summaryrefslogtreecommitdiff
path: root/docs/manpages
diff options
context:
space:
mode:
authorTim Potter <tpot@samba.org>2000-06-13 02:15:10 +0000
committerTim Potter <tpot@samba.org>2000-06-13 02:15:10 +0000
commit60785b56e8e637e75d5e94a0aec021ce40177834 (patch)
tree779e22cd057546d6ab3abb75227afd5fbf785c53 /docs/manpages
parentc8de9b8fe14fe1e6e85652d543615dc187949a1a (diff)
downloadsamba-60785b56e8e637e75d5e94a0aec021ce40177834.tar.gz
samba-60785b56e8e637e75d5e94a0aec021ce40177834.tar.bz2
samba-60785b56e8e637e75d5e94a0aec021ce40177834.zip
Created manpage for wbinfo program.
Misc documentation updates for winbindd manpage. (This used to be commit 1f225fddd93d8569d9836310e2f0a56be7f4250e)
Diffstat (limited to 'docs/manpages')
-rw-r--r--docs/manpages/wbinfo.1101
-rw-r--r--docs/manpages/winbindd.888
2 files changed, 157 insertions, 32 deletions
diff --git a/docs/manpages/wbinfo.1 b/docs/manpages/wbinfo.1
new file mode 100644
index 0000000000..3b78cac9ab
--- /dev/null
+++ b/docs/manpages/wbinfo.1
@@ -0,0 +1,101 @@
+.TH "wbinfo " "1" "13 Jun 2000" "Samba" "SAMBA"
+.PP
+.SH "NAME"
+wbinfo \- Query information from winbind daemon
+.PP
+.SH "SYNOPSIS"
+.PP
+\fBwbinfo\fP -u [-g] [-n name]
+[-s sid] [-U uid] [-G gid]
+[-S sid] [-Y sid]
+.PP
+.SH "DESCRIPTION"
+.PP
+This program is part of the \fBSamba\fP suite version 3\&.0 and describes
+functionality not yet implemented in the main version of Samba\&.
+.PP
+The \fBwbinfo\fP program queries and returns information created and used by
+the \fBwinbindd(8)\fP daemon\&.
+.PP
+The \fBwinbindd(8)\fP daemon must be configured and
+running for the \fBwbinfo\fP program to be able to return information\&.
+.PP
+.SH "OPTIONS"
+.PP
+The following options are available to the \fBwbinfo\fP program:
+.PP
+.IP
+.IP "\fB-u\fP"
+.IP
+This option will list all users available in the Windows NT domain for
+which the \fBwinbindd(8)\fP daemon is operating in\&.
+Users in all trusted domains will also be listed\&. Note that this operation
+does not assign user ids to any users that have not already been seen by
+\fBwinbindd(8)\fP\&.
+.IP
+.IP "\fB-g\fP"
+.IP
+This option will list all groups available in the Windows NT domain for
+which the \fBwinbindd(8)\fP daemon is operating in\&.
+Groups in all trusted domains will also be listed\&. Note that this
+operation does not assign group ids to any groups that have not already
+been seen by \fBwinbindd(8)\fP\&.
+.IP
+.IP "\fB-n name\fP"
+.IP
+The \fB-n\fP option queries \fBwinbindd(8)\fP for the SID
+associated with the name specified\&. Domain names can be specified before
+the user name by using the winbind separator character\&. For example
+\f(CWDOM1/Administrator\fP refers to the \f(CWAdministrator\fP user in the domain
+\f(CWDOM1\fP\&. If no domain is specified then the domain used is the one
+specified in the \fBsmb\&.conf\fP \fBworkgroup\fP parameter\&.
+.IP
+.IP "\fB-s sid\fP"
+.IP
+Use \fB-s\fP to resolve a SID to a name\&. This is the inverse of the \fB-n\fP
+option above\&. SIDs must be specified as ASCII strings in the traditional
+Microsoft format\&. For example
+\f(CWS-1-5-21-1455342024-3071081365-2475485837-500\fP\&.
+.IP
+.IP "\fB-U uid\fP"
+.IP
+Try to convert a UNIX user id to a Windows NT SID\&. If the uid specified
+does not refer to one within the \fBwinbind uid range\fP then the operation
+will fail\&.
+.IP
+.IP "\fB-G gid\fP"
+.IP
+Try to convert a UNIX group id to a Windows NT SID\&. If the gid specified
+does not refer to one within the \fBwinbind gid range\fP then the operation
+will fail\&.
+.IP
+.IP "\fB-S sid\fP"
+.IP
+Convert a SID to a UNIX user id\&. If the SID does not correspond to a UNIX
+user mapped by \fBwinbindd(8)\fP then the operation
+will fail\&.
+.IP
+.IP "\fB-Y sid\fP"
+.IP
+Convert a SID to a UNIX group id\&. If the SID does not correspond to a UNIX
+group mapped by \fBwinbindd(8)\fP then the operation
+will fail\&.
+.IP
+.PP
+.SH "EXIT STATUS"
+.PP
+The \fBwbinfo\fP program returns 0 if the operation succeeded, or 1 if
+the operation failed\&. If the \fBwinbindd(8)\fP daemon
+is not working \fBwbinfo\fP will always return failure\&.
+.PP
+.SH "SEE ALSO"
+.PP
+\fBwinbindd(8)\fP
+.PP
+.SH "AUTHOR"
+.PP
+The original Samba software and related utilities were created by
+Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open
+Source project\&.
+.PP
+\fBwbinfo\fP was written by Tim Potter\&.
diff --git a/docs/manpages/winbindd.8 b/docs/manpages/winbindd.8
index a54f01f781..5af9ca5f90 100644
--- a/docs/manpages/winbindd.8
+++ b/docs/manpages/winbindd.8
@@ -1,4 +1,4 @@
-.TH "winbindd " "1" "8 May 2000" "Samba" "SAMBA"
+.TH "winbindd " "8" "13 Jun 2000" "Samba" "SAMBA"
.PP
.SH "NAME"
winbindd \- Name Service Switch daemon for resolving names from NT servers
@@ -114,6 +114,9 @@ separator) or a + character\&. The + character appears to be the best
choice for 100% compatibility with existing unix utilities, but may be
an aesthetically bad choice depending on your taste\&.
.IP
+\fBDefault:\fP
+\f(CW winbind separator = \e\fP
+.IP
\fBExample:\fP
\f(CW winbind separator = +\fP
.IP
@@ -133,9 +136,9 @@ conflicts can occur otherwise\&.
.IP "winbind gid"
.IP
The winbind gid parameter specifies the range of group ids that are
-allocated by the \fBwinbindd\fP daemon\&. This range of
-group ids should have no existing local or nis groups within it as strange
-conflicts can occur otherwise\&.
+allocated by the \fBwinbindd\fP daemon\&. This range of group ids should have
+no existing local or nis groups within it as strange conflicts can occur
+otherwise\&.
.IP
\fBDefault:\fP
\f(CW winbind gid = <empty string>\fP
@@ -145,14 +148,13 @@ conflicts can occur otherwise\&.
.IP
.IP "winbind cache time"
.IP
-This parameter specifies the number of seconds the
-\fBwinbindd\fP daemon will cache user and group
-information before querying a Windows NT server again\&. When a item in
-the cache is older than this time winbindd will ask the domain
-controller for the sequence number of the servers account database\&. If
-the sequence number has not changed then the cached item is marked as
-valid for a further "winbind cache time" seconds\&. Otherwise the item
-is fetched from the server\&. This means that as long as the account
+This parameter specifies the number of seconds the \fBwinbindd\fP daemon will
+cache user and group information before querying a Windows NT server
+again\&. When a item in the cache is older than this time winbindd will ask
+the domain controller for the sequence number of the servers account
+database\&. If the sequence number has not changed then the cached item is
+marked as valid for a further "winbind cache time" seconds\&. Otherwise the
+item is fetched from the server\&. This means that as long as the account
database is not actively changing winbindd will only have to send one
sequence number query packet every "winbind cache time" seconds\&.
.IP
@@ -162,10 +164,10 @@ sequence number query packet every "winbind cache time" seconds\&.
.IP "template homedir"
.IP
When filling out the user information for a Windows NT user, the
-\fBwinbindd\fP daemon uses this parameter to fill in
-the home directory for that user\&. If the string \f(CW%D\fP is present it is
-substituted with the user\'s Windows NT domain name\&. If the string \f(CW%U\fP
-is present it is substituted with the user\'s Windows NT user name\&.
+\fBwinbindd\fP daemon uses this parameter to fill in the home directory for
+that user\&. If the string \f(CW%D\fP is present it is substituted with the
+user\'s Windows NT domain name\&. If the string \f(CW%U\fP is present it is
+substituted with the user\'s Windows NT user name\&.
.IP
\fBDefault:\fP
\f(CW template homedir = /home/%D/%U\fP
@@ -173,8 +175,7 @@ is present it is substituted with the user\'s Windows NT user name\&.
.IP "template shell"
.IP
When filling out the user information for a Windows NT user, the
-\fBwinbindd\fP daemon uses this parameter to fill in
-the shell for that user\&.
+\fBwinbindd\fP daemon uses this parameter to fill in the shell for that user\&.
.IP
\fBDefault:\fP
\f(CW template shell = /bin/false\fP
@@ -282,27 +283,52 @@ syntax for the username\&. You may wish to use the commands "getent
passwd" and "getent group" to confirm the correct operation of
winbindd\&.
.PP
-NOTE: \fBnmbd\fP must be running on the local machine for
+.SH "NOTES"
+.PP
+The following notes are useful when configuring and running \fBwinbindd\fP:
+.PP
+.IP
+.IP ""
+\fBnmbd\fP must be running on the local machine for
\fBwinbindd\fP to work\&.
+.IP
+.IP ""
+Client processes resolving names through the \fBwinbindd\fP nsswitch module
+read an environment variable named \f(CWWINBINDD_DOMAIN\fP\&. If this variable
+contains a comma separated list of Windows NT domain names, then winbindd
+will only resolve users and groups within those Windows NT domains\&.
+.IP
+.IP ""
+PAM is really easy to misconfigure\&. Make sure you know what you are doing
+when modifying PAM configuration files\&. It is possible to set up PAM
+such that you can no longer log into your system\&.
+.IP
+.IP ""
+If more than one UNIX machine is running \fBwinbindd\fP, then in general the
+user and groups ids allocated by \fBwinbindd\fP will not be the same\&. The
+user and group ids will only be valid for the local machine\&.
+.IP
+.IP ""
+If the the Windows NT RID to UNIX user and group id mapping file
+is damaged or destroyed then the mappings will be lost\&.
+.IP
.PP
.SH "SIGNALS"
.PP
-The following signals can be used to manipulate the
-\fBwinbindd\fP daemon\&.
+The following signals can be used to manipulate the \fBwinbindd\fP daemon\&.
.PP
.IP
.IP "\f(CWSIGHUP\fP"
.IP
Reload the \f(CWsmb\&.conf\fP file and apply any parameter changes to the running
-version of \fBwinbindd\fP\&. This signal also clears any
-cached user and group information\&.
+version of \fBwinbindd\fP\&. This signal also clears any cached user and group
+information\&.
.IP
.IP "\f(CWSIGUSR1\fP"
.IP
-The \f(CWSIGUSR1\fP signal will cause \fBwinbindd\fP to
-write status information to the winbind log file including information
-about the number of user and group ids allocated by
-\fBwinbindd\fP\&.
+The \f(CWSIGUSR1\fP signal will cause \fBwinbindd\fP to write status information
+to the winbind log file including information about the number of user and
+group ids allocated by \fBwinbindd\fP\&.
.IP
Log files are stored in the filename specified by the \fBlog file\fP parameter\&.
.IP
@@ -330,10 +356,8 @@ Implementation of name service switch library\&.
.IP
.IP "$LOCKDIR/winbindd_idmap\&.tdb"
.IP
-Storage for the Windows NT rid to UNIX user/group id mapping\&. If this file
-is damaged or destroyed then the mappings will be lost\&.
-.IP
-The lock directory is specified when Samba is initially compiled using the
+Storage for the Windows NT rid to UNIX user/group id mapping\&. The lock
+directory is specified when Samba is initially compiled using the
\f(CW--with-lockdir\fP option\&. This directory is by default
\f(CW/usr/local/samba/var/locks\fP\&.
.IP
@@ -353,4 +377,4 @@ The original Samba software and related utilities were created by
Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open
Source project\&.
.PP
-Winbindd was written by Tim Potter\&.
+\fBwinbindd\fP was written by Tim Potter\&.