From 41cffa8f3ba4ebd686245acebd56affcfcee9d2d Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Fri, 30 Jun 2000 06:10:36 +0000 Subject: Updated documentation for wbinfo and winbindd. (This used to be commit 8b814d1bb188f7d657fca6014d0b50d2bbc1ab1b) --- docs/htmldocs/wbinfo.1.html | 13 ++++++++++++- docs/htmldocs/winbindd.8.html | 26 ++++++++++++++++---------- 2 files changed, 28 insertions(+), 11 deletions(-) (limited to 'docs/htmldocs') diff --git a/docs/htmldocs/wbinfo.1.html b/docs/htmldocs/wbinfo.1.html index ba60d8f1e9..5a71611c63 100644 --- a/docs/htmldocs/wbinfo.1.html +++ b/docs/htmldocs/wbinfo.1.html @@ -25,7 +25,8 @@

wbinfo -u [-g] [-n name] [-s sid] [-U uid] [-G gid] -[-S sid] [-Y sid] +[-S sid] [-Y sid] [-t] +[-m]

DESCRIPTION

@@ -88,6 +89,16 @@ will fail.

Convert a SID to a UNIX group id. If the SID does not correspond to a UNIX group mapped by winbindd(8) then the operation will fail. +

+

-t
+

Verify that the workstation trust account created when the Samba server is +added to the Windows NT domain is working. +

+

-m
+

Produce a list of domains trusted by the Windows NT server +winbindd(8) contacts when resolving names. This +list does not include the Windows NT domain the server is a Primary Domain +Controller for.

EXIT STATUS

diff --git a/docs/htmldocs/winbindd.8.html b/docs/htmldocs/winbindd.8.html index 9862d8f9d5..d9e8017daa 100644 --- a/docs/htmldocs/winbindd.8.html +++ b/docs/htmldocs/winbindd.8.html @@ -73,8 +73,8 @@ and 100 is for reams and reams. To submit a bug report to the Samba Team, use debug level 100 (see BUGS.txt).

-i
-Tells winbindd to not become a daemon and detach from the current terminal. -This option is used by developers when interactive debugging of winbindd is +Tells winbindd to not become a daemon and detach from the current terminal. +This option is used by developers when interactive debugging of winbindd is required.

@@ -140,12 +140,12 @@ otherwise.

winbind cache time

This parameter specifies the number of seconds the winbindd daemon will cache user and group information before querying a Windows NT server -again. When a item in the cache is older than this time winbindd will ask +again. When a item in the cache is older than this time winbindd will ask the domain controller for the sequence number of the servers account database. If the sequence number has not changed then the cached item is marked as valid for a further "winbind cache time" seconds. Otherwise the item is fetched from the server. This means that as long as the account -database is not actively changing winbindd will only have to send one +database is not actively changing winbindd will only have to send one sequence number query packet every "winbind cache time" seconds.

Default: winbind cache time = 15 @@ -166,7 +166,7 @@ substituted with the user's Windows NT user name.

EXAMPLE SETUP

-

To setup winbindd for user and group lookups plus authentication from +

To setup winbindd for user and group lookups plus authentication from a domain controller use something like the following setup. This was tested on a RedHat 6.2 Linux box.

In /etc/nsswitch.conf put the following: @@ -231,12 +231,12 @@ is called MACHINE. -

Now start winbindd and you should find that your user and group +

Now start winbindd and you should find that your user and group database is expanded to include your NT users and groups, and that you can login to your unix box as a domain user, using the DOMAIN+user syntax for the username. You may wish to use the commands "getent passwd" and "getent group" to confirm the correct operation of -winbindd. +winbindd.

NOTES

@@ -245,10 +245,15 @@ winbindd.

nmbd must be running on the local machine for winbindd to work. +

+winbindd queries the list of trusted domains for the Windows NT server +on startup and when a SIGHUP is received. Thus, for a running winbindd +to become aware of new trust relationships between servers, it must be sent +a SIGHUP signal.

Client processes resolving names through the winbindd nsswitch module read an environment variable named WINBINDD_DOMAIN. If this variable -contains a comma separated list of Windows NT domain names, then winbindd +contains a comma separated list of Windows NT domain names, then winbindd will only resolve users and groups within those Windows NT domains.

PAM is really easy to misconfigure. Make sure you know what you are doing @@ -270,7 +275,8 @@ is damaged or destroyed then the mappings will be lost.

SIGHUP

Reload the smb.conf file and apply any parameter changes to the running version of winbindd. This signal also clears any cached user and group -information. +information. The list of other domains trusted by winbindd is also +reloaded.

SIGUSR1

The SIGUSR1 signal will cause winbindd to write status information to the winbind log file including information about the number of user and @@ -304,7 +310,7 @@ directory is specified when Samba is initially compiled using the

SEE ALSO

samba(7), smb.conf(5), -nsswitch.conf(5) +nsswitch.conf(5), wbinfo(1)

AUTHOR

-- cgit