.3.1. Target Uses</H2 ><P >Winbind is targeted at organizations that have an existing NT based domain infrastructure into which they wish @@ -215,7 +224,9 @@ CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN1422">11.4. How Winbind Works</H1 +NAME="AEN1425" +></A +>11.4. How Winbind Works</H1 ><P >The winbind system is designed around a client/server architecture. A long running <B @@ -233,7 +244,9 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN1427">11.4.1. Microsoft Remote Procedure Calls</H2 +NAME="AEN1430" +></A +>11.4.1. Microsoft Remote Procedure Calls</H2 ><P >Over the last two years, efforts have been underway by various Samba Team members to decode various aspects of @@ -257,7 +270,9 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN1431">11.4.2. Name Service Switch</H2 +NAME="AEN1434" +></A +>11.4.2. Name Service Switch</H2 ><P >The Name Service Switch, or NSS, is a feature that is present in many UNIX operating systems. It allows system @@ -335,7 +350,9 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN1447">11.4.3. Pluggable Authentication Modules</H2 +NAME="AEN1450" +></A +>11.4.3. Pluggable Authentication Modules</H2 ><P >Pluggable Authentication Modules, also known as PAM, is a system for abstracting authentication and authorization @@ -382,7 +399,9 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN1455">11.4.4. User and Group ID Allocation</H2 +NAME="AEN1458" +></A +>11.4.4. User and Group ID Allocation</H2 ><P >When a user or group is created under Windows NT is it allocated a numerical relative identifier (RID). This is @@ -406,7 +425,9 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN1459">11.4.5. Result Caching</H2 +NAME="AEN1462" +></A +>11.4.5. Result Caching</H2 ><P >An active system can generate a lot of user and group name lookups. To reduce the network cost of these lookups winbind @@ -427,7 +448,9 @@ CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN1462">11.5. Installation and Configuration</H1 +NAME="AEN1465" +></A +>11.5. Installation and Configuration</H1 ><P >Many thanks to John Trostel <A HREF="mailto:jtrostel@snapserver.com" @@ -452,7 +475,9 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN1469">11.5.1. Introduction</H2 +NAME="AEN1472" +></A +>11.5.1. Introduction</H2 ><P >This HOWTO describes the procedures used to get winbind up and running on my RedHat 7.1 system. Winbind is capable of providing access @@ -509,7 +534,9 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN1482">11.5.2. Requirements</H2 +NAME="AEN1485" +></A +>11.5.2. Requirements</H2 ><P >If you have a samba configuration file that you are currently using... <SPAN @@ -577,7 +604,9 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN1496">11.5.3. Testing Things Out</H2 +NAME="AEN1499" +></A +>11.5.3. Testing Things Out</H2 ><P >Before starting, it is probably best to kill off all the SAMBA related daemons running on your server. Kill off all <B @@ -620,7 +649,9 @@ CLASS="SECT3" ><H3 CLASS="SECT3" ><A -NAME="AEN1507">11.5.3.1. Configure and compile SAMBA</H3 +NAME="AEN1510" +></A +>11.5.3.1. Configure and compile SAMBA</H3 ><P >The configuration and compilation of SAMBA is pretty straightforward. The first three steps may not be necessary depending upon @@ -684,7 +715,9 @@ CLASS="SECT3" ><H3 CLASS="SECT3" ><A -NAME="AEN1526">11.5.3.2. Configure <TT +NAME="AEN1529" +></A +>11.5.3.2. Configure <TT CLASS="FILENAME" >nsswitch.conf</TT > and the @@ -787,7 +820,9 @@ CLASS="SECT3" ><H3 CLASS="SECT3" ><A -NAME="AEN1559">11.5.3.3. Configure smb.conf</H3 +NAME="AEN1562" +></A +>11.5.3.3. Configure smb.conf</H3 ><P >Several parameters are needed in the smb.conf file to control the behavior of <B @@ -860,7 +895,9 @@ CLASS="SECT3" ><H3 CLASS="SECT3" ><A -NAME="AEN1575">11.5.3.4. Join the SAMBA server to the PDC domain</H3 +NAME="AEN1578" +></A +>11.5.3.4. Join the SAMBA server to the PDC domain</H3 ><P >Enter the following command to make the SAMBA server join the PDC domain, where <TT @@ -904,7 +941,9 @@ CLASS="SECT3" ><H3 CLASS="SECT3" ><A -NAME="AEN1586">11.5.3.5. Start up the winbindd daemon and test it!</H3 +NAME="AEN1589" +></A +>11.5.3.5. Start up the winbindd daemon and test it!</H3 ><P >Eventually, you will want to modify your smb startup script to automatically invoke the winbindd daemon when the other parts of @@ -1025,13 +1064,17 @@ CLASS="SECT3" ><H3 CLASS="SECT3" ><A -NAME="AEN1622">11.5.3.6. Fix the init.d startup scripts</H3 +NAME="AEN1625" +></A +>11.5.3.6. Fix the init.d startup scripts</H3 ><DIV CLASS="SECT4" ><H4 CLASS="SECT4" ><A -NAME="AEN1624">11.5.3.6.1. Linux</H4 +NAME="AEN1627" +></A +>11.5.3.6.1. Linux</H4 ><P >The <B CLASS="COMMAND" @@ -1125,7 +1168,9 @@ CLASS="SECT4" ><H4 CLASS="SECT4" ><A -NAME="AEN1641">11.5.3.6.2. Solaris</H4 +NAME="AEN1644" +></A +>11.5.3.6.2. Solaris</H4 ><P >On solaris, you need to modify the <TT @@ -1194,7 +1239,9 @@ CLASS="SECT4" ><H4 CLASS="SECT4" ><A -NAME="AEN1648">11.5.3.6.3. Restarting</H4 +NAME="AEN1651" +></A +>11.5.3.6.3. Restarting</H4 ><P >If you restart the <B CLASS="COMMAND" @@ -1216,7 +1263,9 @@ CLASS="SECT3" ><H3 CLASS="SECT3" ><A -NAME="AEN1654">11.5.3.7. Configure Winbind and PAM</H3 +NAME="AEN1657" +></A +>11.5.3.7. Configure Winbind and PAM</H3 ><P >If you have made it this far, you know that winbindd and samba are working together. If you want to use winbind to provide authentication for other @@ -1272,7 +1321,9 @@ CLASS="SECT4" ><H4 CLASS="SECT4" ><A -NAME="AEN1671">11.5.3.7.1. Linux/FreeBSD-specific PAM configuration</H4 +NAME="AEN1674" +></A +>11.5.3.7.1. Linux/FreeBSD-specific PAM configuration</H4 ><P >The <TT CLASS="FILENAME" @@ -1399,7 +1450,9 @@ CLASS="SECT4" ><H4 CLASS="SECT4" ><A -NAME="AEN1704">11.5.3.7.2. Solaris-specific configuration</H4 +NAME="AEN1707" +></A +>11.5.3.7.2. Solaris-specific configuration</H4 ><P >The /etc/pam.conf needs to be changed. I changed this file so that my Domain users can logon both locally as well as telnet.The following are the changes @@ -1484,7 +1537,9 @@ CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN1711">11.6. Limitations</H1 +NAME="AEN1714" +></A +>11.6. Limitations</H1 ><P >Winbind has a number of limitations in its current released version that we hope to overcome in future @@ -1523,7 +1578,9 @@ CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN1721">11.7. Conclusion</H1 +NAME="AEN1724" +></A +>11.7. Conclusion</H1 ><P >The winbind system, through the use of the Name Service Switch, Pluggable Authentication Modules, and appropriate @@ -1558,7 +1615,7 @@ WIDTH="34%" ALIGN="center" VALIGN="top" ><A -HREF="Samba-HOWTO.html" +HREF="samba-project-documentation.html" ACCESSKEY="H" >Home</A ></TD |