summaryrefslogtreecommitdiff
path: root/docs/htmldocs/winbind.html
diff options
context:
space:
mode:
authorJelmer Vernooij <jelmer@samba.org>2002-10-04 16:36:40 +0000
committerJelmer Vernooij <jelmer@samba.org>2002-10-04 16:36:40 +0000
commit42efc1092dcb3042724e280c0bb18e813b3aac98 (patch)
tree21ff9b7b39f8b390a54deb08ed6e24f56eaed57f /docs/htmldocs/winbind.html
parent502a960354717bb1d7a2d001cbd1ad918a2f7a33 (diff)
downloadsamba-42efc1092dcb3042724e280c0bb18e813b3aac98.tar.gz
samba-42efc1092dcb3042724e280c0bb18e813b3aac98.tar.bz2
samba-42efc1092dcb3042724e280c0bb18e813b3aac98.zip
Convert GOTCHAS to SGML
(This used to be commit c48207ef0e219680d4e4102256c76189aaf73ebc)
Diffstat (limited to 'docs/htmldocs/winbind.html')
-rw-r--r--docs/htmldocs/winbind.html123
1 files changed, 90 insertions, 33 deletions
diff --git a/docs/htmldocs/winbind.html b/docs/htmldocs/winbind.html
index cac9a70a6d..0d816ef052 100644
--- a/docs/htmldocs/winbind.html
+++ b/docs/htmldocs/winbind.html
@@ -5,11 +5,10 @@
>Unified Logons between Windows NT and UNIX using Winbind</TITLE
><META
NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"><LINK
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77"><LINK
REL="HOME"
TITLE="SAMBA Project Documentation"
-HREF="Samba-HOWTO.html"><LINK
+HREF="samba-project-documentation.html"><LINK
REL="PREVIOUS"
TITLE="security = domain in Samba 2.x"
HREF="domain-security.html"><LINK
@@ -70,13 +69,17 @@ WIDTH="100%"></DIV
CLASS="CHAPTER"
><H1
><A
-NAME="WINBIND">Chapter 11. Unified Logons between Windows NT and UNIX using Winbind</H1
+NAME="WINBIND"
+></A
+>Chapter 11. Unified Logons between Windows NT and UNIX using Winbind</H1
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
-NAME="AEN1394">11.1. Abstract</H1
+NAME="AEN1397"
+></A
+>11.1. Abstract</H1
><P
>Integration of UNIX and Microsoft Windows NT through
a unified logon has been considered a "holy grail" in heterogeneous
@@ -101,7 +104,9 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
-NAME="AEN1398">11.2. Introduction</H1
+NAME="AEN1401"
+></A
+>11.2. Introduction</H1
><P
>It is well known that UNIX and Microsoft Windows NT have
different models for representing user and group information and
@@ -153,7 +158,9 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
-NAME="AEN1411">11.3. What Winbind Provides</H1
+NAME="AEN1414"
+></A
+>11.3. What Winbind Provides</H1
><P
>Winbind unifies UNIX and Windows NT account management by
allowing a UNIX box to become a full member of a NT domain. Once
@@ -193,7 +200,9 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
-NAME="AEN1418">11.3.1. Target Uses</H2
+NAME="AEN1421"
+></A
+>11.3.1. Target Uses</H2
><P
>Winbind is targeted at organizations that have an
existing NT based domain infrastructure into which they wish
@@ -215,7 +224,9 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
-NAME="AEN1422">11.4. How Winbind Works</H1
+NAME="AEN1425"
+></A
+>11.4. How Winbind Works</H1
><P
>The winbind system is designed around a client/server
architecture. A long running <B
@@ -233,7 +244,9 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
-NAME="AEN1427">11.4.1. Microsoft Remote Procedure Calls</H2
+NAME="AEN1430"
+></A
+>11.4.1. Microsoft Remote Procedure Calls</H2
><P
>Over the last two years, efforts have been underway
by various Samba Team members to decode various aspects of
@@ -257,7 +270,9 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
-NAME="AEN1431">11.4.2. Name Service Switch</H2
+NAME="AEN1434"
+></A
+>11.4.2. Name Service Switch</H2
><P
>The Name Service Switch, or NSS, is a feature that is
present in many UNIX operating systems. It allows system
@@ -335,7 +350,9 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
-NAME="AEN1447">11.4.3. Pluggable Authentication Modules</H2
+NAME="AEN1450"
+></A
+>11.4.3. Pluggable Authentication Modules</H2
><P
>Pluggable Authentication Modules, also known as PAM,
is a system for abstracting authentication and authorization
@@ -382,7 +399,9 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
-NAME="AEN1455">11.4.4. User and Group ID Allocation</H2
+NAME="AEN1458"
+></A
+>11.4.4. User and Group ID Allocation</H2
><P
>When a user or group is created under Windows NT
is it allocated a numerical relative identifier (RID). This is
@@ -406,7 +425,9 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
-NAME="AEN1459">11.4.5. Result Caching</H2
+NAME="AEN1462"
+></A
+>11.4.5. Result Caching</H2
><P
>An active system can generate a lot of user and group
name lookups. To reduce the network cost of these lookups winbind
@@ -427,7 +448,9 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
-NAME="AEN1462">11.5. Installation and Configuration</H1
+NAME="AEN1465"
+></A
+>11.5. Installation and Configuration</H1
><P
>Many thanks to John Trostel <A
HREF="mailto:jtrostel@snapserver.com"
@@ -452,7 +475,9 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
-NAME="AEN1469">11.5.1. Introduction</H2
+NAME="AEN1472"
+></A
+>11.5.1. Introduction</H2
><P
>This HOWTO describes the procedures used to get winbind up and
running on my RedHat 7.1 system. Winbind is capable of providing access
@@ -509,7 +534,9 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
-NAME="AEN1482">11.5.2. Requirements</H2
+NAME="AEN1485"
+></A
+>11.5.2. Requirements</H2
><P
>If you have a samba configuration file that you are currently
using... <SPAN
@@ -577,7 +604,9 @@ CLASS="SECT2"
><H2
CLASS="SECT2"
><A
-NAME="AEN1496">11.5.3. Testing Things Out</H2
+NAME="AEN1499"
+></A
+>11.5.3. Testing Things Out</H2
><P
>Before starting, it is probably best to kill off all the SAMBA
related daemons running on your server. Kill off all <B
@@ -620,7 +649,9 @@ CLASS="SECT3"
><H3
CLASS="SECT3"
><A
-NAME="AEN1507">11.5.3.1. Configure and compile SAMBA</H3
+NAME="AEN1510"
+></A
+>11.5.3.1. Configure and compile SAMBA</H3
><P
>The configuration and compilation of SAMBA is pretty straightforward.
The first three steps may not be necessary depending upon
@@ -684,7 +715,9 @@ CLASS="SECT3"
><H3
CLASS="SECT3"
><A
-NAME="AEN1526">11.5.3.2. Configure <TT
+NAME="AEN1529"
+></A
+>11.5.3.2. Configure <TT
CLASS="FILENAME"
>nsswitch.conf</TT
> and the
@@ -787,7 +820,9 @@ CLASS="SECT3"
><H3
CLASS="SECT3"
><A
-NAME="AEN1559">11.5.3.3. Configure smb.conf</H3
+NAME="AEN1562"
+></A
+>11.5.3.3. Configure smb.conf</H3
><P
>Several parameters are needed in the smb.conf file to control
the behavior of <B
@@ -860,7 +895,9 @@ CLASS="SECT3"
><H3
CLASS="SECT3"
><A
-NAME="AEN1575">11.5.3.4. Join the SAMBA server to the PDC domain</H3
+NAME="AEN1578"
+></A
+>11.5.3.4. Join the SAMBA server to the PDC domain</H3
><P
>Enter the following command to make the SAMBA server join the
PDC domain, where <TT
@@ -904,7 +941,9 @@ CLASS="SECT3"
><H3
CLASS="SECT3"
><A
-NAME="AEN1586">11.5.3.5. Start up the winbindd daemon and test it!</H3
+NAME="AEN1589"
+></A
+>11.5.3.5. Start up the winbindd daemon and test it!</H3
><P
>Eventually, you will want to modify your smb startup script to
automatically invoke the winbindd daemon when the other parts of
@@ -1025,13 +1064,17 @@ CLASS="SECT3"
><H3
CLASS="SECT3"
><A
-NAME="AEN1622">11.5.3.6. Fix the init.d startup scripts</H3
+NAME="AEN1625"
+></A
+>11.5.3.6. Fix the init.d startup scripts</H3
><DIV
CLASS="SECT4"
><H4
CLASS="SECT4"
><A
-NAME="AEN1624">11.5.3.6.1. Linux</H4
+NAME="AEN1627"
+></A
+>11.5.3.6.1. Linux</H4
><P
>The <B
CLASS="COMMAND"
@@ -1125,7 +1168,9 @@ CLASS="SECT4"
><H4
CLASS="SECT4"
><A
-NAME="AEN1641">11.5.3.6.2. Solaris</H4
+NAME="AEN1644"
+></A
+>11.5.3.6.2. Solaris</H4
><P
>On solaris, you need to modify the
<TT
@@ -1194,7 +1239,9 @@ CLASS="SECT4"
><H4
CLASS="SECT4"
><A
-NAME="AEN1648">11.5.3.6.3. Restarting</H4
+NAME="AEN1651"
+></A
+>11.5.3.6.3. Restarting</H4
><P
>If you restart the <B
CLASS="COMMAND"
@@ -1216,7 +1263,9 @@ CLASS="SECT3"
><H3
CLASS="SECT3"
><A
-NAME="AEN1654">11.5.3.7. Configure Winbind and PAM</H3
+NAME="AEN1657"
+></A
+>11.5.3.7. Configure Winbind and PAM</H3
><P
>If you have made it this far, you know that winbindd and samba are working
together. If you want to use winbind to provide authentication for other
@@ -1272,7 +1321,9 @@ CLASS="SECT4"
><H4
CLASS="SECT4"
><A
-NAME="AEN1671">11.5.3.7.1. Linux/FreeBSD-specific PAM configuration</H4
+NAME="AEN1674"
+></A
+>11.5.3.7.1. Linux/FreeBSD-specific PAM configuration</H4
><P
>The <TT
CLASS="FILENAME"
@@ -1399,7 +1450,9 @@ CLASS="SECT4"
><H4
CLASS="SECT4"
><A
-NAME="AEN1704">11.5.3.7.2. Solaris-specific configuration</H4
+NAME="AEN1707"
+></A
+>11.5.3.7.2. Solaris-specific configuration</H4
><P
>The /etc/pam.conf needs to be changed. I changed this file so that my Domain
users can logon both locally as well as telnet.The following are the changes
@@ -1484,7 +1537,9 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
-NAME="AEN1711">11.6. Limitations</H1
+NAME="AEN1714"
+></A
+>11.6. Limitations</H1
><P
>Winbind has a number of limitations in its current
released version that we hope to overcome in future
@@ -1523,7 +1578,9 @@ CLASS="SECT1"
><H1
CLASS="SECT1"
><A
-NAME="AEN1721">11.7. Conclusion</H1
+NAME="AEN1724"
+></A
+>11.7. Conclusion</H1
><P
>The winbind system, through the use of the Name Service
Switch, Pluggable Authentication Modules, and appropriate
@@ -1558,7 +1615,7 @@ WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
-HREF="Samba-HOWTO.html"
+HREF="samba-project-documentation.html"
ACCESSKEY="H"
>Home</A
></TD