diff options
Diffstat (limited to 'docs/docbook/manpages/winbindd.8.sgml')
| -rw-r--r-- | docs/docbook/manpages/winbindd.8.sgml | 160 |
1 files changed, 138 insertions, 22 deletions
diff --git a/docs/docbook/manpages/winbindd.8.sgml b/docs/docbook/manpages/winbindd.8.sgml index 32ea86b0d69..e257b6c3fb8 100644 --- a/docs/docbook/manpages/winbindd.8.sgml +++ b/docs/docbook/manpages/winbindd.8.sgml @@ -46,10 +46,10 @@ <para> The <filename>pam_winbind</filename> module in the 2.2.2 release only supports the <parameter>auth</parameter> and <parameter>account</parameter> - module-types. The latter simply + module-types. The latter is simply performs a getpwnam() to verify that the system can obtain a uid for the user. If the <filename>libnss_winbind</filename> library has been correctly - installed, this should always succeed. + installed, this should always suceed. </para> <para>The following nsswitch databases are implemented by @@ -156,26 +156,142 @@ group: files winbind </filename> file. All parameters should be specified in the [global] section of smb.conf. </para> - <itemizedlist> - <listitem><para><ulink url="smb.conf.5.html#WINBINDSEPARATOR"> - <parameter>winbind separator</parameter></ulink></para></listitem> - <listitem><para><ulink url="smb.conf.5.html#WINBINDUID"> - <parameter>winbind uid</parameter></ulink></para></listitem> - <listitem><para><ulink url="smb.conf.5.html#WINBINDGID"> - <parameter>winbind gid</parameter></ulink></para></listitem> - <listitem><para><ulink url="smb.conf.5.html#WINBINDCACHETIME"> - <parameter>winbind cache time</parameter></ulink></para></listitem> - <listitem><para><ulink url="smb.conf.5.html#WINBINDENUMUSERS"> - <parameter>winbind enum users</parameter></ulink></para></listitem> - <listitem><para><ulink url="smb.conf.5.html#WINBINDENUMGROUPS"> - <parameter>winbind enum groups</parameter></ulink></para></listitem> - <listitem><para><ulink url="smb.conf.5.html#TEMPLATEHOMEDIR"> - <parameter>template homedir</parameter></ulink></para></listitem> - <listitem><para><ulink url="smb.conf.5.html#TEMPLATESHELL"> - <parameter>template shell</parameter></ulink></para></listitem> - <listitem><para><ulink url="smb.conf.5.html#WINBINDUSEDEFAULTDOMAIN"> - <parameter>winbind use default domain</parameter></ulink></para></listitem> - </itemizedlist> + <variablelist> + <varlistentry> + <term>winbind separator</term> + <listitem><para>The winbind separator option allows you + to specify how NT domain names and user names are combined + into unix user names when presented to users. By default, + <command>winbindd</command> will use the traditional '\' + separator so that the unix user names look like + DOMAIN\username. In some cases this separator character may + cause problems as the '\' character has special meaning in + unix shells. In that case you can use the winbind separator + option to specify an alternative separator character. Good + alternatives may be '/' (although that conflicts + with the unix directory separator) or a '+ 'character. + The '+' character appears to be the best choice for 100% + compatibility with existing unix utilities, but may be an + aesthetically bad choice depending on your taste. </para> + + <para>Default: <command>winbind separator = \ </command> + </para> + <para>Example: <command>winbind separator = + </command></para> + </listitem> + </varlistentry> + + <varlistentry> + <term>winbind uid</term> + <listitem><para>The winbind uid parameter specifies the + range of user ids that are allocated by the winbindd daemon. + This range of ids should have no existing local or NIS users + within it as strange conflicts can occur otherwise. </para> + + <para>Default: <command>winbind uid = <empty string> + </command></para> + <para>Example: <command>winbind uid = 10000-20000</command></para> + </listitem> + </varlistentry> + + + <varlistentry> + <term>winbind gid</term> + <listitem><para>The winbind gid parameter specifies the + range of group ids that are allocated by the winbindd daemon. + This range of group ids should have no existing local or NIS + groups within it as strange conflicts can occur otherwise.</para> + + <para>Default: <command>winbind gid = <empty string> + </command></para> + <para>Example: <command>winbind gid = 10000-20000 + </command> </para></listitem> + </varlistentry> + + + <varlistentry> + <term>winbind cache time</term> + <listitem><para>This parameter specifies the number of + seconds the winbindd daemon will cache user and group information + before querying a Windows NT server again. When a item in the + cache is older than this time winbindd will ask the domain + controller for the sequence number of the server's account database. + If the sequence number has not changed then the cached item is + marked as valid for a further <parameter>winbind cache time + </parameter> seconds. Otherwise the item is fetched from the + server. This means that as long as the account database is not + actively changing winbindd will only have to send one sequence + number query packet every <parameter>winbind cache time + </parameter> seconds. </para> + + <para>Default: <command>winbind cache time = 15</command> + </para></listitem> + </varlistentry> + + <varlistentry> + <term>winbind enum users</term> + <listitem><para>On large installations it may be necessary + to suppress the enumeration of users through the <command> + setpwent()</command>, <command>getpwent()</command> and + <command>endpwent()</command> group of system calls. If + the <parameter>winbind enum users</parameter> parameter is false, + calls to the <command>getpwent</command> system call will not + return any data. </para> + + <para><emphasis>Warning:</emphasis> Turning off user enumeration + may cause some programs to behave oddly. For example, the <command>finger</command> + program relies on having access to the full user list when + searching for matching usernames. </para> + + <para>Default: <command>winbind enum users = yes </command></para> + </listitem> + </varlistentry> + + <varlistentry> + <term>winbind enum groups</term> + <listitem><para>On large installations it may be necessary + to suppress the enumeration of groups through the <command> + setgrent()</command>, <command>getgrent()</command> and + <command>endgrent()</command> group of system calls. If + the <parameter>winbind enum groups</parameter> parameter is + false, calls to the <command>getgrent()</command> system + call will not return any data. </para> + + <para><emphasis>Warning:</emphasis> Turning off group + enumeration may cause some programs to behave oddly. + </para> + + <para>Default: <command>winbind enum groups = no </command> + </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>template homedir</term> + <listitem><para>When filling out the user information + for a Windows NT user, the <command>winbindd</command> daemon + uses this parameter to fill in the home directory for that user. + If the string <parameter>%D</parameter> is present it is + substituted with the user's Windows NT domain name. If the + string <parameter>%U</parameter> is present it is substituted + with the user's Windows NT user name. </para> + + <para>Default: <command>template homedir = /home/%D/%U </command> + </para></listitem> + </varlistentry> + + + <varlistentry> + <term>template shell</term> + <listitem><para>When filling out the user information for + a Windows NT user, the <command>winbindd</command> daemon + uses this parameter to fill in the shell for that user. + </para> + + <para>Default: <command>template shell = /bin/false </command> + </para></listitem> + </varlistentry> + </variablelist> </refsect1> |