diff options
Diffstat (limited to 'docs/htmldocs/winbind.html')
| -rw-r--r-- | docs/htmldocs/winbind.html | 119 |
1 files changed, 31 insertions, 88 deletions
diff --git a/docs/htmldocs/winbind.html b/docs/htmldocs/winbind.html index df5a59f771..1558512a61 100644 --- a/docs/htmldocs/winbind.html +++ b/docs/htmldocs/winbind.html @@ -5,7 +5,8 @@ >Unified Logons between Windows NT and UNIX using Winbind</TITLE ><META NAME="GENERATOR" -CONTENT="Modular DocBook HTML Stylesheet Version 1.77"><LINK +CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ +"><LINK REL="HOME" TITLE="SAMBA Project Documentation" HREF="samba-howto-collection.html"><LINK @@ -72,17 +73,13 @@ WIDTH="100%"></DIV CLASS="CHAPTER" ><H1 ><A -NAME="WINBIND" -></A ->Chapter 16. Unified Logons between Windows NT and UNIX using Winbind</H1 +NAME="WINBIND">Chapter 15. Unified Logons between Windows NT and UNIX using Winbind</H1 ><DIV CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN2238" -></A ->16.1. Abstract</H1 +NAME="AEN2225">15.1. Abstract</H1 ><P >Integration of UNIX and Microsoft Windows NT through a unified logon has been considered a "holy grail" in heterogeneous @@ -107,9 +104,7 @@ CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN2242" -></A ->16.2. Introduction</H1 +NAME="AEN2229">15.2. Introduction</H1 ><P >It is well known that UNIX and Microsoft Windows NT have different models for representing user and group information and @@ -161,9 +156,7 @@ CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN2255" -></A ->16.3. What Winbind Provides</H1 +NAME="AEN2242">15.3. What Winbind Provides</H1 ><P >Winbind unifies UNIX and Windows NT account management by allowing a UNIX box to become a full member of a NT domain. Once @@ -203,9 +196,7 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN2262" -></A ->16.3.1. Target Uses</H2 +NAME="AEN2249">15.3.1. Target Uses</H2 ><P >Winbind is targeted at organizations that have an existing NT based domain infrastructure into which they wish @@ -227,9 +218,7 @@ CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN2266" -></A ->16.4. How Winbind Works</H1 +NAME="AEN2253">15.4. How Winbind Works</H1 ><P >The winbind system is designed around a client/server architecture. A long running <B @@ -247,9 +236,7 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN2271" -></A ->16.4.1. Microsoft Remote Procedure Calls</H2 +NAME="AEN2258">15.4.1. Microsoft Remote Procedure Calls</H2 ><P >Over the last two years, efforts have been underway by various Samba Team members to decode various aspects of @@ -273,9 +260,7 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN2275" -></A ->16.4.2. Name Service Switch</H2 +NAME="AEN2262">15.4.2. Name Service Switch</H2 ><P >The Name Service Switch, or NSS, is a feature that is present in many UNIX operating systems. It allows system @@ -353,9 +338,7 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN2291" -></A ->16.4.3. Pluggable Authentication Modules</H2 +NAME="AEN2278">15.4.3. Pluggable Authentication Modules</H2 ><P >Pluggable Authentication Modules, also known as PAM, is a system for abstracting authentication and authorization @@ -402,9 +385,7 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN2299" -></A ->16.4.4. User and Group ID Allocation</H2 +NAME="AEN2286">15.4.4. User and Group ID Allocation</H2 ><P >When a user or group is created under Windows NT is it allocated a numerical relative identifier (RID). This is @@ -428,9 +409,7 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN2303" -></A ->16.4.5. Result Caching</H2 +NAME="AEN2290">15.4.5. Result Caching</H2 ><P >An active system can generate a lot of user and group name lookups. To reduce the network cost of these lookups winbind @@ -451,9 +430,7 @@ CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN2306" -></A ->16.5. Installation and Configuration</H1 +NAME="AEN2293">15.5. Installation and Configuration</H1 ><P >Many thanks to John Trostel <A HREF="mailto:jtrostel@snapserver.com" @@ -478,9 +455,7 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN2313" -></A ->16.5.1. Introduction</H2 +NAME="AEN2300">15.5.1. Introduction</H2 ><P >This HOWTO describes the procedures used to get winbind up and running on my RedHat 7.1 system. Winbind is capable of providing access @@ -537,9 +512,7 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN2326" -></A ->16.5.2. Requirements</H2 +NAME="AEN2313">15.5.2. Requirements</H2 ><P >If you have a samba configuration file that you are currently using... <SPAN @@ -607,9 +580,7 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN2340" -></A ->16.5.3. Testing Things Out</H2 +NAME="AEN2327">15.5.3. Testing Things Out</H2 ><P >Before starting, it is probably best to kill off all the SAMBA related daemons running on your server. Kill off all <B @@ -652,9 +623,7 @@ CLASS="SECT3" ><H3 CLASS="SECT3" ><A -NAME="AEN2351" -></A ->16.5.3.1. Configure and compile SAMBA</H3 +NAME="AEN2338">15.5.3.1. Configure and compile SAMBA</H3 ><P >The configuration and compilation of SAMBA is pretty straightforward. The first three steps may not be necessary depending upon @@ -718,9 +687,7 @@ CLASS="SECT3" ><H3 CLASS="SECT3" ><A -NAME="AEN2370" -></A ->16.5.3.2. Configure <TT +NAME="AEN2357">15.5.3.2. Configure <TT CLASS="FILENAME" >nsswitch.conf</TT > and the @@ -823,9 +790,7 @@ CLASS="SECT3" ><H3 CLASS="SECT3" ><A -NAME="AEN2403" -></A ->16.5.3.3. Configure smb.conf</H3 +NAME="AEN2390">15.5.3.3. Configure smb.conf</H3 ><P >Several parameters are needed in the smb.conf file to control the behavior of <B @@ -898,9 +863,7 @@ CLASS="SECT3" ><H3 CLASS="SECT3" ><A -NAME="AEN2419" -></A ->16.5.3.4. Join the SAMBA server to the PDC domain</H3 +NAME="AEN2406">15.5.3.4. Join the SAMBA server to the PDC domain</H3 ><P >Enter the following command to make the SAMBA server join the PDC domain, where <TT @@ -944,9 +907,7 @@ CLASS="SECT3" ><H3 CLASS="SECT3" ><A -NAME="AEN2430" -></A ->16.5.3.5. Start up the winbindd daemon and test it!</H3 +NAME="AEN2417">15.5.3.5. Start up the winbindd daemon and test it!</H3 ><P >Eventually, you will want to modify your smb startup script to automatically invoke the winbindd daemon when the other parts of @@ -1067,17 +1028,13 @@ CLASS="SECT3" ><H3 CLASS="SECT3" ><A -NAME="AEN2466" -></A ->16.5.3.6. Fix the init.d startup scripts</H3 +NAME="AEN2453">15.5.3.6. Fix the init.d startup scripts</H3 ><DIV CLASS="SECT4" ><H4 CLASS="SECT4" ><A -NAME="AEN2468" -></A ->16.5.3.6.1. Linux</H4 +NAME="AEN2455">15.5.3.6.1. Linux</H4 ><P >The <B CLASS="COMMAND" @@ -1171,9 +1128,7 @@ CLASS="SECT4" ><H4 CLASS="SECT4" ><A -NAME="AEN2485" -></A ->16.5.3.6.2. Solaris</H4 +NAME="AEN2472">15.5.3.6.2. Solaris</H4 ><P >On solaris, you need to modify the <TT @@ -1242,9 +1197,7 @@ CLASS="SECT4" ><H4 CLASS="SECT4" ><A -NAME="AEN2492" -></A ->16.5.3.6.3. Restarting</H4 +NAME="AEN2479">15.5.3.6.3. Restarting</H4 ><P >If you restart the <B CLASS="COMMAND" @@ -1266,9 +1219,7 @@ CLASS="SECT3" ><H3 CLASS="SECT3" ><A -NAME="AEN2498" -></A ->16.5.3.7. Configure Winbind and PAM</H3 +NAME="AEN2485">15.5.3.7. Configure Winbind and PAM</H3 ><P >If you have made it this far, you know that winbindd and samba are working together. If you want to use winbind to provide authentication for other @@ -1324,9 +1275,7 @@ CLASS="SECT4" ><H4 CLASS="SECT4" ><A -NAME="AEN2515" -></A ->16.5.3.7.1. Linux/FreeBSD-specific PAM configuration</H4 +NAME="AEN2502">15.5.3.7.1. Linux/FreeBSD-specific PAM configuration</H4 ><P >The <TT CLASS="FILENAME" @@ -1453,9 +1402,7 @@ CLASS="SECT4" ><H4 CLASS="SECT4" ><A -NAME="AEN2548" -></A ->16.5.3.7.2. Solaris-specific configuration</H4 +NAME="AEN2535">15.5.3.7.2. Solaris-specific configuration</H4 ><P >The /etc/pam.conf needs to be changed. I changed this file so that my Domain users can logon both locally as well as telnet.The following are the changes @@ -1540,9 +1487,7 @@ CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN2555" -></A ->16.6. Limitations</H1 +NAME="AEN2542">15.6. Limitations</H1 ><P >Winbind has a number of limitations in its current released version that we hope to overcome in future @@ -1581,9 +1526,7 @@ CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN2565" -></A ->16.7. Conclusion</H1 +NAME="AEN2552">15.7. Conclusion</H1 ><P >The winbind system, through the use of the Name Service Switch, Pluggable Authentication Modules, and appropriate |