Changeset 134 for branches/samba-3.0/docs/htmldocs/manpages/winbindd.8.html

Timestamp:

May 23, 2008, 6:56:41 AM (17 years ago)

Author:

Paul Smedley

Message:

Update source to 3.0.29

File:

• branches/samba-3.0/docs/htmldocs/manpages/winbindd.8.html (modified) (9 diffs)

branches/samba-3.0/docs/htmldocs/manpages/winbindd.8.html

@@ -1 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>winbindd</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.71.0"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="winbindd.8"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>winbindd &#8212; Name Service Switch daemon for resolving names 
-        from NT servers</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="literal">winbindd</code> [-F] [-S] [-i] [-Y] [-d &lt;debug level&gt;] [-s &lt;smb config file&gt;] [-n]</p></div></div><div class="refsect1" lang="en"><a name="id259558"></a><h2>DESCRIPTION</h2><p>This program is part of the <a href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a> suite.</p><p><code class="literal">winbindd</code> is a daemon that provides 
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>winbindd</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.73.2"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="winbindd.8"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>winbindd &#8212; Name Service Switch daemon for resolving names
+        from NT servers</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="literal">winbindd</code> [-D] [-F] [-S] [-i] [-Y] [-d &lt;debug level&gt;] [-s &lt;smb config file&gt;] [-n]</p></div></div><div class="refsect1" lang="en"><a name="id282746"></a><h2>DESCRIPTION</h2><p>This program is part of the <a class="citerefentry" href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a> suite.</p><p><code class="literal">winbindd</code> is a daemon that provides
         a number of services to the Name Service Switch capability found
-        in most modern C libraries, to arbitary applications via PAM
+        in most modern C libraries, to arbitrary applications via PAM
         and <code class="literal">ntlm_auth</code> and to Samba itself.</p><p>Even if winbind is not used for nsswitch, it still provides a
         service to <code class="literal">smbd</code>, <code class="literal">ntlm_auth</code>
         and the <code class="literal">pam_winbind.so</code> PAM module, by managing connections to
         domain controllers.  In this configuraiton the
-        <a class="indexterm" name="id259361"></a>idmap uid and
-        <a class="indexterm" name="id259368"></a>idmap gid
-        parameters are not required. (This is known as `netlogon proxy only mode'.)</p><p> The Name Service Switch allows user 
-        and system information to be obtained from different databases 
-        services such as NIS or DNS.  The exact behaviour can be configured 
-        throught the <code class="filename">/etc/nsswitch.conf</code> file.  
-        Users and groups are allocated as they are resolved to a range 
-        of user and group ids specified by the administrator of the 
-        Samba system.</p><p>The service provided by <code class="literal">winbindd</code> is called `winbind' and 
-        can be used to resolve user and group information from a 
+        <a class="link" href="smb.conf.5.html#IDMAPUID">idmap uid</a> and
+        <a class="link" href="smb.conf.5.html#IDMAPGID">idmap gid</a>
+        parameters are not required. (This is known as `netlogon proxy only mode'.)</p><p> The Name Service Switch allows user
+        and system information to be obtained from different databases
+        services such as NIS or DNS.  The exact behaviour can be configured
+        throught the <code class="filename">/etc/nsswitch.conf</code> file.
+        Users and groups are allocated as they are resolved to a range
+        of user and group ids specified by the administrator of the
+        Samba system.</p><p>The service provided by <code class="literal">winbindd</code> is called `winbind' and
+        can be used to resolve user and group information from a
         Windows NT server. The service can also provide authentication
         services via an associated PAM module. </p><p>
@@ -22 +22 @@
         <em class="parameter"><code>auth</code></em>, <em class="parameter"><code>account</code></em>
         and <em class="parameter"><code>password</code></em>
-        module-types.  It should be noted that the 
+        module-types.  It should be noted that the
         <em class="parameter"><code>account</code></em> module simply performs a getpwnam() to verify that
         the system can obtain a uid for the user, as the domain
@@ -28 +28 @@
         <code class="filename">libnss_winbind</code> library has been correctly
         installed, or an alternate source of names configured, this should always succeed.
-        </p><p>The following nsswitch databases are implemented by 
-        the winbindd service: </p><div class="variablelist"><dl><dt><span class="term">hosts</span></dt><dd><p>This feature is only available on IRIX.
-                User information traditionally stored in 
-                the <code class="filename">hosts(5)</code> file and used by 
+        </p><p>The following nsswitch databases are implemented by
+        the winbindd service: </p><div class="variablelist"><dl><dt><span class="term">-D</span></dt><dd><p>If specified, this parameter causes
+                the server to operate as a daemon. That is, it detaches
+                itself and runs in the background on the appropriate port. 
+                This switch is assumed if <code class="literal">winbindd</code> is 
+                executed on the command line of a shell.
+                </p></dd><dt><span class="term">hosts</span></dt><dd><p>This feature is only available on IRIX.
+                User information traditionally stored in
+                the <code class="filename">hosts(5)</code> file and used by
                 <code class="literal">gethostbyname(3)</code> functions. Names are
                 resolved through the WINS server or by broadcast.
-                </p></dd><dt><span class="term">passwd</span></dt><dd><p>User information traditionally stored in 
-                the <code class="filename">passwd(5)</code> file and used by 
-                <code class="literal">getpwent(3)</code> functions. </p></dd><dt><span class="term">group</span></dt><dd><p>Group information traditionally stored in 
-                the <code class="filename">group(5)</code> file and used by             
+                </p></dd><dt><span class="term">passwd</span></dt><dd><p>User information traditionally stored in
+                the <code class="filename">passwd(5)</code> file and used by
+                <code class="literal">getpwent(3)</code> functions. </p></dd><dt><span class="term">group</span></dt><dd><p>Group information traditionally stored in
+                the <code class="filename">group(5)</code> file and used by
                 <code class="literal">getgrent(3)</code> functions. </p></dd></dl></div><p>For example, the following simple configuration in the
-        <code class="filename">/etc/nsswitch.conf</code> file can be used to initially 
+        <code class="filename">/etc/nsswitch.conf</code> file can be used to initially
         resolve user and group information from <code class="filename">/etc/passwd
-        </code> and <code class="filename">/etc/group</code> and then from the 
+        </code> and <code class="filename">/etc/group</code> and then from the
         Windows NT server.
 </p><pre class="programlisting">
@@ -53 +58 @@
         WINS server.</p><pre class="programlisting">
 hosts:          files wins
-</pre></div><div class="refsect1" lang="en"><a name="id260125"></a><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">-F</span></dt><dd><p>If specified, this parameter causes
+</pre></div><div class="refsect1" lang="en"><a name="id324498"></a><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">-F</span></dt><dd><p>If specified, this parameter causes
                 the main <code class="literal">winbindd</code> process to not daemonize,
                 i.e. double-fork and disassociate with the terminal.
@@ -65 +70 @@
                 </p></dd><dt><span class="term">-S</span></dt><dd><p>If specified, this parameter causes
                 <code class="literal">winbindd</code> to log to standard output rather
-                than a file.</p></dd><dt><span class="term">-V</span></dt><dd><p>Prints the program version number.
-</p></dd><dt><span class="term">-s &lt;configuration file&gt;</span></dt><dd><p>The file specified contains the 
-configuration details required by the server.  The 
-information in this file includes server-specific
-information such as what printcap file to use, as well 
-as descriptions of all the services that the server is 
-to provide. See <code class="filename">smb.conf</code> for more information.
-The default configuration file name is determined at 
-compile time.</p></dd><dt><span class="term">-d|--debuglevel=level</span></dt><dd><p><em class="replaceable"><code>level</code></em> is an integer 
-from 0 to 10.  The default value if this parameter is 
-not specified is zero.</p><p>The higher this value, the more detail will be 
+                than a file.</p></dd><dt><span class="term">-d|--debuglevel=level</span></dt><dd><p><em class="replaceable"><code>level</code></em> is an integer 
+from 0 to 10. The default value if this parameter is 
+not specified is 0.</p><p>The higher this value, the more detail will be 
 logged to the log files about the activities of the 
 server. At level 0, only critical errors and serious 
@@ -85 +82 @@
 use only by developers and generate HUGE amounts of log
 data, most of which is extremely cryptic.</p><p>Note that specifying this parameter here will 
-override the <a class="indexterm" name="id300475"></a> parameter
-in the <code class="filename">smb.conf</code> file.</p></dd><dt><span class="term">-l|--logfile=logdirectory</span></dt><dd><p>Base directory name for log/debug files. The extension
+override the <a class="link" href="smb.conf.5.html#LOGLEVEL">log level</a> parameter
+in the <code class="filename">smb.conf</code> file.</p></dd><dt><span class="term">-V</span></dt><dd><p>Prints the program version number.
+</p></dd><dt><span class="term">-s &lt;configuration file&gt;</span></dt><dd><p>The file specified contains the 
+configuration details required by the server.  The 
+information in this file includes server-specific
+information such as what printcap file to use, as well 
+as descriptions of all the services that the server is 
+to provide. See <code class="filename">smb.conf</code> for more information.
+The default configuration file name is determined at 
+compile time.</p></dd><dt><span class="term">-l|--log-basename=logdirectory</span></dt><dd><p>Base directory name for log/debug files. The extension
 <code class="constant">".progname"</code> will be appended (e.g. log.smbclient, 
 log.smbd, etc...). The log file is never removed by the client.
 </p></dd><dt><span class="term">-h|--help</span></dt><dd><p>Print a summary of command line options.
-</p></dd><dt><span class="term">-i</span></dt><dd><p>Tells <code class="literal">winbindd</code> to not 
-                become a daemon and detach from the current terminal. This 
-                option is used by developers when interactive debugging 
+</p></dd><dt><span class="term">-i</span></dt><dd><p>Tells <code class="literal">winbindd</code> to not
+                become a daemon and detach from the current terminal. This
+                option is used by developers when interactive debugging
                 of <code class="literal">winbindd</code> is required.
                 <code class="literal">winbindd</code> also logs to standard output,
                 as if the <code class="literal">-S</code> parameter had been given.
-                </p></dd><dt><span class="term">-n</span></dt><dd><p>Disable caching. This means winbindd will 
-                always have to wait for a response from the domain controller 
-                before it can respond to a client and this thus makes things 
-                slower. The results will however be more accurate, since 
-                results from the cache might not be up-to-date. This 
+                </p></dd><dt><span class="term">-n</span></dt><dd><p>Disable caching. This means winbindd will
+                always have to wait for a response from the domain controller
+                before it can respond to a client and this thus makes things
+                slower. The results will however be more accurate, since
+                results from the cache might not be up-to-date. This
                 might also temporarily hang winbindd if the DC doesn't respond.
-                </p></dd><dt><span class="term">-Y</span></dt><dd><p>Single daemon mode. This means winbindd will run 
-                as a single process (the mode of operation in Samba 2.2).  Winbindd's 
-                default behavior is to launch a child process that is responsible for 
+                </p></dd><dt><span class="term">-Y</span></dt><dd><p>Single daemon mode. This means winbindd will run
+                as a single process (the mode of operation in Samba 2.2).  Winbindd's
+                default behavior is to launch a child process that is responsible for
                 updating expired cache entries.
-                </p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id300582"></a><h2>NAME AND ID RESOLUTION</h2><p>Users and groups on a Windows NT server are assigned 
-        a security id (SID) which is globally unique when the 
-        user or group is created.  To convert the Windows NT user or group 
-        into a unix user or group, a mapping between SIDs and unix user 
+                </p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id324720"></a><h2>NAME AND ID RESOLUTION</h2><p>Users and groups on a Windows NT server are assigned
+        a security id (SID) which is globally unique when the
+        user or group is created.  To convert the Windows NT user or group
+        into a unix user or group, a mapping between SIDs and unix user
         and group ids is required.  This is one of the jobs that <code class="literal">
-        winbindd</code> performs. </p><p>As winbindd users and groups are resolved from a server, user 
+        winbindd</code> performs. </p><p>As winbindd users and groups are resolved from a server, user
         and group ids are allocated from a specified range.  This
-        is done on a first come, first served basis, although all existing 
-        users and groups will be mapped as soon as a client performs a user 
-        or group enumeration command.  The allocated unix ids are stored 
-        in a database and will be remembered. </p><p>WARNING: The SID to unix id database is the only location 
-        where the user and group mappings are stored by winbindd.  If this 
-        store is deleted or corrupted, there is no way for winbindd to 
-        determine which user and group ids correspond to Windows NT user 
-        and group rids. </p><p>See the <a class="indexterm" name="id300614"></a> or the old <a class="indexterm" name="id300619"></a> parameters in
+        is done on a first come, first served basis, although all existing
+        users and groups will be mapped as soon as a client performs a user
+        or group enumeration command.  The allocated unix ids are stored
+        in a database and will be remembered. </p><p>WARNING: The SID to unix id database is the only location
+        where the user and group mappings are stored by winbindd.  If this
+        store is deleted or corrupted, there is no way for winbindd to
+        determine which user and group ids correspond to Windows NT user
+        and group rids. </p><p>See the <a class="link" href="smb.conf.5.html#IDMAPDOMAINS">idmap domains</a> or the old <a class="link" href="smb.conf.5.html#IDMAPBACKEND">idmap backend</a> parameters in
         <code class="filename">smb.conf</code> for options for sharing this
-        database, such as via LDAP.</p></div><div class="refsect1" lang="en"><a name="id300634"></a><h2>CONFIGURATION</h2><p>Configuration of the <code class="literal">winbindd</code> daemon 
-        is done through configuration parameters in the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> file.  All parameters should be specified in the 
+        database, such as via LDAP.</p></div><div class="refsect1" lang="en"><a name="id324773"></a><h2>CONFIGURATION</h2><p>Configuration of the <code class="literal">winbindd</code> daemon
+        is done through configuration parameters in the <a class="citerefentry" href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> file.  All parameters should be specified in the
         [global] section of smb.conf. </p><div class="itemizedlist"><ul type="disc"><li><p>
-                <a class="indexterm" name="id300664"></a>winbind separator</p></li><li><p>
-                <a class="indexterm" name="id300675"></a>idmap uid</p></li><li><p>
-                <a class="indexterm" name="id300687"></a>idmap gid</p></li><li><p>
-                <a class="indexterm" name="id300698"></a>idmap backend</p></li><li><p>
-                <a class="indexterm" name="id300709"></a>winbind cache time</p></li><li><p>
-                <a class="indexterm" name="id300721"></a>winbind enum users</p></li><li><p>
-                <a class="indexterm" name="id300732"></a>winbind enum groups</p></li><li><p>
-                <a class="indexterm" name="id300743"></a>template homedir</p></li><li><p>
-                <a class="indexterm" name="id300755"></a>template shell</p></li><li><p>
-                <a class="indexterm" name="id300766"></a>winbind use default domain</p></li><li><p>
-                <a class="indexterm" name="id300778"></a>winbind: rpc only
+                <a class="link" href="smb.conf.5.html#WINBINDSEPARATOR">winbind separator</a></p></li><li><p>
+                <a class="link" href="smb.conf.5.html#IDMAPUID">idmap uid</a></p></li><li><p>
+                <a class="link" href="smb.conf.5.html#IDMAPGID">idmap gid</a></p></li><li><p>
+                <a class="link" href="smb.conf.5.html#IDMAPBACKEND">idmap backend</a></p></li><li><p>
+                <a class="link" href="smb.conf.5.html#WINBINDCACHETIME">winbind cache time</a></p></li><li><p>
+                <a class="link" href="smb.conf.5.html#WINBINDENUMUSERS">winbind enum users</a></p></li><li><p>
+                <a class="link" href="smb.conf.5.html#WINBINDENUMGROUPS">winbind enum groups</a></p></li><li><p>
+                <a class="link" href="smb.conf.5.html#TEMPLATEHOMEDIR">template homedir</a></p></li><li><p>
+                <a class="link" href="smb.conf.5.html#TEMPLATESHELL">template shell</a></p></li><li><p>
+                <a class="link" href="smb.conf.5.html#WINBINDUSEDEFAULTDOMAIN">winbind use default domain</a></p></li><li><p>
+                <a class="link" href="smb.conf.5.html#WINBIND:RPCONLY">winbind: rpc only</a>
                 Setting this parameter forces winbindd to use RPC
                 instead of LDAP to retrieve information from Domain
                 Controllers.
-                </p></li></ul></div></div><div class="refsect1" lang="en"><a name="id300789"></a><h2>EXAMPLE SETUP</h2><p>
-        To setup winbindd for user and group lookups plus 
-        authentication from a domain controller use something like the 
+                </p></li></ul></div></div><div class="refsect1" lang="en"><a name="id324918"></a><h2>EXAMPLE SETUP</h2><p>
+        To setup winbindd for user and group lookups plus
+        authentication from a domain controller use something like the
         following setup. This was tested on an early Red Hat Linux box.
-        </p><p>In <code class="filename">/etc/nsswitch.conf</code> put the 
+        </p><p>In <code class="filename">/etc/nsswitch.conf</code> put the
         following:
 </p><pre class="programlisting">
@@ -163 +168 @@
         </p></div><p>Note in particular the use of the <em class="parameter"><code>sufficient
         </code></em> keyword and the <em class="parameter"><code>use_first_pass</code></em> keyword. </p><p>Now replace the account lines with this: </p><p><code class="literal">account    required   /lib/security/pam_winbind.so
-        </code></p><p>The next step is to join the domain. To do that use the 
+        </code></p><p>The next step is to join the domain. To do that use the
         <code class="literal">net</code> program like this:  </p><p><code class="literal">net join -S PDC -U Administrator</code></p><p>The username after the <em class="parameter"><code>-U</code></em> can be any
         Domain user that has administrator privileges on the machine.
-        Substitute the name or IP of your PDC for "PDC".</p><p>Next copy <code class="filename">libnss_winbind.so</code> to 
+        Substitute the name or IP of your PDC for "PDC".</p><p>Next copy <code class="filename">libnss_winbind.so</code> to
         <code class="filename">/lib</code> and <code class="filename">pam_winbind.so
         </code> to <code class="filename">/lib/security</code>.  A symbolic link needs to be
@@ -172 +177 @@
         <code class="filename">/lib/libnss_winbind.so.2</code>.  If you are using an
         older version of glibc then the target of the link should be
-        <code class="filename">/lib/libnss_winbind.so.1</code>.</p><p>Finally, setup a <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> containing directives like the 
+        <code class="filename">/lib/libnss_winbind.so.1</code>.</p><p>Finally, setup a <a class="citerefentry" href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> containing directives like the
         following:
 </p><pre class="programlisting">
@@ -185 +190 @@
         security = domain
         password server = *
-</pre><p>Now start winbindd and you should find that your user and 
-        group database is expanded to include your NT users and groups, 
-        and that you can login to your unix box as a domain user, using 
-        the DOMAIN+user syntax for the username. You may wish to use the 
+</pre><p>Now start winbindd and you should find that your user and
+        group database is expanded to include your NT users and groups,
+        and that you can login to your unix box as a domain user, using
+        the DOMAIN+user syntax for the username. You may wish to use the
         commands <code class="literal">getent passwd</code> and <code class="literal">getent group
-        </code> to confirm the correct operation of winbindd.</p></div><div class="refsect1" lang="en"><a name="id300980"></a><h2>NOTES</h2><p>The following notes are useful when configuring and 
-        running <code class="literal">winbindd</code>: </p><p><a href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> must be running on the local machine 
-        for <code class="literal">winbindd</code> to work. </p><p>PAM is really easy to misconfigure.  Make sure you know what 
-        you are doing when modifying PAM configuration files.  It is possible 
-        to set up PAM such that you can no longer log into your system. </p><p>If more than one UNIX machine is running <code class="literal">winbindd</code>, 
-        then in general the user and groups ids allocated by winbindd will not 
-        be the same.  The user and group ids will only be valid for the local 
-        machine, unless a shared <a class="indexterm" name="id301027"></a> is configured.</p><p>If the the Windows NT SID to UNIX user and group id mapping 
-        file is damaged or destroyed then the mappings will be lost. </p></div><div class="refsect1" lang="en"><a name="id301040"></a><h2>SIGNALS</h2><p>The following signals can be used to manipulate the 
-        <code class="literal">winbindd</code> daemon. </p><div class="variablelist"><dl><dt><span class="term">SIGHUP</span></dt><dd><p>Reload the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> file and 
-                apply any parameter changes to the running 
-                version of winbindd.  This signal also clears any cached 
-                user and group information.  The list of other domains trusted 
+        </code> to confirm the correct operation of winbindd.</p></div><div class="refsect1" lang="en"><a name="id325091"></a><h2>NOTES</h2><p>The following notes are useful when configuring and
+        running <code class="literal">winbindd</code>: </p><p><a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> must be running on the local machine
+        for <code class="literal">winbindd</code> to work. </p><p>PAM is really easy to misconfigure.  Make sure you know what
+        you are doing when modifying PAM configuration files.  It is possible
+        to set up PAM such that you can no longer log into your system. </p><p>If more than one UNIX machine is running <code class="literal">winbindd</code>,
+        then in general the user and groups ids allocated by winbindd will not
+        be the same.  The user and group ids will only be valid for the local
+        machine, unless a shared <a class="link" href="smb.conf.5.html#IDMAPBACKEND">idmap backend</a> is configured.</p><p>If the the Windows NT SID to UNIX user and group id mapping
+        file is damaged or destroyed then the mappings will be lost. </p></div><div class="refsect1" lang="en"><a name="id325147"></a><h2>SIGNALS</h2><p>The following signals can be used to manipulate the
+        <code class="literal">winbindd</code> daemon. </p><div class="variablelist"><dl><dt><span class="term">SIGHUP</span></dt><dd><p>Reload the <a class="citerefentry" href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> file and
+                apply any parameter changes to the running
+                version of winbindd.  This signal also clears any cached
+                user and group information.  The list of other domains trusted
                 by winbindd is also reloaded.  </p></dd><dt><span class="term">SIGUSR2</span></dt><dd><p>The SIGUSR2 signal will cause <code class="literal">
-                winbindd</code> to write status information to the winbind 
-                log file.</p><p>Log files are stored in the filename specified by the 
-                log file parameter.</p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id301102"></a><h2>FILES</h2><div class="variablelist"><dl><dt><span class="term"><code class="filename">/etc/nsswitch.conf(5)</code></span></dt><dd><p>Name service switch configuration file.</p></dd><dt><span class="term">/tmp/.winbindd/pipe</span></dt><dd><p>The UNIX pipe over which clients communicate with 
-                the <code class="literal">winbindd</code> program.  For security reasons, the 
-                winbind client will only attempt to connect to the winbindd daemon 
+                winbindd</code> to write status information to the winbind
+                log file.</p><p>Log files are stored in the filename specified by the
+                log file parameter.</p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id325205"></a><h2>FILES</h2><div class="variablelist"><dl><dt><span class="term"><code class="filename">/etc/nsswitch.conf(5)</code></span></dt><dd><p>Name service switch configuration file.</p></dd><dt><span class="term">/tmp/.winbindd/pipe</span></dt><dd><p>The UNIX pipe over which clients communicate with
+                the <code class="literal">winbindd</code> program.  For security reasons, the
+                winbind client will only attempt to connect to the winbindd daemon
                 if both the <code class="filename">/tmp/.winbindd</code> directory
-                and <code class="filename">/tmp/.winbindd/pipe</code> file are owned by 
-                root. </p></dd><dt><span class="term">$LOCKDIR/winbindd_privileged/pipe</span></dt><dd><p>The UNIX pipe over which 'privileged' clients 
-                communicate with the <code class="literal">winbindd</code> program.  For security 
-                reasons, access to some winbindd functions - like those needed by 
+                and <code class="filename">/tmp/.winbindd/pipe</code> file are owned by
+                root. </p></dd><dt><span class="term">$LOCKDIR/winbindd_privileged/pipe</span></dt><dd><p>The UNIX pipe over which 'privileged' clients
+                communicate with the <code class="literal">winbindd</code> program.  For security
+                reasons, access to some winbindd functions - like those needed by
                 the <code class="literal">ntlm_auth</code> utility - is restricted.  By default,
                 only users in the 'root' group will get this access, however the administrator
                 may change the group permissions on $LOCKDIR/winbindd_privileged to allow
                 programs like 'squid' to use ntlm_auth.
-                Note that the winbind client will only attempt to connect to the winbindd daemon 
+                Note that the winbind client will only attempt to connect to the winbindd daemon
                 if both the <code class="filename">$LOCKDIR/winbindd_privileged</code> directory
-                and <code class="filename">$LOCKDIR/winbindd_privileged/pipe</code> file are owned by 
+                and <code class="filename">$LOCKDIR/winbindd_privileged/pipe</code> file are owned by
                 root. </p></dd><dt><span class="term">/lib/libnss_winbind.so.X</span></dt><dd><p>Implementation of name service switch library.
-                </p></dd><dt><span class="term">$LOCKDIR/winbindd_idmap.tdb</span></dt><dd><p>Storage for the Windows NT rid to UNIX user/group 
-                id mapping.  The lock directory is specified when Samba is initially 
+                </p></dd><dt><span class="term">$LOCKDIR/winbindd_idmap.tdb</span></dt><dd><p>Storage for the Windows NT rid to UNIX user/group
+                id mapping.  The lock directory is specified when Samba is initially
                 compiled using the <em class="parameter"><code>--with-lockdir</code></em> option.
                 This directory is by default <code class="filename">/usr/local/samba/var/locks
                 </code>. </p></dd><dt><span class="term">$LOCKDIR/winbindd_cache.tdb</span></dt><dd><p>Storage for cached user and group information.
-                </p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id301246"></a><h2>VERSION</h2><p>This man page is correct for version 3.0 of
-        the Samba suite.</p></div><div class="refsect1" lang="en"><a name="id301257"></a><h2>SEE ALSO</h2><p><code class="filename">nsswitch.conf(5)</code>, <a href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a>, <a href="wbinfo.1.html"><span class="citerefentry"><span class="refentrytitle">wbinfo</span>(1)</span></a>, <a href="ntlm_auth.8.html"><span class="citerefentry"><span class="refentrytitle">ntlm_auth</span>(8)</span></a>, <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a>, <a href="pam_winbind.8.html"><span class="citerefentry"><span class="refentrytitle">pam_winbind</span>(8)</span></a></p></div><div class="refsect1" lang="en"><a name="id301314"></a><h2>AUTHOR</h2><p>The original Samba software and related utilities 
+                </p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id325338"></a><h2>VERSION</h2><p>This man page is correct for version 3.0 of
+        the Samba suite.</p></div><div class="refsect1" lang="en"><a name="id325349"></a><h2>SEE ALSO</h2><p><code class="filename">nsswitch.conf(5)</code>, <a class="citerefentry" href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a>, <a class="citerefentry" href="wbinfo.1.html"><span class="citerefentry"><span class="refentrytitle">wbinfo</span>(1)</span></a>, <a class="citerefentry" href="ntlm_auth.8.html"><span class="citerefentry"><span class="refentrytitle">ntlm_auth</span>(8)</span></a>, <a class="citerefentry" href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a>, <a class="citerefentry" href="pam_winbind.8.html"><span class="citerefentry"><span class="refentrytitle">pam_winbind</span>(8)</span></a></p></div><div class="refsect1" lang="en"><a name="id325404"></a><h2>AUTHOR</h2><p>The original Samba software and related utilities
         were created by Andrew Tridgell. Samba is now developed
-        by the Samba Team as an Open Source project similar 
-        to the way the Linux kernel is developed.</p><p><code class="literal">wbinfo</code> and <code class="literal">winbindd</code> were 
-        written by Tim Potter.</p><p>The conversion to DocBook for Samba 2.2 was done 
+        by the Samba Team as an Open Source project similar
+        to the way the Linux kernel is developed.</p><p><code class="literal">wbinfo</code> and <code class="literal">winbindd</code> were
+        written by Tim Potter.</p><p>The conversion to DocBook for Samba 2.2 was done
         by Gerald Carter. The conversion to DocBook XML 4.2 for
         Samba 3.0 was done by Alexander Bokovoy.</p></div></div></body></html>