From 60785b56e8e637e75d5e94a0aec021ce40177834 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 13 Jun 2000 02:15:10 +0000 Subject: Created manpage for wbinfo program. Misc documentation updates for winbindd manpage. (This used to be commit 1f225fddd93d8569d9836310e2f0a56be7f4250e) --- docs/htmldocs/winbindd.8.html | 90 ++++++++++++++++++++++++++----------------- 1 file changed, 55 insertions(+), 35 deletions(-) (limited to 'docs/htmldocs/winbindd.8.html') diff --git a/docs/htmldocs/winbindd.8.html b/docs/htmldocs/winbindd.8.html index d0bdbbfccf..9862d8f9d5 100644 --- a/docs/htmldocs/winbindd.8.html +++ b/docs/htmldocs/winbindd.8.html @@ -3,7 +3,7 @@ -winbindd (1) +winbindd (8) @@ -11,9 +11,9 @@
-

winbindd (1)

+

winbindd (8)

Samba

-

8 May 2000

+

13 Jun 2000

@@ -115,11 +115,13 @@ alternatives may be / (although that conflicts with the unix directory separator) or a + character. The + character appears to be the best choice for 100% compatibility with existing unix utilities, but may be an aesthetically bad choice depending on your taste. +

Default: + winbind separator = \

Example: winbind separator = +

winbind uid

The winbind uid parameter specifies the range of user ids that are -allocated by the winbindd daemon. This range of +allocated by the winbindd daemon. This range of ids should have no existing local or nis users within it as strange conflicts can occur otherwise.

Default: @@ -128,38 +130,36 @@ conflicts can occur otherwise. winbind uid = 10000-20000

winbind gid

The winbind gid parameter specifies the range of group ids that are -allocated by the winbindd daemon. This range of -group ids should have no existing local or nis groups within it as strange -conflicts can occur otherwise. +allocated by the winbindd daemon. This range of group ids should have +no existing local or nis groups within it as strange conflicts can occur +otherwise.

Default: winbind gid = <empty string>

Example: winbind gid = 10000-20000

winbind cache time
-

This parameter specifies the number of seconds the -winbindd daemon will cache user and group -information before querying a Windows NT server again. When a item in -the cache is older than this time winbindd will ask the domain -controller for the sequence number of the servers account database. If -the sequence number has not changed then the cached item is marked as -valid for a further "winbind cache time" seconds. Otherwise the item -is fetched from the server. This means that as long as the account +

This parameter specifies the number of seconds the winbindd daemon will +cache user and group information before querying a Windows NT server +again. When a item in the cache is older than this time winbindd will ask +the domain controller for the sequence number of the servers account +database. If the sequence number has not changed then the cached item is +marked as valid for a further "winbind cache time" seconds. Otherwise the +item is fetched from the server. This means that as long as the account database is not actively changing winbindd will only have to send one sequence number query packet every "winbind cache time" seconds.

Default: winbind cache time = 15

template homedir

When filling out the user information for a Windows NT user, the -winbindd daemon uses this parameter to fill in -the home directory for that user. If the string %D is present it is -substituted with the user's Windows NT domain name. If the string %U -is present it is substituted with the user's Windows NT user name. +winbindd daemon uses this parameter to fill in the home directory for +that user. If the string %D is present it is substituted with the +user's Windows NT domain name. If the string %U is present it is +substituted with the user's Windows NT user name.

Default: template homedir = /home/%D/%U

template shell

When filling out the user information for a Windows NT user, the -winbindd daemon uses this parameter to fill in -the shell for that user. +winbindd daemon uses this parameter to fill in the shell for that user.

Default: template shell = /bin/false

@@ -237,23 +237,44 @@ can login to your unix box as a domain user, using the DOMAIN+user syntax for the username. You may wish to use the commands "getent passwd" and "getent group" to confirm the correct operation of winbindd. -

NOTE: nmbd must be running on the local machine for -winbindd to work. +

+

NOTES

+ +

The following notes are useful when configuring and running winbindd: +

+

+nmbd must be running on the local machine for +winbindd to work. +

+Client processes resolving names through the winbindd nsswitch module +read an environment variable named WINBINDD_DOMAIN. If this variable +contains a comma separated list of Windows NT domain names, then winbindd +will only resolve users and groups within those Windows NT domains. +

+PAM is really easy to misconfigure. Make sure you know what you are doing +when modifying PAM configuration files. It is possible to set up PAM +such that you can no longer log into your system. +

+If more than one UNIX machine is running winbindd, then in general the +user and groups ids allocated by winbindd will not be the same. The +user and group ids will only be valid for the local machine. +

+If the the Windows NT RID to UNIX user and group id mapping file +is damaged or destroyed then the mappings will be lost. +

SIGNALS

-

The following signals can be used to manipulate the -winbindd daemon. +

The following signals can be used to manipulate the winbindd daemon.

SIGHUP

Reload the smb.conf file and apply any parameter changes to the running -version of winbindd. This signal also clears any -cached user and group information. +version of winbindd. This signal also clears any cached user and group +information.

SIGUSR1
-

The SIGUSR1 signal will cause winbindd to -write status information to the winbind log file including information -about the number of user and group ids allocated by -winbindd. +

The SIGUSR1 signal will cause winbindd to write status information +to the winbind log file including information about the number of user and +group ids allocated by winbindd.

Log files are stored in the filename specified by the log file parameter.

@@ -272,9 +293,8 @@ For security reasons, the winbind client will only attempt to connect to the

/lib/libnss_winbind.so.X

Implementation of name service switch library.

$LOCKDIR/winbindd_idmap.tdb
-

Storage for the Windows NT rid to UNIX user/group id mapping. If this file -is damaged or destroyed then the mappings will be lost. -

The lock directory is specified when Samba is initially compiled using the +

Storage for the Windows NT rid to UNIX user/group id mapping. The lock +directory is specified when Samba is initially compiled using the --with-lockdir option. This directory is by default /usr/local/samba/var/locks.

$LOCKDIR/winbindd_cache.tdb
@@ -291,6 +311,6 @@ is damaged or destroyed then the mappings will be lost.

The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project. -

Winbindd was written by Tim Potter. +

winbindd was written by Tim Potter. -- cgit