summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/htmldocs/winbind.html320
1 files changed, 194 insertions, 126 deletions
diff --git a/docs/htmldocs/winbind.html b/docs/htmldocs/winbind.html
index 7d45b174dd..cac9a70a6d 100644
--- a/docs/htmldocs/winbind.html
+++ b/docs/htmldocs/winbind.html
@@ -1,43 +1,92 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>Unified Logons between Windows NT and UNIX using Winbind</TITLE
><META
NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
+"><LINK
+REL="HOME"
+TITLE="SAMBA Project Documentation"
+HREF="Samba-HOWTO.html"><LINK
+REL="PREVIOUS"
+TITLE="security = domain in Samba 2.x"
+HREF="domain-security.html"><LINK
+REL="NEXT"
+TITLE="How to Configure Samba 2.2 as a Primary Domain Controller"
+HREF="samba-pdc.html"></HEAD
><BODY
-CLASS="ARTICLE"
+CLASS="CHAPTER"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
-CLASS="ARTICLE"
+CLASS="NAVHEADER"
+><TABLE
+SUMMARY="Header navigation table"
+WIDTH="100%"
+BORDER="0"
+CELLPADDING="0"
+CELLSPACING="0"
+><TR
+><TH
+COLSPAN="3"
+ALIGN="center"
+>SAMBA Project Documentation</TH
+></TR
+><TR
+><TD
+WIDTH="10%"
+ALIGN="left"
+VALIGN="bottom"
+><A
+HREF="domain-security.html"
+ACCESSKEY="P"
+>Prev</A
+></TD
+><TD
+WIDTH="80%"
+ALIGN="center"
+VALIGN="bottom"
+></TD
+><TD
+WIDTH="10%"
+ALIGN="right"
+VALIGN="bottom"
+><A
+HREF="samba-pdc.html"
+ACCESSKEY="N"
+>Next</A
+></TD
+></TR
+></TABLE
+><HR
+ALIGN="LEFT"
+WIDTH="100%"></DIV
><DIV
-CLASS="TITLEPAGE"
+CLASS="CHAPTER"
><H1
-CLASS="TITLE"
><A
-NAME="WINBIND"
->Unified Logons between Windows NT and UNIX using Winbind</A
-></H1
-><HR></DIV
+NAME="WINBIND">Chapter 11. Unified Logons between Windows NT and UNIX using Winbind</H1
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
-NAME="AEN3"
->Abstract</A
-></H1
+NAME="AEN1394">11.1. Abstract</H1
><P
>Integration of UNIX and Microsoft Windows NT through
a unified logon has been considered a "holy grail" in heterogeneous
computing environments for a long time. We present
- <I
+ <SPAN
+CLASS="emphasis"
+><I
CLASS="EMPHASIS"
>winbind</I
+></SPAN
>, a component of the Samba suite
of programs as a solution to the unified logon problem. Winbind
uses a UNIX implementation
@@ -49,12 +98,10 @@ CLASS="EMPHASIS"
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><H1
CLASS="SECT1"
><A
-NAME="AEN7"
->Introduction</A
-></H1
+NAME="AEN1398">11.2. Introduction</H1
><P
>It is well known that UNIX and Microsoft Windows NT have
different models for representing user and group information and
@@ -103,12 +150,10 @@ NAME="AEN7"
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><H1
CLASS="SECT1"
><A
-NAME="AEN20"
->What Winbind Provides</A
-></H1
+NAME="AEN1411">11.3. What Winbind Provides</H1
><P
>Winbind unifies UNIX and Windows NT account management by
allowing a UNIX box to become a full member of a NT domain. Once
@@ -145,12 +190,10 @@ NAME="AEN20"
location (on the domain controller).</P
><DIV
CLASS="SECT2"
-><HR><H2
+><H2
CLASS="SECT2"
><A
-NAME="AEN27"
->Target Uses</A
-></H2
+NAME="AEN1418">11.3.1. Target Uses</H2
><P
>Winbind is targeted at organizations that have an
existing NT based domain infrastructure into which they wish
@@ -169,12 +212,10 @@ NAME="AEN27"
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><H1
CLASS="SECT1"
><A
-NAME="AEN31"
->How Winbind Works</A
-></H1
+NAME="AEN1422">11.4. How Winbind Works</H1
><P
>The winbind system is designed around a client/server
architecture. A long running <B
@@ -189,12 +230,10 @@ CLASS="COMMAND"
in detail below.</P
><DIV
CLASS="SECT2"
-><HR><H2
+><H2
CLASS="SECT2"
><A
-NAME="AEN36"
->Microsoft Remote Procedure Calls</A
-></H2
+NAME="AEN1427">11.4.1. Microsoft Remote Procedure Calls</H2
><P
>Over the last two years, efforts have been underway
by various Samba Team members to decode various aspects of
@@ -215,12 +254,10 @@ NAME="AEN36"
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><H2
CLASS="SECT2"
><A
-NAME="AEN40"
->Name Service Switch</A
-></H2
+NAME="AEN1431">11.4.2. Name Service Switch</H2
><P
>The Name Service Switch, or NSS, is a feature that is
present in many UNIX operating systems. It allows system
@@ -295,12 +332,10 @@ CLASS="FILENAME"
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><H2
CLASS="SECT2"
><A
-NAME="AEN56"
->Pluggable Authentication Modules</A
-></H2
+NAME="AEN1447">11.4.3. Pluggable Authentication Modules</H2
><P
>Pluggable Authentication Modules, also known as PAM,
is a system for abstracting authentication and authorization
@@ -344,12 +379,10 @@ CLASS="FILENAME"
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><H2
CLASS="SECT2"
><A
-NAME="AEN64"
->User and Group ID Allocation</A
-></H2
+NAME="AEN1455">11.4.4. User and Group ID Allocation</H2
><P
>When a user or group is created under Windows NT
is it allocated a numerical relative identifier (RID). This is
@@ -370,12 +403,10 @@ NAME="AEN64"
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><H2
CLASS="SECT2"
><A
-NAME="AEN68"
->Result Caching</A
-></H2
+NAME="AEN1459">11.4.5. Result Caching</H2
><P
>An active system can generate a lot of user and group
name lookups. To reduce the network cost of these lookups winbind
@@ -393,12 +424,10 @@ NAME="AEN68"
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><H1
CLASS="SECT1"
><A
-NAME="AEN71"
->Installation and Configuration</A
-></H1
+NAME="AEN1462">11.5. Installation and Configuration</H1
><P
>Many thanks to John Trostel <A
HREF="mailto:jtrostel@snapserver.com"
@@ -420,12 +449,10 @@ Future revisions of this document will incorporate that
information.</P
><DIV
CLASS="SECT2"
-><HR><H2
+><H2
CLASS="SECT2"
><A
-NAME="AEN78"
->Introduction</A
-></H2
+NAME="AEN1469">11.5.1. Introduction</H2
><P
>This HOWTO describes the procedures used to get winbind up and
running on my RedHat 7.1 system. Winbind is capable of providing access
@@ -441,9 +468,12 @@ somewhat to fit the way your distribution works.</P
><UL
><LI
><P
-> <I
+> <SPAN
+CLASS="emphasis"
+><I
CLASS="EMPHASIS"
>Why should I to this?</I
+></SPAN
>
</P
><P
@@ -455,9 +485,12 @@ CLASS="EMPHASIS"
></LI
><LI
><P
-> <I
+> <SPAN
+CLASS="emphasis"
+><I
CLASS="EMPHASIS"
>Who should be reading this document?</I
+></SPAN
>
</P
><P
@@ -473,29 +506,36 @@ CLASS="EMPHASIS"
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><H2
CLASS="SECT2"
><A
-NAME="AEN91"
->Requirements</A
-></H2
+NAME="AEN1482">11.5.2. Requirements</H2
><P
>If you have a samba configuration file that you are currently
-using... <I
+using... <SPAN
+CLASS="emphasis"
+><I
CLASS="EMPHASIS"
>BACK IT UP!</I
+></SPAN
> If your system already uses PAM,
-<I
+<SPAN
+CLASS="emphasis"
+><I
CLASS="EMPHASIS"
>back up the <TT
CLASS="FILENAME"
>/etc/pam.d</TT
> directory
contents!</I
+></SPAN
> If you haven't already made a boot disk,
-<I
+<SPAN
+CLASS="emphasis"
+><I
CLASS="EMPHASIS"
>MAKE ONE NOW!</I
+></SPAN
></P
><P
>Messing with the pam configuration files can make it nearly impossible
@@ -534,12 +574,10 @@ CLASS="FILENAME"
></DIV
><DIV
CLASS="SECT2"
-><HR><H2
+><H2
CLASS="SECT2"
><A
-NAME="AEN105"
->Testing Things Out</A
-></H2
+NAME="AEN1496">11.5.3. Testing Things Out</H2
><P
>Before starting, it is probably best to kill off all the SAMBA
related daemons running on your server. Kill off all <B
@@ -579,12 +617,10 @@ CLASS="FILENAME"
> RPMs installed.</P
><DIV
CLASS="SECT3"
-><HR><H3
+><H3
CLASS="SECT3"
><A
-NAME="AEN116"
->Configure and compile SAMBA</A
-></H3
+NAME="AEN1507">11.5.3.1. Configure and compile SAMBA</H3
><P
>The configuration and compilation of SAMBA is pretty straightforward.
The first three steps may not be necessary depending upon
@@ -645,16 +681,14 @@ It will also build the winbindd executable and libraries. </P
></DIV
><DIV
CLASS="SECT3"
-><HR><H3
+><H3
CLASS="SECT3"
><A
-NAME="AEN135"
->Configure <TT
+NAME="AEN1526">11.5.3.2. Configure <TT
CLASS="FILENAME"
>nsswitch.conf</TT
> and the
-winbind libraries</A
-></H3
+winbind libraries</H3
><P
>The libraries needed to run the <B
CLASS="COMMAND"
@@ -750,12 +784,10 @@ and echos back a check to you.</P
></DIV
><DIV
CLASS="SECT3"
-><HR><H3
+><H3
CLASS="SECT3"
><A
-NAME="AEN168"
->Configure smb.conf</A
-></H3
+NAME="AEN1559">11.5.3.3. Configure smb.conf</H3
><P
>Several parameters are needed in the smb.conf file to control
the behavior of <B
@@ -825,12 +857,10 @@ TARGET="_top"
></DIV
><DIV
CLASS="SECT3"
-><HR><H3
+><H3
CLASS="SECT3"
><A
-NAME="AEN184"
->Join the SAMBA server to the PDC domain</A
-></H3
+NAME="AEN1575">11.5.3.4. Join the SAMBA server to the PDC domain</H3
><P
>Enter the following command to make the SAMBA server join the
PDC domain, where <TT
@@ -871,12 +901,10 @@ is your DOMAIN name.</P
></DIV
><DIV
CLASS="SECT3"
-><HR><H3
+><H3
CLASS="SECT3"
><A
-NAME="AEN195"
->Start up the winbindd daemon and test it!</A
-></H3
+NAME="AEN1586">11.5.3.5. Start up the winbindd daemon and test it!</H3
><P
>Eventually, you will want to modify your smb startup script to
automatically invoke the winbindd daemon when the other parts of
@@ -994,20 +1022,16 @@ CLASS="COMMAND"
></DIV
><DIV
CLASS="SECT3"
-><HR><H3
+><H3
CLASS="SECT3"
><A
-NAME="AEN231"
->Fix the init.d startup scripts</A
-></H3
+NAME="AEN1622">11.5.3.6. Fix the init.d startup scripts</H3
><DIV
CLASS="SECT4"
><H4
CLASS="SECT4"
><A
-NAME="AEN233"
->Linux</A
-></H4
+NAME="AEN1624">11.5.3.6.1. Linux</H4
><P
>The <B
CLASS="COMMAND"
@@ -1098,12 +1122,10 @@ CLASS="PROGRAMLISTING"
></DIV
><DIV
CLASS="SECT4"
-><HR><H4
+><H4
CLASS="SECT4"
><A
-NAME="AEN250"
->Solaris</A
-></H4
+NAME="AEN1641">11.5.3.6.2. Solaris</H4
><P
>On solaris, you need to modify the
<TT
@@ -1169,12 +1191,10 @@ esac</PRE
></DIV
><DIV
CLASS="SECT4"
-><HR><H4
+><H4
CLASS="SECT4"
><A
-NAME="AEN257"
->Restarting</A
-></H4
+NAME="AEN1648">11.5.3.6.3. Restarting</H4
><P
>If you restart the <B
CLASS="COMMAND"
@@ -1193,12 +1213,10 @@ if you were a local user.</P
></DIV
><DIV
CLASS="SECT3"
-><HR><H3
+><H3
CLASS="SECT3"
><A
-NAME="AEN263"
->Configure Winbind and PAM</A
-></H3
+NAME="AEN1654">11.5.3.7. Configure Winbind and PAM</H3
><P
>If you have made it this far, you know that winbindd and samba are working
together. If you want to use winbind to provide authentication for other
@@ -1251,12 +1269,10 @@ CLASS="COMMAND"
></P
><DIV
CLASS="SECT4"
-><HR><H4
+><H4
CLASS="SECT4"
><A
-NAME="AEN280"
->Linux/FreeBSD-specific PAM configuration</A
-></H4
+NAME="AEN1671">11.5.3.7.1. Linux/FreeBSD-specific PAM configuration</H4
><P
>The <TT
CLASS="FILENAME"
@@ -1380,12 +1396,10 @@ double prompts for passwords.</P
></DIV
><DIV
CLASS="SECT4"
-><HR><H4
+><H4
CLASS="SECT4"
><A
-NAME="AEN313"
->Solaris-specific configuration</A
-></H4
+NAME="AEN1704">11.5.3.7.2. Solaris-specific configuration</H4
><P
>The /etc/pam.conf needs to be changed. I changed this file so that my Domain
users can logon both locally as well as telnet.The following are the changes
@@ -1467,12 +1481,10 @@ configured in the pam.conf.</P
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><H1
CLASS="SECT1"
><A
-NAME="AEN320"
->Limitations</A
-></H1
+NAME="AEN1711">11.6. Limitations</H1
><P
>Winbind has a number of limitations in its current
released version that we hope to overcome in future
@@ -1508,12 +1520,10 @@ NAME="AEN320"
></DIV
><DIV
CLASS="SECT1"
-><HR><H1
+><H1
CLASS="SECT1"
><A
-NAME="AEN330"
->Conclusion</A
-></H1
+NAME="AEN1721">11.7. Conclusion</H1
><P
>The winbind system, through the use of the Name Service
Switch, Pluggable Authentication Modules, and appropriate
@@ -1523,6 +1533,64 @@ NAME="AEN330"
cost of running a mixed UNIX and NT network.</P
></DIV
></DIV
+><DIV
+CLASS="NAVFOOTER"
+><HR
+ALIGN="LEFT"
+WIDTH="100%"><TABLE
+SUMMARY="Footer navigation table"
+WIDTH="100%"
+BORDER="0"
+CELLPADDING="0"
+CELLSPACING="0"
+><TR
+><TD
+WIDTH="33%"
+ALIGN="left"
+VALIGN="top"
+><A
+HREF="domain-security.html"
+ACCESSKEY="P"
+>Prev</A
+></TD
+><TD
+WIDTH="34%"
+ALIGN="center"
+VALIGN="top"
+><A
+HREF="Samba-HOWTO.html"
+ACCESSKEY="H"
+>Home</A
+></TD
+><TD
+WIDTH="33%"
+ALIGN="right"
+VALIGN="top"
+><A
+HREF="samba-pdc.html"
+ACCESSKEY="N"
+>Next</A
+></TD
+></TR
+><TR
+><TD
+WIDTH="33%"
+ALIGN="left"
+VALIGN="top"
+>security = domain in Samba 2.x</TD
+><TD
+WIDTH="34%"
+ALIGN="center"
+VALIGN="top"
+>&nbsp;</TD
+><TD
+WIDTH="33%"
+ALIGN="right"
+VALIGN="top"
+>How to Configure Samba 2.2 as a Primary Domain Controller</TD
+></TR
+></TABLE
+></DIV
></BODY
></HTML
> \ No newline at end of file