.TH "winbindd " "1" "8 May 2000" "Samba" "SAMBA" .PP .SH "NAME" winbindd \- Name Service Switch daemon for resolving names from NT servers .PP .SH "SYNOPSIS" .PP \fBwinbindd\fP [-d debuglevel] [-i] .PP .SH "DESCRIPTION" .PP This program is part of the \fBSamba\fP suite version 3\&.0 and describes functionality not yet implemented in the main version of Samba\&. .PP \fBwinbindd\fP is a daemon that provides a service for the Name Service Switch capability that is present in most modern C libraries\&. The Name Service Switch allows user and system information to be obtained from different databases services such as NIS or DNS\&. The exact behaviour can be configured throught the \f(CW/etc/nsswitch\&.conf\fP file\&. Users and groups are allocated as they are resolved to a range of user and group ids specified by the administrator of the Samba system\&. .PP The service provided by \fBwinbindd\fP is called `winbind\' and can be used to resolve user and group information from a Windows NT server\&. .PP The following nsswitch databases are implemented by the \fBwinbindd\fP service: .PP .IP .IP "passwd" .IP User information traditionally stored in the \fBpasswd(5)\fP file and used by \fBgetpwent(3)\fP functions\&. .IP .IP "group" .IP Group information traditionally stored in the \fBgroup(5)\fP file and used by \fBgetgrent(3)\fP functions\&. .IP .PP For example, the following simple configuration in the \f(CW/etc/nsswitch\&.conf\fP file can be used to initially resolve user and group information from \f(CW/etc/passwd\fP and \f(CW/etc/group\fP and then from the Windows NT server\&. .PP \f(CWpasswd: files winbind\fP .PP \f(CWgroup: files winbind\fP .PP .SH "OPTIONS" .PP The following options are available to the \fBwinbindd\fP daemon: .PP .IP .IP "\fB-d debuglevel\fP" Sets the debuglevel to an integer between 0 and 100\&. 0 is for no debugging and 100 is for reams and reams\&. To submit a bug report to the Samba Team, use debug level 100 (see \fBBUGS\&.txt\fP)\&. .IP .IP "\fB-i\fP" Tells winbindd to not become a daemon and detach from the current terminal\&. This option is used by developers when interactive debugging of winbindd is required\&. .IP .PP .SH "NAME AND ID RESOLUTION" .PP Users and groups on a Windows NT server are assigned a relative id (rid) which is unique for the domain when the user or group is created\&. To convert the Windows NT user or group into a unix user or group, a mapping between rids and unix user and group ids is required\&. This is one of the jobs that \fBwinbindd\fP performs\&. .PP As \fBwinbindd\fP users and groups are resolved from a server, user and group ids are allocated from a specified range\&. This is done on a first come, first served basis, although all existing users and groups will be mapped as soon as a client performs a user or group enumeration command\&. The allocated unix ids are stored in a database file under the Samba lock directory and will be remembered\&. .PP WARNING: The rid to unix id database is the only location where the user and group mappings are stored by \fBwinbindd\fP\&. If this file is deleted or corrupted, there is no way for \fBwinbindd\fP to determine which user and group ids correspond to Windows NT user and group rids\&. .PP .SH "CONFIGURATION" .PP Configuration of the \fBwinbindd\fP daemon is done through configuration parameters in the \fBsmb\&.conf\fP file\&. All parameters should be specified in the [global] section of \fBsmb\&.conf\fP\&. .PP .IP .IP "winbind uid" .IP The winbind uid parameter specifies the range of user ids that are allocated by the \fBwinbindd\fP daemon\&. This range of ids should have no existing local or nis users within it as strange conflicts can occur otherwise\&. .IP \fBDefault:\fP \f(CW winbind uid = \fP .IP \fBExample:\fP \f(CW winbind uid = 10000-20000\fP .IP .IP "winbind gid" .IP The winbind gid parameter specifies the range of group ids that are allocated by the \fBwinbindd\fP daemon\&. This range of group ids should have no existing local or nis groups within it as strange conflicts can occur otherwise\&. .IP \fBDefault:\fP \f(CW winbind gid = \fP .IP \fBExample:\fP \f(CW winbind gid = 10000-20000\fP .IP .IP "winbind cache time" .IP This parameter specifies the number of seconds the \fBwinbindd\fP daemon will cache user and group information before querying a Windows NT server again\&. .IP \fBDefault:\fP \f(CW winbind cache type = 15\fP .IP .IP "template homedir" .IP When filling out the user information for a Windows NT user, the \fBwinbindd\fP daemon uses this parameter to fill in the home directory for that user\&. If the string \f(CW%D\fP is present it is substituted with the user\'s Windows NT domain name\&. If the string \f(CW%U\fP is present it is substituted with the user\'s Windows NT user name\&. .IP \fBDefault:\fP \f(CW template homedir = /home/%D/%U\fP .IP .IP "template shell" .IP When filling out the user information for a Windows NT user, the \fBwinbindd\fP daemon uses this parameter to fill in the home directory for that user\&. If the string \f(CW%D\fP is present it is substituted with the user\'s Windows NT domain name\&. If the string \f(CW%U\fP is present it is substituted with the user\'s Windows NT user name\&. .IP \fBDefault:\fP \f(CW template homedir = /home/%D/%U\fP .IP .PP .SH "FILES" .PP The following files are relevant to the operation of the \fBwinbindd\fP daemon\&. .PP .IP .IP "/etc/nsswitch\&.conf(5)" .IP Name service switch configuration file\&. .IP .IP "/tmp/\&.winbindd/pipe" .IP The UNIX pipe over which clients communicate with the \fBwinbindd\fP program\&. For security reasons, the winbind client will only attempt to connect to the \fBwinbindd\fP daemon if both the \f(CW/tmp/\&.winbindd\fP directory and \f(CW/tmp/\&.winbindd/pipe\fP file are owned by root\&. .IP .IP "/lib/libnss_winbind\&.so\&.X" .IP Implementation of name service switch library\&. .IP .IP "$LOCKDIR/winbindd_idmap\&.tdb" .IP Storage for the Windows NT rid to UNIX user/group id mapping\&. If this file is damaged or destroyed then the mappings will be lost\&. .IP The lock directory is specified when Samba is initially compiled using the \f(CW--with-lockdir\fP option\&. This directory is by default \f(CW/usr/local/samba/var/locks\fP\&. .IP .IP "$LOCKDIR/winbindd_cache\&.tdb" .IP Storage for cached user and group information\&. .IP .PP .SH "SEE ALSO" .PP \fBsamba(7)\fP, \fBsmb\&.conf(5)\fP, \fBnsswitch\&.conf(5)\fP .PP .SH "AUTHOR" .PP The original Samba software and related utilities were created by Andrew Tridgell samba-bugs@samba\&.org\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&. .PP Winbindd was written by Tim Potter\&.