diff options
| author | Gerald Carter <jerry@samba.org> | 2002-10-01 17:03:24 +0000 |
|---|---|---|
| committer | Gerald Carter <jerry@samba.org> | 2002-10-01 17:03:24 +0000 |
| commit | d962f8b3c04c066aa65141ba4d63552d40e8b041 (patch) | |
| tree | e000864ef4c760765b0c5213758a6b61f24bf0f9 /docs/htmldocs | |
| parent | 7faabd42c5cd010f0c19e074e805e41047b5d6c2 (diff) | |
| download | samba-d962f8b3c04c066aa65141ba4d63552d40e8b041.tar.gz samba-d962f8b3c04c066aa65141ba4d63552d40e8b041.tar.bz2 samba-d962f8b3c04c066aa65141ba4d63552d40e8b041.zip | |
regenerate
(This used to be commit 57c9a6a1e8159f2eeaf0e3dae104a0815a000fa4)
Diffstat (limited to 'docs/htmldocs')
| -rw-r--r-- | docs/htmldocs/winbind.html | 320 |
1 files changed, 194 insertions, 126 deletions
diff --git a/docs/htmldocs/winbind.html b/docs/htmldocs/winbind.html index 7d45b174dd..cac9a70a6d 100644 --- a/docs/htmldocs/winbind.html +++ b/docs/htmldocs/winbind.html @@ -1,43 +1,92 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML ><HEAD ><TITLE >Unified Logons between Windows NT and UNIX using Winbind</TITLE ><META NAME="GENERATOR" -CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD +CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ +"><LINK +REL="HOME" +TITLE="SAMBA Project Documentation" +HREF="Samba-HOWTO.html"><LINK +REL="PREVIOUS" +TITLE="security = domain in Samba 2.x" +HREF="domain-security.html"><LINK +REL="NEXT" +TITLE="How to Configure Samba 2.2 as a Primary Domain Controller" +HREF="samba-pdc.html"></HEAD ><BODY -CLASS="ARTICLE" +CLASS="CHAPTER" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV -CLASS="ARTICLE" +CLASS="NAVHEADER" +><TABLE +SUMMARY="Header navigation table" +WIDTH="100%" +BORDER="0" +CELLPADDING="0" +CELLSPACING="0" +><TR +><TH +COLSPAN="3" +ALIGN="center" +>SAMBA Project Documentation</TH +></TR +><TR +><TD +WIDTH="10%" +ALIGN="left" +VALIGN="bottom" +><A +HREF="domain-security.html" +ACCESSKEY="P" +>Prev</A +></TD +><TD +WIDTH="80%" +ALIGN="center" +VALIGN="bottom" +></TD +><TD +WIDTH="10%" +ALIGN="right" +VALIGN="bottom" +><A +HREF="samba-pdc.html" +ACCESSKEY="N" +>Next</A +></TD +></TR +></TABLE +><HR +ALIGN="LEFT" +WIDTH="100%"></DIV ><DIV -CLASS="TITLEPAGE" +CLASS="CHAPTER" ><H1 -CLASS="TITLE" ><A -NAME="WINBIND" ->Unified Logons between Windows NT and UNIX using Winbind</A -></H1 -><HR></DIV +NAME="WINBIND">Chapter 11. Unified Logons between Windows NT and UNIX using Winbind</H1 ><DIV CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN3" ->Abstract</A -></H1 +NAME="AEN1394">11.1. Abstract</H1 ><P >Integration of UNIX and Microsoft Windows NT through a unified logon has been considered a "holy grail" in heterogeneous computing environments for a long time. We present - <I + <SPAN +CLASS="emphasis" +><I CLASS="EMPHASIS" >winbind</I +></SPAN >, a component of the Samba suite of programs as a solution to the unified logon problem. Winbind uses a UNIX implementation @@ -49,12 +98,10 @@ CLASS="EMPHASIS" ></DIV ><DIV CLASS="SECT1" -><HR><H1 +><H1 CLASS="SECT1" ><A -NAME="AEN7" ->Introduction</A -></H1 +NAME="AEN1398">11.2. Introduction</H1 ><P >It is well known that UNIX and Microsoft Windows NT have different models for representing user and group information and @@ -103,12 +150,10 @@ NAME="AEN7" ></DIV ><DIV CLASS="SECT1" -><HR><H1 +><H1 CLASS="SECT1" ><A -NAME="AEN20" ->What Winbind Provides</A -></H1 +NAME="AEN1411">11.3. What Winbind Provides</H1 ><P >Winbind unifies UNIX and Windows NT account management by allowing a UNIX box to become a full member of a NT domain. Once @@ -145,12 +190,10 @@ NAME="AEN20" location (on the domain controller).</P ><DIV CLASS="SECT2" -><HR><H2 +><H2 CLASS="SECT2" ><A -NAME="AEN27" ->Target Uses</A -></H2 +NAME="AEN1418">11.3.1. Target Uses</H2 ><P >Winbind is targeted at organizations that have an existing NT based domain infrastructure into which they wish @@ -169,12 +212,10 @@ NAME="AEN27" ></DIV ><DIV CLASS="SECT1" -><HR><H1 +><H1 CLASS="SECT1" ><A -NAME="AEN31" ->How Winbind Works</A -></H1 +NAME="AEN1422">11.4. How Winbind Works</H1 ><P >The winbind system is designed around a client/server architecture. A long running <B @@ -189,12 +230,10 @@ CLASS="COMMAND" in detail below.</P ><DIV CLASS="SECT2" -><HR><H2 +><H2 CLASS="SECT2" ><A -NAME="AEN36" ->Microsoft Remote Procedure Calls</A -></H2 +NAME="AEN1427">11.4.1. Microsoft Remote Procedure Calls</H2 ><P >Over the last two years, efforts have been underway by various Samba Team members to decode various aspects of @@ -215,12 +254,10 @@ NAME="AEN36" ></DIV ><DIV CLASS="SECT2" -><HR><H2 +><H2 CLASS="SECT2" ><A -NAME="AEN40" ->Name Service Switch</A -></H2 +NAME="AEN1431">11.4.2. Name Service Switch</H2 ><P >The Name Service Switch, or NSS, is a feature that is present in many UNIX operating systems. It allows system @@ -295,12 +332,10 @@ CLASS="FILENAME" ></DIV ><DIV CLASS="SECT2" -><HR><H2 +><H2 CLASS="SECT2" ><A -NAME="AEN56" ->Pluggable Authentication Modules</A -></H2 +NAME="AEN1447">11.4.3. Pluggable Authentication Modules</H2 ><P >Pluggable Authentication Modules, also known as PAM, is a system for abstracting authentication and authorization @@ -344,12 +379,10 @@ CLASS="FILENAME" ></DIV ><DIV CLASS="SECT2" -><HR><H2 +><H2 CLASS="SECT2" ><A -NAME="AEN64" ->User and Group ID Allocation</A -></H2 +NAME="AEN1455">11.4.4. User and Group ID Allocation</H2 ><P >When a user or group is created under Windows NT is it allocated a numerical relative identifier (RID). This is @@ -370,12 +403,10 @@ NAME="AEN64" ></DIV ><DIV CLASS="SECT2" -><HR><H2 +><H2 CLASS="SECT2" ><A -NAME="AEN68" ->Result Caching</A -></H2 +NAME="AEN1459">11.4.5. Result Caching</H2 ><P >An active system can generate a lot of user and group name lookups. To reduce the network cost of these lookups winbind @@ -393,12 +424,10 @@ NAME="AEN68" ></DIV ><DIV CLASS="SECT1" -><HR><H1 +><H1 CLASS="SECT1" ><A -NAME="AEN71" ->Installation and Configuration</A -></H1 +NAME="AEN1462">11.5. Installation and Configuration</H1 ><P >Many thanks to John Trostel <A HREF="mailto:jtrostel@snapserver.com" @@ -420,12 +449,10 @@ Future revisions of this document will incorporate that information.</P ><DIV CLASS="SECT2" -><HR><H2 +><H2 CLASS="SECT2" ><A -NAME="AEN78" ->Introduction</A -></H2 +NAME="AEN1469">11.5.1. Introduction</H2 ><P >This HOWTO describes the procedures used to get winbind up and running on my RedHat 7.1 system. Winbind is capable of providing access @@ -441,9 +468,12 @@ somewhat to fit the way your distribution works.</P ><UL ><LI ><P -> <I +> <SPAN +CLASS="emphasis" +><I CLASS="EMPHASIS" >Why should I to this?</I +></SPAN > </P ><P @@ -455,9 +485,12 @@ CLASS="EMPHASIS" ></LI ><LI ><P -> <I +> <SPAN +CLASS="emphasis" +><I CLASS="EMPHASIS" >Who should be reading this document?</I +></SPAN > </P ><P @@ -473,29 +506,36 @@ CLASS="EMPHASIS" ></DIV ><DIV CLASS="SECT2" -><HR><H2 +><H2 CLASS="SECT2" ><A -NAME="AEN91" ->Requirements</A -></H2 +NAME="AEN1482">11.5.2. Requirements</H2 ><P >If you have a samba configuration file that you are currently -using... <I +using... <SPAN +CLASS="emphasis" +><I CLASS="EMPHASIS" >BACK IT UP!</I +></SPAN > If your system already uses PAM, -<I +<SPAN +CLASS="emphasis" +><I CLASS="EMPHASIS" >back up the <TT CLASS="FILENAME" >/etc/pam.d</TT > directory contents!</I +></SPAN > If you haven't already made a boot disk, -<I +<SPAN +CLASS="emphasis" +><I CLASS="EMPHASIS" >MAKE ONE NOW!</I +></SPAN ></P ><P >Messing with the pam configuration files can make it nearly impossible @@ -534,12 +574,10 @@ CLASS="FILENAME" ></DIV ><DIV CLASS="SECT2" -><HR><H2 +><H2 CLASS="SECT2" ><A -NAME="AEN105" ->Testing Things Out</A -></H2 +NAME="AEN1496">11.5.3. Testing Things Out</H2 ><P >Before starting, it is probably best to kill off all the SAMBA related daemons running on your server. Kill off all <B @@ -579,12 +617,10 @@ CLASS="FILENAME" > RPMs installed.</P ><DIV CLASS="SECT3" -><HR><H3 +><H3 CLASS="SECT3" ><A -NAME="AEN116" ->Configure and compile SAMBA</A -></H3 +NAME="AEN1507">11.5.3.1. Configure and compile SAMBA</H3 ><P >The configuration and compilation of SAMBA is pretty straightforward. The first three steps may not be necessary depending upon @@ -645,16 +681,14 @@ It will also build the winbindd executable and libraries. </P ></DIV ><DIV CLASS="SECT3" -><HR><H3 +><H3 CLASS="SECT3" ><A -NAME="AEN135" ->Configure <TT +NAME="AEN1526">11.5.3.2. Configure <TT CLASS="FILENAME" >nsswitch.conf</TT > and the -winbind libraries</A -></H3 +winbind libraries</H3 ><P >The libraries needed to run the <B CLASS="COMMAND" @@ -750,12 +784,10 @@ and echos back a check to you.</P ></DIV ><DIV CLASS="SECT3" -><HR><H3 +><H3 CLASS="SECT3" ><A -NAME="AEN168" ->Configure smb.conf</A -></H3 +NAME="AEN1559">11.5.3.3. Configure smb.conf</H3 ><P >Several parameters are needed in the smb.conf file to control the behavior of <B @@ -825,12 +857,10 @@ TARGET="_top" ></DIV ><DIV CLASS="SECT3" -><HR><H3 +><H3 CLASS="SECT3" ><A -NAME="AEN184" ->Join the SAMBA server to the PDC domain</A -></H3 +NAME="AEN1575">11.5.3.4. Join the SAMBA server to the PDC domain</H3 ><P >Enter the following command to make the SAMBA server join the PDC domain, where <TT @@ -871,12 +901,10 @@ is your DOMAIN name.</P ></DIV ><DIV CLASS="SECT3" -><HR><H3 +><H3 CLASS="SECT3" ><A -NAME="AEN195" ->Start up the winbindd daemon and test it!</A -></H3 +NAME="AEN1586">11.5.3.5. Start up the winbindd daemon and test it!</H3 ><P >Eventually, you will want to modify your smb startup script to automatically invoke the winbindd daemon when the other parts of @@ -994,20 +1022,16 @@ CLASS="COMMAND" ></DIV ><DIV CLASS="SECT3" -><HR><H3 +><H3 CLASS="SECT3" ><A -NAME="AEN231" ->Fix the init.d startup scripts</A -></H3 +NAME="AEN1622">11.5.3.6. Fix the init.d startup scripts</H3 ><DIV CLASS="SECT4" ><H4 CLASS="SECT4" ><A -NAME="AEN233" ->Linux</A -></H4 +NAME="AEN1624">11.5.3.6.1. Linux</H4 ><P >The <B CLASS="COMMAND" @@ -1098,12 +1122,10 @@ CLASS="PROGRAMLISTING" ></DIV ><DIV CLASS="SECT4" -><HR><H4 +><H4 CLASS="SECT4" ><A -NAME="AEN250" ->Solaris</A -></H4 +NAME="AEN1641">11.5.3.6.2. Solaris</H4 ><P >On solaris, you need to modify the <TT @@ -1169,12 +1191,10 @@ esac</PRE ></DIV ><DIV CLASS="SECT4" -><HR><H4 +><H4 CLASS="SECT4" ><A -NAME="AEN257" ->Restarting</A -></H4 +NAME="AEN1648">11.5.3.6.3. Restarting</H4 ><P >If you restart the <B CLASS="COMMAND" @@ -1193,12 +1213,10 @@ if you were a local user.</P ></DIV ><DIV CLASS="SECT3" -><HR><H3 +><H3 CLASS="SECT3" ><A -NAME="AEN263" ->Configure Winbind and PAM</A -></H3 +NAME="AEN1654">11.5.3.7. Configure Winbind and PAM</H3 ><P >If you have made it this far, you know that winbindd and samba are working together. If you want to use winbind to provide authentication for other @@ -1251,12 +1269,10 @@ CLASS="COMMAND" ></P ><DIV CLASS="SECT4" -><HR><H4 +><H4 CLASS="SECT4" ><A -NAME="AEN280" ->Linux/FreeBSD-specific PAM configuration</A -></H4 +NAME="AEN1671">11.5.3.7.1. Linux/FreeBSD-specific PAM configuration</H4 ><P >The <TT CLASS="FILENAME" @@ -1380,12 +1396,10 @@ double prompts for passwords.</P ></DIV ><DIV CLASS="SECT4" -><HR><H4 +><H4 CLASS="SECT4" ><A -NAME="AEN313" ->Solaris-specific configuration</A -></H4 +NAME="AEN1704">11.5.3.7.2. Solaris-specific configuration</H4 ><P >The /etc/pam.conf needs to be changed. I changed this file so that my Domain users can logon both locally as well as telnet.The following are the changes @@ -1467,12 +1481,10 @@ configured in the pam.conf.</P ></DIV ><DIV CLASS="SECT1" -><HR><H1 +><H1 CLASS="SECT1" ><A -NAME="AEN320" ->Limitations</A -></H1 +NAME="AEN1711">11.6. Limitations</H1 ><P >Winbind has a number of limitations in its current released version that we hope to overcome in future @@ -1508,12 +1520,10 @@ NAME="AEN320" ></DIV ><DIV CLASS="SECT1" -><HR><H1 +><H1 CLASS="SECT1" ><A -NAME="AEN330" ->Conclusion</A -></H1 +NAME="AEN1721">11.7. Conclusion</H1 ><P >The winbind system, through the use of the Name Service Switch, Pluggable Authentication Modules, and appropriate @@ -1523,6 +1533,64 @@ NAME="AEN330" cost of running a mixed UNIX and NT network.</P ></DIV ></DIV +><DIV +CLASS="NAVFOOTER" +><HR +ALIGN="LEFT" +WIDTH="100%"><TABLE +SUMMARY="Footer navigation table" +WIDTH="100%" +BORDER="0" +CELLPADDING="0" +CELLSPACING="0" +><TR +><TD +WIDTH="33%" +ALIGN="left" +VALIGN="top" +><A +HREF="domain-security.html" +ACCESSKEY="P" +>Prev</A +></TD +><TD +WIDTH="34%" +ALIGN="center" +VALIGN="top" +><A +HREF="Samba-HOWTO.html" +ACCESSKEY="H" +>Home</A +></TD +><TD +WIDTH="33%" +ALIGN="right" +VALIGN="top" +><A +HREF="samba-pdc.html" +ACCESSKEY="N" +>Next</A +></TD +></TR +><TR +><TD +WIDTH="33%" +ALIGN="left" +VALIGN="top" +>security = domain in Samba 2.x</TD +><TD +WIDTH="34%" +ALIGN="center" +VALIGN="top" +> </TD +><TD +WIDTH="33%" +ALIGN="right" +VALIGN="top" +>How to Configure Samba 2.2 as a Primary Domain Controller</TD +></TR +></TABLE +></DIV ></BODY ></HTML >
\ No newline at end of file |