From 2fb5c7c580a3fff3c7d477b65a1c4852af86433b Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Tue, 1 Oct 2002 17:16:07 +0000
Subject: merge from HEAD (This used to be commit
 c0ca286e36d49deba6c73690114b0d867cbfd63e)

---
 docs/htmldocs/winbind.html | 320 +++++++++++++++++++++++++++------------------
 1 file changed, 194 insertions(+), 126 deletions(-)

(limited to 'docs/htmldocs/winbind.html')

diff --git a/docs/htmldocs/winbind.html b/docs/htmldocs/winbind.html
index 7d45b174dd..cac9a70a6d 100644
--- a/docs/htmldocs/winbind.html
+++ b/docs/htmldocs/winbind.html
@@ -1,43 +1,92 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 <HTML
 ><HEAD
 ><TITLE
 >Unified Logons between Windows NT and UNIX using Winbind</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
+"><LINK
+REL="HOME"
+TITLE="SAMBA Project Documentation"
+HREF="Samba-HOWTO.html"><LINK
+REL="PREVIOUS"
+TITLE="security = domain in Samba 2.x"
+HREF="domain-security.html"><LINK
+REL="NEXT"
+TITLE="How to Configure Samba 2.2 as a Primary Domain Controller"
+HREF="samba-pdc.html"></HEAD
 ><BODY
-CLASS="ARTICLE"
+CLASS="CHAPTER"
 BGCOLOR="#FFFFFF"
 TEXT="#000000"
 LINK="#0000FF"
 VLINK="#840084"
 ALINK="#0000FF"
 ><DIV
-CLASS="ARTICLE"
+CLASS="NAVHEADER"
+><TABLE
+SUMMARY="Header navigation table"
+WIDTH="100%"
+BORDER="0"
+CELLPADDING="0"
+CELLSPACING="0"
+><TR
+><TH
+COLSPAN="3"
+ALIGN="center"
+>SAMBA Project Documentation</TH
+></TR
+><TR
+><TD
+WIDTH="10%"
+ALIGN="left"
+VALIGN="bottom"
+><A
+HREF="domain-security.html"
+ACCESSKEY="P"
+>Prev</A
+></TD
+><TD
+WIDTH="80%"
+ALIGN="center"
+VALIGN="bottom"
+></TD
+><TD
+WIDTH="10%"
+ALIGN="right"
+VALIGN="bottom"
+><A
+HREF="samba-pdc.html"
+ACCESSKEY="N"
+>Next</A
+></TD
+></TR
+></TABLE
+><HR
+ALIGN="LEFT"
+WIDTH="100%"></DIV
 ><DIV
-CLASS="TITLEPAGE"
+CLASS="CHAPTER"
 ><H1
-CLASS="TITLE"
 ><A
-NAME="WINBIND"
->Unified Logons between Windows NT and UNIX using Winbind</A
-></H1
-><HR></DIV
+NAME="WINBIND">Chapter 11. Unified Logons between Windows NT and UNIX using Winbind</H1
 ><DIV
 CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN3"
->Abstract</A
-></H1
+NAME="AEN1394">11.1. Abstract</H1
 ><P
 >Integration of UNIX and Microsoft Windows NT through 
 	a unified logon has been considered a "holy grail" in heterogeneous 
 	computing environments for a long time. We present 
-	<I
+	<SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >winbind</I
+></SPAN
 >, a component of the Samba suite 
 	of programs as a solution to the unified logon problem. Winbind 
 	uses a UNIX implementation 
@@ -49,12 +98,10 @@ CLASS="EMPHASIS"
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H1
+><H1
 CLASS="SECT1"
 ><A
-NAME="AEN7"
->Introduction</A
-></H1
+NAME="AEN1398">11.2. Introduction</H1
 ><P
 >It is well known that UNIX and Microsoft Windows NT have 
 	different models for representing user and group information and 
@@ -103,12 +150,10 @@ NAME="AEN7"
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H1
+><H1
 CLASS="SECT1"
 ><A
-NAME="AEN20"
->What Winbind Provides</A
-></H1
+NAME="AEN1411">11.3. What Winbind Provides</H1
 ><P
 >Winbind unifies UNIX and Windows NT account management by 
 	allowing a UNIX box to become a full member of a NT domain. Once 
@@ -145,12 +190,10 @@ NAME="AEN20"
 	location (on the domain controller).</P
 ><DIV
 CLASS="SECT2"
-><HR><H2
+><H2
 CLASS="SECT2"
 ><A
-NAME="AEN27"
->Target Uses</A
-></H2
+NAME="AEN1418">11.3.1. Target Uses</H2
 ><P
 >Winbind is targeted at organizations that have an 
 		existing NT based domain infrastructure into which they wish 
@@ -169,12 +212,10 @@ NAME="AEN27"
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H1
+><H1
 CLASS="SECT1"
 ><A
-NAME="AEN31"
->How Winbind Works</A
-></H1
+NAME="AEN1422">11.4. How Winbind Works</H1
 ><P
 >The winbind system is designed around a client/server 
 	architecture. A long running <B
@@ -189,12 +230,10 @@ CLASS="COMMAND"
 	in detail below.</P
 ><DIV
 CLASS="SECT2"
-><HR><H2
+><H2
 CLASS="SECT2"
 ><A
-NAME="AEN36"
->Microsoft Remote Procedure Calls</A
-></H2
+NAME="AEN1427">11.4.1. Microsoft Remote Procedure Calls</H2
 ><P
 >Over the last two years, efforts have been underway 
 		by various Samba Team members to decode various aspects of 
@@ -215,12 +254,10 @@ NAME="AEN36"
 ></DIV
 ><DIV
 CLASS="SECT2"
-><HR><H2
+><H2
 CLASS="SECT2"
 ><A
-NAME="AEN40"
->Name Service Switch</A
-></H2
+NAME="AEN1431">11.4.2. Name Service Switch</H2
 ><P
 >The Name Service Switch, or NSS, is a feature that is 
 		present in many UNIX operating systems. It allows system 
@@ -295,12 +332,10 @@ CLASS="FILENAME"
 ></DIV
 ><DIV
 CLASS="SECT2"
-><HR><H2
+><H2
 CLASS="SECT2"
 ><A
-NAME="AEN56"
->Pluggable Authentication Modules</A
-></H2
+NAME="AEN1447">11.4.3. Pluggable Authentication Modules</H2
 ><P
 >Pluggable Authentication Modules, also known as PAM, 
 		is a system for abstracting authentication and authorization 
@@ -344,12 +379,10 @@ CLASS="FILENAME"
 ></DIV
 ><DIV
 CLASS="SECT2"
-><HR><H2
+><H2
 CLASS="SECT2"
 ><A
-NAME="AEN64"
->User and Group ID Allocation</A
-></H2
+NAME="AEN1455">11.4.4. User and Group ID Allocation</H2
 ><P
 >When a user or group is created under Windows NT 
 		is it allocated a numerical relative identifier (RID). This is 
@@ -370,12 +403,10 @@ NAME="AEN64"
 ></DIV
 ><DIV
 CLASS="SECT2"
-><HR><H2
+><H2
 CLASS="SECT2"
 ><A
-NAME="AEN68"
->Result Caching</A
-></H2
+NAME="AEN1459">11.4.5. Result Caching</H2
 ><P
 >An active system can generate a lot of user and group 
 		name lookups. To reduce the network cost of these lookups winbind 
@@ -393,12 +424,10 @@ NAME="AEN68"
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H1
+><H1
 CLASS="SECT1"
 ><A
-NAME="AEN71"
->Installation and Configuration</A
-></H1
+NAME="AEN1462">11.5. Installation and Configuration</H1
 ><P
 >Many thanks to John Trostel <A
 HREF="mailto:jtrostel@snapserver.com"
@@ -420,12 +449,10 @@ Future revisions of this document will incorporate that
 information.</P
 ><DIV
 CLASS="SECT2"
-><HR><H2
+><H2
 CLASS="SECT2"
 ><A
-NAME="AEN78"
->Introduction</A
-></H2
+NAME="AEN1469">11.5.1. Introduction</H2
 ><P
 >This HOWTO describes the procedures used to get winbind up and 
 running on my RedHat 7.1 system.  Winbind is capable of providing access 
@@ -441,9 +468,12 @@ somewhat to fit the way your distribution works.</P
 ><UL
 ><LI
 ><P
->	<I
+>	<SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >Why should I to this?</I
+></SPAN
 >
 	</P
 ><P
@@ -455,9 +485,12 @@ CLASS="EMPHASIS"
 ></LI
 ><LI
 ><P
->	<I
+>	<SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >Who should be reading this document?</I
+></SPAN
 >
 	</P
 ><P
@@ -473,29 +506,36 @@ CLASS="EMPHASIS"
 ></DIV
 ><DIV
 CLASS="SECT2"
-><HR><H2
+><H2
 CLASS="SECT2"
 ><A
-NAME="AEN91"
->Requirements</A
-></H2
+NAME="AEN1482">11.5.2. Requirements</H2
 ><P
 >If you have a samba configuration file that you are currently 
-using... <I
+using... <SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >BACK IT UP!</I
+></SPAN
 >  If your system already uses PAM, 
-<I
+<SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >back up the <TT
 CLASS="FILENAME"
 >/etc/pam.d</TT
 > directory 
 contents!</I
+></SPAN
 > If you haven't already made a boot disk, 
-<I
+<SPAN
+CLASS="emphasis"
+><I
 CLASS="EMPHASIS"
 >MAKE ONE NOW!</I
+></SPAN
 ></P
 ><P
 >Messing with the pam configuration files can make it nearly impossible 
@@ -534,12 +574,10 @@ CLASS="FILENAME"
 ></DIV
 ><DIV
 CLASS="SECT2"
-><HR><H2
+><H2
 CLASS="SECT2"
 ><A
-NAME="AEN105"
->Testing Things Out</A
-></H2
+NAME="AEN1496">11.5.3. Testing Things Out</H2
 ><P
 >Before starting, it is probably best to kill off all the SAMBA 
 related daemons running on your server.  Kill off all <B
@@ -579,12 +617,10 @@ CLASS="FILENAME"
 > RPMs installed.</P
 ><DIV
 CLASS="SECT3"
-><HR><H3
+><H3
 CLASS="SECT3"
 ><A
-NAME="AEN116"
->Configure and compile SAMBA</A
-></H3
+NAME="AEN1507">11.5.3.1. Configure and compile SAMBA</H3
 ><P
 >The configuration and compilation of SAMBA is pretty straightforward.
 The first three steps may not be necessary depending upon
@@ -645,16 +681,14 @@ It will also build the winbindd executable and libraries. </P
 ></DIV
 ><DIV
 CLASS="SECT3"
-><HR><H3
+><H3
 CLASS="SECT3"
 ><A
-NAME="AEN135"
->Configure <TT
+NAME="AEN1526">11.5.3.2. Configure <TT
 CLASS="FILENAME"
 >nsswitch.conf</TT
 > and the 
-winbind libraries</A
-></H3
+winbind libraries</H3
 ><P
 >The libraries needed to run the <B
 CLASS="COMMAND"
@@ -750,12 +784,10 @@ and echos back a check to you.</P
 ></DIV
 ><DIV
 CLASS="SECT3"
-><HR><H3
+><H3
 CLASS="SECT3"
 ><A
-NAME="AEN168"
->Configure smb.conf</A
-></H3
+NAME="AEN1559">11.5.3.3. Configure smb.conf</H3
 ><P
 >Several parameters are needed in the smb.conf file to control 
 the behavior of <B
@@ -825,12 +857,10 @@ TARGET="_top"
 ></DIV
 ><DIV
 CLASS="SECT3"
-><HR><H3
+><H3
 CLASS="SECT3"
 ><A
-NAME="AEN184"
->Join the SAMBA server to the PDC domain</A
-></H3
+NAME="AEN1575">11.5.3.4. Join the SAMBA server to the PDC domain</H3
 ><P
 >Enter the following command to make the SAMBA server join the 
 PDC domain, where <TT
@@ -871,12 +901,10 @@ is your DOMAIN name.</P
 ></DIV
 ><DIV
 CLASS="SECT3"
-><HR><H3
+><H3
 CLASS="SECT3"
 ><A
-NAME="AEN195"
->Start up the winbindd daemon and test it!</A
-></H3
+NAME="AEN1586">11.5.3.5. Start up the winbindd daemon and test it!</H3
 ><P
 >Eventually, you will want to modify your smb startup script to 
 automatically invoke the winbindd daemon when the other parts of 
@@ -994,20 +1022,16 @@ CLASS="COMMAND"
 ></DIV
 ><DIV
 CLASS="SECT3"
-><HR><H3
+><H3
 CLASS="SECT3"
 ><A
-NAME="AEN231"
->Fix the init.d startup scripts</A
-></H3
+NAME="AEN1622">11.5.3.6. Fix the init.d startup scripts</H3
 ><DIV
 CLASS="SECT4"
 ><H4
 CLASS="SECT4"
 ><A
-NAME="AEN233"
->Linux</A
-></H4
+NAME="AEN1624">11.5.3.6.1. Linux</H4
 ><P
 >The <B
 CLASS="COMMAND"
@@ -1098,12 +1122,10 @@ CLASS="PROGRAMLISTING"
 ></DIV
 ><DIV
 CLASS="SECT4"
-><HR><H4
+><H4
 CLASS="SECT4"
 ><A
-NAME="AEN250"
->Solaris</A
-></H4
+NAME="AEN1641">11.5.3.6.2. Solaris</H4
 ><P
 >On solaris, you need to modify the 
 <TT
@@ -1169,12 +1191,10 @@ esac</PRE
 ></DIV
 ><DIV
 CLASS="SECT4"
-><HR><H4
+><H4
 CLASS="SECT4"
 ><A
-NAME="AEN257"
->Restarting</A
-></H4
+NAME="AEN1648">11.5.3.6.3. Restarting</H4
 ><P
 >If you restart the <B
 CLASS="COMMAND"
@@ -1193,12 +1213,10 @@ if you were a local user.</P
 ></DIV
 ><DIV
 CLASS="SECT3"
-><HR><H3
+><H3
 CLASS="SECT3"
 ><A
-NAME="AEN263"
->Configure Winbind and PAM</A
-></H3
+NAME="AEN1654">11.5.3.7. Configure Winbind and PAM</H3
 ><P
 >If you have made it this far, you know that winbindd and samba are working
 together.  If you want to use winbind to provide authentication for other 
@@ -1251,12 +1269,10 @@ CLASS="COMMAND"
 ></P
 ><DIV
 CLASS="SECT4"
-><HR><H4
+><H4
 CLASS="SECT4"
 ><A
-NAME="AEN280"
->Linux/FreeBSD-specific PAM configuration</A
-></H4
+NAME="AEN1671">11.5.3.7.1. Linux/FreeBSD-specific PAM configuration</H4
 ><P
 >The <TT
 CLASS="FILENAME"
@@ -1380,12 +1396,10 @@ double prompts for passwords.</P
 ></DIV
 ><DIV
 CLASS="SECT4"
-><HR><H4
+><H4
 CLASS="SECT4"
 ><A
-NAME="AEN313"
->Solaris-specific configuration</A
-></H4
+NAME="AEN1704">11.5.3.7.2. Solaris-specific configuration</H4
 ><P
 >The /etc/pam.conf needs to be changed. I changed this file so that my Domain
 users can logon both locally as well as telnet.The following are the changes
@@ -1467,12 +1481,10 @@ configured in the pam.conf.</P
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H1
+><H1
 CLASS="SECT1"
 ><A
-NAME="AEN320"
->Limitations</A
-></H1
+NAME="AEN1711">11.6. Limitations</H1
 ><P
 >Winbind has a number of limitations in its current 
 	released version that we hope to overcome in future 
@@ -1508,12 +1520,10 @@ NAME="AEN320"
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H1
+><H1
 CLASS="SECT1"
 ><A
-NAME="AEN330"
->Conclusion</A
-></H1
+NAME="AEN1721">11.7. Conclusion</H1
 ><P
 >The winbind system, through the use of the Name Service 
 	Switch, Pluggable Authentication Modules, and appropriate 
@@ -1523,6 +1533,64 @@ NAME="AEN330"
 	cost of running a mixed UNIX and NT network.</P
 ></DIV
 ></DIV
+><DIV
+CLASS="NAVFOOTER"
+><HR
+ALIGN="LEFT"
+WIDTH="100%"><TABLE
+SUMMARY="Footer navigation table"
+WIDTH="100%"
+BORDER="0"
+CELLPADDING="0"
+CELLSPACING="0"
+><TR
+><TD
+WIDTH="33%"
+ALIGN="left"
+VALIGN="top"
+><A
+HREF="domain-security.html"
+ACCESSKEY="P"
+>Prev</A
+></TD
+><TD
+WIDTH="34%"
+ALIGN="center"
+VALIGN="top"
+><A
+HREF="Samba-HOWTO.html"
+ACCESSKEY="H"
+>Home</A
+></TD
+><TD
+WIDTH="33%"
+ALIGN="right"
+VALIGN="top"
+><A
+HREF="samba-pdc.html"
+ACCESSKEY="N"
+>Next</A
+></TD
+></TR
+><TR
+><TD
+WIDTH="33%"
+ALIGN="left"
+VALIGN="top"
+>security = domain in Samba 2.x</TD
+><TD
+WIDTH="34%"
+ALIGN="center"
+VALIGN="top"
+>&nbsp;</TD
+><TD
+WIDTH="33%"
+ALIGN="right"
+VALIGN="top"
+>How to Configure Samba 2.2 as a Primary Domain Controller</TD
+></TR
+></TABLE
+></DIV
 ></BODY
 ></HTML
 >
\ No newline at end of file
-- 
cgit