From 20967627378194121bc48bf387838b8bd7682478 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 18 Mar 2003 16:48:14 +0000 Subject: Regenerate (This used to be commit 25db62e3101dbcae8e9daee3cb16430297afa223) --- docs/htmldocs/winbind.html | 298 ++++++++++++++++++++++----------------------- 1 file changed, 144 insertions(+), 154 deletions(-) (limited to 'docs/htmldocs/winbind.html') diff --git a/docs/htmldocs/winbind.html b/docs/htmldocs/winbind.html index d587696817..991876796e 100644 --- a/docs/htmldocs/winbind.html +++ b/docs/htmldocs/winbind.html @@ -5,7 +5,7 @@ >Unified Logons between Windows NT and UNIX using Winbind

14.1. Abstract

14.1. Abstract

Integration of UNIX and Microsoft Windows NT through a unified logon has been considered a "holy grail" in heterogeneous @@ -107,9 +107,9 @@ CLASS="SECT1" >

14.2. Introduction

14.2. Introduction

It is well known that UNIX and Microsoft Windows NT have different models for representing user and group information and @@ -161,9 +161,9 @@ CLASS="SECT1" >

14.3. What Winbind Provides

14.3. What Winbind Provides

Winbind unifies UNIX and Windows NT account management by allowing a UNIX box to become a full member of a NT domain. Once @@ -203,9 +203,9 @@ CLASS="SECT2" >

14.3.1. Target Uses

14.3.1. Target Uses

Winbind is targeted at organizations that have an existing NT based domain infrastructure into which they wish @@ -227,9 +227,9 @@ CLASS="SECT1" >

14.4. How Winbind Works

14.4. How Winbind Works

The winbind system is designed around a client/server architecture. A long running

14.4.1. Microsoft Remote Procedure Calls

14.4.1. Microsoft Remote Procedure Calls

Over the last few years, efforts have been underway by various Samba Team members to decode various aspects of @@ -273,9 +273,9 @@ CLASS="SECT2" >

14.4.2. Microsoft Active Directory Services

14.4.2. Microsoft Active Directory Services

Since late 2001, Samba has gained the ability to interact with Microsoft Windows 2000 using its 'Native @@ -292,9 +292,9 @@ CLASS="SECT2" >

14.4.3. Name Service Switch

14.4.3. Name Service Switch

The Name Service Switch, or NSS, is a feature that is present in many UNIX operating systems. It allows system @@ -372,9 +372,9 @@ CLASS="SECT2" >

14.4.4. Pluggable Authentication Modules

14.4.4. Pluggable Authentication Modules

Pluggable Authentication Modules, also known as PAM, is a system for abstracting authentication and authorization @@ -421,9 +421,9 @@ CLASS="SECT2" >

14.4.5. User and Group ID Allocation

14.4.5. User and Group ID Allocation

When a user or group is created under Windows NT is it allocated a numerical relative identifier (RID). This is @@ -447,9 +447,9 @@ CLASS="SECT2" >

14.4.6. Result Caching

14.4.6. Result Caching

An active system can generate a lot of user and group name lookups. To reduce the network cost of these lookups winbind @@ -470,9 +470,9 @@ CLASS="SECT1" >

14.5. Installation and Configuration

14.5. Installation and Configuration

Many thanks to John Trostel

14.5.1. Introduction

14.5.1. Introduction

This HOWTO describes the procedures used to get winbind up and running on my RedHat 7.1 system. Winbind is capable of providing access @@ -556,9 +556,9 @@ CLASS="SECT2" >

14.5.2. Requirements

14.5.2. Requirements

If you have a samba configuration file that you are currently using...

14.5.3. Testing Things Out

14.5.3. Testing Things Out

Before starting, it is probably best to kill off all the SAMBA related daemons running on your server. Kill off all

14.5.3.1. Configure and compile SAMBA

14.5.3.1. Configure and compile SAMBA

The configuration and compilation of SAMBA is pretty straightforward. The first three steps may not be necessary depending upon @@ -681,44 +681,44 @@ whether or not you have previously built the Samba binaries.

root#root# autoconf
-root#root# make clean
-root#root# rm config.cache
-root#root# ./configure
-root#root# make
-root#root# make install
14.5.3.2. Configure nsswitch.conf and the 
-winbind libraries
The libraries needed to run the  daemon 
 through nsswitch need to be copied to their proper locations, so
root#root# cp ../samba/source/nsswitch/libnss_winbind.so /lib
I also found it necessary to make the following symbolic link:
root#root# ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2
And, in the case of Sun solaris:
root#root# ln -s /usr/lib/libnss_winbind.so /usr/lib/libnss_winbind.so.1
-root#root# ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.1
-root#root# ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.2
root#root# /sbin/ldconfig -v | grep winbind
14.5.3.3. Configure smb.conf
14.5.3.3. Configure smb.conf
Several parameters are needed in the smb.conf file to control 
 the behavior of 
[global]
-     <...>
+     <...>
      # separate domain and username with '+', like DOMAIN+username
      
14.5.3.4. Join the SAMBA server to the PDC domain
14.5.3.4. Join the SAMBA server to the PDC domain
Enter the following command to make the SAMBA server join the 
-PDC domain, where DOMAINDOMAIN is the name of 
-your Windows domain and AdministratorAdministrator is 
 a domain user who has administrative privileges in the domain.
root#root# /usr/local/samba/bin/net join -S PDC -U Administrator
The proper response to the command should be: "Joined the domain 
-DOMAIN" where DOMAIN" where DOMAINDOMAIN 
 is your DOMAIN name.
14.5.3.5. Start up the winbindd daemon and test it!
14.5.3.5. Start up the winbindd daemon and test it!
Eventually, you will want to modify your smb startup script to 
 automatically invoke the winbindd daemon when the other parts of 
@@ -973,9 +965,9 @@ SAMBA start, but it is possible to test out just the winbind
 portion first.  To start up winbind services, enter the following 
 command as root:
root#root# /usr/local/samba/bin/winbinddI'm always paranoid and like to make sure the daemon 
 is really running...
root#root# ps -ae | grep winbinddNow... for the real test, try to get some information about the 
 users on your PDC
root#root# /usr/local/samba/bin/wbinfo -u
Obviously, I have named my domain 'CEO' and my Obviously, I have named my domain 'CEO' and my winbind
-separator is '+'.
You can do the same sort of thing to get group information from 
@@ -1034,9 +1024,9 @@ the PDC:
root#root# /usr/local/samba/bin/wbinfo -g
root#root# getent passwd
The same thing can be done for groups with the command
root#root# getent group
14.5.3.6. Fix the init.d startup scripts
14.5.3.6. Fix the init.d startup scripts
14.5.3.6.1. Linux
14.5.3.6.1. Linux
The 
14.5.3.6.2. Solaris
14.5.3.6.2. Solaris
On solaris, you need to modify the 
 
14.5.3.6.3. Restarting
14.5.3.6.3. Restarting
If you restart the 
14.5.3.7. Configure Winbind and PAM
14.5.3.7. Configure Winbind and PAM
If you have made it this far, you know that winbindd and samba are working
 together.  If you want to use winbind to provide authentication for other 
@@ -1305,9 +1295,9 @@ CLASS="FILENAME"
 > directory
 by invoking the command
root#root# make nsswitch/pam_winbind.so/usr/lib/security.
root#root# cp ../samba/source/nsswitch/pam_winbind.so /lib/security
14.5.3.7.1. Linux/FreeBSD-specific PAM configuration
14.5.3.7.1. Linux/FreeBSD-specific PAM configuration
The 
14.5.3.7.2. Solaris-specific configuration
14.5.3.7.2. Solaris-specific configuration
The /etc/pam.conf needs to be changed. I changed this file so that my Domain
 users can logon both locally as well as telnet.The following are the changes
@@ -1559,9 +1549,9 @@ CLASS="SECT1"
 >
14.6. Limitations
14.6. Limitations
Winbind has a number of limitations in its current 
 	released version that we hope to overcome in future 
@@ -1601,9 +1591,9 @@ CLASS="SECT1"
 >
14.7. Conclusion
14.7. Conclusion
The winbind system, through the use of the Name Service 
 	Switch, Pluggable Authentication Modules, and appropriate 
-- 
cgit