winbindd

account - module-types. The latter is simply + module-types. The latter simply performs a getpwnam() to verify that the system can obtain a uid for the user. If the libnss_winbind library has been correctly - installed, this should always suceed. + installed, this should always succeed.

The following nsswitch databases are implemented by @@ -170,20 +171,11 @@ CLASS="FILENAME" > and then from the Windows NT server.

passwd: files winbind group: files winbind

The following simple configuration in the @@ -287,279 +279,130 @@ CLASS="FILENAME" [global] section of smb.conf.

winbind separator

The winbind separator option allows you - to specify how NT domain names and user names are combined - into unix user names when presented to users. By default, - winbindd will use the traditional '\' - separator so that the unix user names look like - DOMAIN\username. In some cases this separator character may - cause problems as the '\' character has special meaning in - unix shells. In that case you can use the winbind separator - option to specify an alternative separator character. Good - alternatives may be '/' (although that conflicts - with the unix directory separator) or a '+ 'character. - The '+' character appears to be the best choice for 100% - compatibility with existing unix utilities, but may be an - aesthetically bad choice depending on your taste.

Default: winbind separator = \ -

Example: winbind separator = +

winbind uid

The winbind uid parameter specifies the - range of user ids that are allocated by the winbindd daemon. - This range of ids should have no existing local or NIS users - within it as strange conflicts can occur otherwise.

Default: winbind uid = <empty string> -

Example: winbind uid = 10000-20000 winbind separator

winbind gid

The winbind gid parameter specifies the - range of group ids that are allocated by the winbindd daemon. - This range of group ids should have no existing local or NIS - groups within it as strange conflicts can occur otherwise.

Default: winbind gid = <empty string> - winbind uid

Example: winbind gid = 10000-20000 -

winbind cache time

This parameter specifies the number of - seconds the winbindd daemon will cache user and group information - before querying a Windows NT server again. When a item in the - cache is older than this time winbindd will ask the domain - controller for the sequence number of the server's account database. - If the sequence number has not changed then the cached item is - marked as valid for a further winbind cache time - winbind gid seconds. Otherwise the item is fetched from the - server. This means that as long as the account database is not - actively changing winbindd will only have to send one sequence - number query packet every

winbind cache time - winbind cache time seconds.

Default: winbind cache time = 15 -

winbind enum users

On large installations it may be necessary - to suppress the enumeration of users through the setpwent(), getpwent() and - endpwent() group of system calls. If - the winbind enum users parameter is false, - calls to the getpwent system call will not - return any data.

Warning: Turning off user enumeration - may cause some programs to behave oddly. For example, the finger - program relies on having access to the full user list when - searching for matching usernames.

Default: winbind enum users = yes

winbind enum groups

On large installations it may be necessary - to suppress the enumeration of groups through the setgrent(), getgrent() and - endgrent() group of system calls. If - the winbind enum groups parameter is - false, calls to the getgrent() system - call will not return any data.

Warning: Turning off group - enumeration may cause some programs to behave oddly. -

Default: winbind enum groups = no -

template homedir

When filling out the user information - for a Windows NT user, the winbindd daemon - uses this parameter to fill in the home directory for that user. - If the string %Dtemplate homedir is present it is - substituted with the user's Windows NT domain name. If the - string

%Utemplate shell is present it is substituted - with the user's Windows NT user name.

Default: template homedir = /home/%D/%U -

template shell

When filling out the user information for - a Windows NT user, the winbindd daemon - uses this parameter to fill in the shell for that user. -

Default: template shell = /bin/false -

winbind use default domain

This parameter specifies whether the winbindd - daemon should operate on users without domain component in their username. - Users without a domain component are treated as is part of the winbindd server's - own domain. While this does not benifit Windows users, it makes SSH, FTP and e-mail - function in a way much closer to the way they would in a native unix system.

Default: winbind use default domain = <falseg> -

Example: winbind use default domain = true winbind use default domain

EXAMPLE SETUP put the following: passwd: files winbind group: files winbind In lines with something like this: auth required /lib/security/pam_securetty.so @@ -614,9 +442,6 @@ auth required /lib/security/pam_nologin.so auth sufficient /lib/security/pam_winbind.so auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok Note in particular the use of the containing directives like the following: [global] @@ -716,9 +535,6 @@ CLASS="PROGRAMLISTING" security = domain password server = * Now start winbindd and you should find that your user and @@ -737,7 +553,7 @@ CLASS="COMMAND" > NOTES SIGNALS FILES VERSION SEE ALSO AUTHOR