Ignore:
Timestamp:
May 23, 2008, 6:56:41 AM (17 years ago)
Author:
Paul Smedley
Message:

Update source to 3.0.29

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/samba-3.0/docs/manpages/winbindd.8

    r44 r134  
    1 .\"Generated by db2man.xsl. Don't modify this, modify the source.
    2 .de Sh \" Subsection
    3 .br
    4 .if t .Sp
    5 .ne 5
    6 .PP
    7 \fB\\$1\fR
    8 .PP
    9 ..
    10 .de Sp \" Vertical space (when we can't use .PP)
    11 .if t .sp .5v
    12 .if n .sp
    13 ..
    14 .de Ip \" List item
    15 .br
    16 .ie \\n(.$>=3 .ne \\$3
    17 .el .ne 3
    18 .IP "\\$1" \\$2
    19 ..
    20 .TH "WINBINDD" 8 "" "" ""
     1.\"     Title: winbindd
     2.\"    Author:
     3.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
     4.\"      Date: 05/21/2008
     5.\"    Manual: System Administration tools
     6.\"    Source: Samba 3.0
     7.\"
     8.TH "WINBINDD" "8" "05/21/2008" "Samba 3\.0" "System Administration tools"
     9.\" disable hyphenation
     10.nh
     11.\" disable justification (adjust text to left margin only)
     12.ad l
    2113.SH "NAME"
    2214winbindd - Name Service Switch daemon for resolving names from NT servers
    2315.SH "SYNOPSIS"
    2416.HP 1
    25 winbindd [-F] [-S] [-i] [-Y] [-d <debug level>] [-s <smb config file>] [-n]
     17winbindd [\-D] [\-F] [\-S] [\-i] [\-Y] [\-d\ <debug\ level>] [\-s\ <smb\ config\ file>] [\-n]
    2618.SH "DESCRIPTION"
    2719.PP
    2820This program is part of the
    2921\fBsamba\fR(7)
    30 suite.
    31 .PP
    32 winbindd
    33 is a daemon that provides a number of services to the Name Service Switch capability found in most modern C libraries, to arbitary applications via PAM and
     22suite\.
     23.PP
     24winbindd
     25is a daemon that provides a number of services to the Name Service Switch capability found in most modern C libraries, to arbitrary applications via PAM and
    3426ntlm_auth
    35 and to Samba itself.
     27and to Samba itself\.
    3628.PP
    3729Even if winbind is not used for nsswitch, it still provides a service to
     
    3931ntlm_auth
    4032and the
    41 pam_winbind.so
    42 PAM module, by managing connections to domain controllers. In this configuraiton the
    43 idmap uid and
    44 idmap gid parameters are not required. (This is known as `netlogon proxy only mode'.)
    45 .PP
    46 The Name Service Switch allows user and system information to be obtained from different databases services such as NIS or DNS. The exact behaviour can be configured throught the
    47 \fI/etc/nsswitch.conf\fR
    48 file. Users and groups are allocated as they are resolved to a range of user and group ids specified by the administrator of the Samba system.
     33pam_winbind\.so
     34PAM module, by managing connections to domain controllers\. In this configuraiton the
     35\fIidmap uid\fR
     36and
     37\fIidmap gid\fR
     38parameters are not required\. (This is known as `netlogon proxy only mode\'\.)
     39.PP
     40The Name Service Switch allows user and system information to be obtained from different databases services such as NIS or DNS\. The exact behaviour can be configured throught the
     41\fI/etc/nsswitch\.conf\fR
     42file\. Users and groups are allocated as they are resolved to a range of user and group ids specified by the administrator of the Samba system\.
    4943.PP
    5044The service provided by
    5145winbindd
    52 is called `winbind' and can be used to resolve user and group information from a Windows NT server. The service can also provide authentication services via an associated PAM module.
     46is called `winbind\' and can be used to resolve user and group information from a Windows NT server\. The service can also provide authentication services via an associated PAM module\.
    5347.PP
    5448The
     
    5953and
    6054\fIpassword\fR
    61 module-types. It should be noted that the
     55module\-types\. It should be noted that the
    6256\fIaccount\fR
    63 module simply performs a getpwnam() to verify that the system can obtain a uid for the user, as the domain controller has already performed access control. If the
     57module simply performs a getpwnam() to verify that the system can obtain a uid for the user, as the domain controller has already performed access control\. If the
    6458\fIlibnss_winbind\fR
    65 library has been correctly installed, or an alternate source of names configured, this should always succeed.
     59library has been correctly installed, or an alternate source of names configured, this should always succeed\.
    6660.PP
    6761The following nsswitch databases are implemented by the winbindd service:
    6862.PP
     63\-D
     64.RS 4
     65If specified, this parameter causes the server to operate as a daemon\. That is, it detaches itself and runs in the background on the appropriate port\. This switch is assumed if
     66winbindd
     67is executed on the command line of a shell\.
     68.RE
     69.PP
    6970hosts
    70 .RS 3n
    71 This feature is only available on IRIX. User information traditionally stored in the
     71.RS 4
     72This feature is only available on IRIX\. User information traditionally stored in the
    7273\fIhosts(5)\fR
    7374file and used by
    7475gethostbyname(3)
    75 functions. Names are resolved through the WINS server or by broadcast.
     76functions\. Names are resolved through the WINS server or by broadcast\.
    7677.RE
    7778.PP
    7879passwd
    79 .RS 3n
     80.RS 4
    8081User information traditionally stored in the
    8182\fIpasswd(5)\fR
    8283file and used by
    8384getpwent(3)
    84 functions.
     85functions\.
    8586.RE
    8687.PP
    8788group
    88 .RS 3n
     89.RS 4
    8990Group information traditionally stored in the
    9091\fIgroup(5)\fR
    9192file and used by
    9293getgrent(3)
    93 functions.
     94functions\.
    9495.RE
    9596.PP
    9697For example, the following simple configuration in the
    97 \fI/etc/nsswitch.conf\fR
     98\fI/etc/nsswitch\.conf\fR
    9899file can be used to initially resolve user and group information from
    99100\fI/etc/passwd \fR
    100101and
    101102\fI/etc/group\fR
    102 and then from the Windows NT server.
    103 
    104 .sp
    105 
     103and then from the Windows NT server\.
     104.sp
     105.RS 4
    106106.nf
    107 
    108107passwd:         files winbind
    109108group:          files winbind
    110 ## only available on IRIX; Linux users should us libnss_wins.so
     109## only available on IRIX; Linux users should us libnss_wins\.so
    111110hosts:          files dns winbind
    112 
    113111.fi
    114 
     112.RE
    115113.PP
    116114The following simple configuration in the
    117 \fI/etc/nsswitch.conf\fR
     115\fI/etc/nsswitch\.conf\fR
    118116file can be used to initially resolve hostnames from
    119117\fI/etc/hosts\fR
    120 and then from the WINS server.
    121 
     118and then from the WINS server\.
     119.sp
     120.RS 4
    122121.nf
    123 
    124122hosts:          files wins
    125 
    126123.fi
     124.RE
    127125.SH "OPTIONS"
    128126.PP
    129 -F
    130 .RS 3n
     127\-F
     128.RS 4
    131129If specified, this parameter causes the main
    132130winbindd
    133 process to not daemonize, i.e. double-fork and disassociate with the terminal. Child processes are still created as normal to service each connection request, but the main process does not exit. This operation mode is suitable for running
     131process to not daemonize, i\.e\. double\-fork and disassociate with the terminal\. Child processes are still created as normal to service each connection request, but the main process does not exit\. This operation mode is suitable for running
    134132winbindd
    135133under process supervisors such as
     
    137135and
    138136svscan
    139 from Daniel J. Bernstein's
     137from Daniel J\. Bernstein\'s
    140138daemontools
    141 package, or the AIX process monitor.
    142 .RE
    143 .PP
    144 -S
    145 .RS 3n
     139package, or the AIX process monitor\.
     140.RE
     141.PP
     142\-S
     143.RS 4
    146144If specified, this parameter causes
    147145winbindd
    148 to log to standard output rather than a file.
    149 .RE
    150 .PP
    151 -V
    152 .RS 3n
    153 Prints the program version number.
    154 .RE
    155 .PP
    156 -s <configuration file>
    157 .RS 3n
    158 The file specified contains the configuration details required by the server. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide. See
    159 \fIsmb.conf\fR
    160 for more information. The default configuration file name is determined at compile time.
    161 .RE
    162 .PP
    163 -d|--debuglevel=level
    164 .RS 3n
     146to log to standard output rather than a file\.
     147.RE
     148.PP
     149\-d|\-\-debuglevel=level
     150.RS 4
    165151\fIlevel\fR
    166 is an integer from 0 to 10. The default value if this parameter is not specified is zero.
    167 .sp
    168 The higher this value, the more detail will be logged to the log files about the activities of the server. At level 0, only critical errors and serious warnings will be logged. Level 1 is a reasonable level for day-to-day running - it generates a small amount of information about operations carried out.
    169 .sp
    170 Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic.
     152is an integer from 0 to 10\. The default value if this parameter is not specified is 0\.
     153.sp
     154The higher this value, the more detail will be logged to the log files about the activities of the server\. At level 0, only critical errors and serious warnings will be logged\. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\.
     155.sp
     156Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\.
    171157.sp
    172158Note that specifying this parameter here will override the
    173 
     159\fIlog level\fR
    174160parameter in the
    175 \fIsmb.conf\fR
    176 file.
    177 .RE
    178 .PP
    179 -l|--logfile=logdirectory
    180 .RS 3n
    181 Base directory name for log/debug files. The extension
    182 \fB".progname"\fR
    183 will be appended (e.g. log.smbclient, log.smbd, etc...). The log file is never removed by the client.
    184 .RE
    185 .PP
    186 -h|--help
    187 .RS 3n
    188 Print a summary of command line options.
    189 .RE
    190 .PP
    191 -i
    192 .RS 3n
     161\fIsmb\.conf\fR
     162file\.
     163.RE
     164.PP
     165\-V
     166.RS 4
     167Prints the program version number\.
     168.RE
     169.PP
     170\-s <configuration file>
     171.RS 4
     172The file specified contains the configuration details required by the server\. The information in this file includes server\-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\. See
     173\fIsmb\.conf\fR
     174for more information\. The default configuration file name is determined at compile time\.
     175.RE
     176.PP
     177\-l|\-\-log\-basename=logdirectory
     178.RS 4
     179Base directory name for log/debug files\. The extension
     180\fB"\.progname"\fR
     181will be appended (e\.g\. log\.smbclient, log\.smbd, etc\.\.\.)\. The log file is never removed by the client\.
     182.RE
     183.PP
     184\-h|\-\-help
     185.RS 4
     186Print a summary of command line options\.
     187.RE
     188.PP
     189\-i
     190.RS 4
    193191Tells
    194192winbindd
    195 to not become a daemon and detach from the current terminal. This option is used by developers when interactive debugging of
    196 winbindd
    197 is required.
     193to not become a daemon and detach from the current terminal\. This option is used by developers when interactive debugging of
     194winbindd
     195is required\.
    198196winbindd
    199197also logs to standard output, as if the
    200 -S
    201 parameter had been given.
    202 .RE
    203 .PP
    204 -n
    205 .RS 3n
    206 Disable caching. This means winbindd will always have to wait for a response from the domain controller before it can respond to a client and this thus makes things slower. The results will however be more accurate, since results from the cache might not be up-to-date. This might also temporarily hang winbindd if the DC doesn't respond.
    207 .RE
    208 .PP
    209 -Y
    210 .RS 3n
    211 Single daemon mode. This means winbindd will run as a single process (the mode of operation in Samba 2.2). Winbindd's default behavior is to launch a child process that is responsible for updating expired cache entries.
     198\-S
     199parameter had been given\.
     200.RE
     201.PP
     202\-n
     203.RS 4
     204Disable caching\. This means winbindd will always have to wait for a response from the domain controller before it can respond to a client and this thus makes things slower\. The results will however be more accurate, since results from the cache might not be up\-to\-date\. This might also temporarily hang winbindd if the DC doesn\'t respond\.
     205.RE
     206.PP
     207\-Y
     208.RS 4
     209Single daemon mode\. This means winbindd will run as a single process (the mode of operation in Samba 2\.2)\. Winbindd\'s default behavior is to launch a child process that is responsible for updating expired cache entries\.
    212210.RE
    213211.SH "NAME AND ID RESOLUTION"
    214212.PP
    215 Users and groups on a Windows NT server are assigned a security id (SID) which is globally unique when the user or group is created. To convert the Windows NT user or group into a unix user or group, a mapping between SIDs and unix user and group ids is required. This is one of the jobs that
    216 winbindd
    217 performs.
    218 .PP
    219 As winbindd users and groups are resolved from a server, user and group ids are allocated from a specified range. This is done on a first come, first served basis, although all existing users and groups will be mapped as soon as a client performs a user or group enumeration command. The allocated unix ids are stored in a database and will be remembered.
    220 .PP
    221 WARNING: The SID to unix id database is the only location where the user and group mappings are stored by winbindd. If this store is deleted or corrupted, there is no way for winbindd to determine which user and group ids correspond to Windows NT user and group rids.
     213Users and groups on a Windows NT server are assigned a security id (SID) which is globally unique when the user or group is created\. To convert the Windows NT user or group into a unix user or group, a mapping between SIDs and unix user and group ids is required\. This is one of the jobs that
     214winbindd
     215performs\.
     216.PP
     217As winbindd users and groups are resolved from a server, user and group ids are allocated from a specified range\. This is done on a first come, first served basis, although all existing users and groups will be mapped as soon as a client performs a user or group enumeration command\. The allocated unix ids are stored in a database and will be remembered\.
     218.PP
     219WARNING: The SID to unix id database is the only location where the user and group mappings are stored by winbindd\. If this store is deleted or corrupted, there is no way for winbindd to determine which user and group ids correspond to Windows NT user and group rids\.
    222220.PP
    223221See the
    224 
     222\fIidmap domains\fR
    225223or the old
    226 
     224\fIidmap backend\fR
    227225parameters in
    228 \fIsmb.conf\fR
    229 for options for sharing this database, such as via LDAP.
     226\fIsmb\.conf\fR
     227for options for sharing this database, such as via LDAP\.
    230228.SH "CONFIGURATION"
    231229.PP
     
    234232daemon is done through configuration parameters in the
    235233\fBsmb.conf\fR(5)
    236 file. All parameters should be specified in the [global] section of smb.conf.
    237 .TP 3n
    238 \(bu
    239 
    240 winbind separator
    241 .TP 3n
    242 \(bu
    243 
    244 idmap uid
    245 .TP 3n
    246 \(bu
    247 
    248 idmap gid
    249 .TP 3n
    250 \(bu
    251 
    252 idmap backend
    253 .TP 3n
    254 \(bu
    255 
    256 winbind cache time
    257 .TP 3n
    258 \(bu
    259 
    260 winbind enum users
    261 .TP 3n
    262 \(bu
    263 
    264 winbind enum groups
    265 .TP 3n
    266 \(bu
    267 
    268 template homedir
    269 .TP 3n
    270 \(bu
    271 
    272 template shell
    273 .TP 3n
    274 \(bu
    275 
    276 winbind use default domain
    277 .TP 3n
    278 \(bu
    279 
    280 winbind: rpc only Setting this parameter forces winbindd to use RPC instead of LDAP to retrieve information from Domain Controllers.
     234file\. All parameters should be specified in the [global] section of smb\.conf\.
     235.sp
     236.RS 4
     237.ie n \{\
     238\h'-04'\(bu\h'+03'\c
     239.\}
     240.el \{\
     241.sp -1
     242.IP \(bu 2.3
     243.\}
     244
     245\fIwinbind separator\fR
     246.RE
     247.sp
     248.RS 4
     249.ie n \{\
     250\h'-04'\(bu\h'+03'\c
     251.\}
     252.el \{\
     253.sp -1
     254.IP \(bu 2.3
     255.\}
     256
     257\fIidmap uid\fR
     258.RE
     259.sp
     260.RS 4
     261.ie n \{\
     262\h'-04'\(bu\h'+03'\c
     263.\}
     264.el \{\
     265.sp -1
     266.IP \(bu 2.3
     267.\}
     268
     269\fIidmap gid\fR
     270.RE
     271.sp
     272.RS 4
     273.ie n \{\
     274\h'-04'\(bu\h'+03'\c
     275.\}
     276.el \{\
     277.sp -1
     278.IP \(bu 2.3
     279.\}
     280
     281\fIidmap backend\fR
     282.RE
     283.sp
     284.RS 4
     285.ie n \{\
     286\h'-04'\(bu\h'+03'\c
     287.\}
     288.el \{\
     289.sp -1
     290.IP \(bu 2.3
     291.\}
     292
     293\fIwinbind cache time\fR
     294.RE
     295.sp
     296.RS 4
     297.ie n \{\
     298\h'-04'\(bu\h'+03'\c
     299.\}
     300.el \{\
     301.sp -1
     302.IP \(bu 2.3
     303.\}
     304
     305\fIwinbind enum users\fR
     306.RE
     307.sp
     308.RS 4
     309.ie n \{\
     310\h'-04'\(bu\h'+03'\c
     311.\}
     312.el \{\
     313.sp -1
     314.IP \(bu 2.3
     315.\}
     316
     317\fIwinbind enum groups\fR
     318.RE
     319.sp
     320.RS 4
     321.ie n \{\
     322\h'-04'\(bu\h'+03'\c
     323.\}
     324.el \{\
     325.sp -1
     326.IP \(bu 2.3
     327.\}
     328
     329\fItemplate homedir\fR
     330.RE
     331.sp
     332.RS 4
     333.ie n \{\
     334\h'-04'\(bu\h'+03'\c
     335.\}
     336.el \{\
     337.sp -1
     338.IP \(bu 2.3
     339.\}
     340
     341\fItemplate shell\fR
     342.RE
     343.sp
     344.RS 4
     345.ie n \{\
     346\h'-04'\(bu\h'+03'\c
     347.\}
     348.el \{\
     349.sp -1
     350.IP \(bu 2.3
     351.\}
     352
     353\fIwinbind use default domain\fR
     354.RE
     355.sp
     356.RS 4
     357.ie n \{\
     358\h'-04'\(bu\h'+03'\c
     359.\}
     360.el \{\
     361.sp -1
     362.IP \(bu 2.3
     363.\}
     364
     365\fIwinbind: rpc only\fR
     366Setting this parameter forces winbindd to use RPC instead of LDAP to retrieve information from Domain Controllers\.
    281367.SH "EXAMPLE SETUP"
    282368.PP
    283 To setup winbindd for user and group lookups plus authentication from a domain controller use something like the following setup. This was tested on an early Red Hat Linux box.
     369To setup winbindd for user and group lookups plus authentication from a domain controller use something like the following setup\. This was tested on an early Red Hat Linux box\.
    284370.PP
    285371In
    286 \fI/etc/nsswitch.conf\fR
     372\fI/etc/nsswitch\.conf\fR
    287373put the following:
    288 
    289 .sp
    290 
     374.sp
     375.RS 4
    291376.nf
    292 
    293377passwd: files winbind
    294378group:  files winbind
    295 
    296379.fi
    297 
     380.RE
    298381.PP
    299382In
    300 \fI/etc/pam.d/*\fR
     383\fI/etc/pam\.d/*\fR
    301384replace the
    302385\fI auth\fR
    303386lines with something like this:
    304 
    305 .sp
    306 
     387.sp
     388.RS 4
    307389.nf
    308 
    309 auth  required    /lib/security/pam_securetty.so
    310 auth  required    /lib/security/pam_nologin.so
    311 auth  sufficient  /lib/security/pam_winbind.so
    312 auth  required    /lib/security/pam_unix.so \
     390auth  required    /lib/security/pam_securetty\.so
     391auth  required    /lib/security/pam_nologin\.so
     392auth  sufficient  /lib/security/pam_winbind\.so
     393auth  required    /lib/security/pam_unix\.so \e
    313394                  use_first_pass shadow nullok
    314 
    315395.fi
    316 
     396.RE
     397.sp
    317398.sp
    318399.it 1 an-trap
     
    320401.nr an-break-flag 1
    321402.br
    322 \fBNote\fR
    323 .PP
    324 The PAM module pam_unix has recently replaced the module pam_pwdb. Some Linux systems use the module pam_unix2 in place of pam_unix.
     403Note
     404.PP
     405The PAM module pam_unix has recently replaced the module pam_pwdb\. Some Linux systems use the module pam_unix2 in place of pam_unix\.
    325406.PP
    326407Note in particular the use of the
     
    328409keyword and the
    329410\fIuse_first_pass\fR
    330 keyword.
     411keyword\.
    331412.PP
    332413Now replace the account lines with this:
    333414.PP
    334 account required /lib/security/pam_winbind.so
    335 .PP
    336 The next step is to join the domain. To do that use the
     415account required /lib/security/pam_winbind\.so
     416.PP
     417The next step is to join the domain\. To do that use the
    337418net
    338419program like this:
    339420.PP
    340 net join -S PDC -U Administrator
     421net join \-S PDC \-U Administrator
    341422.PP
    342423The username after the
    343 \fI-U\fR
    344 can be any Domain user that has administrator privileges on the machine. Substitute the name or IP of your PDC for "PDC".
     424\fI\-U\fR
     425can be any Domain user that has administrator privileges on the machine\. Substitute the name or IP of your PDC for "PDC"\.
    345426.PP
    346427Next copy
    347 \fIlibnss_winbind.so\fR
     428\fIlibnss_winbind\.so\fR
    348429to
    349430\fI/lib\fR
    350431and
    351 \fIpam_winbind.so \fR
     432\fIpam_winbind\.so \fR
    352433to
    353 \fI/lib/security\fR. A symbolic link needs to be made from
    354 \fI/lib/libnss_winbind.so\fR
     434\fI/lib/security\fR\. A symbolic link needs to be made from
     435\fI/lib/libnss_winbind\.so\fR
    355436to
    356 \fI/lib/libnss_winbind.so.2\fR. If you are using an older version of glibc then the target of the link should be
    357 \fI/lib/libnss_winbind.so.1\fR.
     437\fI/lib/libnss_winbind\.so\.2\fR\. If you are using an older version of glibc then the target of the link should be
     438\fI/lib/libnss_winbind\.so\.1\fR\.
    358439.PP
    359440Finally, setup a
    360441\fBsmb.conf\fR(5)
    361442containing directives like the following:
    362 
    363 .sp
    364 
     443.sp
     444.RS 4
    365445.nf
    366 
    367446[global]
    368447        winbind separator = +
     
    370449        template shell = /bin/bash
    371450        template homedir = /home/%D/%U
    372         idmap uid = 10000-20000
    373         idmap gid = 10000-20000
     451        idmap uid = 10000\-20000
     452        idmap gid = 10000\-20000
    374453        workgroup = DOMAIN
    375454        security = domain
    376455        password server = *
    377 
    378456.fi
    379 
    380 .PP
    381 Now start winbindd and you should find that your user and group database is expanded to include your NT users and groups, and that you can login to your unix box as a domain user, using the DOMAIN+user syntax for the username. You may wish to use the commands
     457.RE
     458.PP
     459Now start winbindd and you should find that your user and group database is expanded to include your NT users and groups, and that you can login to your unix box as a domain user, using the DOMAIN+user syntax for the username\. You may wish to use the commands
    382460getent passwd
    383461and
    384462getent group
    385 to confirm the correct operation of winbindd.
     463to confirm the correct operation of winbindd\.
    386464.SH "NOTES"
    387465.PP
     
    392470must be running on the local machine for
    393471winbindd
    394 to work.
    395 .PP
    396 PAM is really easy to misconfigure. Make sure you know what you are doing when modifying PAM configuration files. It is possible to set up PAM such that you can no longer log into your system.
     472to work\.
     473.PP
     474PAM is really easy to misconfigure\. Make sure you know what you are doing when modifying PAM configuration files\. It is possible to set up PAM such that you can no longer log into your system\.
    397475.PP
    398476If more than one UNIX machine is running
    399 winbindd, then in general the user and groups ids allocated by winbindd will not be the same. The user and group ids will only be valid for the local machine, unless a shared
    400 
    401 is configured.
    402 .PP
    403 If the the Windows NT SID to UNIX user and group id mapping file is damaged or destroyed then the mappings will be lost.
     477winbindd, then in general the user and groups ids allocated by winbindd will not be the same\. The user and group ids will only be valid for the local machine, unless a shared
     478\fIidmap backend\fR
     479is configured\.
     480.PP
     481If the the Windows NT SID to UNIX user and group id mapping file is damaged or destroyed then the mappings will be lost\.
    404482.SH "SIGNALS"
    405483.PP
    406484The following signals can be used to manipulate the
    407485winbindd
    408 daemon.
     486daemon\.
    409487.PP
    410488SIGHUP
    411 .RS 3n
     489.RS 4
    412490Reload the
    413491\fBsmb.conf\fR(5)
    414 file and apply any parameter changes to the running version of winbindd. This signal also clears any cached user and group information. The list of other domains trusted by winbindd is also reloaded.
     492file and apply any parameter changes to the running version of winbindd\. This signal also clears any cached user and group information\. The list of other domains trusted by winbindd is also reloaded\.
    415493.RE
    416494.PP
    417495SIGUSR2
    418 .RS 3n
     496.RS 4
    419497The SIGUSR2 signal will cause
    420498winbindd
    421 to write status information to the winbind log file.
    422 .sp
    423 Log files are stored in the filename specified by the log file parameter.
     499to write status information to the winbind log file\.
     500.sp
     501Log files are stored in the filename specified by the log file parameter\.
    424502.RE
    425503.SH "FILES"
    426504.PP
    427 \fI/etc/nsswitch.conf(5)\fR
    428 .RS 3n
    429 Name service switch configuration file.
    430 .RE
    431 .PP
    432 /tmp/.winbindd/pipe
    433 .RS 3n
     505\fI/etc/nsswitch\.conf(5)\fR
     506.RS 4
     507Name service switch configuration file\.
     508.RE
     509.PP
     510/tmp/\.winbindd/pipe
     511.RS 4
    434512The UNIX pipe over which clients communicate with the
    435513winbindd
    436 program. For security reasons, the winbind client will only attempt to connect to the winbindd daemon if both the
    437 \fI/tmp/.winbindd\fR
     514program\. For security reasons, the winbind client will only attempt to connect to the winbindd daemon if both the
     515\fI/tmp/\.winbindd\fR
    438516directory and
    439 \fI/tmp/.winbindd/pipe\fR
    440 file are owned by root.
     517\fI/tmp/\.winbindd/pipe\fR
     518file are owned by root\.
    441519.RE
    442520.PP
    443521$LOCKDIR/winbindd_privileged/pipe
    444 .RS 3n
    445 The UNIX pipe over which 'privileged' clients communicate with the
    446 winbindd
    447 program. For security reasons, access to some winbindd functions - like those needed by the
     522.RS 4
     523The UNIX pipe over which \'privileged\' clients communicate with the
     524winbindd
     525program\. For security reasons, access to some winbindd functions \- like those needed by the
    448526ntlm_auth
    449 utility - is restricted. By default, only users in the 'root' group will get this access, however the administrator may change the group permissions on $LOCKDIR/winbindd_privileged to allow programs like 'squid' to use ntlm_auth. Note that the winbind client will only attempt to connect to the winbindd daemon if both the
     527utility \- is restricted\. By default, only users in the \'root\' group will get this access, however the administrator may change the group permissions on $LOCKDIR/winbindd_privileged to allow programs like \'squid\' to use ntlm_auth\. Note that the winbind client will only attempt to connect to the winbindd daemon if both the
    450528\fI$LOCKDIR/winbindd_privileged\fR
    451529directory and
    452530\fI$LOCKDIR/winbindd_privileged/pipe\fR
    453 file are owned by root.
    454 .RE
    455 .PP
    456 /lib/libnss_winbind.so.X
    457 .RS 3n
    458 Implementation of name service switch library.
    459 .RE
    460 .PP
    461 $LOCKDIR/winbindd_idmap.tdb
    462 .RS 3n
    463 Storage for the Windows NT rid to UNIX user/group id mapping. The lock directory is specified when Samba is initially compiled using the
    464 \fI--with-lockdir\fR
    465 option. This directory is by default
    466 \fI/usr/local/samba/var/locks \fR.
    467 .RE
    468 .PP
    469 $LOCKDIR/winbindd_cache.tdb
    470 .RS 3n
    471 Storage for cached user and group information.
     531file are owned by root\.
     532.RE
     533.PP
     534/lib/libnss_winbind\.so\.X
     535.RS 4
     536Implementation of name service switch library\.
     537.RE
     538.PP
     539$LOCKDIR/winbindd_idmap\.tdb
     540.RS 4
     541Storage for the Windows NT rid to UNIX user/group id mapping\. The lock directory is specified when Samba is initially compiled using the
     542\fI\-\-with\-lockdir\fR
     543option\. This directory is by default
     544\fI/usr/local/samba/var/locks \fR\.
     545.RE
     546.PP
     547$LOCKDIR/winbindd_cache\.tdb
     548.RS 4
     549Storage for cached user and group information\.
    472550.RE
    473551.SH "VERSION"
    474552.PP
    475 This man page is correct for version 3.0 of the Samba suite.
     553This man page is correct for version 3\.0 of the Samba suite\.
    476554.SH "SEE ALSO"
    477555.PP
    478 \fInsswitch.conf(5)\fR,
     556\fInsswitch\.conf(5)\fR,
    479557\fBsamba\fR(7),
    480558\fBwbinfo\fR(1),
     
    484562.SH "AUTHOR"
    485563.PP
    486 The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.
     564The original Samba software and related utilities were created by Andrew Tridgell\. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\.
    487565.PP
    488566wbinfo
    489567and
    490568winbindd
    491 were written by Tim Potter.
    492 .PP
    493 The conversion to DocBook for Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0 was done by Alexander Bokovoy.
    494 
     569were written by Tim Potter\.
     570.PP
     571The conversion to DocBook for Samba 2\.2 was done by Gerald Carter\. The conversion to DocBook XML 4\.2 for Samba 3\.0 was done by Alexander Bokovoy\.
Note: See TracChangeset for help on using the changeset viewer.