Changeset 231 for branches/samba-3.2.x/docs/manpages/winbindd.8

Timestamp:

May 27, 2009, 9:08:03 AM (16 years ago)

Author:

Herwig Bauernfeind

Message:

Update 3.2 branch to 3.2.8 docs

File:

• branches/samba-3.2.x/docs/manpages/winbindd.8 (modified) (16 diffs)

branches/samba-3.2.x/docs/manpages/winbindd.8

@@ -1 +1 @@
 .\"     Title: winbindd
-.\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
-.\"      Date: 12/19/2008
+.\"    Author: [see the "AUTHOR" section]
+.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+.\"      Date: 02/03/2009
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.2
+.\"  Language: English
 .\"
-.TH "WINBINDD" "8" "12/19/2008" "Samba 3\.2" "System Administration tools"
+.TH "WINBINDD" "8" "02/03/2009" "Samba 3\&.2" "System Administration tools"
+.\" -----------------------------------------------------------------
+.\" * (re)Define some macros
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" toupper - uppercase a string (locale-aware)
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de toupper
+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+\\$*
+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH-xref - format a cross-reference to an SH section
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de SH-xref
+.ie n \{\
+.\}
+.toupper \\$*
+.el \{\
+\\$*
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH - level-one heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SH
+.\" put an extra blank line of space above the head in non-TTY output
+.if t \{\
+.sp 1
+.\}
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[an-margin]u
+.ti 0
+.HTML-TAG ".NH \\n[an-level]"
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+\." make the size of the head bigger
+.ps +3
+.ft B
+.ne (2v + 1u)
+.ie n \{\
+.\" if n (TTY output), use uppercase
+.toupper \\$*
+.\}
+.el \{\
+.nr an-break-flag 0
+.\" if not n (not TTY), use normal case (not uppercase)
+\\$1
+.in \\n[an-margin]u
+.ti 0
+.\" if not n (not TTY), put a border/line under subheading
+.sp -.6
+\l'\n(.lu'
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SS - level-two heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SS
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[IN]u
+.ti \\n[SN]u
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.ps \\n[PS-SS]u
+\." make the size of the head bigger
+.ps +2
+.ft B
+.ne (2v + 1u)
+.if \\n[.$] \&\\$*
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BB/BE - put background/screen (filled box) around block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BB
+.if t \{\
+.sp -.5
+.br
+.in +2n
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EB
+.if t \{\
+.if "\\$2"adjust-for-leading-newline" \{\
+.sp -1
+.\}
+.br
+.di
+.in
+.ll
+.gcolor
+.nr BW \\n(.lu-\\n(.i
+.nr BH \\n(dn+.5v
+.ne \\n(BHu+.5v
+.ie "\\$2"adjust-for-leading-newline" \{\
+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.el \{\
+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.in 0
+.sp -.5v
+.nf
+.BX
+.in
+.sp .5v
+.fi
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BM/EM - put colored marker in margin next to block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BM
+.if t \{\
+.br
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EM
+.if t \{\
+.br
+.di
+.ll
+.gcolor
+.nr BH \\n(dn
+.ne \\n(BHu
+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+.in 0
+.nf
+.BX
+.in
+.fi
+.\}
+..
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
 .\" disable hyphenation
 .nh
 .\" disable justification (adjust text to left margin only)
 .ad l
-.SH "NAME"
-winbindd - Name Service Switch daemon for resolving names from NT servers
-.SH "SYNOPSIS"
-.HP 1
-winbindd [\-D] [\-F] [\-S] [\-i] [\-Y] [\-d\ <debug\ level>] [\-s\ <smb\ config\ file>] [\-n]
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "Name"
+winbindd \- Name Service Switch daemon for resolving names from NT servers
+.SH "Synopsis"
+.fam C
+.HP \w'\ 'u
+\FCwinbindd\F[] [\-D] [\-F] [\-S] [\-i] [\-Y] [\-d\ <debug\ level>] [\-s\ <smb\ config\ file>] [\-n]
+.fam
 .SH "DESCRIPTION"
 .PP
 This program is part of the
 \fBsamba\fR(7)
-suite\.
-.PP
-winbindd
+suite\&.
+.PP
+\FCwinbindd\F[]
 is a daemon that provides a number of services to the Name Service Switch capability found in most modern C libraries, to arbitrary applications via PAM and
-ntlm_auth
-and to Samba itself\.
+\FCntlm_auth\F[]
+and to Samba itself\&.
 .PP
 Even if winbind is not used for nsswitch, it still provides a service to
-smbd,
-ntlm_auth
+\FCsmbd\F[],
+\FCntlm_auth\F[]
 and the
-pam_winbind\.so
-PAM module, by managing connections to domain controllers\. In this configuraiton the
-\fIidmap uid\fR
+\FCpam_winbind\&.so\F[]
+PAM module, by managing connections to domain controllers\&. In this configuraiton the
+\m[blue]\fBidmap uid\fR\m[]
 and
-\fIidmap gid\fR
-parameters are not required\. (This is known as `netlogon proxy only mode\'\.)
-.PP
-The Name Service Switch allows user and system information to be obtained from different databases services such as NIS or DNS\. The exact behaviour can be configured throught the
-\fI/etc/nsswitch\.conf\fR
-file\. Users and groups are allocated as they are resolved to a range of user and group ids specified by the administrator of the Samba system\.
+\m[blue]\fBidmap gid\fR\m[]
+parameters are not required\&. (This is known as `netlogon proxy only mode\'\&.)
+.PP
+The Name Service Switch allows user and system information to be obtained from different databases services such as NIS or DNS\&. The exact behaviour can be configured throught the
+\FC/etc/nsswitch\&.conf\F[]
+file\&. Users and groups are allocated as they are resolved to a range of user and group ids specified by the administrator of the Samba system\&.
 .PP
 The service provided by
-winbindd
-is called `winbind\' and can be used to resolve user and group information from a Windows NT server\. The service can also provide authentication services via an associated PAM module\.
+\FCwinbindd\F[]
+is called `winbind\' and can be used to resolve user and group information from a Windows NT server\&. The service can also provide authentication services via an associated PAM module\&.
 .PP
 The
-\fIpam_winbind\fR
+\FCpam_winbind\F[]
 module supports the
 \fIauth\fR,
@@ -53 +211 @@
 and
 \fIpassword\fR
-module\-types\. It should be noted that the
+module\-types\&. It should be noted that the
 \fIaccount\fR
-module simply performs a getpwnam() to verify that the system can obtain a uid for the user, as the domain controller has already performed access control\. If the
-\fIlibnss_winbind\fR
-library has been correctly installed, or an alternate source of names configured, this should always succeed\.
+module simply performs a getpwnam() to verify that the system can obtain a uid for the user, as the domain controller has already performed access control\&. If the
+\FClibnss_winbind\F[]
+library has been correctly installed, or an alternate source of names configured, this should always succeed\&.
 .PP
 The following nsswitch databases are implemented by the winbindd service:
@@ -63 +221 @@
 \-D
 .RS 4
-If specified, this parameter causes the server to operate as a daemon\. That is, it detaches itself and runs in the background on the appropriate port\. This switch is assumed if
-winbindd
-is executed on the command line of a shell\.
+If specified, this parameter causes the server to operate as a daemon\&. That is, it detaches itself and runs in the background on the appropriate port\&. This switch is assumed if
+\FCwinbindd\F[]
+is executed on the command line of a shell\&.
 .RE
 .PP
 hosts
 .RS 4
-This feature is only available on IRIX\. User information traditionally stored in the
-\fIhosts(5)\fR
+This feature is only available on IRIX\&. User information traditionally stored in the
+\FChosts(5)\F[]
 file and used by
-gethostbyname(3)
-functions\. Names are resolved through the WINS server or by broadcast\.
+\FCgethostbyname(3)\F[]
+functions\&. Names are resolved through the WINS server or by broadcast\&.
 .RE
 .PP
@@ -80 +238 @@
 .RS 4
 User information traditionally stored in the
-\fIpasswd(5)\fR
+\FCpasswd(5)\F[]
 file and used by
-getpwent(3)
-functions\.
+\FCgetpwent(3)\F[]
+functions\&.
 .RE
 .PP
@@ -89 +247 @@
 .RS 4
 Group information traditionally stored in the
-\fIgroup(5)\fR
+\FCgroup(5)\F[]
 file and used by
-getgrent(3)
-functions\.
+\FCgetgrent(3)\F[]
+functions\&.
 .RE
 .PP
 For example, the following simple configuration in the
-\fI/etc/nsswitch\.conf\fR
+\FC/etc/nsswitch\&.conf\F[]
 file can be used to initially resolve user and group information from
-\fI/etc/passwd \fR
+\FC/etc/passwd \F[]
 and
-\fI/etc/group\fR
-and then from the Windows NT server\.
-.sp
-.RS 4
+\FC/etc/group\F[]
+and then from the Windows NT server\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.fam C
+.ps -1
 .nf
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
 passwd:         files winbind
 group:          files winbind
 ## only available on IRIX: use winbind to resolve hosts:
 # hosts:        files dns winbind
-## All other NSS enabled systems should use libnss_wins\.so like this:
+## All other NSS enabled systems should use libnss_wins\&.so like this:
 hosts:          files dns wins
 
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
 .fi
-.RE
+.fam
+.ps +1
+.if n \{\
+.RE
+.\}
 .PP
 The following simple configuration in the
-\fI/etc/nsswitch\.conf\fR
+\FC/etc/nsswitch\&.conf\F[]
 file can be used to initially resolve hostnames from
-\fI/etc/hosts\fR
-and then from the WINS server\.
-.sp
-.RS 4
+\FC/etc/hosts\F[]
+and then from the WINS server\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.fam C
+.ps -1
 .nf
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
 hosts:          files wins
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
 .fi
-.RE
+.fam
+.ps +1
+.if n \{\
+.RE
+.\}
 .SH "OPTIONS"
 .PP
@@ -131 +325 @@
 .RS 4
 If specified, this parameter causes the main
-winbindd
-process to not daemonize, i\.e\. double\-fork and disassociate with the terminal\. Child processes are still created as normal to service each connection request, but the main process does not exit\. This operation mode is suitable for running
-winbindd
+\FCwinbindd\F[]
+process to not daemonize, i\&.e\&. double\-fork and disassociate with the terminal\&. Child processes are still created as normal to service each connection request, but the main process does not exit\&. This operation mode is suitable for running
+\FCwinbindd\F[]
 under process supervisors such as
-supervise
+\FCsupervise\F[]
 and
-svscan
-from Daniel J\. Bernstein\'s
-daemontools
-package, or the AIX process monitor\.
+\FCsvscan\F[]
+from Daniel J\&. Bernstein\'s
+\FCdaemontools\F[]
+package, or the AIX process monitor\&.
 .RE
 .PP
@@ -146 +340 @@
 .RS 4
 If specified, this parameter causes
-winbindd
-to log to standard output rather than a file\.
+\FCwinbindd\F[]
+to log to standard output rather than a file\&.
 .RE
 .PP
@@ -153 +347 @@
 .RS 4
 \fIlevel\fR
-is an integer from 0 to 10\. The default value if this parameter is not specified is 0\.
-.sp
-The higher this value, the more detail will be logged to the log files about the activities of the server\. At level 0, only critical errors and serious warnings will be logged\. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\.
-.sp
-Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\.
+is an integer from 0 to 10\&. The default value if this parameter is not specified is 0\&.
+.sp
+The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&.
+.sp
+Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
 .sp
 Note that specifying this parameter here will override the
-\fIlog level\fR
+\m[blue]\fBlog level\fR\m[]
 parameter in the
-\fIsmb\.conf\fR
-file\.
+\FCsmb\&.conf\F[]
+file\&.
 .RE
 .PP
 \-V
 .RS 4
-Prints the program version number\.
+Prints the program version number\&.
 .RE
 .PP
 \-s <configuration file>
 .RS 4
-The file specified contains the configuration details required by the server\. The information in this file includes server\-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\. See
-\fIsmb\.conf\fR
-for more information\. The default configuration file name is determined at compile time\.
+The file specified contains the configuration details required by the server\&. The information in this file includes server\-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See
+\FCsmb\&.conf\F[]
+for more information\&. The default configuration file name is determined at compile time\&.
 .RE
 .PP
 \-l|\-\-log\-basename=logdirectory
 .RS 4
-Base directory name for log/debug files\. The extension
-\fB"\.progname"\fR
-will be appended (e\.g\. log\.smbclient, log\.smbd, etc\.\.\.)\. The log file is never removed by the client\.
+Base directory name for log/debug files\&. The extension
+\fB"\&.progname"\fR
+will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&.
 .RE
 .PP
 \-h|\-\-help
 .RS 4
-Print a summary of command line options\.
+Print a summary of command line options\&.
 .RE
 .PP
@@ -193 +387 @@
 .RS 4
 Tells
-winbindd
-to not become a daemon and detach from the current terminal\. This option is used by developers when interactive debugging of
-winbindd
-is required\.
-winbindd
+\FCwinbindd\F[]
+to not become a daemon and detach from the current terminal\&. This option is used by developers when interactive debugging of
+\FCwinbindd\F[]
+is required\&.
+\FCwinbindd\F[]
 also logs to standard output, as if the
-\-S
-parameter had been given\.
+\FC\-S\F[]
+parameter had been given\&.
 .RE
 .PP
 \-n
 .RS 4
-Disable caching\. This means winbindd will always have to wait for a response from the domain controller before it can respond to a client and this thus makes things slower\. The results will however be more accurate, since results from the cache might not be up\-to\-date\. This might also temporarily hang winbindd if the DC doesn\'t respond\.
+Disable caching\&. This means winbindd will always have to wait for a response from the domain controller before it can respond to a client and this thus makes things slower\&. The results will however be more accurate, since results from the cache might not be up\-to\-date\&. This might also temporarily hang winbindd if the DC doesn\'t respond\&.
 .RE
 .PP
 \-Y
 .RS 4
-Single daemon mode\. This means winbindd will run as a single process (the mode of operation in Samba 2\.2)\. Winbindd\'s default behavior is to launch a child process that is responsible for updating expired cache entries\.
+Single daemon mode\&. This means winbindd will run as a single process (the mode of operation in Samba 2\&.2)\&. Winbindd\'s default behavior is to launch a child process that is responsible for updating expired cache entries\&.
 .RE
 .SH "NAME AND ID RESOLUTION"
 .PP
-Users and groups on a Windows NT server are assigned a security id (SID) which is globally unique when the user or group is created\. To convert the Windows NT user or group into a unix user or group, a mapping between SIDs and unix user and group ids is required\. This is one of the jobs that
-winbindd
-performs\.
-.PP
-As winbindd users and groups are resolved from a server, user and group ids are allocated from a specified range\. This is done on a first come, first served basis, although all existing users and groups will be mapped as soon as a client performs a user or group enumeration command\. The allocated unix ids are stored in a database and will be remembered\.
-.PP
-WARNING: The SID to unix id database is the only location where the user and group mappings are stored by winbindd\. If this store is deleted or corrupted, there is no way for winbindd to determine which user and group ids correspond to Windows NT user and group rids\.
+Users and groups on a Windows NT server are assigned a security id (SID) which is globally unique when the user or group is created\&. To convert the Windows NT user or group into a unix user or group, a mapping between SIDs and unix user and group ids is required\&. This is one of the jobs that
+\FC winbindd\F[]
+performs\&.
+.PP
+As winbindd users and groups are resolved from a server, user and group ids are allocated from a specified range\&. This is done on a first come, first served basis, although all existing users and groups will be mapped as soon as a client performs a user or group enumeration command\&. The allocated unix ids are stored in a database and will be remembered\&.
+.PP
+WARNING: The SID to unix id database is the only location where the user and group mappings are stored by winbindd\&. If this store is deleted or corrupted, there is no way for winbindd to determine which user and group ids correspond to Windows NT user and group rids\&.
 .PP
 See the
-\fIidmap domains\fR
+\m[blue]\fBidmap domains\fR\m[]
 or the old
-\fIidmap backend\fR
+\m[blue]\fBidmap backend\fR\m[]
 parameters in
-\fIsmb\.conf\fR
-for options for sharing this database, such as via LDAP\.
+\FCsmb\&.conf\F[]
+for options for sharing this database, such as via LDAP\&.
 .SH "CONFIGURATION"
 .PP
 Configuration of the
-winbindd
+\FCwinbindd\F[]
 daemon is done through configuration parameters in the
 \fBsmb.conf\fR(5)
-file\. All parameters should be specified in the [global] section of smb\.conf\.
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-
-\fIwinbind separator\fR
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-
-\fIidmap uid\fR
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-
-\fIidmap gid\fR
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-
-\fIidmap backend\fR
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-
-\fIwinbind cache time\fR
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-
-\fIwinbind enum users\fR
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-
-\fIwinbind enum groups\fR
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-
-\fItemplate homedir\fR
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-
-\fItemplate shell\fR
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-
-\fIwinbind use default domain\fR
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-
-\fIwinbind: rpc only\fR
-Setting this parameter forces winbindd to use RPC instead of LDAP to retrieve information from Domain Controllers\.
+file\&. All parameters should be specified in the [global] section of smb\&.conf\&.
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+
+\m[blue]\fBwinbind separator\fR\m[]
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+
+\m[blue]\fBidmap uid\fR\m[]
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+
+\m[blue]\fBidmap gid\fR\m[]
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+
+\m[blue]\fBidmap backend\fR\m[]
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+
+\m[blue]\fBwinbind cache time\fR\m[]
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+
+\m[blue]\fBwinbind enum users\fR\m[]
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+
+\m[blue]\fBwinbind enum groups\fR\m[]
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+
+\m[blue]\fBtemplate homedir\fR\m[]
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+
+\m[blue]\fBtemplate shell\fR\m[]
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+
+\m[blue]\fBwinbind use default domain\fR\m[]
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+
+\m[blue]\fBwinbind: rpc only\fR\m[]
+Setting this parameter forces winbindd to use RPC instead of LDAP to retrieve information from Domain Controllers\&.
 .SH "EXAMPLE SETUP"
 .PP
-To setup winbindd for user and group lookups plus authentication from a domain controller use something like the following setup\. This was tested on an early Red Hat Linux box\.
+To setup winbindd for user and group lookups plus authentication from a domain controller use something like the following setup\&. This was tested on an early Red Hat Linux box\&.
 .PP
 In
-\fI/etc/nsswitch\.conf\fR
+\FC/etc/nsswitch\&.conf\F[]
 put the following:
 .sp
-.RS 4
+.if n \{\
+.RS 4
+.\}
+.fam C
+.ps -1
 .nf
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
 passwd: files winbind
 group:  files winbind
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
 .fi
-.RE
+.fam
+.ps +1
+.if n \{\
+.RE
+.\}
 .PP
 In
-\fI/etc/pam\.d/*\fR
+\FC/etc/pam\&.d/*\F[]
 replace the
 \fI auth\fR
 lines with something like this:
 .sp
-.RS 4
+.if n \{\
+.RS 4
+.\}
+.fam C
+.ps -1
 .nf
-auth  required    /lib/security/pam_securetty\.so
-auth  required    /lib/security/pam_nologin\.so
-auth  sufficient  /lib/security/pam_winbind\.so
-auth  required    /lib/security/pam_unix\.so \e
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
+auth  required    /lib/security/pam_securetty\&.so
+auth  required    /lib/security/pam_nologin\&.so
+auth  sufficient  /lib/security/pam_winbind\&.so
+auth  required    /lib/security/pam_unix\&.so \e
                   use_first_pass shadow nullok
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
 .fi
-.RE
-.sp
-.sp
+.fam
+.ps +1
+.if n \{\
+.RE
+.\}
+.sp
+.if n \{\
+.sp
+.\}
+.RS 4
+.BM yellow
 .it 1 an-trap
 .nr an-no-space-flag 1
 .nr an-break-flag 1
 .br
-Note
-.PP
-The PAM module pam_unix has recently replaced the module pam_pwdb\. Some Linux systems use the module pam_unix2 in place of pam_unix\.
+.ps +1
+\fBNote\fR
+.ps -1
+.br
+.PP
+The PAM module pam_unix has recently replaced the module pam_pwdb\&. Some Linux systems use the module pam_unix2 in place of pam_unix\&.
+.sp .5v
+.EM yellow
+.RE
 .PP
 Note in particular the use of the
@@ -412 +652 @@
 keyword and the
 \fIuse_first_pass\fR
-keyword\.
+keyword\&.
 .PP
 Now replace the account lines with this:
 .PP
-account required /lib/security/pam_winbind\.so
-.PP
-The next step is to join the domain\. To do that use the
-net
+\FCaccount required /lib/security/pam_winbind\&.so \F[]
+.PP
+The next step is to join the domain\&. To do that use the
+\FCnet\F[]
 program like this:
 .PP
-net join \-S PDC \-U Administrator
+\FCnet join \-S PDC \-U Administrator\F[]
 .PP
 The username after the
 \fI\-U\fR
-can be any Domain user that has administrator privileges on the machine\. Substitute the name or IP of your PDC for "PDC"\.
+can be any Domain user that has administrator privileges on the machine\&. Substitute the name or IP of your PDC for "PDC"\&.
 .PP
 Next copy
-\fIlibnss_winbind\.so\fR
+\FClibnss_winbind\&.so\F[]
 to
-\fI/lib\fR
+\FC/lib\F[]
 and
-\fIpam_winbind\.so \fR
+\FCpam_winbind\&.so \F[]
 to
-\fI/lib/security\fR\. A symbolic link needs to be made from
-\fI/lib/libnss_winbind\.so\fR
+\FC/lib/security\F[]\&. A symbolic link needs to be made from
+\FC/lib/libnss_winbind\&.so\F[]
 to
-\fI/lib/libnss_winbind\.so\.2\fR\. If you are using an older version of glibc then the target of the link should be
-\fI/lib/libnss_winbind\.so\.1\fR\.
+\FC/lib/libnss_winbind\&.so\&.2\F[]\&. If you are using an older version of glibc then the target of the link should be
+\FC/lib/libnss_winbind\&.so\&.1\F[]\&.
 .PP
 Finally, setup a
@@ -445 +685 @@
 containing directives like the following:
 .sp
-.RS 4
+.if n \{\
+.RS 4
+.\}
+.fam C
+.ps -1
 .nf
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
 [global]
         winbind separator = +
@@ -457 +707 @@
         security = domain
         password server = *
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
 .fi
-.RE
-.PP
-Now start winbindd and you should find that your user and group database is expanded to include your NT users and groups, and that you can login to your unix box as a domain user, using the DOMAIN+user syntax for the username\. You may wish to use the commands
-getent passwd
+.fam
+.ps +1
+.if n \{\
+.RE
+.\}
+.PP
+Now start winbindd and you should find that your user and group database is expanded to include your NT users and groups, and that you can login to your unix box as a domain user, using the DOMAIN+user syntax for the username\&. You may wish to use the commands
+\FCgetent passwd\F[]
 and
-getent group
-to confirm the correct operation of winbindd\.
+\FCgetent group \F[]
+to confirm the correct operation of winbindd\&.
 .SH "NOTES"
 .PP
 The following notes are useful when configuring and running
-winbindd:
+\FCwinbindd\F[]:
 .PP
 \fBnmbd\fR(8)
 must be running on the local machine for
-winbindd
-to work\.
-.PP
-PAM is really easy to misconfigure\. Make sure you know what you are doing when modifying PAM configuration files\. It is possible to set up PAM such that you can no longer log into your system\.
+\FCwinbindd\F[]
+to work\&.
+.PP
+PAM is really easy to misconfigure\&. Make sure you know what you are doing when modifying PAM configuration files\&. It is possible to set up PAM such that you can no longer log into your system\&.
 .PP
 If more than one UNIX machine is running
-winbindd, then in general the user and groups ids allocated by winbindd will not be the same\. The user and group ids will only be valid for the local machine, unless a shared
-\fIidmap backend\fR
-is configured\.
-.PP
-If the the Windows NT SID to UNIX user and group id mapping file is damaged or destroyed then the mappings will be lost\.
+\FCwinbindd\F[], then in general the user and groups ids allocated by winbindd will not be the same\&. The user and group ids will only be valid for the local machine, unless a shared
+\m[blue]\fBidmap backend\fR\m[]
+is configured\&.
+.PP
+If the the Windows NT SID to UNIX user and group id mapping file is damaged or destroyed then the mappings will be lost\&.
 .SH "SIGNALS"
 .PP
 The following signals can be used to manipulate the
-winbindd
-daemon\.
+\FCwinbindd\F[]
+daemon\&.
 .PP
 SIGHUP
@@ -493 +751 @@
 Reload the
 \fBsmb.conf\fR(5)
-file and apply any parameter changes to the running version of winbindd\. This signal also clears any cached user and group information\. The list of other domains trusted by winbindd is also reloaded\.
+file and apply any parameter changes to the running version of winbindd\&. This signal also clears any cached user and group information\&. The list of other domains trusted by winbindd is also reloaded\&.
 .RE
 .PP
@@ -499 +757 @@
 .RS 4
 The SIGUSR2 signal will cause
-winbindd
-to write status information to the winbind log file\.
-.sp
-Log files are stored in the filename specified by the log file parameter\.
+\FC winbindd\F[]
+to write status information to the winbind log file\&.
+.sp
+Log files are stored in the filename specified by the log file parameter\&.
 .RE
 .SH "FILES"
 .PP
-\fI/etc/nsswitch\.conf(5)\fR
-.RS 4
-Name service switch configuration file\.
-.RE
-.PP
-/tmp/\.winbindd/pipe
+\FC/etc/nsswitch\&.conf(5)\F[]
+.RS 4
+Name service switch configuration file\&.
+.RE
+.PP
+/tmp/\&.winbindd/pipe
 .RS 4
 The UNIX pipe over which clients communicate with the
-winbindd
-program\. For security reasons, the winbind client will only attempt to connect to the winbindd daemon if both the
-\fI/tmp/\.winbindd\fR
+\FCwinbindd\F[]
+program\&. For security reasons, the winbind client will only attempt to connect to the winbindd daemon if both the
+\FC/tmp/\&.winbindd\F[]
 directory and
-\fI/tmp/\.winbindd/pipe\fR
-file are owned by root\.
+\FC/tmp/\&.winbindd/pipe\F[]
+file are owned by root\&.
 .RE
 .PP
@@ -525 +783 @@
 .RS 4
 The UNIX pipe over which \'privileged\' clients communicate with the
-winbindd
-program\. For security reasons, access to some winbindd functions \- like those needed by the
-ntlm_auth
-utility \- is restricted\. By default, only users in the \'root\' group will get this access, however the administrator may change the group permissions on $LOCKDIR/winbindd_privileged to allow programs like \'squid\' to use ntlm_auth\. Note that the winbind client will only attempt to connect to the winbindd daemon if both the
-\fI$LOCKDIR/winbindd_privileged\fR
+\FCwinbindd\F[]
+program\&. For security reasons, access to some winbindd functions \- like those needed by the
+\FCntlm_auth\F[]
+utility \- is restricted\&. By default, only users in the \'root\' group will get this access, however the administrator may change the group permissions on $LOCKDIR/winbindd_privileged to allow programs like \'squid\' to use ntlm_auth\&. Note that the winbind client will only attempt to connect to the winbindd daemon if both the
+\FC$LOCKDIR/winbindd_privileged\F[]
 directory and
-\fI$LOCKDIR/winbindd_privileged/pipe\fR
-file are owned by root\.
-.RE
-.PP
-/lib/libnss_winbind\.so\.X
-.RS 4
-Implementation of name service switch library\.
-.RE
-.PP
-$LOCKDIR/winbindd_idmap\.tdb
-.RS 4
-Storage for the Windows NT rid to UNIX user/group id mapping\. The lock directory is specified when Samba is initially compiled using the
+\FC$LOCKDIR/winbindd_privileged/pipe\F[]
+file are owned by root\&.
+.RE
+.PP
+/lib/libnss_winbind\&.so\&.X
+.RS 4
+Implementation of name service switch library\&.
+.RE
+.PP
+$LOCKDIR/winbindd_idmap\&.tdb
+.RS 4
+Storage for the Windows NT rid to UNIX user/group id mapping\&. The lock directory is specified when Samba is initially compiled using the
 \fI\-\-with\-lockdir\fR
-option\. This directory is by default
-\fI/usr/local/samba/var/locks \fR\.
-.RE
-.PP
-$LOCKDIR/winbindd_cache\.tdb
-.RS 4
-Storage for cached user and group information\.
+option\&. This directory is by default
+\FC/usr/local/samba/var/locks \F[]\&.
+.RE
+.PP
+$LOCKDIR/winbindd_cache\&.tdb
+.RS 4
+Storage for cached user and group information\&.
 .RE
 .SH "VERSION"
 .PP
-This man page is correct for version 3 of the Samba suite\.
+This man page is correct for version 3 of the Samba suite\&.
 .SH "SEE ALSO"
 .PP
-\fInsswitch\.conf(5)\fR,
+\FCnsswitch\&.conf(5)\F[],
 \fBsamba\fR(7),
 \fBwbinfo\fR(1),
@@ -565 +823 @@
 .SH "AUTHOR"
 .PP
-The original Samba software and related utilities were created by Andrew Tridgell\. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\.
-.PP
-wbinfo
+The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
+.PP
+\FCwbinfo\F[]
 and
-winbindd
-were written by Tim Potter\.
-.PP
-The conversion to DocBook for Samba 2\.2 was done by Gerald Carter\. The conversion to DocBook XML 4\.2 for Samba 3\.0 was done by Alexander Bokovoy\.
+\FCwinbindd\F[]
+were written by Tim Potter\&.
+.PP
+The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.