From 60785b56e8e637e75d5e94a0aec021ce40177834 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 13 Jun 2000 02:15:10 +0000 Subject: Created manpage for wbinfo program. Misc documentation updates for winbindd manpage. (This used to be commit 1f225fddd93d8569d9836310e2f0a56be7f4250e) --- docs/manpages/wbinfo.1 | 101 +++++++++++++++++++++++++++++++++++++++++++++++ docs/manpages/winbindd.8 | 88 ++++++++++++++++++++++++++--------------- 2 files changed, 157 insertions(+), 32 deletions(-) create mode 100644 docs/manpages/wbinfo.1 (limited to 'docs/manpages') diff --git a/docs/manpages/wbinfo.1 b/docs/manpages/wbinfo.1 new file mode 100644 index 0000000000..3b78cac9ab --- /dev/null +++ b/docs/manpages/wbinfo.1 @@ -0,0 +1,101 @@ +.TH "wbinfo " "1" "13 Jun 2000" "Samba" "SAMBA" +.PP +.SH "NAME" +wbinfo \- Query information from winbind daemon +.PP +.SH "SYNOPSIS" +.PP +\fBwbinfo\fP -u [-g] [-n name] +[-s sid] [-U uid] [-G gid] +[-S sid] [-Y sid] +.PP +.SH "DESCRIPTION" +.PP +This program is part of the \fBSamba\fP suite version 3\&.0 and describes +functionality not yet implemented in the main version of Samba\&. +.PP +The \fBwbinfo\fP program queries and returns information created and used by +the \fBwinbindd(8)\fP daemon\&. +.PP +The \fBwinbindd(8)\fP daemon must be configured and +running for the \fBwbinfo\fP program to be able to return information\&. +.PP +.SH "OPTIONS" +.PP +The following options are available to the \fBwbinfo\fP program: +.PP +.IP +.IP "\fB-u\fP" +.IP +This option will list all users available in the Windows NT domain for +which the \fBwinbindd(8)\fP daemon is operating in\&. +Users in all trusted domains will also be listed\&. Note that this operation +does not assign user ids to any users that have not already been seen by +\fBwinbindd(8)\fP\&. +.IP +.IP "\fB-g\fP" +.IP +This option will list all groups available in the Windows NT domain for +which the \fBwinbindd(8)\fP daemon is operating in\&. +Groups in all trusted domains will also be listed\&. Note that this +operation does not assign group ids to any groups that have not already +been seen by \fBwinbindd(8)\fP\&. +.IP +.IP "\fB-n name\fP" +.IP +The \fB-n\fP option queries \fBwinbindd(8)\fP for the SID +associated with the name specified\&. Domain names can be specified before +the user name by using the winbind separator character\&. For example +\f(CWDOM1/Administrator\fP refers to the \f(CWAdministrator\fP user in the domain +\f(CWDOM1\fP\&. If no domain is specified then the domain used is the one +specified in the \fBsmb\&.conf\fP \fBworkgroup\fP parameter\&. +.IP +.IP "\fB-s sid\fP" +.IP +Use \fB-s\fP to resolve a SID to a name\&. This is the inverse of the \fB-n\fP +option above\&. SIDs must be specified as ASCII strings in the traditional +Microsoft format\&. For example +\f(CWS-1-5-21-1455342024-3071081365-2475485837-500\fP\&. +.IP +.IP "\fB-U uid\fP" +.IP +Try to convert a UNIX user id to a Windows NT SID\&. If the uid specified +does not refer to one within the \fBwinbind uid range\fP then the operation +will fail\&. +.IP +.IP "\fB-G gid\fP" +.IP +Try to convert a UNIX group id to a Windows NT SID\&. If the gid specified +does not refer to one within the \fBwinbind gid range\fP then the operation +will fail\&. +.IP +.IP "\fB-S sid\fP" +.IP +Convert a SID to a UNIX user id\&. If the SID does not correspond to a UNIX +user mapped by \fBwinbindd(8)\fP then the operation +will fail\&. +.IP +.IP "\fB-Y sid\fP" +.IP +Convert a SID to a UNIX group id\&. If the SID does not correspond to a UNIX +group mapped by \fBwinbindd(8)\fP then the operation +will fail\&. +.IP +.PP +.SH "EXIT STATUS" +.PP +The \fBwbinfo\fP program returns 0 if the operation succeeded, or 1 if +the operation failed\&. If the \fBwinbindd(8)\fP daemon +is not working \fBwbinfo\fP will always return failure\&. +.PP +.SH "SEE ALSO" +.PP +\fBwinbindd(8)\fP +.PP +.SH "AUTHOR" +.PP +The original Samba software and related utilities were created by +Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open +Source project\&. +.PP +\fBwbinfo\fP was written by Tim Potter\&. diff --git a/docs/manpages/winbindd.8 b/docs/manpages/winbindd.8 index a54f01f781..5af9ca5f90 100644 --- a/docs/manpages/winbindd.8 +++ b/docs/manpages/winbindd.8 @@ -1,4 +1,4 @@ -.TH "winbindd " "1" "8 May 2000" "Samba" "SAMBA" +.TH "winbindd " "8" "13 Jun 2000" "Samba" "SAMBA" .PP .SH "NAME" winbindd \- Name Service Switch daemon for resolving names from NT servers @@ -114,6 +114,9 @@ separator) or a + character\&. The + character appears to be the best choice for 100% compatibility with existing unix utilities, but may be an aesthetically bad choice depending on your taste\&. .IP +\fBDefault:\fP +\f(CW winbind separator = \e\fP +.IP \fBExample:\fP \f(CW winbind separator = +\fP .IP @@ -133,9 +136,9 @@ conflicts can occur otherwise\&. .IP "winbind gid" .IP The winbind gid parameter specifies the range of group ids that are -allocated by the \fBwinbindd\fP daemon\&. This range of -group ids should have no existing local or nis groups within it as strange -conflicts can occur otherwise\&. +allocated by the \fBwinbindd\fP daemon\&. This range of group ids should have +no existing local or nis groups within it as strange conflicts can occur +otherwise\&. .IP \fBDefault:\fP \f(CW winbind gid = \fP @@ -145,14 +148,13 @@ conflicts can occur otherwise\&. .IP .IP "winbind cache time" .IP -This parameter specifies the number of seconds the -\fBwinbindd\fP daemon will cache user and group -information before querying a Windows NT server again\&. When a item in -the cache is older than this time winbindd will ask the domain -controller for the sequence number of the servers account database\&. If -the sequence number has not changed then the cached item is marked as -valid for a further "winbind cache time" seconds\&. Otherwise the item -is fetched from the server\&. This means that as long as the account +This parameter specifies the number of seconds the \fBwinbindd\fP daemon will +cache user and group information before querying a Windows NT server +again\&. When a item in the cache is older than this time winbindd will ask +the domain controller for the sequence number of the servers account +database\&. If the sequence number has not changed then the cached item is +marked as valid for a further "winbind cache time" seconds\&. Otherwise the +item is fetched from the server\&. This means that as long as the account database is not actively changing winbindd will only have to send one sequence number query packet every "winbind cache time" seconds\&. .IP @@ -162,10 +164,10 @@ sequence number query packet every "winbind cache time" seconds\&. .IP "template homedir" .IP When filling out the user information for a Windows NT user, the -\fBwinbindd\fP daemon uses this parameter to fill in -the home directory for that user\&. If the string \f(CW%D\fP is present it is -substituted with the user\'s Windows NT domain name\&. If the string \f(CW%U\fP -is present it is substituted with the user\'s Windows NT user name\&. +\fBwinbindd\fP daemon uses this parameter to fill in the home directory for +that user\&. If the string \f(CW%D\fP is present it is substituted with the +user\'s Windows NT domain name\&. If the string \f(CW%U\fP is present it is +substituted with the user\'s Windows NT user name\&. .IP \fBDefault:\fP \f(CW template homedir = /home/%D/%U\fP @@ -173,8 +175,7 @@ is present it is substituted with the user\'s Windows NT user name\&. .IP "template shell" .IP When filling out the user information for a Windows NT user, the -\fBwinbindd\fP daemon uses this parameter to fill in -the shell for that user\&. +\fBwinbindd\fP daemon uses this parameter to fill in the shell for that user\&. .IP \fBDefault:\fP \f(CW template shell = /bin/false\fP @@ -282,27 +283,52 @@ syntax for the username\&. You may wish to use the commands "getent passwd" and "getent group" to confirm the correct operation of winbindd\&. .PP -NOTE: \fBnmbd\fP must be running on the local machine for +.SH "NOTES" +.PP +The following notes are useful when configuring and running \fBwinbindd\fP: +.PP +.IP +.IP "" +\fBnmbd\fP must be running on the local machine for \fBwinbindd\fP to work\&. +.IP +.IP "" +Client processes resolving names through the \fBwinbindd\fP nsswitch module +read an environment variable named \f(CWWINBINDD_DOMAIN\fP\&. If this variable +contains a comma separated list of Windows NT domain names, then winbindd +will only resolve users and groups within those Windows NT domains\&. +.IP +.IP "" +PAM is really easy to misconfigure\&. Make sure you know what you are doing +when modifying PAM configuration files\&. It is possible to set up PAM +such that you can no longer log into your system\&. +.IP +.IP "" +If more than one UNIX machine is running \fBwinbindd\fP, then in general the +user and groups ids allocated by \fBwinbindd\fP will not be the same\&. The +user and group ids will only be valid for the local machine\&. +.IP +.IP "" +If the the Windows NT RID to UNIX user and group id mapping file +is damaged or destroyed then the mappings will be lost\&. +.IP .PP .SH "SIGNALS" .PP -The following signals can be used to manipulate the -\fBwinbindd\fP daemon\&. +The following signals can be used to manipulate the \fBwinbindd\fP daemon\&. .PP .IP .IP "\f(CWSIGHUP\fP" .IP Reload the \f(CWsmb\&.conf\fP file and apply any parameter changes to the running -version of \fBwinbindd\fP\&. This signal also clears any -cached user and group information\&. +version of \fBwinbindd\fP\&. This signal also clears any cached user and group +information\&. .IP .IP "\f(CWSIGUSR1\fP" .IP -The \f(CWSIGUSR1\fP signal will cause \fBwinbindd\fP to -write status information to the winbind log file including information -about the number of user and group ids allocated by -\fBwinbindd\fP\&. +The \f(CWSIGUSR1\fP signal will cause \fBwinbindd\fP to write status information +to the winbind log file including information about the number of user and +group ids allocated by \fBwinbindd\fP\&. .IP Log files are stored in the filename specified by the \fBlog file\fP parameter\&. .IP @@ -330,10 +356,8 @@ Implementation of name service switch library\&. .IP .IP "$LOCKDIR/winbindd_idmap\&.tdb" .IP -Storage for the Windows NT rid to UNIX user/group id mapping\&. If this file -is damaged or destroyed then the mappings will be lost\&. -.IP -The lock directory is specified when Samba is initially compiled using the +Storage for the Windows NT rid to UNIX user/group id mapping\&. The lock +directory is specified when Samba is initially compiled using the \f(CW--with-lockdir\fP option\&. This directory is by default \f(CW/usr/local/samba/var/locks\fP\&. .IP @@ -353,4 +377,4 @@ The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project\&. .PP -Winbindd was written by Tim Potter\&. +\fBwinbindd\fP was written by Tim Potter\&. -- cgit