summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--docs/htmldocs/wbinfo.1.html13
-rw-r--r--docs/htmldocs/winbindd.8.html26
-rw-r--r--docs/manpages/wbinfo.115
-rw-r--r--docs/manpages/winbindd.827
-rw-r--r--docs/yodldocs/wbinfo.1.yo17
-rw-r--r--docs/yodldocs/winbindd.8.yo27
6 files changed, 92 insertions, 33 deletions
diff --git a/docs/htmldocs/wbinfo.1.html b/docs/htmldocs/wbinfo.1.html
index ba60d8f1e9..5a71611c63 100644
--- a/docs/htmldocs/wbinfo.1.html
+++ b/docs/htmldocs/wbinfo.1.html
@@ -25,7 +25,8 @@
<p><strong>wbinfo</strong> <a href="wbinfo.1.html#minusu">-u</a> [<a href="wbinfo.1.html#minusg">-g</a>] [<a href="wbinfo.1.html#minusn">-n name</a>]
[<a href="wbinfo.1.html#minuss">-s sid</a>] [<a href="wbinfo.1.html#minusU">-U uid</a>] [<a href="wbinfo.1.html#minusG">-G gid</a>]
-[<a href="wbinfo.1.html#minusS">-S sid</a>] [<a href="wbinfo.1.html#minusY">-Y sid</a>]
+[<a href="wbinfo.1.html#minusS">-S sid</a>] [<a href="wbinfo.1.html#minusY">-Y sid</a>] [<a href="wbinfo.1.html#minust">-t</a>]
+[<a href="wbinfo.1.html#minusm">-m</a>]
<p><a name="DESCRIPTION"></a>
<h2>DESCRIPTION</h2>
@@ -88,6 +89,16 @@ will fail.
<p>Convert a SID to a UNIX group id. If the SID does not correspond to a UNIX
group mapped by <a href="winbindd.8.html"><strong>winbindd(8)</strong></a> then the operation
will fail.
+<p><a name="minust"></a>
+<p></p><dt><strong><strong>-t</strong></strong><dd>
+<p>Verify that the workstation trust account created when the Samba server is
+added to the Windows NT domain is working.
+<p><a name="minusm"></a>
+<p></p><dt><strong><strong>-m</strong></strong><dd>
+<p>Produce a list of domains trusted by the Windows NT server
+<a href="winbindd.8.html"><strong>winbindd(8)</strong></a> contacts when resolving names. This
+list does not include the Windows NT domain the server is a Primary Domain
+Controller for.
<p></dl>
<p><a name="EXITSTATUS"></a>
<h2>EXIT STATUS</h2>
diff --git a/docs/htmldocs/winbindd.8.html b/docs/htmldocs/winbindd.8.html
index 9862d8f9d5..d9e8017daa 100644
--- a/docs/htmldocs/winbindd.8.html
+++ b/docs/htmldocs/winbindd.8.html
@@ -73,8 +73,8 @@ and 100 is for reams and reams. To submit a bug report to the Samba Team,
use debug level 100 (see <strong>BUGS.txt</strong>).
<p><a name="minusi"></a>
<p></p><dt><strong><strong>-i</strong></strong><dd>
-Tells winbindd to not become a daemon and detach from the current terminal.
-This option is used by developers when interactive debugging of winbindd is
+Tells <strong>winbindd</strong> to not become a daemon and detach from the current terminal.
+This option is used by developers when interactive debugging of <strong>winbindd</strong> is
required.
<p></dl>
<p><a name="NAMEANDIDRESOLUTION"></a>
@@ -140,12 +140,12 @@ otherwise.
<p><p></p><dt><strong>winbind cache time</strong><dd>
<p>This parameter specifies the number of seconds the <strong>winbindd</strong> daemon will
cache user and group information before querying a Windows NT server
-again. When a item in the cache is older than this time winbindd will ask
+again. When a item in the cache is older than this time <strong>winbindd</strong> will ask
the domain controller for the sequence number of the servers account
database. If the sequence number has not changed then the cached item is
marked as valid for a further "winbind cache time" seconds. Otherwise the
item is fetched from the server. This means that as long as the account
-database is not actively changing winbindd will only have to send one
+database is not actively changing <strong>winbindd</strong> will only have to send one
sequence number query packet every "winbind cache time" seconds.
<p><strong>Default:</strong>
<code> winbind cache time = 15</code>
@@ -166,7 +166,7 @@ substituted with the user's Windows NT user name.
<p><a name="EXAMPLESETUP"></a>
<h2>EXAMPLE SETUP</h2>
-<p>To setup winbindd for user and group lookups plus authentication from
+<p>To setup <strong>winbindd</strong> for user and group lookups plus authentication from
a domain controller use something like the following setup. This was
tested on a RedHat 6.2 Linux box.
<p>In <code>/etc/nsswitch.conf</code> put the following:
@@ -231,12 +231,12 @@ is called <code>MACHINE</code>.
</pre>
-<p>Now start winbindd and you should find that your user and group
+<p>Now start <strong>winbindd</strong> and you should find that your user and group
database is expanded to include your NT users and groups, and that you
can login to your unix box as a domain user, using the <code>DOMAIN+user</code>
syntax for the username. You may wish to use the commands "getent
passwd" and "getent group" to confirm the correct operation of
-winbindd.
+<strong>winbindd</strong>.
<p><a name="NOTES"></a>
<h2>NOTES</h2>
@@ -245,10 +245,15 @@ winbindd.
<p><p></p><dt><strong></strong><dd>
<a href="nmbd.8.html"><strong>nmbd</strong></a> must be running on the local machine for
<strong>winbindd</strong> to work.
+<p><p></p><dt><strong></strong><dd>
+<strong>winbindd</strong> queries the list of trusted domains for the Windows NT server
+on startup and when a SIGHUP is received. Thus, for a running <strong>winbindd</strong>
+to become aware of new trust relationships between servers, it must be sent
+a SIGHUP signal.
<p><p></p><dt><strong></strong><dd>
Client processes resolving names through the <strong>winbindd</strong> nsswitch module
read an environment variable named <code>WINBINDD_DOMAIN</code>. If this variable
-contains a comma separated list of Windows NT domain names, then winbindd
+contains a comma separated list of Windows NT domain names, then <strong>winbindd</strong>
will only resolve users and groups within those Windows NT domains.
<p><p></p><dt><strong></strong><dd>
PAM is really easy to misconfigure. Make sure you know what you are doing
@@ -270,7 +275,8 @@ is damaged or destroyed then the mappings will be lost.
<p><p></p><dt><strong><code>SIGHUP</code></strong><dd>
<p>Reload the <code>smb.conf</code> file and apply any parameter changes to the running
version of <strong>winbindd</strong>. This signal also clears any cached user and group
-information.
+information. The list of other domains trusted by <strong>winbindd</strong> is also
+reloaded.
<p><p></p><dt><strong><code>SIGUSR1</code></strong><dd>
<p>The <code>SIGUSR1</code> signal will cause <strong>winbindd</strong> to write status information
to the winbind log file including information about the number of user and
@@ -304,7 +310,7 @@ directory is specified when Samba is initially compiled using the
<h2>SEE ALSO</h2>
<p><a href="samba.7.html"><strong>samba(7)</strong></a>, <a href="smb.conf.5.html"><strong>smb.conf(5)</strong></a>,
-<strong>nsswitch.conf(5)</strong>
+<strong>nsswitch.conf(5)</strong>, <a href="wbinfo.1.html"><strong>wbinfo(1)</strong></a>
<p><a name="AUTHOR"></a>
<h2>AUTHOR</h2>
diff --git a/docs/manpages/wbinfo.1 b/docs/manpages/wbinfo.1
index 3b78cac9ab..273678e47f 100644
--- a/docs/manpages/wbinfo.1
+++ b/docs/manpages/wbinfo.1
@@ -7,7 +7,8 @@ wbinfo \- Query information from winbind daemon
.PP
\fBwbinfo\fP -u [-g] [-n name]
[-s sid] [-U uid] [-G gid]
-[-S sid] [-Y sid]
+[-S sid] [-Y sid] [-t]
+[-m]
.PP
.SH "DESCRIPTION"
.PP
@@ -81,6 +82,18 @@ Convert a SID to a UNIX group id\&. If the SID does not correspond to a UNIX
group mapped by \fBwinbindd(8)\fP then the operation
will fail\&.
.IP
+.IP "\fB-t\fP"
+.IP
+Verify that the workstation trust account created when the Samba server is
+added to the Windows NT domain is working\&.
+.IP
+.IP "\fB-m\fP"
+.IP
+Produce a list of domains trusted by the Windows NT server
+\fBwinbindd(8)\fP contacts when resolving names\&. This
+list does not include the Windows NT domain the server is a Primary Domain
+Controller for\&.
+.IP
.PP
.SH "EXIT STATUS"
.PP
diff --git a/docs/manpages/winbindd.8 b/docs/manpages/winbindd.8
index 5af9ca5f90..c2c890d0b8 100644
--- a/docs/manpages/winbindd.8
+++ b/docs/manpages/winbindd.8
@@ -67,8 +67,8 @@ and 100 is for reams and reams\&. To submit a bug report to the Samba Team,
use debug level 100 (see \fBBUGS\&.txt\fP)\&.
.IP
.IP "\fB-i\fP"
-Tells winbindd to not become a daemon and detach from the current terminal\&.
-This option is used by developers when interactive debugging of winbindd is
+Tells \fBwinbindd\fP to not become a daemon and detach from the current terminal\&.
+This option is used by developers when interactive debugging of \fBwinbindd\fP is
required\&.
.IP
.PP
@@ -150,12 +150,12 @@ otherwise\&.
.IP
This parameter specifies the number of seconds the \fBwinbindd\fP daemon will
cache user and group information before querying a Windows NT server
-again\&. When a item in the cache is older than this time winbindd will ask
+again\&. When a item in the cache is older than this time \fBwinbindd\fP will ask
the domain controller for the sequence number of the servers account
database\&. If the sequence number has not changed then the cached item is
marked as valid for a further "winbind cache time" seconds\&. Otherwise the
item is fetched from the server\&. This means that as long as the account
-database is not actively changing winbindd will only have to send one
+database is not actively changing \fBwinbindd\fP will only have to send one
sequence number query packet every "winbind cache time" seconds\&.
.IP
\fBDefault:\fP
@@ -183,7 +183,7 @@ When filling out the user information for a Windows NT user, the
.PP
.SH "EXAMPLE SETUP"
.PP
-To setup winbindd for user and group lookups plus authentication from
+To setup \fBwinbindd\fP for user and group lookups plus authentication from
a domain controller use something like the following setup\&. This was
tested on a RedHat 6\&.2 Linux box\&.
.PP
@@ -276,12 +276,12 @@ Finally, setup a smb\&.conf containing directives like the following:
.PP
-Now start winbindd and you should find that your user and group
+Now start \fBwinbindd\fP and you should find that your user and group
database is expanded to include your NT users and groups, and that you
can login to your unix box as a domain user, using the \f(CWDOMAIN+user\fP
syntax for the username\&. You may wish to use the commands "getent
passwd" and "getent group" to confirm the correct operation of
-winbindd\&.
+\fBwinbindd\fP\&.
.PP
.SH "NOTES"
.PP
@@ -293,9 +293,15 @@ The following notes are useful when configuring and running \fBwinbindd\fP:
\fBwinbindd\fP to work\&.
.IP
.IP ""
+\fBwinbindd\fP queries the list of trusted domains for the Windows NT server
+on startup and when a SIGHUP is received\&. Thus, for a running \fBwinbindd\fP
+to become aware of new trust relationships between servers, it must be sent
+a SIGHUP signal\&.
+.IP
+.IP ""
Client processes resolving names through the \fBwinbindd\fP nsswitch module
read an environment variable named \f(CWWINBINDD_DOMAIN\fP\&. If this variable
-contains a comma separated list of Windows NT domain names, then winbindd
+contains a comma separated list of Windows NT domain names, then \fBwinbindd\fP
will only resolve users and groups within those Windows NT domains\&.
.IP
.IP ""
@@ -322,7 +328,8 @@ The following signals can be used to manipulate the \fBwinbindd\fP daemon\&.
.IP
Reload the \f(CWsmb\&.conf\fP file and apply any parameter changes to the running
version of \fBwinbindd\fP\&. This signal also clears any cached user and group
-information\&.
+information\&. The list of other domains trusted by \fBwinbindd\fP is also
+reloaded\&.
.IP
.IP "\f(CWSIGUSR1\fP"
.IP
@@ -369,7 +376,7 @@ Storage for cached user and group information\&.
.SH "SEE ALSO"
.PP
\fBsamba(7)\fP, \fBsmb\&.conf(5)\fP,
-\fBnsswitch\&.conf(5)\fP
+\fBnsswitch\&.conf(5)\fP, \fBwbinfo(1)\fP
.PP
.SH "AUTHOR"
.PP
diff --git a/docs/yodldocs/wbinfo.1.yo b/docs/yodldocs/wbinfo.1.yo
index a01d420ef3..159d2e8c7b 100644
--- a/docs/yodldocs/wbinfo.1.yo
+++ b/docs/yodldocs/wbinfo.1.yo
@@ -9,7 +9,8 @@ manpagesynopsis()
bf(wbinfo) link(-u)(minusu) [link(-g)(minusg)] [link(-n name)(minusn)]
[link(-s sid)(minuss)] [link(-U uid)(minusU)] [link(-G gid)(minusG)]
-[link(-S sid)(minusS)] [link(-Y sid)(minusY)]
+[link(-S sid)(minusS)] [link(-Y sid)(minusY)] [link(-t)(minust)]
+[link(-m)(minusm)]
label(DESCRIPTION)
manpagedescription()
@@ -94,6 +95,20 @@ Convert a SID to a UNIX group id. If the SID does not correspond to a UNIX
group mapped by url(bf(winbindd(8)))(winbindd.8.html) then the operation
will fail.
+label(minust)
+dit(bf(-t))
+
+Verify that the workstation trust account created when the Samba server is
+added to the Windows NT domain is working.
+
+label(minusm)
+dit(bf(-m))
+
+Produce a list of domains trusted by the Windows NT server
+url(bf(winbindd(8)))(winbindd.8.html) contacts when resolving names. This
+list does not include the Windows NT domain the server is a Primary Domain
+Controller for.
+
enddit()
label(EXIT STATUS)
diff --git a/docs/yodldocs/winbindd.8.yo b/docs/yodldocs/winbindd.8.yo
index 0a0da9f2d6..41f566b4d2 100644
--- a/docs/yodldocs/winbindd.8.yo
+++ b/docs/yodldocs/winbindd.8.yo
@@ -70,8 +70,8 @@ use debug level 100 (see bf(BUGS.txt)).
label(minusi)
dit(bf(-i))
-Tells winbindd to not become a daemon and detach from the current terminal.
-This option is used by developers when interactive debugging of winbindd is
+Tells bf(winbindd) to not become a daemon and detach from the current terminal.
+This option is used by developers when interactive debugging of bf(winbindd) is
required.
enddit()
@@ -157,12 +157,12 @@ dit(winbind cache time)
This parameter specifies the number of seconds the bf(winbindd) daemon will
cache user and group information before querying a Windows NT server
-again. When a item in the cache is older than this time winbindd will ask
+again. When a item in the cache is older than this time bf(winbindd) will ask
the domain controller for the sequence number of the servers account
database. If the sequence number has not changed then the cached item is
marked as valid for a further "winbind cache time" seconds. Otherwise the
item is fetched from the server. This means that as long as the account
-database is not actively changing winbindd will only have to send one
+database is not actively changing bf(winbindd) will only have to send one
sequence number query packet every "winbind cache time" seconds.
bf(Default:)
@@ -193,7 +193,7 @@ enddit()
label(EXAMPLESETUP)
manpagesection(EXAMPLE SETUP)
-To setup winbindd for user and group lookups plus authentication from
+To setup bf(winbindd) for user and group lookups plus authentication from
a domain controller use something like the following setup. This was
tested on a RedHat 6.2 Linux box.
@@ -250,12 +250,12 @@ verb(
password server = *
)
-Now start winbindd and you should find that your user and group
+Now start bf(winbindd) and you should find that your user and group
database is expanded to include your NT users and groups, and that you
can login to your unix box as a domain user, using the tt(DOMAIN+user)
syntax for the username. You may wish to use the commands "getent
passwd" and "getent group" to confirm the correct operation of
-winbindd.
+bf(winbindd).
label(NOTES)
manpagesection(NOTES)
@@ -268,10 +268,16 @@ dit()
url(bf(nmbd))(nmbd.8.html) must be running on the local machine for
bf(winbindd) to work.
+dit()
+bf(winbindd) queries the list of trusted domains for the Windows NT server
+on startup and when a SIGHUP is received. Thus, for a running bf(winbindd)
+to become aware of new trust relationships between servers, it must be sent
+a SIGHUP signal.
+
dit()
Client processes resolving names through the bf(winbindd) nsswitch module
read an environment variable named tt(WINBINDD_DOMAIN). If this variable
-contains a comma separated list of Windows NT domain names, then winbindd
+contains a comma separated list of Windows NT domain names, then bf(winbindd)
will only resolve users and groups within those Windows NT domains.
dit()
@@ -301,7 +307,8 @@ dit(tt(SIGHUP))
Reload the tt(smb.conf) file and apply any parameter changes to the running
version of bf(winbindd). This signal also clears any cached user and group
-information.
+information. The list of other domains trusted by bf(winbindd) is also
+reloaded.
dit(tt(SIGUSR1))
@@ -353,7 +360,7 @@ label(SEEALSO)
manpageseealso()
url(bf(samba(7)))(samba.7.html), url(bf(smb.conf(5)))(smb.conf.5.html),
-bf(nsswitch.conf(5))
+bf(nsswitch.conf(5)), url(bf(wbinfo(1)))(wbinfo.1.html)
label(AUTHOR)
manpageauthor()
generated by cgit (git 2.34.1) at 2024-07-12 19:30:48 +0000