Changeset 134 for branches/samba-3.0/docs/manpages/winbindd.8
- Timestamp:
- May 23, 2008, 6:56:41 AM (17 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/samba-3.0/docs/manpages/winbindd.8
r44 r134 1 .\"Generated by db2man.xsl. Don't modify this, modify the source. 2 .de Sh \" Subsection 3 .br 4 .if t .Sp 5 .ne 5 6 .PP 7 \fB\\$1\fR 8 .PP 9 .. 10 .de Sp \" Vertical space (when we can't use .PP) 11 .if t .sp .5v 12 .if n .sp 13 .. 14 .de Ip \" List item 15 .br 16 .ie \\n(.$>=3 .ne \\$3 17 .el .ne 3 18 .IP "\\$1" \\$2 19 .. 20 .TH "WINBINDD" 8 "" "" "" 1 .\" Title: winbindd 2 .\" Author: 3 .\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/> 4 .\" Date: 05/21/2008 5 .\" Manual: System Administration tools 6 .\" Source: Samba 3.0 7 .\" 8 .TH "WINBINDD" "8" "05/21/2008" "Samba 3\.0" "System Administration tools" 9 .\" disable hyphenation 10 .nh 11 .\" disable justification (adjust text to left margin only) 12 .ad l 21 13 .SH "NAME" 22 14 winbindd - Name Service Switch daemon for resolving names from NT servers 23 15 .SH "SYNOPSIS" 24 16 .HP 1 25 winbindd [ -F] [-S] [-i] [-Y] [-d <debug level>] [-s <smb config file>] [-n]17 winbindd [\-D] [\-F] [\-S] [\-i] [\-Y] [\-d\ <debug\ level>] [\-s\ <smb\ config\ file>] [\-n] 26 18 .SH "DESCRIPTION" 27 19 .PP 28 20 This program is part of the 29 21 \fBsamba\fR(7) 30 suite .31 .PP 32 winbindd 33 is a daemon that provides a number of services to the Name Service Switch capability found in most modern C libraries, to arbit ary applications via PAM and22 suite\. 23 .PP 24 winbindd 25 is a daemon that provides a number of services to the Name Service Switch capability found in most modern C libraries, to arbitrary applications via PAM and 34 26 ntlm_auth 35 and to Samba itself .27 and to Samba itself\. 36 28 .PP 37 29 Even if winbind is not used for nsswitch, it still provides a service to … … 39 31 ntlm_auth 40 32 and the 41 pam_winbind.so 42 PAM module, by managing connections to domain controllers. In this configuraiton the 43 idmap uid and 44 idmap gid parameters are not required. (This is known as `netlogon proxy only mode'.) 45 .PP 46 The Name Service Switch allows user and system information to be obtained from different databases services such as NIS or DNS. The exact behaviour can be configured throught the 47 \fI/etc/nsswitch.conf\fR 48 file. Users and groups are allocated as they are resolved to a range of user and group ids specified by the administrator of the Samba system. 33 pam_winbind\.so 34 PAM module, by managing connections to domain controllers\. In this configuraiton the 35 \fIidmap uid\fR 36 and 37 \fIidmap gid\fR 38 parameters are not required\. (This is known as `netlogon proxy only mode\'\.) 39 .PP 40 The Name Service Switch allows user and system information to be obtained from different databases services such as NIS or DNS\. The exact behaviour can be configured throught the 41 \fI/etc/nsswitch\.conf\fR 42 file\. Users and groups are allocated as they are resolved to a range of user and group ids specified by the administrator of the Samba system\. 49 43 .PP 50 44 The service provided by 51 45 winbindd 52 is called `winbind ' and can be used to resolve user and group information from a Windows NT server. The service can also provide authentication services via an associated PAM module.46 is called `winbind\' and can be used to resolve user and group information from a Windows NT server\. The service can also provide authentication services via an associated PAM module\. 53 47 .PP 54 48 The … … 59 53 and 60 54 \fIpassword\fR 61 module -types. It should be noted that the55 module\-types\. It should be noted that the 62 56 \fIaccount\fR 63 module simply performs a getpwnam() to verify that the system can obtain a uid for the user, as the domain controller has already performed access control . If the57 module simply performs a getpwnam() to verify that the system can obtain a uid for the user, as the domain controller has already performed access control\. If the 64 58 \fIlibnss_winbind\fR 65 library has been correctly installed, or an alternate source of names configured, this should always succeed .59 library has been correctly installed, or an alternate source of names configured, this should always succeed\. 66 60 .PP 67 61 The following nsswitch databases are implemented by the winbindd service: 68 62 .PP 63 \-D 64 .RS 4 65 If specified, this parameter causes the server to operate as a daemon\. That is, it detaches itself and runs in the background on the appropriate port\. This switch is assumed if 66 winbindd 67 is executed on the command line of a shell\. 68 .RE 69 .PP 69 70 hosts 70 .RS 3n71 This feature is only available on IRIX . User information traditionally stored in the71 .RS 4 72 This feature is only available on IRIX\. User information traditionally stored in the 72 73 \fIhosts(5)\fR 73 74 file and used by 74 75 gethostbyname(3) 75 functions . Names are resolved through the WINS server or by broadcast.76 functions\. Names are resolved through the WINS server or by broadcast\. 76 77 .RE 77 78 .PP 78 79 passwd 79 .RS 3n80 .RS 4 80 81 User information traditionally stored in the 81 82 \fIpasswd(5)\fR 82 83 file and used by 83 84 getpwent(3) 84 functions .85 functions\. 85 86 .RE 86 87 .PP 87 88 group 88 .RS 3n89 .RS 4 89 90 Group information traditionally stored in the 90 91 \fIgroup(5)\fR 91 92 file and used by 92 93 getgrent(3) 93 functions .94 functions\. 94 95 .RE 95 96 .PP 96 97 For example, the following simple configuration in the 97 \fI/etc/nsswitch .conf\fR98 \fI/etc/nsswitch\.conf\fR 98 99 file can be used to initially resolve user and group information from 99 100 \fI/etc/passwd \fR 100 101 and 101 102 \fI/etc/group\fR 102 and then from the Windows NT server. 103 104 .sp 105 103 and then from the Windows NT server\. 104 .sp 105 .RS 4 106 106 .nf 107 108 107 passwd: files winbind 109 108 group: files winbind 110 ## only available on IRIX; Linux users should us libnss_wins .so109 ## only available on IRIX; Linux users should us libnss_wins\.so 111 110 hosts: files dns winbind 112 113 111 .fi 114 112 .RE 115 113 .PP 116 114 The following simple configuration in the 117 \fI/etc/nsswitch .conf\fR115 \fI/etc/nsswitch\.conf\fR 118 116 file can be used to initially resolve hostnames from 119 117 \fI/etc/hosts\fR 120 and then from the WINS server. 121 118 and then from the WINS server\. 119 .sp 120 .RS 4 122 121 .nf 123 124 122 hosts: files wins 125 126 123 .fi 124 .RE 127 125 .SH "OPTIONS" 128 126 .PP 129 -F130 .RS 3n127 \-F 128 .RS 4 131 129 If specified, this parameter causes the main 132 130 winbindd 133 process to not daemonize, i .e. double-fork and disassociate with the terminal. Child processes are still created as normal to service each connection request, but the main process does not exit. This operation mode is suitable for running131 process to not daemonize, i\.e\. double\-fork and disassociate with the terminal\. Child processes are still created as normal to service each connection request, but the main process does not exit\. This operation mode is suitable for running 134 132 winbindd 135 133 under process supervisors such as … … 137 135 and 138 136 svscan 139 from Daniel J . Bernstein's137 from Daniel J\. Bernstein\'s 140 138 daemontools 141 package, or the AIX process monitor .142 .RE 143 .PP 144 -S145 .RS 3n139 package, or the AIX process monitor\. 140 .RE 141 .PP 142 \-S 143 .RS 4 146 144 If specified, this parameter causes 147 145 winbindd 148 to log to standard output rather than a file. 149 .RE 150 .PP 151 -V 152 .RS 3n 153 Prints the program version number. 154 .RE 155 .PP 156 -s <configuration file> 157 .RS 3n 158 The file specified contains the configuration details required by the server. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide. See 159 \fIsmb.conf\fR 160 for more information. The default configuration file name is determined at compile time. 161 .RE 162 .PP 163 -d|--debuglevel=level 164 .RS 3n 146 to log to standard output rather than a file\. 147 .RE 148 .PP 149 \-d|\-\-debuglevel=level 150 .RS 4 165 151 \fIlevel\fR 166 is an integer from 0 to 10 . The default value if this parameter is not specified is zero.167 .sp 168 The higher this value, the more detail will be logged to the log files about the activities of the server . At level 0, only critical errors and serious warnings will be logged. Level 1 is a reasonable level for day-to-day running - it generates a small amount of information about operations carried out.169 .sp 170 Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem . Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic.152 is an integer from 0 to 10\. The default value if this parameter is not specified is 0\. 153 .sp 154 The higher this value, the more detail will be logged to the log files about the activities of the server\. At level 0, only critical errors and serious warnings will be logged\. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\. 155 .sp 156 Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\. 171 157 .sp 172 158 Note that specifying this parameter here will override the 173 159 \fIlog level\fR 174 160 parameter in the 175 \fIsmb.conf\fR 176 file. 177 .RE 178 .PP 179 -l|--logfile=logdirectory 180 .RS 3n 181 Base directory name for log/debug files. The extension 182 \fB".progname"\fR 183 will be appended (e.g. log.smbclient, log.smbd, etc...). The log file is never removed by the client. 184 .RE 185 .PP 186 -h|--help 187 .RS 3n 188 Print a summary of command line options. 189 .RE 190 .PP 191 -i 192 .RS 3n 161 \fIsmb\.conf\fR 162 file\. 163 .RE 164 .PP 165 \-V 166 .RS 4 167 Prints the program version number\. 168 .RE 169 .PP 170 \-s <configuration file> 171 .RS 4 172 The file specified contains the configuration details required by the server\. The information in this file includes server\-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\. See 173 \fIsmb\.conf\fR 174 for more information\. The default configuration file name is determined at compile time\. 175 .RE 176 .PP 177 \-l|\-\-log\-basename=logdirectory 178 .RS 4 179 Base directory name for log/debug files\. The extension 180 \fB"\.progname"\fR 181 will be appended (e\.g\. log\.smbclient, log\.smbd, etc\.\.\.)\. The log file is never removed by the client\. 182 .RE 183 .PP 184 \-h|\-\-help 185 .RS 4 186 Print a summary of command line options\. 187 .RE 188 .PP 189 \-i 190 .RS 4 193 191 Tells 194 192 winbindd 195 to not become a daemon and detach from the current terminal . This option is used by developers when interactive debugging of196 winbindd 197 is required .193 to not become a daemon and detach from the current terminal\. This option is used by developers when interactive debugging of 194 winbindd 195 is required\. 198 196 winbindd 199 197 also logs to standard output, as if the 200 -S201 parameter had been given .202 .RE 203 .PP 204 -n205 .RS 3n206 Disable caching . This means winbindd will always have to wait for a response from the domain controller before it can respond to a client and this thus makes things slower. The results will however be more accurate, since results from the cache might not be up-to-date. This might also temporarily hang winbindd if the DC doesn't respond.207 .RE 208 .PP 209 -Y210 .RS 3n211 Single daemon mode . This means winbindd will run as a single process (the mode of operation in Samba 2.2). Winbindd's default behavior is to launch a child process that is responsible for updating expired cache entries.198 \-S 199 parameter had been given\. 200 .RE 201 .PP 202 \-n 203 .RS 4 204 Disable caching\. This means winbindd will always have to wait for a response from the domain controller before it can respond to a client and this thus makes things slower\. The results will however be more accurate, since results from the cache might not be up\-to\-date\. This might also temporarily hang winbindd if the DC doesn\'t respond\. 205 .RE 206 .PP 207 \-Y 208 .RS 4 209 Single daemon mode\. This means winbindd will run as a single process (the mode of operation in Samba 2\.2)\. Winbindd\'s default behavior is to launch a child process that is responsible for updating expired cache entries\. 212 210 .RE 213 211 .SH "NAME AND ID RESOLUTION" 214 212 .PP 215 Users and groups on a Windows NT server are assigned a security id (SID) which is globally unique when the user or group is created . To convert the Windows NT user or group into a unix user or group, a mapping between SIDs and unix user and group ids is required. This is one of the jobs that216 winbindd 217 performs .218 .PP 219 As winbindd users and groups are resolved from a server, user and group ids are allocated from a specified range . This is done on a first come, first served basis, although all existing users and groups will be mapped as soon as a client performs a user or group enumeration command. The allocated unix ids are stored in a database and will be remembered.220 .PP 221 WARNING: The SID to unix id database is the only location where the user and group mappings are stored by winbindd . If this store is deleted or corrupted, there is no way for winbindd to determine which user and group ids correspond to Windows NT user and group rids.213 Users and groups on a Windows NT server are assigned a security id (SID) which is globally unique when the user or group is created\. To convert the Windows NT user or group into a unix user or group, a mapping between SIDs and unix user and group ids is required\. This is one of the jobs that 214 winbindd 215 performs\. 216 .PP 217 As winbindd users and groups are resolved from a server, user and group ids are allocated from a specified range\. This is done on a first come, first served basis, although all existing users and groups will be mapped as soon as a client performs a user or group enumeration command\. The allocated unix ids are stored in a database and will be remembered\. 218 .PP 219 WARNING: The SID to unix id database is the only location where the user and group mappings are stored by winbindd\. If this store is deleted or corrupted, there is no way for winbindd to determine which user and group ids correspond to Windows NT user and group rids\. 222 220 .PP 223 221 See the 224 222 \fIidmap domains\fR 225 223 or the old 226 224 \fIidmap backend\fR 227 225 parameters in 228 \fIsmb .conf\fR229 for options for sharing this database, such as via LDAP .226 \fIsmb\.conf\fR 227 for options for sharing this database, such as via LDAP\. 230 228 .SH "CONFIGURATION" 231 229 .PP … … 234 232 daemon is done through configuration parameters in the 235 233 \fBsmb.conf\fR(5) 236 file. All parameters should be specified in the [global] section of smb.conf. 237 .TP 3n 238 \(bu 239 240 winbind separator 241 .TP 3n 242 \(bu 243 244 idmap uid 245 .TP 3n 246 \(bu 247 248 idmap gid 249 .TP 3n 250 \(bu 251 252 idmap backend 253 .TP 3n 254 \(bu 255 256 winbind cache time 257 .TP 3n 258 \(bu 259 260 winbind enum users 261 .TP 3n 262 \(bu 263 264 winbind enum groups 265 .TP 3n 266 \(bu 267 268 template homedir 269 .TP 3n 270 \(bu 271 272 template shell 273 .TP 3n 274 \(bu 275 276 winbind use default domain 277 .TP 3n 278 \(bu 279 280 winbind: rpc only Setting this parameter forces winbindd to use RPC instead of LDAP to retrieve information from Domain Controllers. 234 file\. All parameters should be specified in the [global] section of smb\.conf\. 235 .sp 236 .RS 4 237 .ie n \{\ 238 \h'-04'\(bu\h'+03'\c 239 .\} 240 .el \{\ 241 .sp -1 242 .IP \(bu 2.3 243 .\} 244 245 \fIwinbind separator\fR 246 .RE 247 .sp 248 .RS 4 249 .ie n \{\ 250 \h'-04'\(bu\h'+03'\c 251 .\} 252 .el \{\ 253 .sp -1 254 .IP \(bu 2.3 255 .\} 256 257 \fIidmap uid\fR 258 .RE 259 .sp 260 .RS 4 261 .ie n \{\ 262 \h'-04'\(bu\h'+03'\c 263 .\} 264 .el \{\ 265 .sp -1 266 .IP \(bu 2.3 267 .\} 268 269 \fIidmap gid\fR 270 .RE 271 .sp 272 .RS 4 273 .ie n \{\ 274 \h'-04'\(bu\h'+03'\c 275 .\} 276 .el \{\ 277 .sp -1 278 .IP \(bu 2.3 279 .\} 280 281 \fIidmap backend\fR 282 .RE 283 .sp 284 .RS 4 285 .ie n \{\ 286 \h'-04'\(bu\h'+03'\c 287 .\} 288 .el \{\ 289 .sp -1 290 .IP \(bu 2.3 291 .\} 292 293 \fIwinbind cache time\fR 294 .RE 295 .sp 296 .RS 4 297 .ie n \{\ 298 \h'-04'\(bu\h'+03'\c 299 .\} 300 .el \{\ 301 .sp -1 302 .IP \(bu 2.3 303 .\} 304 305 \fIwinbind enum users\fR 306 .RE 307 .sp 308 .RS 4 309 .ie n \{\ 310 \h'-04'\(bu\h'+03'\c 311 .\} 312 .el \{\ 313 .sp -1 314 .IP \(bu 2.3 315 .\} 316 317 \fIwinbind enum groups\fR 318 .RE 319 .sp 320 .RS 4 321 .ie n \{\ 322 \h'-04'\(bu\h'+03'\c 323 .\} 324 .el \{\ 325 .sp -1 326 .IP \(bu 2.3 327 .\} 328 329 \fItemplate homedir\fR 330 .RE 331 .sp 332 .RS 4 333 .ie n \{\ 334 \h'-04'\(bu\h'+03'\c 335 .\} 336 .el \{\ 337 .sp -1 338 .IP \(bu 2.3 339 .\} 340 341 \fItemplate shell\fR 342 .RE 343 .sp 344 .RS 4 345 .ie n \{\ 346 \h'-04'\(bu\h'+03'\c 347 .\} 348 .el \{\ 349 .sp -1 350 .IP \(bu 2.3 351 .\} 352 353 \fIwinbind use default domain\fR 354 .RE 355 .sp 356 .RS 4 357 .ie n \{\ 358 \h'-04'\(bu\h'+03'\c 359 .\} 360 .el \{\ 361 .sp -1 362 .IP \(bu 2.3 363 .\} 364 365 \fIwinbind: rpc only\fR 366 Setting this parameter forces winbindd to use RPC instead of LDAP to retrieve information from Domain Controllers\. 281 367 .SH "EXAMPLE SETUP" 282 368 .PP 283 To setup winbindd for user and group lookups plus authentication from a domain controller use something like the following setup . This was tested on an early Red Hat Linux box.369 To setup winbindd for user and group lookups plus authentication from a domain controller use something like the following setup\. This was tested on an early Red Hat Linux box\. 284 370 .PP 285 371 In 286 \fI/etc/nsswitch .conf\fR372 \fI/etc/nsswitch\.conf\fR 287 373 put the following: 288 289 .sp 290 374 .sp 375 .RS 4 291 376 .nf 292 293 377 passwd: files winbind 294 378 group: files winbind 295 296 379 .fi 297 380 .RE 298 381 .PP 299 382 In 300 \fI/etc/pam .d/*\fR383 \fI/etc/pam\.d/*\fR 301 384 replace the 302 385 \fI auth\fR 303 386 lines with something like this: 304 305 .sp 306 387 .sp 388 .RS 4 307 389 .nf 308 309 auth required /lib/security/pam_securetty.so 310 auth required /lib/security/pam_nologin.so 311 auth sufficient /lib/security/pam_winbind.so 312 auth required /lib/security/pam_unix.so \ 390 auth required /lib/security/pam_securetty\.so 391 auth required /lib/security/pam_nologin\.so 392 auth sufficient /lib/security/pam_winbind\.so 393 auth required /lib/security/pam_unix\.so \e 313 394 use_first_pass shadow nullok 314 315 395 .fi 316 396 .RE 397 .sp 317 398 .sp 318 399 .it 1 an-trap … … 320 401 .nr an-break-flag 1 321 402 .br 322 \fBNote\fR 323 .PP 324 The PAM module pam_unix has recently replaced the module pam_pwdb . Some Linux systems use the module pam_unix2 in place of pam_unix.403 Note 404 .PP 405 The PAM module pam_unix has recently replaced the module pam_pwdb\. Some Linux systems use the module pam_unix2 in place of pam_unix\. 325 406 .PP 326 407 Note in particular the use of the … … 328 409 keyword and the 329 410 \fIuse_first_pass\fR 330 keyword .411 keyword\. 331 412 .PP 332 413 Now replace the account lines with this: 333 414 .PP 334 account required /lib/security/pam_winbind .so335 .PP 336 The next step is to join the domain . To do that use the415 account required /lib/security/pam_winbind\.so 416 .PP 417 The next step is to join the domain\. To do that use the 337 418 net 338 419 program like this: 339 420 .PP 340 net join -S PDC-U Administrator421 net join \-S PDC \-U Administrator 341 422 .PP 342 423 The username after the 343 \fI -U\fR344 can be any Domain user that has administrator privileges on the machine . Substitute the name or IP of your PDC for "PDC".424 \fI\-U\fR 425 can be any Domain user that has administrator privileges on the machine\. Substitute the name or IP of your PDC for "PDC"\. 345 426 .PP 346 427 Next copy 347 \fIlibnss_winbind .so\fR428 \fIlibnss_winbind\.so\fR 348 429 to 349 430 \fI/lib\fR 350 431 and 351 \fIpam_winbind .so \fR432 \fIpam_winbind\.so \fR 352 433 to 353 \fI/lib/security\fR . A symbolic link needs to be made from354 \fI/lib/libnss_winbind .so\fR434 \fI/lib/security\fR\. A symbolic link needs to be made from 435 \fI/lib/libnss_winbind\.so\fR 355 436 to 356 \fI/lib/libnss_winbind .so.2\fR. If you are using an older version of glibc then the target of the link should be357 \fI/lib/libnss_winbind .so.1\fR.437 \fI/lib/libnss_winbind\.so\.2\fR\. If you are using an older version of glibc then the target of the link should be 438 \fI/lib/libnss_winbind\.so\.1\fR\. 358 439 .PP 359 440 Finally, setup a 360 441 \fBsmb.conf\fR(5) 361 442 containing directives like the following: 362 363 .sp 364 443 .sp 444 .RS 4 365 445 .nf 366 367 446 [global] 368 447 winbind separator = + … … 370 449 template shell = /bin/bash 371 450 template homedir = /home/%D/%U 372 idmap uid = 10000 -20000373 idmap gid = 10000 -20000451 idmap uid = 10000\-20000 452 idmap gid = 10000\-20000 374 453 workgroup = DOMAIN 375 454 security = domain 376 455 password server = * 377 378 456 .fi 379 380 .PP 381 Now start winbindd and you should find that your user and group database is expanded to include your NT users and groups, and that you can login to your unix box as a domain user, using the DOMAIN+user syntax for the username . You may wish to use the commands457 .RE 458 .PP 459 Now start winbindd and you should find that your user and group database is expanded to include your NT users and groups, and that you can login to your unix box as a domain user, using the DOMAIN+user syntax for the username\. You may wish to use the commands 382 460 getent passwd 383 461 and 384 462 getent group 385 to confirm the correct operation of winbindd .463 to confirm the correct operation of winbindd\. 386 464 .SH "NOTES" 387 465 .PP … … 392 470 must be running on the local machine for 393 471 winbindd 394 to work .395 .PP 396 PAM is really easy to misconfigure . Make sure you know what you are doing when modifying PAM configuration files. It is possible to set up PAM such that you can no longer log into your system.472 to work\. 473 .PP 474 PAM is really easy to misconfigure\. Make sure you know what you are doing when modifying PAM configuration files\. It is possible to set up PAM such that you can no longer log into your system\. 397 475 .PP 398 476 If more than one UNIX machine is running 399 winbindd, then in general the user and groups ids allocated by winbindd will not be the same . The user and group ids will only be valid for the local machine, unless a shared400 401 is configured .402 .PP 403 If the the Windows NT SID to UNIX user and group id mapping file is damaged or destroyed then the mappings will be lost .477 winbindd, then in general the user and groups ids allocated by winbindd will not be the same\. The user and group ids will only be valid for the local machine, unless a shared 478 \fIidmap backend\fR 479 is configured\. 480 .PP 481 If the the Windows NT SID to UNIX user and group id mapping file is damaged or destroyed then the mappings will be lost\. 404 482 .SH "SIGNALS" 405 483 .PP 406 484 The following signals can be used to manipulate the 407 485 winbindd 408 daemon .486 daemon\. 409 487 .PP 410 488 SIGHUP 411 .RS 3n489 .RS 4 412 490 Reload the 413 491 \fBsmb.conf\fR(5) 414 file and apply any parameter changes to the running version of winbindd . This signal also clears any cached user and group information. The list of other domains trusted by winbindd is also reloaded.492 file and apply any parameter changes to the running version of winbindd\. This signal also clears any cached user and group information\. The list of other domains trusted by winbindd is also reloaded\. 415 493 .RE 416 494 .PP 417 495 SIGUSR2 418 .RS 3n496 .RS 4 419 497 The SIGUSR2 signal will cause 420 498 winbindd 421 to write status information to the winbind log file .422 .sp 423 Log files are stored in the filename specified by the log file parameter .499 to write status information to the winbind log file\. 500 .sp 501 Log files are stored in the filename specified by the log file parameter\. 424 502 .RE 425 503 .SH "FILES" 426 504 .PP 427 \fI/etc/nsswitch .conf(5)\fR428 .RS 3n429 Name service switch configuration file .430 .RE 431 .PP 432 /tmp/ .winbindd/pipe433 .RS 3n505 \fI/etc/nsswitch\.conf(5)\fR 506 .RS 4 507 Name service switch configuration file\. 508 .RE 509 .PP 510 /tmp/\.winbindd/pipe 511 .RS 4 434 512 The UNIX pipe over which clients communicate with the 435 513 winbindd 436 program . For security reasons, the winbind client will only attempt to connect to the winbindd daemon if both the437 \fI/tmp/ .winbindd\fR514 program\. For security reasons, the winbind client will only attempt to connect to the winbindd daemon if both the 515 \fI/tmp/\.winbindd\fR 438 516 directory and 439 \fI/tmp/ .winbindd/pipe\fR440 file are owned by root .517 \fI/tmp/\.winbindd/pipe\fR 518 file are owned by root\. 441 519 .RE 442 520 .PP 443 521 $LOCKDIR/winbindd_privileged/pipe 444 .RS 3n445 The UNIX pipe over which 'privileged' clients communicate with the446 winbindd 447 program . For security reasons, access to some winbindd functions- like those needed by the522 .RS 4 523 The UNIX pipe over which \'privileged\' clients communicate with the 524 winbindd 525 program\. For security reasons, access to some winbindd functions \- like those needed by the 448 526 ntlm_auth 449 utility - is restricted. By default, only users in the 'root' group will get this access, however the administrator may change the group permissions on $LOCKDIR/winbindd_privileged to allow programs like 'squid' to use ntlm_auth. Note that the winbind client will only attempt to connect to the winbindd daemon if both the527 utility \- is restricted\. By default, only users in the \'root\' group will get this access, however the administrator may change the group permissions on $LOCKDIR/winbindd_privileged to allow programs like \'squid\' to use ntlm_auth\. Note that the winbind client will only attempt to connect to the winbindd daemon if both the 450 528 \fI$LOCKDIR/winbindd_privileged\fR 451 529 directory and 452 530 \fI$LOCKDIR/winbindd_privileged/pipe\fR 453 file are owned by root .454 .RE 455 .PP 456 /lib/libnss_winbind .so.X457 .RS 3n458 Implementation of name service switch library .459 .RE 460 .PP 461 $LOCKDIR/winbindd_idmap .tdb462 .RS 3n463 Storage for the Windows NT rid to UNIX user/group id mapping . The lock directory is specified when Samba is initially compiled using the464 \fI --with-lockdir\fR465 option . This directory is by default466 \fI/usr/local/samba/var/locks \fR .467 .RE 468 .PP 469 $LOCKDIR/winbindd_cache .tdb470 .RS 3n471 Storage for cached user and group information .531 file are owned by root\. 532 .RE 533 .PP 534 /lib/libnss_winbind\.so\.X 535 .RS 4 536 Implementation of name service switch library\. 537 .RE 538 .PP 539 $LOCKDIR/winbindd_idmap\.tdb 540 .RS 4 541 Storage for the Windows NT rid to UNIX user/group id mapping\. The lock directory is specified when Samba is initially compiled using the 542 \fI\-\-with\-lockdir\fR 543 option\. This directory is by default 544 \fI/usr/local/samba/var/locks \fR\. 545 .RE 546 .PP 547 $LOCKDIR/winbindd_cache\.tdb 548 .RS 4 549 Storage for cached user and group information\. 472 550 .RE 473 551 .SH "VERSION" 474 552 .PP 475 This man page is correct for version 3 .0 of the Samba suite.553 This man page is correct for version 3\.0 of the Samba suite\. 476 554 .SH "SEE ALSO" 477 555 .PP 478 \fInsswitch .conf(5)\fR,556 \fInsswitch\.conf(5)\fR, 479 557 \fBsamba\fR(7), 480 558 \fBwbinfo\fR(1), … … 484 562 .SH "AUTHOR" 485 563 .PP 486 The original Samba software and related utilities were created by Andrew Tridgell . Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.564 The original Samba software and related utilities were created by Andrew Tridgell\. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\. 487 565 .PP 488 566 wbinfo 489 567 and 490 568 winbindd 491 were written by Tim Potter. 492 .PP 493 The conversion to DocBook for Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0 was done by Alexander Bokovoy. 494 569 were written by Tim Potter\. 570 .PP 571 The conversion to DocBook for Samba 2\.2 was done by Gerald Carter\. The conversion to DocBook XML 4\.2 for Samba 3\.0 was done by Alexander Bokovoy\.
Note:
See TracChangeset
for help on using the changeset viewer.