diff options
Diffstat (limited to 'docs/manpages/winbindd.8')
| -rw-r--r-- | docs/manpages/winbindd.8 | 748 |
1 files changed, 354 insertions, 394 deletions
diff --git a/docs/manpages/winbindd.8 b/docs/manpages/winbindd.8 index 6f76699e3f..efdaf76bd8 100644 --- a/docs/manpages/winbindd.8 +++ b/docs/manpages/winbindd.8 @@ -1,296 +1,266 @@ -.TH "winbindd " "8" "13 Jun 2000" "Samba" "SAMBA" -.PP -.SH "NAME" -winbindd \- Name Service Switch daemon for resolving names from NT servers -.PP -.SH "SYNOPSIS" -.PP -\fBwinbindd\fP [-d debuglevel] [-i] -.PP -.SH "DESCRIPTION" -.PP -This program is part of the \fBSamba\fP suite version 3\&.0 and describes -functionality not yet implemented in the main version of Samba\&. -.PP -\fBwinbindd\fP is a daemon that provides a service for the Name Service -Switch capability that is present in most modern C libraries\&. The Name -Service Switch allows user and system information to be obtained from -different databases services such as NIS or DNS\&. The exact behaviour can -be configured throught the \f(CW/etc/nsswitch\&.conf\fP file\&. Users and groups -are allocated as they are resolved to a range of user and group ids -specified by the administrator of the Samba system\&. -.PP -The service provided by \fBwinbindd\fP is called `winbind\' and can be -used to resolve user and group information from a Windows NT server\&. -The service can also provide authentication services via an associated -PAM module\&. -.PP -The following nsswitch databases are implemented by the \fBwinbindd\fP -service: -.PP -.IP -.IP "passwd" -.IP -User information traditionally stored in the \fBpasswd(5)\fP file and used by -\fBgetpwent(3)\fP functions\&. -.IP -.IP "group" -.IP -Group information traditionally stored in the \fBgroup(5)\fP file and used by -\fBgetgrent(3)\fP functions\&. -.IP -.PP +.\" This manpage has been automatically generated by docbook2man-spec +.\" from a DocBook document. docbook2man-spec can be found at: +.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> +.\" Please send any bug reports, improvements, comments, patches, +.\" etc. to Steve Cheng <steve@ggi-project.org>. +.TH "WINBINDD" "8" "22 February 2001" "" "" +.SH NAME +winbindd \- Name Service Switch daemon for resolving names from NT servers +.SH SYNOPSIS +.sp +\fBnmblookup\fR [ \fB-d debuglevel\fR ] [ \fB-i\fR ] [ \fB-S\fR ] [ \fB-r\fR ] [ \fB-A\fR ] [ \fB-h\fR ] [ \fB-B <broadcast address>\fR ] [ \fB-U <unicast address>\fR ] [ \fB-d <debug level>\fR ] [ \fB-s <smb config file>\fR ] [ \fB-i <NetBIOS scope>\fR ] [ \fB-T\fR ] \fBname\fR +.SH "DESCRIPTION" +.PP +This tool is part of the Samba <URL:samba.7.html> suite version 3.0 and describes functionality not +yet implemented in the main version of Samba. +.PP +\fBwinbindd\fR is a daemon that provides +a service for the Name Service Switch capability that is present +in most modern C libraries. The Name Service Switch allows user +and system information to be obtained from different databases +services such as NIS or DNS. The exact behaviour can be configured +throught the \fI/etc/nsswitch.conf\fR file. +Users and groups are allocated as they are resolved to a range +of user and group ids specified by the administrator of the +Samba system. +.PP +The service provided by winbindd is called `winbind' and +can be used to resolve user and group information from a +Windows NT server. The service can also provide authentication +services via an associated PAM module. +.PP +The following nsswitch databases are implemented by +the winbindd service: +.TP +\fBpasswd\fR +User information traditionally stored in +the \fIpasswd(5)\fR file and used by +\fBgetpwent(3)\fR functions. +.TP +\fBgroup\fR +Group information traditionally stored in +the \fIgroup(5)\fR file and used by +\fBgetgrent(3)\fR functions. +.PP For example, the following simple configuration in the -\f(CW/etc/nsswitch\&.conf\fP file can be used to initially resolve user and group -information from \f(CW/etc/passwd\fP and \f(CW/etc/group\fP and then from the -Windows NT server\&. -.PP +\fI/etc/nsswitch.conf\fR file can be used to initially +resolve user and group information from \fI/etc/passwd +\fRand \fI/etc/group\fR and then from the +Windows NT server. +.PP +.PP +.sp +.nf +passwd: files winbind +group: files winbind + +.sp +.fi +.PP +.SH "OPTIONS" +.TP +\fB-d debuglevel\fR +Sets the debuglevel to an integer between +0 and 100. 0 is for no debugging and 100 is for reams and +reams. To submit a bug report to the Samba Team, use debug +level 100 (see BUGS.txt). +.TP +\fB-i\fR +Tells \fBwinbindd\fR to not +become a daemon and detach from the current terminal. This +option is used by developers when interactive debugging +of \fBwinbindd\fR is required. +.SH "NAME AND ID RESOLUTION" +.PP +Users and groups on a Windows NT server are assigned +a relative id (rid) which is unique for the domain when the +user or group is created. To convert the Windows NT user or group +into a unix user or group, a mapping between rids and unix user +and group ids is required. This is one of the jobs that \fB winbindd\fR performs. +.PP +As winbindd users and groups are resolved from a server, user +and group ids are allocated from a specified range. This +is done on a first come, first served basis, although all existing +users and groups will be mapped as soon as a client performs a user +or group enumeration command. The allocated unix ids are stored +in a database file under the Samba lock directory and will be +remembered. +.PP +WARNING: The rid to unix id database is the only location +where the user and group mappings are stored by winbindd. If this +file is deleted or corrupted, there is no way for winbindd to +determine which user and group ids correspond to Windows NT user +and group rids. +.SH "CONFIGURATION" +.PP +Configuration of the \fBwinbindd\fR daemon +is done through configuration parameters in the \fIsmb.conf(5) +\fRfile. All parameters should be specified in the +[global] section of smb.conf. +.TP +\fBwinbind separator\fR +The winbind separator option allows you +to specify how NT domain names and user names are combined +into unix user names when presented to users. By default, +\fBwinbindd\fR will use the traditional '\\' +separator so that the unix user names look like +DOMAIN\\username. In some cases this separator character may +cause problems as the '\\' character has special meaning in +unix shells. In that case you can use the winbind separator +option to specify an alternative sepataror character. Good +alternatives may be '/' (although that conflicts +with the unix directory separator) or a '+ 'character. +The '+' character appears to be the best choice for 100% +compatibility with existing unix utilities, but may be an +aesthetically bad choice depending on your taste. -.nf - +Default: \fBwinbind separator = \\ \fR - passwd: files winbind - group: files winbind +Example: \fBwinbind separator = + \fR +.TP +\fBwinbind uid\fR +The winbind uid parameter specifies the +range of user ids that are allocated by the winbindd daemon. +This range of ids should have no existing local or nis users +within it as strange conflicts can occur otherwise. -.fi - +Default: \fBwinbind uid = <empty string> +\fR +Example: \fBwinbind uid = 10000-20000\fR +.TP +\fBwinbind gid\fR +The winbind gid parameter specifies the +range of group ids that are allocated by the winbindd daemon. +This range of group ids should have no existing local or nis +groups within it as strange conflicts can occur otherwise. -.PP -.SH "OPTIONS" -.PP -The following options are available to the \fBwinbindd\fP daemon: -.PP -.IP -.IP "\fB-d debuglevel\fP" -Sets the debuglevel to an integer between 0 and 100\&. 0 is for no debugging -and 100 is for reams and reams\&. To submit a bug report to the Samba Team, -use debug level 100 (see \fBBUGS\&.txt\fP)\&. -.IP -.IP "\fB-i\fP" -Tells \fBwinbindd\fP to not become a daemon and detach from the current terminal\&. -This option is used by developers when interactive debugging of \fBwinbindd\fP is -required\&. -.IP -.PP -.SH "NAME AND ID RESOLUTION" -.PP -Users and groups on a Windows NT server are assigned a relative id (rid) -which is unique for the domain when the user or group is created\&. To -convert the Windows NT user or group into a unix user or group, a mapping -between rids and unix user and group ids is required\&. This is one of the -jobs that \fBwinbindd\fP performs\&. -.PP -As \fBwinbindd\fP users and groups are resolved from a server, user and group -ids are allocated from a specified range\&. This is done on a first come, -first served basis, although all existing users and groups will be mapped -as soon as a client performs a user or group enumeration command\&. The -allocated unix ids are stored in a database file under the Samba lock -directory and will be remembered\&. -.PP -WARNING: The rid to unix id database is the only location where the user -and group mappings are stored by \fBwinbindd\fP\&. If this file is deleted or -corrupted, there is no way for \fBwinbindd\fP to determine which user and -group ids correspond to Windows NT user and group rids\&. -.PP -.SH "CONFIGURATION" -.PP -Configuration of the \fBwinbindd\fP daemon is done through configuration -parameters in the \fBsmb\&.conf\fP file\&. All parameters -should be specified in the [global] section of -\fBsmb\&.conf\fP\&. -.PP -.IP -.IP "winbind separator" -.IP -The winbind separator option allows you to specify how NT domain names -and user names are combined into unix user names when presented to -users\&. By default winbind will use the traditional \e separator so -that the unix user names look like DOMAIN\eusername\&. In some cases -this separator character may cause problems as the \e character has -special meaning in unix shells\&. In that case you can use the winbind -separator option to specify an alternative sepataror character\&. Good -alternatives may be / (although that conflicts with the unix directory -separator) or a + character\&. The + character appears to be the best -choice for 100% compatibility with existing unix utilities, but may be -an aesthetically bad choice depending on your taste\&. -.IP -\fBDefault:\fP -\f(CW winbind separator = \e\fP -.IP -\fBExample:\fP -\f(CW winbind separator = +\fP -.IP -.IP "winbind uid" -.IP -The winbind uid parameter specifies the range of user ids that are -allocated by the \fBwinbindd\fP daemon\&. This range of -ids should have no existing local or nis users within it as strange -conflicts can occur otherwise\&. -.IP -\fBDefault:\fP -\f(CW winbind uid = <empty string>\fP -.IP -\fBExample:\fP -\f(CW winbind uid = 10000-20000\fP -.IP -.IP "winbind gid" -.IP -The winbind gid parameter specifies the range of group ids that are -allocated by the \fBwinbindd\fP daemon\&. This range of group ids should have -no existing local or nis groups within it as strange conflicts can occur -otherwise\&. -.IP -\fBDefault:\fP -\f(CW winbind gid = <empty string>\fP -.IP -\fBExample:\fP -\f(CW winbind gid = 10000-20000\fP -.IP -.IP "winbind cache time" -.IP -This parameter specifies the number of seconds the \fBwinbindd\fP daemon will -cache user and group information before querying a Windows NT server -again\&. When a item in the cache is older than this time \fBwinbindd\fP will ask -the domain controller for the sequence number of the servers account -database\&. If the sequence number has not changed then the cached item is -marked as valid for a further "winbind cache time" seconds\&. Otherwise the -item is fetched from the server\&. This means that as long as the account -database is not actively changing \fBwinbindd\fP will only have to send one -sequence number query packet every "winbind cache time" seconds\&. -.IP -\fBDefault:\fP -\f(CW winbind cache time = 15\fP -.IP -.IP "winbind enum users" -.IP -On large installations it may be necessary to suppress the enumeration of -users through the \f(CWsetpwent\fP, \f(CWgetpwent\fP and \f(CWendpwent\fP group of -system calls\&. If the \f(CWwinbind enum users\fP parameter is false, calls to -the \f(CWgetpwent\fP system call will not return any data\&. -.IP -Warning: Turning off user enumeration may cause some programs to behave -oddly\&. For example, the finger program relies on having access to the full -user list when searching for matching usernames\&. -.IP -\fBDefault:\fP -\f(CW winbind enum users = true\fP -.IP -.IP "winbind enum groups" -.IP -On large installations it may be necessary to suppress the enumeration of -groups through the \f(CWsetgrent\fP, \f(CWgetgrent\fP and \f(CWendgrent\fP group of -system calls\&. If the \f(CWwinbind enum groups\fP parameter is false, calls to -the \f(CWgetgrent\fP system call will not return any data\&. -.IP -Warning: Turning off group enumeration may cause some programs to behave -oddly\&. -.IP -\fBDefault:\fP -\f(CW winbind enum groups = true\fP -.IP -.IP "template homedir" -.IP -When filling out the user information for a Windows NT user, the -\fBwinbindd\fP daemon uses this parameter to fill in the home directory for -that user\&. If the string \f(CW%D\fP is present it is substituted with the -user\'s Windows NT domain name\&. If the string \f(CW%U\fP is present it is -substituted with the user\'s Windows NT user name\&. -.IP -\fBDefault:\fP -\f(CW template homedir = /home/%D/%U\fP -.IP -.IP "template shell" -.IP -When filling out the user information for a Windows NT user, the -\fBwinbindd\fP daemon uses this parameter to fill in the shell for that user\&. -.IP -\fBDefault:\fP -\f(CW template shell = /bin/false\fP -.IP -.PP -.SH "EXAMPLE SETUP" -.PP -To setup \fBwinbindd\fP for user and group lookups plus authentication from -a domain controller use something like the following setup\&. This was -tested on a RedHat 6\&.2 Linux box\&. -.PP -In \f(CW/etc/nsswitch\&.conf\fP put the following: +Default: \fBwinbind gid = <empty string> +\fR +Example: \fBwinbind gid = 10000-20000 +\fR.TP +\fBwinbind cache time\fR +This parameter specifies the number of +seconds the winbindd daemon will cache user and group information +before querying a Windows NT server again. When a item in the +cache is older than this time winbindd will ask the domain +controller for the sequence number of the servers account database. +If the sequence number has not changed then the cached item is +marked as valid for a further \fIwinbind cache time +\fRseconds. Otherwise the item is fetched from the +server. This means that as long as the account database is not +actively changing winbindd will only have to send one sequence +number query packet every \fIwinbind cache time +\fRseconds. -.nf - +Default: \fBwinbind cache time = 15\fR +.TP +\fBwinbind enum users\fR +On large installations it may be necessary +to suppress the enumeration of users through the \fB setpwent()\fR, \fBgetpwent()\fR and +\fBendpwent()\fR group of system calls. If +the \fIwinbind enum users\fR parameter is false, +calls to the \fBgetpwent\fR system call will not +return any data. - passwd: files winbind - group: files winbind +\fBWarning:\fR Turning off user enumeration +may cause some programs to behave oddly. For example, the finger +program relies on having access to the full user list when +searching for matching usernames. -.fi - +Default: \fBwinbind enum users = yes \fR +.TP +\fBwinbind enum groups\fR +On large installations it may be necessary +to suppress the enumeration of groups through the \fB setgrent()\fR, \fBgetgrent()\fR and +\fBendgrent()\fR group of system calls. If +the \fIwinbind enum groups\fR parameter is +false, calls to the \fBgetgrent()\fR system +call will not return any data. -.PP -In \f(CW/etc/pam\&.d/*\fP replace the \f(CWauth\fP lines with something like this: +\fBWarning:\fR Turning off group +enumeration may cause some programs to behave oddly. -.nf - +Default: \fBwinbind enum groups = no \fR +.TP +\fBtemplate homedir\fR +When filling out the user information +for a Windows NT user, the \fBwinbindd\fR daemon +uses this parameter to fill in the home directory for that user. +If the string \fI%D\fR is present it is +substituted with the user's Windows NT domain name. If the +string \fI%U\fR is present it is substituted +with the user's Windows NT user name. - auth required /lib/security/pam_securetty\&.so - auth required /lib/security/pam_nologin\&.so - auth sufficient /lib/security/pam_winbind\&.so - auth required /lib/security/pam_pwdb\&.so use_first_pass shadow nullok +Default: \fBtemplate homedir = /home/%D/%U \fR +.TP +\fBtemplate shell\fR +When filling out the user information for +a Windows NT user, the \fBwinbindd\fR daemon +uses this parameter to fill in the shell for that user. -.fi - - -.PP -Note in particular the use of the \f(CWsufficient\fP keyword and the -\f(CWuse_first_pass\fP keyword\&. -.PP -Now replace the account lines with this: - -.nf - - - account required /lib/security/pam_winbind\&.so - -.fi - - -.PP -The next step is to join the domain\&. To do that use the samedit -program like this: - -.nf - - - samedit -S \'*\' -W DOMAIN -UAdministrator - -.fi - - -.PP -The username after the -U can be any Domain user that has administrator -priviliges on the machine\&. Next from within samedit, run the command: - -.nf - - - createuser MACHINE$ -j DOMAIN -L - -.fi - - -.PP -This assumes your domain is called \f(CWDOMAIN\fP and your Samba workstation -is called \f(CWMACHINE\fP\&. -.PP -Next copy \f(CWlibnss_winbind\&.so\&.2\fP to \f(CW/lib\fP and \f(CWpam_winbind\&.so\fP to -\f(CW/lib/security\fP\&. -.PP -Finally, setup a smb\&.conf containing directives like the following: - -.nf - - - [global] - winbind separator = + +Default: \fBtemplate shell = /bin/false \fR +.SH "EXAMPLE SETUP" +.PP +To setup winbindd for user and group lookups plus +authentication from a domain controller use something like the +following setup. This was tested on a RedHat 6.2 Linux box. +.PP +In \fI/etc/nsswitch.conf\fR put the +following: +.PP +.sp +.nf +passwd: files winbind +group: files winbind + +.sp +.fi +.PP +In \fI/etc/pam.d/*\fR replace the +\fIauth\fR lines with something like this: +.PP +.sp +.nf +auth required /lib/security/pam_securetty.so +auth required /lib/security/pam_nologin.so +auth sufficient /lib/security/pam_winbind.so +auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok + +.sp +.fi +.PP +Note in particular the use of the \fIsufficient\fR +keyword and the \fIuse_first_pass\fR keyword. +.PP +Now replace the account lines with this: +.PP +\fBaccount required /lib/security/pam_winbind.so +\fR.PP +The next step is to join the domain. To do that use the +\fBsamedit\fR program like this: +.PP +\fBsamedit -S '*' -W DOMAIN -UAdministrator\fR +.PP +The username after the \fI-U\fR can be any Domain +user that has administrator priviliges on the machine. Next from +within \fBsamedit\fR, run the command: +.PP +\fBcreateuser MACHINE$ -j DOMAIN -L\fR +.PP +This assumes your domain is called "DOMAIN" and your Samba +workstation is called "MACHINE". +.PP +Next copy \fIlibnss_winbind.so.2\fR to +\fI/lib\fR and \fIpam_winbind.so\fR +to \fI/lib/security\fR. +.PP +Finally, setup a smb.conf containing directives like the +following: +.PP +.sp +.nf +[global] + winbind separator = + winbind cache time = 10 template shell = /bin/bash template homedir = /home/%D/%U @@ -299,117 +269,107 @@ Finally, setup a smb\&.conf containing directives like the following: workgroup = DOMAIN security = domain password server = * + +.sp +.fi +.PP +Now start winbindd and you should find that your user and +group database is expanded to include your NT users and groups, +and that you can login to your unix box as a domain user, using +the DOMAIN+user syntax for the username. You may wish to use the +commands \fBgetent passwd\fR and \fBgetent group +\fRto confirm the correct operation of winbindd. +.SH "NOTES" +.PP +The following notes are useful when configuring and +running \fBwinbindd\fR: +.PP +\fBnmbd\fR must be running on the local machine +for \fBwinbindd\fR to work. \fBwinbindd\fR +queries the list of trusted domains for the Windows NT server +on startup and when a SIGHUP is received. Thus, for a running \fB winbindd\fR to become aware of new trust relationships between +servers, it must be sent a SIGHUP signal. +.PP +Client processes resolving names through the \fBwinbindd\fR +nsswitch module read an environment variable named \fI $WINBINDD_DOMAIN\fR. If this variable contains a comma separated +list of Windows NT domain names, then winbindd will only resolve users +and groups within those Windows NT domains. +.PP +PAM is really easy to misconfigure. Make sure you know what +you are doing when modifying PAM configuration files. It is possible +to set up PAM such that you can no longer log into your system. +.PP +If more than one UNIX machine is running \fBwinbindd\fR, +then in general the user and groups ids allocated by winbindd will not +be the same. The user and group ids will only be valid for the local +machine. +.PP +If the the Windows NT RID to UNIX user and group id mapping +file is damaged or destroyed then the mappings will be lost. +.SH "SIGNALS" +.PP +The following signals can be used to manipulate the +\fBwinbindd\fR daemon. +.TP +\fBSIGHUP\fR +Reload the \fIsmb.conf(5)\fR +file and apply any parameter changes to the running +version of winbindd. This signal also clears any cached +user and group information. The list of other domains trusted +by winbindd is also reloaded. +.TP +\fBSIGUSR1\fR +The SIGUSR1 signal will cause \fB winbindd\fR to write status information to the winbind +log file including information about the number of user and +group ids allocated by \fBwinbindd\fR. -.fi - - -.PP -Now start \fBwinbindd\fP and you should find that your user and group -database is expanded to include your NT users and groups, and that you -can login to your unix box as a domain user, using the \f(CWDOMAIN+user\fP -syntax for the username\&. You may wish to use the commands "getent -passwd" and "getent group" to confirm the correct operation of -\fBwinbindd\fP\&. -.PP -.SH "NOTES" -.PP -The following notes are useful when configuring and running \fBwinbindd\fP: -.PP -.IP -.IP "" -\fBnmbd\fP must be running on the local machine for -\fBwinbindd\fP to work\&. -.IP -.IP "" -\fBwinbindd\fP queries the list of trusted domains for the Windows NT server -on startup and when a SIGHUP is received\&. Thus, for a running \fBwinbindd\fP -to become aware of new trust relationships between servers, it must be sent -a SIGHUP signal\&. -.IP -.IP "" -Client processes resolving names through the \fBwinbindd\fP nsswitch module -read an environment variable named \f(CWWINBINDD_DOMAIN\fP\&. If this variable -contains a comma separated list of Windows NT domain names, then \fBwinbindd\fP -will only resolve users and groups within those Windows NT domains\&. -.IP -.IP "" -PAM is really easy to misconfigure\&. Make sure you know what you are doing -when modifying PAM configuration files\&. It is possible to set up PAM -such that you can no longer log into your system\&. -.IP -.IP "" -If more than one UNIX machine is running \fBwinbindd\fP, then in general the -user and groups ids allocated by \fBwinbindd\fP will not be the same\&. The -user and group ids will only be valid for the local machine\&. -.IP -.IP "" -If the the Windows NT RID to UNIX user and group id mapping file -is damaged or destroyed then the mappings will be lost\&. -.IP -.PP -.SH "SIGNALS" -.PP -The following signals can be used to manipulate the \fBwinbindd\fP daemon\&. -.PP -.IP -.IP "\f(CWSIGHUP\fP" -.IP -Reload the \f(CWsmb\&.conf\fP file and apply any parameter changes to the running -version of \fBwinbindd\fP\&. This signal also clears any cached user and group -information\&. The list of other domains trusted by \fBwinbindd\fP is also -reloaded\&. -.IP -.IP "\f(CWSIGUSR1\fP" -.IP -The \f(CWSIGUSR1\fP signal will cause \fBwinbindd\fP to write status information -to the winbind log file including information about the number of user and -group ids allocated by \fBwinbindd\fP\&. -.IP -Log files are stored in the filename specified by the \fBlog file\fP parameter\&. -.IP -.PP -.SH "FILES" -.PP -The following files are relevant to the operation of the \fBwinbindd\fP -daemon\&. -.PP -.IP -.IP "/etc/nsswitch\&.conf(5)" -.IP -Name service switch configuration file\&. -.IP -.IP "/tmp/\&.winbindd/pipe" -.IP -The UNIX pipe over which clients communicate with the \fBwinbindd\fP program\&. -For security reasons, the winbind client will only attempt to connect to the -\fBwinbindd\fP daemon if both the \f(CW/tmp/\&.winbindd\fP directory and -\f(CW/tmp/\&.winbindd/pipe\fP file are owned by root\&. -.IP -.IP "/lib/libnss_winbind\&.so\&.X" -.IP -Implementation of name service switch library\&. -.IP -.IP "$LOCKDIR/winbindd_idmap\&.tdb" -.IP -Storage for the Windows NT rid to UNIX user/group id mapping\&. The lock -directory is specified when Samba is initially compiled using the -\f(CW--with-lockdir\fP option\&. This directory is by default -\f(CW/usr/local/samba/var/locks\fP\&. -.IP -.IP "$LOCKDIR/winbindd_cache\&.tdb" -.IP -Storage for cached user and group information\&. -.IP -.PP -.SH "SEE ALSO" -.PP -\fBsamba(7)\fP, \fBsmb\&.conf(5)\fP, -\fBnsswitch\&.conf(5)\fP, \fBwbinfo(1)\fP -.PP -.SH "AUTHOR" -.PP -The original Samba software and related utilities were created by -Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open -Source project\&. -.PP -\fBwinbindd\fP was written by Tim Potter\&. +Log files are stored in the filename specified by the +log file parameter. +.SH "FILES" +.TP +\fB\fI/etc/nsswitch.conf(5)\fB\fR +Name service switch configuration file. +.TP +\fB/tmp/.winbindd/pipe\fR +The UNIX pipe over which clients communicate with +the \fBwinbindd\fR program. For security reasons, the +winbind client will only attempt to connect to the winbindd daemon +if both the \fI/tmp/.winbindd\fR directory +and \fI/tmp/.winbindd/pipe\fR file are owned by +root. +.TP +\fB/lib/libnss_winbind.so.X\fR +Implementation of name service switch library. +.TP +\fB$LOCKDIR/winbindd_idmap.tdb\fR +Storage for the Windows NT rid to UNIX user/group +id mapping. The lock directory is specified when Samba is initially +compiled using the \fI--with-lockdir\fR option. +This directory is by default \fI/usr/local/samba/var/locks +\fR\&. +.TP +\fB$LOCKDIR/winbindd_cache.tdb\fR +Storage for cached user and group information. +.SH "VERSION" +.PP +This man page is correct for version 2.2 of +the Samba suite. winbindd is however not available in +stable release of Samba as of yet. +.SH "SEE ALSO" +.PP +\fInsswitch.conf(5)\fR, +samba(7) <URL:samba.7.html>, +wbinfo(1) <URL:wbinfo.1.html>, +smb.conf(5) <URL:smb.conf.5.html> +.SH "AUTHOR" +.PP +The original Samba software and related utilities +were created by Andrew Tridgell. Samba is now developed +by the Samba Team as an Open Source project similar +to the way the Linux kernel is developed. +.PP +\fBwbinfo\fR and \fBwinbindd\fR +were written by Tim Potter. +.PP +The conversion to DocBook for Samba 2.2 was done +by Gerald Carter |