diff options
| author | Gerald Carter <jerry@samba.org> | 2001-02-23 02:34:22 +0000 |
|---|---|---|
| committer | Gerald Carter <jerry@samba.org> | 2001-02-23 02:34:22 +0000 |
| commit | 9a43d69ac4000d6b7b5a07089f22af4451ea4b31 (patch) | |
| tree | 9dd715e19f12ceed27386156e764335705b605d6 /docs/htmldocs | |
| parent | 837191626111e84c0fb27b5052d21ab29b6e41a6 (diff) | |
| download | samba-9a43d69ac4000d6b7b5a07089f22af4451ea4b31.tar.gz samba-9a43d69ac4000d6b7b5a07089f22af4451ea4b31.tar.bz2 samba-9a43d69ac4000d6b7b5a07089f22af4451ea4b31.zip | |
autogenerated files....
(This used to be commit edb0e5df4c7053a7163d32bba7ecf893a67523ca)
Diffstat (limited to 'docs/htmldocs')
| -rw-r--r-- | docs/htmldocs/smbtar.1.html | 482 | ||||
| -rw-r--r-- | docs/htmldocs/swat.8.html | 548 | ||||
| -rw-r--r-- | docs/htmldocs/winbindd.8.html | 1194 |
3 files changed, 1612 insertions, 612 deletions
diff --git a/docs/htmldocs/smbtar.1.html b/docs/htmldocs/smbtar.1.html index 68aab355ed..5e13ef3577 100644 --- a/docs/htmldocs/smbtar.1.html +++ b/docs/htmldocs/smbtar.1.html @@ -1,130 +1,352 @@ - - - - - - -<html><head><title>smbtar (1)</title> - -<link rev="made" href="mailto:samba@samba.org"> -</head> -<body> - -<hr> - -<h1>smbtar (1)</h1> -<h2>Samba</h2> -<h2>23 Oct 1998</h2> - - - -<p><a name="NAME"></a> -<h2>NAME</h2> - smbtar - shell script for backing up SMB/CIFS shares directly to UNIX tape drives -<p><a name="SYNOPSIS"></a> -<h2>SYNOPSIS</h2> - -<p><strong>smbtar</strong> <a href="smbtar.1.html#minuss">-s server</a> [<a href="smbtar.1.html#minusp">-p password</a>] [<a href="smbtar.1.html#minusx">-x service</a>] [<a href="smbtar.1.html#minusX">-X</a>] [<a href="smbtar.1.html#minusd">-d directory</a>] [<a href="smbtar.1.html#minusu">-u user</a>] [<a href="smbtar.1.html#minust">-t tape</a>] [<a href="smbtar.1.html#minusb">-b blocksize</a>] [<a href="smbtar.1.html#minusN">-N filename</a>] [<a href="smbtar.1.html#minusi">-i</a>] [<a href="smbtar.1.html#minusr">-r</a>] [<a href="smbtar.1.html#minusl">-l log level</a>] [<a href="smbtar.1.html#minusv">-v</a>] filenames -<p><a name="DESCRIPTION"></a> -<h2>DESCRIPTION</h2> - -<p>This program is part of the <strong>Samba</strong> suite. -<p><strong>smbtar</strong> is a very small shell script on top of -<a href="smbclient.1.html"><strong>smbclient</strong></a> which dumps SMB shares directly -to tape. -<p><a name="OPTIONS"></a> -<h2>OPTIONS</h2> - -<p><dl> -<p><a name="minuss"></a> -<p></p><dt><strong><strong>-s server</strong></strong><dd> The SMB/CIFS server that the share resides upon. -<p><a name="minusx"></a> -<p></p><dt><strong><strong>-x service</strong></strong><dd> The share name on the server to connect -to. The default is <code>backup</code>. -<p><a name="minusX"></a> -<p></p><dt><strong><strong>-X</strong></strong><dd> Exclude mode. Exclude filenames... from tar create or -restore. -<p><a name="minusd"></a> -<p></p><dt><strong><strong>-d directory</strong></strong><dd> Change to initial <em>directory</em> before restoring -/ backing up files. -<p><a name="minusv"></a> -<p></p><dt><strong><strong>-v</strong></strong><dd> Verbose mode. -<p><a name="minusp"></a> -<p></p><dt><strong><strong>-p password</strong></strong><dd> The password to use to access a share. Default: -none -<p><a name="minusu"></a> -<p></p><dt><strong><strong>-u user</strong></strong><dd> The user id to connect as. Default: UNIX login name. -<p><a name="minust"></a> -<p></p><dt><strong><strong>-t tape</strong></strong><dd> Tape device. May be regular file or tape -device. Default: <em>TAPE</em> environmental variable; if not set, a file -called <code>tar.out</code>. -<p><a name="minusb"></a> -<p></p><dt><strong><strong>-b blocksize</strong></strong><dd> Blocking factor. Defaults to 20. See <strong>tar (1)</strong> -for a fuller explanation. -<p><a name="minusN"></a> -<p></p><dt><strong><strong>-N filename</strong></strong><dd> Backup only files newer than filename. Could be -used (for example) on a log file to implement incremental backups. -<p><a name="minusi"></a> -<p></p><dt><strong><strong>-i</strong></strong><dd> Incremental mode; tar files are only backed up if they -have the archive bit set. The archive bit is reset after each file is -read. -<p><a name="minusr"></a> -<p></p><dt><strong><strong>-r</strong></strong><dd> Restore. Files are restored to the share from the tar -file. -<p><a name="minusl"></a> -<p></p><dt><strong><strong>-l log level</strong></strong><dd> Log (debug) level. Corresponds to the -<a href="smbclient.1.html#minusd"><strong>-d</strong></a> flag of <a href="smbclient.1.html"><strong>smbclient -(1)</strong></a>. -<p></dl> -<p><a name="ENVIRONMENTVARIABLES"></a> -<h2>ENVIRONMENT VARIABLES</h2> - -<p>The TAPE variable specifies the default tape device to write to. May -be overridden with the <a href="smbtar.1.html#minust"><strong>-t</strong></a> option. -<p><a name="BUGS"></a> -<h2>BUGS</h2> - -<p>The <strong>smbtar</strong> script has different options from ordinary tar and tar -called from <a href="smbclient.1.html"><strong>smbclient</strong></a>. -<p><a name="CAVEATS"></a> -<h2>CAVEATS</h2> - -<p>Sites that are more careful about security may not like the way the -script handles PC passwords. Backup and restore work on entire shares, -should work on file lists. <strong>smbtar</strong> works best with GNU tar and may -not work well with other versions. -<p><a name="VERSION"></a> -<h2>VERSION</h2> - -<p>This man page is correct for version 2.0 of the Samba suite. -<p><a name="SEEALSO"></a> -<h2>SEE ALSO</h2> - -<p><a href="smbclient.1.html"><strong>smbclient (1)</strong></a>, <a href="smb.conf.5.html"><strong>smb.conf -(5)</strong></a> -<p><a name="DIAGNOSTICS"></a> -<h2>DIAGNOSTICS</h2> - -<p>See the <a href="smbclient.1.html#DIAGNOSTICS"><strong>DIAGNOSTICS</strong></a> section for -the <a href="smbclient.1.html"><strong>smbclient</strong></a> command. -<p><a name="AUTHOR"></a> -<h2>AUTHOR</h2> - -<p>The original Samba software and related utilities were created by -Andrew Tridgell <a href="mailto:samba@samba.org"><em>samba@samba.org</em></a>. Samba is now developed -by the Samba Team as an Open Source project similar to the way the -Linux kernel is developed. -<p>Ricky Poulten <a href="mailto:poultenr@logica.co.uk"><em>poultenr@logica.co.uk</em></a> wrote the tar extension and -this man page. The <strong>smbtar</strong> script was heavily rewritten and -improved by Martin Kraemer <a href="mailto:Martin.Kraemer@mch.sni.de"><em>Martin.Kraemer@mch.sni.de</em></a>. Many -thanks to everyone who suggested extensions, improvements, bug fixes, -etc. The man page sources were converted to YODL format (another -excellent piece of Open Source software available at -<a href="ftp://ftp.icce.rug.nl/pub/unix/"><strong>ftp://ftp.icce.rug.nl/pub/unix/</strong></a>) -and updated for the Samba2.0 release by Jeremy Allison, -<a href="mailto:samba@samba.org"><em>samba@samba.org</em></a>. -<p>See <a href="samba.7.html"><strong>samba (7)</strong></a> to find out how to get a full -list of contributors and details on how to submit bug reports, -comments etc. -<p></body> -</html> +<HTML +><HEAD +><TITLE +>smbtar</TITLE +><META +NAME="GENERATOR" +CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD +><BODY +CLASS="REFENTRY" +BGCOLOR="#FFFFFF" +TEXT="#000000" +LINK="#0000FF" +VLINK="#840084" +ALINK="#0000FF" +><H1 +><A +NAME="SMBTAR" +>smbtar</A +></H1 +><DIV +CLASS="REFNAMEDIV" +><A +NAME="AEN5" +></A +><H2 +>Name</H2 +>smbtar -- shell script for backing up SMB/CIFS shares + directly to UNIX tape drives</DIV +><DIV +CLASS="REFSYNOPSISDIV" +><A +NAME="AEN8" +></A +><H2 +>Synopsis</H2 +><P +><B +CLASS="COMMAND" +>smbtar</B +> {-s server} [-p password] [-x services] [-X] [-d directory] [-u user] [-t tape] [-t tape] [-b blocksize] [-N filename] [-i] [-r] [-l loglevel] [-v] {filenames}</P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN26" +></A +><H2 +>DESCRIPTION</H2 +><P +>This tool is part of the <A +HREF="samba.7.html" +TARGET="_top" +> Samba</A +> suite.</P +><P +><B +CLASS="COMMAND" +>smbtar</B +> is a very small shell script on top + of <A +HREF="smbclient.1.html" +TARGET="_top" +><B +CLASS="COMMAND" +>smbclient(1)</B +></A +> + which dumps SMB shares directly to tape. </P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN34" +></A +><H2 +>OPTIONS</H2 +><P +></P +><DIV +CLASS="VARIABLELIST" +><DL +><DT +>-s server</DT +><DD +><P +>The SMB/CIFS server that the share resides + upon.</P +></DD +><DT +>-x service</DT +><DD +><P +>The share name on the server to connect to. + The default is "backup".</P +></DD +><DT +>-X</DT +><DD +><P +>Exclude mode. Exclude filenames... from tar + create or restore. </P +></DD +><DT +>-d directory</DT +><DD +><P +>Change to initial <TT +CLASS="PARAMETER" +><I +>directory + </I +></TT +> before restoring / backing up files. </P +></DD +><DT +>-v</DT +><DD +><P +>Verbose mode.</P +></DD +><DT +>-p password</DT +><DD +><P +>The password to use to access a share. + Default: none </P +></DD +><DT +>-u user</DT +><DD +><P +>The user id to connect as. Default: + UNIX login name. </P +></DD +><DT +>-t tape</DT +><DD +><P +>Tape device. May be regular file or tape + device. Default: <TT +CLASS="PARAMETER" +><I +>$TAPE</I +></TT +> environmental + variable; if not set, a file called <TT +CLASS="FILENAME" +>tar.out + </TT +>. </P +></DD +><DT +>-b blocksize</DT +><DD +><P +>Blocking factor. Defaults to 20. See + <B +CLASS="COMMAND" +>tar(1)</B +> for a fuller explanation. </P +></DD +><DT +>-N filename</DT +><DD +><P +>Backup only files newer than filename. Could + be used (for example) on a log file to implement incremental + backups. </P +></DD +><DT +>-i</DT +><DD +><P +>Incremental mode; tar files are only backed + up if they have the archive bit set. The archive bit is reset + after each file is read. </P +></DD +><DT +>-r</DT +><DD +><P +>Restore. Files are restored to the share + from the tar file. </P +></DD +><DT +>-l log level</DT +><DD +><P +>Log (debug) level. Corresponds to the + <TT +CLASS="PARAMETER" +><I +>-d</I +></TT +> flag of <B +CLASS="COMMAND" +>smbclient(1) + </B +>. </P +></DD +></DL +></DIV +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN95" +></A +><H2 +>ENVIRONMENT VARIABLES</H2 +><P +>The <TT +CLASS="PARAMETER" +><I +>$TAPE</I +></TT +> variable specifies the + default tape device to write to. May be overridden + with the -t option. </P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN99" +></A +><H2 +>BUGS</H2 +><P +>The <B +CLASS="COMMAND" +>smbtar</B +> script has different + options from ordinary tar and tar called from smbclient. </P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN103" +></A +><H2 +>CAVEATS</H2 +><P +>Sites that are more careful about security may not like + the way the script handles PC passwords. Backup and restore work + on entire shares, should work on file lists. smbtar works best + with GNU tar and may not work well with other versions. </P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN106" +></A +><H2 +>DIAGNOSTICS</H2 +><P +>See the <I +CLASS="EMPHASIS" +>DIAGNOSTICS</I +> section for the + <A +HREF="smbclient.1.html" +TARGET="_top" +><B +CLASS="COMMAND" +>smbclient(1)</B +> + </A +> command.</P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN112" +></A +><H2 +>VERSION</H2 +><P +>This man page is correct for version 2.2 of + the Samba suite.</P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN115" +></A +><H2 +>SEE ALSO</H2 +><P +><A +HREF="smbd.8.html" +TARGET="_top" +><B +CLASS="COMMAND" +>smbd(8)</B +></A +>, + <A +HREF="smbclient.1.html" +TARGET="_top" +><B +CLASS="COMMAND" +>smbclient(1)</B +></A +>, + <A +HREF="smb.conf.5.html" +TARGET="_top" +>smb.conf(5)</A +>, + </P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN123" +></A +><H2 +>AUTHOR</H2 +><P +>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</P +><P +><A +HREF="mailto:poultenr@logica.co.uk" +TARGET="_top" +>Ricky Poulten</A +> + wrote the tar extension and this man page. The <B +CLASS="COMMAND" +>smbtar</B +> + script was heavily rewritten and improved by <A +HREF="mailto:Martin.Kraemer@mch.sni.de" +TARGET="_top" +>Martin Kraemer</A +>. Many + thanks to everyone who suggested extensions, improvements, bug + fixes, etc. The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + <A +HREF="ftp://ftp.icce.rug.nl/pub/unix/" +TARGET="_top" +> ftp://ftp.icce.rug.nl/pub/unix/</A +>) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter.</P +></DIV +></BODY +></HTML +>
\ No newline at end of file diff --git a/docs/htmldocs/swat.8.html b/docs/htmldocs/swat.8.html index 12d83247fd..2c0d016399 100644 --- a/docs/htmldocs/swat.8.html +++ b/docs/htmldocs/swat.8.html @@ -1,148 +1,400 @@ - - - - - - -<html><head><title>swat (8)</title> - -<link rev="made" href="mailto:samba@samba.org"> -</head> -<body> - -<hr> - -<h1>swat (8)</h1> -<h2>Samba</h2> -<h2>23 Oct 1998</h2> - - - -<p><a name="NAME"></a> -<h2>NAME</h2> - swat - Samba Web Administration Tool -<p><a name="SYNOPSIS"></a> -<h2>SYNOPSIS</h2> - -<p><strong>swat</strong> [<a href="swat.8.html#minuss">-s smb config file</a>] [<a href="swat.8.html#minusa">-a</a>] -<p><a name="DESCRIPTION"></a> -<h2>DESCRIPTION</h2> - -<p>This program is part of the <strong>Samba</strong> suite. -<p><strong>swat</strong> allows a Samba administrator to configure the complex -<a href="smb.conf.5.html"><strong>smb.conf</strong></a> file via a Web browser. In -addition, a swat configuration page has help links to all the -configurable options in the <a href="smb.conf.5.html"><strong>smb.conf</strong></a> file -allowing an administrator to easily look up the effects of any change. -<p><strong>swat</strong> is run from <strong>inetd</strong> -<p><a name="OPTIONS"></a> -<h2>OPTIONS</h2> - -<p><dl> -<p><a name="minuss"></a> -<p></p><dt><strong><strong>-s smb configuration file</strong></strong><dd> The default configuration file path is -determined at compile time. -<p>The file specified contains the configuration details required by the -<a href="smbd.8.html"><strong>smbd</strong></a> server. This is the file that <strong>swat</strong> will -modify. The information in this file includes server-specific -information such as what printcap file to use, as well as descriptions -of all the services that the server is to provide. See <a href="smb.conf.5.html">smb.conf -(5)</a> for more information. -<p><a name="minusa"></a> -<p></p><dt><strong><strong>-a</strong></strong><dd> -<p>This option disables authentication and puts <strong>swat</strong> in demo mode. In -that mode anyone will be able to modify the -<a href="smb.conf.5.html"><strong>smb.conf</strong></a> file. -<p>Do NOT enable this option on a production server. -<p></dl> -<p><a name="INSTALLATION"></a> -<h2>INSTALLATION</h2> - -<p>After you compile SWAT you need to run <code>"make install"</code> to install the -swat binary and the various help files and images. A default install -would put these in: -<p><pre> - -/usr/local/samba/bin/swat -/usr/local/samba/swat/images/* -/usr/local/samba/swat/help/* - -</pre> - -<p><a name="INETD"></a> -<h2>INETD INSTALLATION</h2> - -<p>You need to edit your <code>/etc/inetd.conf</code> and <code>/etc/services</code> to -enable <strong>SWAT</strong> to be launched via inetd. -<p>In <code>/etc/services</code> you need to add a line like this: -<p><code>swat 901/tcp</code> -<p>Note for NIS/YP users - you may need to rebuild the NIS service maps -rather than alter your local <code>/etc/services</code> file. -<p>the choice of port number isn't really important except that it should -be less than 1024 and not currently used (using a number above 1024 -presents an obscure security hole depending on the implementation -details of your <strong>inetd</strong> daemon). -<p>In <code>/etc/inetd.conf</code> you should add a line like this: -<p><code>swat stream tcp nowait.400 root /usr/local/samba/bin/swat swat</code> -<p>One you have edited <code>/etc/services</code> and <code>/etc/inetd.conf</code> you need -to send a HUP signal to inetd. To do this use <code>"kill -1 PID"</code> where -PID is the process ID of the inetd daemon. -<p><a name="LAUNCHING"></a> -<h2>LAUNCHING</h2> - -<p>To launch <strong>swat</strong> just run your favorite web browser and point it at -<code>http://localhost:901/</code>. -<p><strong>Note that you can attach to <strong>swat</strong> from any IP connected machine but -connecting from a remote machine leaves your connection open to -password sniffing as passwords will be sent in the clear over the -wire.</strong> -<p><h2>FILES</h2> - -<p><strong>/etc/inetd.conf</strong> -<p>This file must contain suitable startup information for the -meta-daemon. -<p><strong>/etc/services</strong> -<p>This file must contain a mapping of service name (e.g., swat) to -service port (e.g., 901) and protocol type (e.g., tcp). -<p><strong>/usr/local/samba/lib/smb.conf</strong> -<p>This is the default location of the <em>smb.conf</em> server configuration -file that <strong>swat</strong> edits. Other common places that systems install -this file are <em>/usr/samba/lib/smb.conf</em> and <em>/etc/smb.conf</em>. -<p>This file describes all the services the server is to make available -to clients. See <strong>smb.conf (5)</strong> for more information. -<p><a name="WARNINGS"></a> -<h2>WARNINGS</h2> - -<p><strong>swat</strong> will rewrite your <a href="smb.conf.5.html"><strong>smb.conf</strong></a> file. It -will rearrange the entries and delete all comments, -<a href="smb.conf.5.html#include"><strong>"include="</strong></a> and -<a href="smb.conf.5.html#copy"><strong>"copy="</strong></a> options. If you have a -carefully crafted <a href="smb.conf.5.html"><strong>smb.conf</strong></a> then back it up -or don't use <strong>swat</strong>! -<p><a name="VERSION"></a> -<h2>VERSION</h2> - -<p>This man page is correct for version 2.0 of the Samba suite. -<p><a name="SEEALSO"></a> -<h2>SEE ALSO</h2> - -<p><strong>inetd (8)</strong>, <a href="nmbd.8.html"><strong>nmbd (8)</strong></a>, -<a href="smb.conf.5.html"><strong>smb.conf (5)</strong></a>. -<p><a name="AUTHOR"></a> -<h2>AUTHOR</h2> - -<p>The original Samba software and related utilities were created by -Andrew Tridgell (samba@samba.org). Samba is now developed -by the Samba Team as an Open Source project similar to the way the -Linux kernel is developed. -<p>The original Samba man pages were written by Karl Auer. The man page -sources were converted to YODL format (another excellent piece of Open -Source software, available at -<a href="ftp://ftp.icce.rug.nl/pub/unix/"><strong>ftp://ftp.icce.rug.nl/pub/unix/</strong></a>) -and updated for the Samba2.0 release by Jeremy Allison. -<a href="mailto:samba@samba.org"><em>samba@samba.org</em></a>. -<p>See <a href="samba.7.html"><strong>samba (7)</strong></a> to find out how to get a full -list of contributors and details on how to submit bug reports, -comments etc. -</body> -</html> +<HTML +><HEAD +><TITLE +>swat</TITLE +><META +NAME="GENERATOR" +CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD +><BODY +CLASS="REFENTRY" +BGCOLOR="#FFFFFF" +TEXT="#000000" +LINK="#0000FF" +VLINK="#840084" +ALINK="#0000FF" +><H1 +><A +NAME="SWAT" +>swat</A +></H1 +><DIV +CLASS="REFNAMEDIV" +><A +NAME="AEN5" +></A +><H2 +>Name</H2 +>swat -- Samba Web Administration Tool</DIV +><DIV +CLASS="REFSYNOPSISDIV" +><A +NAME="AEN8" +></A +><H2 +>Synopsis</H2 +><P +><B +CLASS="COMMAND" +>nmblookup</B +> [-s <smb config file>] [-a]</P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN13" +></A +><H2 +>DESCRIPTION</H2 +><P +>This tool is part of the <A +HREF="samba.7.html" +TARGET="_top" +> Samba</A +> suite.</P +><P +><B +CLASS="COMMAND" +>swat</B +> allows a Samba administrator to + configure the complex <A +HREF="smb.conf.5.html" +TARGET="_top" +><TT +CLASS="FILENAME" +> smb.conf(5)</TT +></A +> file via a Web browser. In addition, + a <B +CLASS="COMMAND" +>swat</B +> configuration page has help links + to all the configurable options in the smb.conf file allowing an + administrator to easily look up the effects of any change. </P +><P +>swat is run from inetd </P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN23" +></A +><H2 +>OPTIONS</H2 +><P +></P +><DIV +CLASS="VARIABLELIST" +><DL +><DT +>-s smb configuration file</DT +><DD +><P +>The default configuration file path is + determined at compile time. The file specified contains + the configuration details required by the <B +CLASS="COMMAND" +>smbd + </B +> server. This is the file that swat will modify. + The information in this file includes server-specific + information such as what printcap file to use, as well as + descriptions of all the services that the server is to provide. + See <TT +CLASS="FILENAME" +>smb.conf</TT +> for more information. + </P +></DD +><DT +>-a</DT +><DD +><P +>This option disables authentication and puts + swat in demo mode. In that mode anyone will be able to modify + the smb.conf file. </P +><P +><I +CLASS="EMPHASIS" +>Do NOT enable this option on a production + server. </I +></P +></DD +></DL +></DIV +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN38" +></A +><H2 +>INSTALLATION</H2 +><P +>After you compile SWAT you need to run <B +CLASS="COMMAND" +>make install + </B +> to install the <B +CLASS="COMMAND" +>swat</B +> binary + and the various help files and images. A default install would put + these in: </P +><P +></P +><UL +><LI +><P +>/usr/local/samba/bin/swat</P +></LI +><LI +><P +>/usr/local/samba/swat/images/*</P +></LI +><LI +><P +>/usr/local/samba/swat/help/*</P +></LI +></UL +><DIV +CLASS="REFSECT2" +><A +NAME="AEN50" +></A +><H3 +>Inetd Installation</H3 +><P +>You need to edit your <TT +CLASS="FILENAME" +>/etc/inetd.conf + </TT +> and <TT +CLASS="FILENAME" +>/etc/services</TT +> + to enable SWAT to be launched via inetd.</P +><P +>In <TT +CLASS="FILENAME" +>/etc/services</TT +> you need to + add a line like this: </P +><P +><B +CLASS="COMMAND" +>swat 901/tcp</B +></P +><P +>Note for NIS/YP users - you may need to rebuild the + NIS service maps rather than alter your local <TT +CLASS="FILENAME" +> /etc/services</TT +> file. </P +><P +>the choice of port number isn't really important + except that it should be less than 1024 and not currently + used (using a number above 1024 presents an obscure security + hole depending on the implementation details of your + <B +CLASS="COMMAND" +>inetd</B +> daemon). </P +><P +>In <TT +CLASS="FILENAME" +>/etc/inetd.conf</TT +> you should + add a line like this: </P +><P +><B +CLASS="COMMAND" +>swat stream tcp nowait.400 root + /usr/local/samba/bin/swat swat</B +></P +><P +>One you have edited <TT +CLASS="FILENAME" +>/etc/services</TT +> + and <TT +CLASS="FILENAME" +>/etc/inetd.conf</TT +> you need to send a + HUP signal to inetd. To do this use <B +CLASS="COMMAND" +>kill -1 PID + </B +> where PID is the process ID of the inetd daemon. </P +></DIV +><DIV +CLASS="REFSECT2" +><A +NAME="AEN71" +></A +><H3 +>Launching</H3 +><P +>To launch swat just run your favorite web browser and + point it at "http://localhost:901/".</P +><P +>Note that you can attach to swat from any IP connected + machine but connecting from a remote machine leaves your + connection open to password sniffing as passwords will be sent + in the clear over the wire. </P +></DIV +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN75" +></A +><H2 +>FILES</H2 +><P +></P +><DIV +CLASS="VARIABLELIST" +><DL +><DT +><TT +CLASS="FILENAME" +>/etc/inetd.conf</TT +></DT +><DD +><P +>This file must contain suitable startup + information for the meta-daemon.</P +></DD +><DT +><TT +CLASS="FILENAME" +>/etc/services</TT +></DT +><DD +><P +>This file must contain a mapping of service name + (e.g., swat) to service port (e.g., 901) and protocol type + (e.g., tcp). </P +></DD +><DT +><TT +CLASS="FILENAME" +>/usr/local/samba/lib/smb.conf</TT +></DT +><DD +><P +>This is the default location of the <TT +CLASS="FILENAME" +>smb.conf(5) + </TT +> server configuration file that swat edits. Other + common places that systems install this file are <TT +CLASS="FILENAME" +> /usr/samba/lib/smb.conf</TT +> and <TT +CLASS="FILENAME" +>/etc/smb.conf + </TT +>. This file describes all the services the server + is to make available to clients. </P +></DD +></DL +></DIV +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN96" +></A +><H2 +>WANRNIGS</H2 +><P +><B +CLASS="COMMAND" +>swat</B +> will rewrite your <TT +CLASS="FILENAME" +>smb.conf + </TT +> file. It will rearrange the entries and delete all + comments, <TT +CLASS="PARAMETER" +><I +>include=</I +></TT +> and <TT +CLASS="PARAMETER" +><I +>copy=" + </I +></TT +> options. If you have a carefully crafted <TT +CLASS="FILENAME" +> smb.conf</TT +> then back it up or don't use swat! </P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN104" +></A +><H2 +>VERSION</H2 +><P +>This man page is correct for version 2.2 of + the Samba suite.</P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN107" +></A +><H2 +>SEE ALSO</H2 +><P +><B +CLASS="COMMAND" +>inetd(5)</B +>, + <A +HREF="smbd.8.html" +TARGET="_top" +><B +CLASS="COMMAND" +>smbd(8)</B +></A +>, + <A +HREF="smb.conf.5.html" +TARGET="_top" +>smb.conf(5)</A +> + </P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN114" +></A +><H2 +>AUTHOR</H2 +><P +>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</P +><P +>The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + <A +HREF="ftp://ftp.icce.rug.nl/pub/unix/" +TARGET="_top" +> ftp://ftp.icce.rug.nl/pub/unix/</A +>) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter</P +></DIV +></BODY +></HTML +>
\ No newline at end of file diff --git a/docs/htmldocs/winbindd.8.html b/docs/htmldocs/winbindd.8.html index 2caa9ccf01..a98b7a2864 100644 --- a/docs/htmldocs/winbindd.8.html +++ b/docs/htmldocs/winbindd.8.html @@ -1,245 +1,594 @@ - - - - - -<html><head><title>winbindd (8)</title> - -<link rev="made" href="mailto:samba-bugs@samba.org"> -</head> -<body> - -<hr> - -<h1>winbindd (8)</h1> -<h2>Samba</h2> -<h2>13 Jun 2000</h2> - - - -<p><a name="NAME"></a> -<h2>NAME</h2> - winbindd - Name Service Switch daemon for resolving names from NT servers -<p><a name="SYNOPSIS"></a> -<h2>SYNOPSIS</h2> - -<p><strong>winbindd</strong> [<a href="winbindd.8.html#minusd">-d debuglevel</a>] [<a href="winbindd.8.html#minusi">-i</a>] -<p><a name="DESCRIPTION"></a> -<h2>DESCRIPTION</h2> - -<p>This program is part of the <strong>Samba</strong> suite version 3.0 and describes -functionality not yet implemented in the main version of Samba. -<p><strong>winbindd</strong> is a daemon that provides a service for the Name Service -Switch capability that is present in most modern C libraries. The Name -Service Switch allows user and system information to be obtained from -different databases services such as NIS or DNS. The exact behaviour can -be configured throught the <code>/etc/nsswitch.conf</code> file. Users and groups -are allocated as they are resolved to a range of user and group ids -specified by the administrator of the Samba system. -<p>The service provided by <strong>winbindd</strong> is called `winbind' and can be -used to resolve user and group information from a Windows NT server. -The service can also provide authentication services via an associated -PAM module. -<p>The following nsswitch databases are implemented by the <strong>winbindd</strong> -service: -<p><dl> -<p><p></p><dt><strong>passwd</strong><dd> -<p>User information traditionally stored in the <strong>passwd(5)</strong> file and used by -<strong>getpwent(3)</strong> functions. -<p><p></p><dt><strong>group</strong><dd> -<p>Group information traditionally stored in the <strong>group(5)</strong> file and used by -<strong>getgrent(3)</strong> functions. -<p></dl> -<p>For example, the following simple configuration in the -<code>/etc/nsswitch.conf</code> file can be used to initially resolve user and group -information from <code>/etc/passwd</code> and <code>/etc/group</code> and then from the -Windows NT server. -<p><pre> - - passwd: files winbind - group: files winbind - -</pre> - -<p><a name="OPTIONS"></a> -<h2>OPTIONS</h2> - -<p>The following options are available to the <strong>winbindd</strong> daemon: -<p><dl> -<p><a name="minusd"></a> -<p></p><dt><strong><strong>-d debuglevel</strong></strong><dd> -Sets the debuglevel to an integer between 0 and 100. 0 is for no debugging -and 100 is for reams and reams. To submit a bug report to the Samba Team, -use debug level 100 (see <strong>BUGS.txt</strong>). -<p><a name="minusi"></a> -<p></p><dt><strong><strong>-i</strong></strong><dd> -Tells <strong>winbindd</strong> to not become a daemon and detach from the current terminal. -This option is used by developers when interactive debugging of <strong>winbindd</strong> is -required. -<p></dl> -<p><a name="NAMEANDIDRESOLUTION"></a> -<h2>NAME AND ID RESOLUTION</h2> - -<p>Users and groups on a Windows NT server are assigned a relative id (rid) -which is unique for the domain when the user or group is created. To -convert the Windows NT user or group into a unix user or group, a mapping -between rids and unix user and group ids is required. This is one of the -jobs that <strong>winbindd</strong> performs. -<p>As <strong>winbindd</strong> users and groups are resolved from a server, user and group -ids are allocated from a specified range. This is done on a first come, -first served basis, although all existing users and groups will be mapped -as soon as a client performs a user or group enumeration command. The -allocated unix ids are stored in a database file under the Samba lock -directory and will be remembered. -<p>WARNING: The rid to unix id database is the only location where the user -and group mappings are stored by <strong>winbindd</strong>. If this file is deleted or -corrupted, there is no way for <strong>winbindd</strong> to determine which user and -group ids correspond to Windows NT user and group rids. -<p><a name="CONFIGURATION"></a> -<h2>CONFIGURATION</h2> - -<p>Configuration of the <strong>winbindd</strong> daemon is done through configuration -parameters in the <a href="smb.conf.5.html"><strong>smb.conf</strong></a> file. All parameters -should be specified in the [global] section of -<a href="smb.conf.5.html"><strong>smb.conf</strong></a>. -<p><dl> -<p><p></p><dt><strong>winbind separator</strong><dd> -<p>The winbind separator option allows you to specify how NT domain names -and user names are combined into unix user names when presented to -users. By default winbind will use the traditional \ separator so -that the unix user names look like DOMAIN\username. In some cases -this separator character may cause problems as the \ character has -special meaning in unix shells. In that case you can use the winbind -separator option to specify an alternative sepataror character. Good -alternatives may be / (although that conflicts with the unix directory -separator) or a + character. The + character appears to be the best -choice for 100% compatibility with existing unix utilities, but may be -an aesthetically bad choice depending on your taste. -<p><strong>Default:</strong> -<code> winbind separator = \</code> -<p><strong>Example:</strong> -<code> winbind separator = +</code> -<p><p></p><dt><strong>winbind uid</strong><dd> -<p>The winbind uid parameter specifies the range of user ids that are -allocated by the <strong>winbindd</strong> daemon. This range of -ids should have no existing local or nis users within it as strange -conflicts can occur otherwise. -<p><strong>Default:</strong> -<code> winbind uid = <empty string></code> -<p><strong>Example:</strong> -<code> winbind uid = 10000-20000</code> -<p><p></p><dt><strong>winbind gid</strong><dd> -<p>The winbind gid parameter specifies the range of group ids that are -allocated by the <strong>winbindd</strong> daemon. This range of group ids should have -no existing local or nis groups within it as strange conflicts can occur -otherwise. -<p><strong>Default:</strong> -<code> winbind gid = <empty string></code> -<p><strong>Example:</strong> -<code> winbind gid = 10000-20000</code> -<p><p></p><dt><strong>winbind cache time</strong><dd> -<p>This parameter specifies the number of seconds the <strong>winbindd</strong> daemon will -cache user and group information before querying a Windows NT server -again. When a item in the cache is older than this time <strong>winbindd</strong> will ask -the domain controller for the sequence number of the servers account -database. If the sequence number has not changed then the cached item is -marked as valid for a further "winbind cache time" seconds. Otherwise the -item is fetched from the server. This means that as long as the account -database is not actively changing <strong>winbindd</strong> will only have to send one -sequence number query packet every "winbind cache time" seconds. -<p><strong>Default:</strong> -<code> winbind cache time = 15</code> -<p><p></p><dt><strong>winbind enum users</strong><dd> -<p>On large installations it may be necessary to suppress the enumeration of -users through the <code>setpwent</code>, <code>getpwent</code> and <code>endpwent</code> group of -system calls. If the <code>winbind enum users</code> parameter is false, calls to -the <code>getpwent</code> system call will not return any data. -<p>Warning: Turning off user enumeration may cause some programs to behave -oddly. For example, the finger program relies on having access to the full -user list when searching for matching usernames. -<p><strong>Default:</strong> -<code> winbind enum users = true</code> -<p><p></p><dt><strong>winbind enum groups</strong><dd> -<p>On large installations it may be necessary to suppress the enumeration of -groups through the <code>setgrent</code>, <code>getgrent</code> and <code>endgrent</code> group of -system calls. If the <code>winbind enum groups</code> parameter is false, calls to -the <code>getgrent</code> system call will not return any data. -<p>Warning: Turning off group enumeration may cause some programs to behave -oddly. -<p><strong>Default:</strong> -<code> winbind enum groups = true</code> -<p><p></p><dt><strong>template homedir</strong><dd> -<p>When filling out the user information for a Windows NT user, the -<strong>winbindd</strong> daemon uses this parameter to fill in the home directory for -that user. If the string <code>%D</code> is present it is substituted with the -user's Windows NT domain name. If the string <code>%U</code> is present it is -substituted with the user's Windows NT user name. -<p><strong>Default:</strong> -<code> template homedir = /home/%D/%U</code> -<p><p></p><dt><strong>template shell</strong><dd> -<p>When filling out the user information for a Windows NT user, the -<strong>winbindd</strong> daemon uses this parameter to fill in the shell for that user. -<p><strong>Default:</strong> -<code> template shell = /bin/false</code> -<p></dl> -<p><a name="EXAMPLESETUP"></a> -<h2>EXAMPLE SETUP</h2> - -<p>To setup <strong>winbindd</strong> for user and group lookups plus authentication from -a domain controller use something like the following setup. This was -tested on a RedHat 6.2 Linux box. -<p>In <code>/etc/nsswitch.conf</code> put the following: -<pre> - - passwd: files winbind - group: files winbind - -</pre> - -<p>In <code>/etc/pam.d/*</code> replace the <code>auth</code> lines with something like this: -<pre> - - auth required /lib/security/pam_securetty.so - auth required /lib/security/pam_nologin.so - auth sufficient /lib/security/pam_winbind.so - auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok - -</pre> - -<p>Note in particular the use of the <code>sufficient</code> keyword and the -<code>use_first_pass</code> keyword. -<p>Now replace the account lines with this: -<pre> - - account required /lib/security/pam_winbind.so - -</pre> - -<p>The next step is to join the domain. To do that use the samedit -program like this: -<pre> - - samedit -S '*' -W DOMAIN -UAdministrator - -</pre> - -<p>The username after the -U can be any Domain user that has administrator -priviliges on the machine. Next from within samedit, run the command: -<pre> - - createuser MACHINE$ -j DOMAIN -L - -</pre> - -<p>This assumes your domain is called <code>DOMAIN</code> and your Samba workstation -is called <code>MACHINE</code>. -<p>Next copy <code>libnss_winbind.so.2</code> to <code>/lib</code> and <code>pam_winbind.so</code> to -<code>/lib/security</code>. -<p>Finally, setup a smb.conf containing directives like the following: -<pre> - - [global] - winbind separator = + +<HTML +><HEAD +><TITLE +>winbindd</TITLE +><META +NAME="GENERATOR" +CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD +><BODY +CLASS="REFENTRY" +BGCOLOR="#FFFFFF" +TEXT="#000000" +LINK="#0000FF" +VLINK="#840084" +ALINK="#0000FF" +><H1 +><A +NAME="WINBINDD" +>winbindd</A +></H1 +><DIV +CLASS="REFNAMEDIV" +><A +NAME="AEN5" +></A +><H2 +>Name</H2 +>winbindd -- Name Service Switch daemon for resolving names + from NT servers</DIV +><DIV +CLASS="REFSYNOPSISDIV" +><A +NAME="AEN8" +></A +><H2 +>Synopsis</H2 +><P +><B +CLASS="COMMAND" +>nmblookup</B +> [-d debuglevel] [-i] [-S] [-r] [-A] [-h] [-B <broadcast address>] [-U <unicast address>] [-d <debug level>] [-s <smb config file>] [-i <NetBIOS scope>] [-T] {name}</P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN24" +></A +><H2 +>DESCRIPTION</H2 +><P +>This tool is part of the <A +HREF="samba.7.html" +TARGET="_top" +> Samba</A +> suite version 3.0 and describes functionality not + yet implemented in the main version of Samba.</P +><P +><B +CLASS="COMMAND" +>winbindd</B +> is a daemon that provides + a service for the Name Service Switch capability that is present + in most modern C libraries. The Name Service Switch allows user + and system information to be obtained from different databases + services such as NIS or DNS. The exact behaviour can be configured + throught the <TT +CLASS="FILENAME" +>/etc/nsswitch.conf</TT +> file. + Users and groups are allocated as they are resolved to a range + of user and group ids specified by the administrator of the + Samba system.</P +><P +>The service provided by winbindd is called `winbind' and + can be used to resolve user and group information from a + Windows NT server. The service can also provide authentication + services via an associated PAM module. </P +><P +>The following nsswitch databases are implemented by + the winbindd service: </P +><P +></P +><DIV +CLASS="VARIABLELIST" +><DL +><DT +>passwd</DT +><DD +><P +>User information traditionally stored in + the <TT +CLASS="FILENAME" +>passwd(5)</TT +> file and used by + <B +CLASS="COMMAND" +>getpwent(3)</B +> functions. </P +></DD +><DT +>group</DT +><DD +><P +>Group information traditionally stored in + the <TT +CLASS="FILENAME" +>group(5)</TT +> file and used by + <B +CLASS="COMMAND" +>getgrent(3)</B +> functions. </P +></DD +></DL +></DIV +><P +>For example, the following simple configuration in the + <TT +CLASS="FILENAME" +>/etc/nsswitch.conf</TT +> file can be used to initially + resolve user and group information from <TT +CLASS="FILENAME" +>/etc/passwd + </TT +> and <TT +CLASS="FILENAME" +>/etc/group</TT +> and then from the + Windows NT server. </P +><P +><PRE +CLASS="PROGRAMLISTING" +>passwd: files winbind +group: files winbind + </PRE +></P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN52" +></A +><H2 +>OPTIONS</H2 +><P +></P +><DIV +CLASS="VARIABLELIST" +><DL +><DT +>-d debuglevel</DT +><DD +><P +>Sets the debuglevel to an integer between + 0 and 100. 0 is for no debugging and 100 is for reams and + reams. To submit a bug report to the Samba Team, use debug + level 100 (see BUGS.txt). </P +></DD +><DT +>-i</DT +><DD +><P +>Tells <B +CLASS="COMMAND" +>winbindd</B +> to not + become a daemon and detach from the current terminal. This + option is used by developers when interactive debugging + of <B +CLASS="COMMAND" +>winbindd</B +> is required. </P +></DD +></DL +></DIV +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN65" +></A +><H2 +>NAME AND ID RESOLUTION</H2 +><P +>Users and groups on a Windows NT server are assigned + a relative id (rid) which is unique for the domain when the + user or group is created. To convert the Windows NT user or group + into a unix user or group, a mapping between rids and unix user + and group ids is required. This is one of the jobs that <B +CLASS="COMMAND" +> winbindd</B +> performs. </P +><P +>As winbindd users and groups are resolved from a server, user + and group ids are allocated from a specified range. This + is done on a first come, first served basis, although all existing + users and groups will be mapped as soon as a client performs a user + or group enumeration command. The allocated unix ids are stored + in a database file under the Samba lock directory and will be + remembered. </P +><P +>WARNING: The rid to unix id database is the only location + where the user and group mappings are stored by winbindd. If this + file is deleted or corrupted, there is no way for winbindd to + determine which user and group ids correspond to Windows NT user + and group rids. </P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN71" +></A +><H2 +>CONFIGURATION</H2 +><P +>Configuration of the <B +CLASS="COMMAND" +>winbindd</B +> daemon + is done through configuration parameters in the <TT +CLASS="FILENAME" +>smb.conf(5) + </TT +> file. All parameters should be specified in the + [global] section of smb.conf. </P +><P +></P +><DIV +CLASS="VARIABLELIST" +><DL +><DT +>winbind separator</DT +><DD +><P +>The winbind separator option allows you + to specify how NT domain names and user names are combined + into unix user names when presented to users. By default, + <B +CLASS="COMMAND" +>winbindd</B +> will use the traditional '\' + separator so that the unix user names look like + DOMAIN\username. In some cases this separator character may + cause problems as the '\' character has special meaning in + unix shells. In that case you can use the winbind separator + option to specify an alternative sepataror character. Good + alternatives may be '/' (although that conflicts + with the unix directory separator) or a '+ 'character. + The '+' character appears to be the best choice for 100% + compatibility with existing unix utilities, but may be an + aesthetically bad choice depending on your taste. </P +><P +>Default: <B +CLASS="COMMAND" +>winbind separator = \ </B +> + </P +><P +>Example: <B +CLASS="COMMAND" +>winbind separator = + </B +></P +></DD +><DT +>winbind uid</DT +><DD +><P +>The winbind uid parameter specifies the + range of user ids that are allocated by the winbindd daemon. + This range of ids should have no existing local or nis users + within it as strange conflicts can occur otherwise. </P +><P +>Default: <B +CLASS="COMMAND" +>winbind uid = <empty string> + </B +></P +><P +>Example: <B +CLASS="COMMAND" +>winbind uid = 10000-20000</B +></P +></DD +><DT +>winbind gid</DT +><DD +><P +>The winbind gid parameter specifies the + range of group ids that are allocated by the winbindd daemon. + This range of group ids should have no existing local or nis + groups within it as strange conflicts can occur otherwise.</P +><P +>Default: <B +CLASS="COMMAND" +>winbind gid = <empty string> + </B +></P +><P +>Example: <B +CLASS="COMMAND" +>winbind gid = 10000-20000 + </B +> </P +></DD +><DT +>winbind cache time</DT +><DD +><P +>This parameter specifies the number of + seconds the winbindd daemon will cache user and group information + before querying a Windows NT server again. When a item in the + cache is older than this time winbindd will ask the domain + controller for the sequence number of the servers account database. + If the sequence number has not changed then the cached item is + marked as valid for a further <TT +CLASS="PARAMETER" +><I +>winbind cache time + </I +></TT +> seconds. Otherwise the item is fetched from the + server. This means that as long as the account database is not + actively changing winbindd will only have to send one sequence + number query packet every <TT +CLASS="PARAMETER" +><I +>winbind cache time + </I +></TT +> seconds. </P +><P +>Default: <B +CLASS="COMMAND" +>winbind cache time = 15</B +> + </P +></DD +><DT +>winbind enum users</DT +><DD +><P +>On large installations it may be necessary + to suppress the enumeration of users through the <B +CLASS="COMMAND" +> setpwent()</B +>, <B +CLASS="COMMAND" +>getpwent()</B +> and + <B +CLASS="COMMAND" +>endpwent()</B +> group of system calls. If + the <TT +CLASS="PARAMETER" +><I +>winbind enum users</I +></TT +> parameter is false, + calls to the <B +CLASS="COMMAND" +>getpwent</B +> system call will not + return any data. </P +><P +><I +CLASS="EMPHASIS" +>Warning:</I +> Turning off user enumeration + may cause some programs to behave oddly. For example, the finger + program relies on having access to the full user list when + searching for matching usernames. </P +><P +>Default: <B +CLASS="COMMAND" +>winbind enum users = yes </B +></P +></DD +><DT +>winbind enum groups</DT +><DD +><P +>On large installations it may be necessary + to suppress the enumeration of groups through the <B +CLASS="COMMAND" +> setgrent()</B +>, <B +CLASS="COMMAND" +>getgrent()</B +> and + <B +CLASS="COMMAND" +>endgrent()</B +> group of system calls. If + the <TT +CLASS="PARAMETER" +><I +>winbind enum groups</I +></TT +> parameter is + false, calls to the <B +CLASS="COMMAND" +>getgrent()</B +> system + call will not return any data. </P +><P +><I +CLASS="EMPHASIS" +>Warning:</I +> Turning off group + enumeration may cause some programs to behave oddly. + </P +><P +>Default: <B +CLASS="COMMAND" +>winbind enum groups = no </B +> + </P +></DD +><DT +>template homedir</DT +><DD +><P +>When filling out the user information + for a Windows NT user, the <B +CLASS="COMMAND" +>winbindd</B +> daemon + uses this parameter to fill in the home directory for that user. + If the string <TT +CLASS="PARAMETER" +><I +>%D</I +></TT +> is present it is + substituted with the user's Windows NT domain name. If the + string <TT +CLASS="PARAMETER" +><I +>%U</I +></TT +> is present it is substituted + with the user's Windows NT user name. </P +><P +>Default: <B +CLASS="COMMAND" +>template homedir = /home/%D/%U </B +> + </P +></DD +><DT +>template shell</DT +><DD +><P +>When filling out the user information for + a Windows NT user, the <B +CLASS="COMMAND" +>winbindd</B +> daemon + uses this parameter to fill in the shell for that user. + </P +><P +>Default: <B +CLASS="COMMAND" +>template shell = /bin/false </B +> + </P +></DD +></DL +></DIV +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN152" +></A +><H2 +>EXAMPLE SETUP</H2 +><P +>To setup winbindd for user and group lookups plus + authentication from a domain controller use something like the + following setup. This was tested on a RedHat 6.2 Linux box. </P +><P +>In <TT +CLASS="FILENAME" +>/etc/nsswitch.conf</TT +> put the + following:</P +><P +><PRE +CLASS="PROGRAMLISTING" +>passwd: files winbind +group: files winbind + </PRE +></P +><P +>In <TT +CLASS="FILENAME" +>/etc/pam.d/*</TT +> replace the + <TT +CLASS="PARAMETER" +><I +>auth</I +></TT +> lines with something like this: </P +><P +><PRE +CLASS="PROGRAMLISTING" +>auth required /lib/security/pam_securetty.so +auth required /lib/security/pam_nologin.so +auth sufficient /lib/security/pam_winbind.so +auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok + </PRE +></P +><P +>Note in particular the use of the <TT +CLASS="PARAMETER" +><I +>sufficient</I +></TT +> + keyword and the <TT +CLASS="PARAMETER" +><I +>use_first_pass</I +></TT +> keyword. </P +><P +>Now replace the account lines with this: </P +><P +><B +CLASS="COMMAND" +>account required /lib/security/pam_winbind.so + </B +></P +><P +>The next step is to join the domain. To do that use the + <B +CLASS="COMMAND" +>samedit</B +> program like this: </P +><P +><B +CLASS="COMMAND" +>samedit -S '*' -W DOMAIN -UAdministrator</B +></P +><P +>The username after the <TT +CLASS="PARAMETER" +><I +>-U</I +></TT +> can be any Domain + user that has administrator priviliges on the machine. Next from + within <B +CLASS="COMMAND" +>samedit</B +>, run the command: </P +><P +><B +CLASS="COMMAND" +>createuser MACHINE$ -j DOMAIN -L</B +></P +><P +>This assumes your domain is called "DOMAIN" and your Samba + workstation is called "MACHINE". </P +><P +>Next copy <TT +CLASS="FILENAME" +>libnss_winbind.so.2</TT +> to + <TT +CLASS="FILENAME" +>/lib</TT +> and <TT +CLASS="FILENAME" +>pam_winbind.so</TT +> + to <TT +CLASS="FILENAME" +>/lib/security</TT +>.</P +><P +>Finally, setup a smb.conf containing directives like the + following: </P +><P +><PRE +CLASS="PROGRAMLISTING" +>[global] + winbind separator = + winbind cache time = 10 template shell = /bin/bash template homedir = /home/%D/%U @@ -248,95 +597,272 @@ is called <code>MACHINE</code>. workgroup = DOMAIN security = domain password server = * - -</pre> - -<p>Now start <strong>winbindd</strong> and you should find that your user and group -database is expanded to include your NT users and groups, and that you -can login to your unix box as a domain user, using the <code>DOMAIN+user</code> -syntax for the username. You may wish to use the commands "getent -passwd" and "getent group" to confirm the correct operation of -<strong>winbindd</strong>. -<p><a name="NOTES"></a> -<h2>NOTES</h2> - -<p>The following notes are useful when configuring and running <strong>winbindd</strong>: -<p><dl> -<p><p></p><dt><strong></strong><dd> -<a href="nmbd.8.html"><strong>nmbd</strong></a> must be running on the local machine for -<strong>winbindd</strong> to work. -<p><p></p><dt><strong></strong><dd> -<strong>winbindd</strong> queries the list of trusted domains for the Windows NT server -on startup and when a SIGHUP is received. Thus, for a running <strong>winbindd</strong> -to become aware of new trust relationships between servers, it must be sent -a SIGHUP signal. -<p><p></p><dt><strong></strong><dd> -Client processes resolving names through the <strong>winbindd</strong> nsswitch module -read an environment variable named <code>WINBINDD_DOMAIN</code>. If this variable -contains a comma separated list of Windows NT domain names, then <strong>winbindd</strong> -will only resolve users and groups within those Windows NT domains. -<p><p></p><dt><strong></strong><dd> -PAM is really easy to misconfigure. Make sure you know what you are doing -when modifying PAM configuration files. It is possible to set up PAM -such that you can no longer log into your system. -<p><p></p><dt><strong></strong><dd> -If more than one UNIX machine is running <strong>winbindd</strong>, then in general the -user and groups ids allocated by <strong>winbindd</strong> will not be the same. The -user and group ids will only be valid for the local machine. -<p><p></p><dt><strong></strong><dd> -If the the Windows NT RID to UNIX user and group id mapping file -is damaged or destroyed then the mappings will be lost. -<p></dl> -<p><a name="SIGNALS"></a> -<h2>SIGNALS</h2> - -<p>The following signals can be used to manipulate the <strong>winbindd</strong> daemon. -<p><dl> -<p><p></p><dt><strong><code>SIGHUP</code></strong><dd> -<p>Reload the <code>smb.conf</code> file and apply any parameter changes to the running -version of <strong>winbindd</strong>. This signal also clears any cached user and group -information. The list of other domains trusted by <strong>winbindd</strong> is also -reloaded. -<p><p></p><dt><strong><code>SIGUSR1</code></strong><dd> -<p>The <code>SIGUSR1</code> signal will cause <strong>winbindd</strong> to write status information -to the winbind log file including information about the number of user and -group ids allocated by <strong>winbindd</strong>. -<p>Log files are stored in the filename specified by the <strong>log file</strong> parameter. -<p></dl> -<p><a name="FILES"></a> -<h2>FILES</h2> - -<p>The following files are relevant to the operation of the <strong>winbindd</strong> -daemon. -<p><dl> -<p><p></p><dt><strong>/etc/nsswitch.conf(5)</strong><dd> -<p>Name service switch configuration file. -<p><p></p><dt><strong>/tmp/.winbindd/pipe</strong><dd> -<p>The UNIX pipe over which clients communicate with the <strong>winbindd</strong> program. -For security reasons, the winbind client will only attempt to connect to the -<strong>winbindd</strong> daemon if both the <code>/tmp/.winbindd</code> directory and -<code>/tmp/.winbindd/pipe</code> file are owned by root. -<p><p></p><dt><strong>/lib/libnss_winbind.so.X</strong><dd> -<p>Implementation of name service switch library. -<p><p></p><dt><strong>$LOCKDIR/winbindd_idmap.tdb</strong><dd> -<p>Storage for the Windows NT rid to UNIX user/group id mapping. The lock -directory is specified when Samba is initially compiled using the -<code>--with-lockdir</code> option. This directory is by default -<code>/usr/local/samba/var/locks</code>. -<p><p></p><dt><strong>$LOCKDIR/winbindd_cache.tdb</strong><dd> -<p>Storage for cached user and group information. -<p></dl> -<p><a name="SEEALSO"></a> -<h2>SEE ALSO</h2> - -<p><a href="samba.7.html"><strong>samba(7)</strong></a>, <a href="smb.conf.5.html"><strong>smb.conf(5)</strong></a>, -<strong>nsswitch.conf(5)</strong>, <a href="wbinfo.1.html"><strong>wbinfo(1)</strong></a> -<p><a name="AUTHOR"></a> -<h2>AUTHOR</h2> - -<p>The original Samba software and related utilities were created by -Andrew Tridgell. Samba is now developed by the Samba Team as an Open -Source project. -<p><strong>winbindd</strong> was written by Tim Potter. -</body> -</html> + </PRE +></P +><P +>Now start winbindd and you should find that your user and + group database is expanded to include your NT users and groups, + and that you can login to your unix box as a domain user, using + the DOMAIN+user syntax for the username. You may wish to use the + commands <B +CLASS="COMMAND" +>getent passwd</B +> and <B +CLASS="COMMAND" +>getent group + </B +> to confirm the correct operation of winbindd.</P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN191" +></A +><H2 +>Notes</H2 +><P +>The following notes are useful when configuring and + running <B +CLASS="COMMAND" +>winbindd</B +>: </P +><P +><B +CLASS="COMMAND" +>nmbd</B +> must be running on the local machine + for <B +CLASS="COMMAND" +>winbindd</B +> to work. <B +CLASS="COMMAND" +>winbindd</B +> + queries the list of trusted domains for the Windows NT server + on startup and when a SIGHUP is received. Thus, for a running <B +CLASS="COMMAND" +> winbindd</B +> to become aware of new trust relationships between + servers, it must be sent a SIGHUP signal. </P +><P +>Client processes resolving names through the <B +CLASS="COMMAND" +>winbindd</B +> + nsswitch module read an environment variable named <TT +CLASS="PARAMETER" +><I +> $WINBINDD_DOMAIN</I +></TT +>. If this variable contains a comma separated + list of Windows NT domain names, then winbindd will only resolve users + and groups within those Windows NT domains. </P +><P +>PAM is really easy to misconfigure. Make sure you know what + you are doing when modifying PAM configuration files. It is possible + to set up PAM such that you can no longer log into your system. </P +><P +>If more than one UNIX machine is running <B +CLASS="COMMAND" +>winbindd</B +>, + then in general the user and groups ids allocated by winbindd will not + be the same. The user and group ids will only be valid for the local + machine.</P +><P +>If the the Windows NT RID to UNIX user and group id mapping + file is damaged or destroyed then the mappings will be lost. </P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN207" +></A +><H2 +>Signals</H2 +><P +>The following signals can be used to manipulate the + <B +CLASS="COMMAND" +>winbindd</B +> daemon. </P +><P +></P +><DIV +CLASS="VARIABLELIST" +><DL +><DT +>SIGHUP</DT +><DD +><P +>Reload the <TT +CLASS="FILENAME" +>smb.conf(5)</TT +> + file and apply any parameter changes to the running + version of winbindd. This signal also clears any cached + user and group information. The list of other domains trusted + by winbindd is also reloaded. </P +></DD +><DT +>SIGUSR1</DT +><DD +><P +>The SIGUSR1 signal will cause <B +CLASS="COMMAND" +> winbindd</B +> to write status information to the winbind + log file including information about the number of user and + group ids allocated by <B +CLASS="COMMAND" +>winbindd</B +>.</P +><P +>Log files are stored in the filename specified by the + log file parameter.</P +></DD +></DL +></DIV +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN224" +></A +><H2 +>Files</H2 +><P +></P +><DIV +CLASS="VARIABLELIST" +><DL +><DT +><TT +CLASS="FILENAME" +>/etc/nsswitch.conf(5)</TT +></DT +><DD +><P +>Name service switch configuration file.</P +></DD +><DT +>/tmp/.winbindd/pipe</DT +><DD +><P +>The UNIX pipe over which clients communicate with + the <B +CLASS="COMMAND" +>winbindd</B +> program. For security reasons, the + winbind client will only attempt to connect to the winbindd daemon + if both the <TT +CLASS="FILENAME" +>/tmp/.winbindd</TT +> directory + and <TT +CLASS="FILENAME" +>/tmp/.winbindd/pipe</TT +> file are owned by + root. </P +></DD +><DT +>/lib/libnss_winbind.so.X</DT +><DD +><P +>Implementation of name service switch library. + </P +></DD +><DT +>$LOCKDIR/winbindd_idmap.tdb</DT +><DD +><P +>Storage for the Windows NT rid to UNIX user/group + id mapping. The lock directory is specified when Samba is initially + compiled using the <TT +CLASS="FILENAME" +>--with-lockdir</TT +> option. + This directory is by default <TT +CLASS="FILENAME" +>/usr/local/samba/var/locks + </TT +>. </P +></DD +><DT +>$LOCKDIR/winbindd_cache.tdb</DT +><DD +><P +>Storage for cached user and group information. + </P +></DD +></DL +></DIV +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN253" +></A +><H2 +>VERSION</H2 +><P +>This man page is correct for version 2.2 of + the Samba suite. winbindd is however not available in + stable release of Samba as of yet.</P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN256" +></A +><H2 +>SEE ALSO</H2 +><P +><TT +CLASS="FILENAME" +>nsswitch.conf(5)</TT +>, + <A +HREF="samba.7.html" +TARGET="_top" +>samba(7)</A +>, + <A +HREF="wbinfo.1.html" +TARGET="_top" +>wbinfo(1)</A +>, + <A +HREF="smb.conf.5.html" +TARGET="_top" +>smb.conf(5)</A +></P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN263" +></A +><H2 +>AUTHOR</H2 +><P +>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</P +><P +><B +CLASS="COMMAND" +>wbinfo</B +> and <B +CLASS="COMMAND" +>winbindd</B +> + were written by Tim Potter.</P +><P +>The conversion to DocBook for Samba 2.2 was done + by Gerald Carter</P +></DIV +></BODY +></HTML +>
\ No newline at end of file |