-
-
-
-
-
-
-<html><head><title>smbtar (1)</title>
-
-<link rev="made" href="mailto:samba@samba.org">
-</head>
-<body>
-
-<hr>
-
-<h1>smbtar (1)</h1>
-<h2>Samba</h2>
-<h2>23 Oct 1998</h2>
-
-
-
-<p><a name="NAME"></a>
-<h2>NAME</h2>
- smbtar - shell script for backing up SMB/CIFS shares directly to UNIX tape drives
-<p><a name="SYNOPSIS"></a>
-<h2>SYNOPSIS</h2>
-
-<p><strong>smbtar</strong> <a href="smbtar.1.html#minuss">-s server</a> [<a href="smbtar.1.html#minusp">-p password</a>] [<a href="smbtar.1.html#minusx">-x service</a>] [<a href="smbtar.1.html#minusX">-X</a>] [<a href="smbtar.1.html#minusd">-d directory</a>] [<a href="smbtar.1.html#minusu">-u user</a>] [<a href="smbtar.1.html#minust">-t tape</a>] [<a href="smbtar.1.html#minusb">-b blocksize</a>] [<a href="smbtar.1.html#minusN">-N filename</a>] [<a href="smbtar.1.html#minusi">-i</a>] [<a href="smbtar.1.html#minusr">-r</a>] [<a href="smbtar.1.html#minusl">-l log level</a>] [<a href="smbtar.1.html#minusv">-v</a>] filenames
-<p><a name="DESCRIPTION"></a>
-<h2>DESCRIPTION</h2>
-
-<p>This program is part of the <strong>Samba</strong> suite.
-<p><strong>smbtar</strong> is a very small shell script on top of
-<a href="smbclient.1.html"><strong>smbclient</strong></a> which dumps SMB shares directly
-to tape.
-<p><a name="OPTIONS"></a>
-<h2>OPTIONS</h2>
-
-<p><dl>
-<p><a name="minuss"></a>
-<p></p><dt><strong><strong>-s server</strong></strong><dd> The SMB/CIFS server that the share resides upon.
-<p><a name="minusx"></a>
-<p></p><dt><strong><strong>-x service</strong></strong><dd> The share name on the server to connect
-to. The default is <code>backup</code>.
-<p><a name="minusX"></a>
-<p></p><dt><strong><strong>-X</strong></strong><dd> Exclude mode. Exclude filenames... from tar create or
-restore.
-<p><a name="minusd"></a>
-<p></p><dt><strong><strong>-d directory</strong></strong><dd> Change to initial <em>directory</em> before restoring
-/ backing up files.
-<p><a name="minusv"></a>
-<p></p><dt><strong><strong>-v</strong></strong><dd> Verbose mode.
-<p><a name="minusp"></a>
-<p></p><dt><strong><strong>-p password</strong></strong><dd> The password to use to access a share. Default:
-none
-<p><a name="minusu"></a>
-<p></p><dt><strong><strong>-u user</strong></strong><dd> The user id to connect as. Default: UNIX login name.
-<p><a name="minust"></a>
-<p></p><dt><strong><strong>-t tape</strong></strong><dd> Tape device. May be regular file or tape
-device. Default: <em>TAPE</em> environmental variable; if not set, a file
-called <code>tar.out</code>.
-<p><a name="minusb"></a>
-<p></p><dt><strong><strong>-b blocksize</strong></strong><dd> Blocking factor. Defaults to 20. See <strong>tar (1)</strong>
-for a fuller explanation.
-<p><a name="minusN"></a>
-<p></p><dt><strong><strong>-N filename</strong></strong><dd> Backup only files newer than filename. Could be
-used (for example) on a log file to implement incremental backups.
-<p><a name="minusi"></a>
-<p></p><dt><strong><strong>-i</strong></strong><dd> Incremental mode; tar files are only backed up if they
-have the archive bit set. The archive bit is reset after each file is
-read.
-<p><a name="minusr"></a>
-<p></p><dt><strong><strong>-r</strong></strong><dd> Restore. Files are restored to the share from the tar
-file.
-<p><a name="minusl"></a>
-<p></p><dt><strong><strong>-l log level</strong></strong><dd> Log (debug) level. Corresponds to the
-<a href="smbclient.1.html#minusd"><strong>-d</strong></a> flag of <a href="smbclient.1.html"><strong>smbclient
-(1)</strong></a>.
-<p></dl>
-<p><a name="ENVIRONMENTVARIABLES"></a>
-<h2>ENVIRONMENT VARIABLES</h2>
-
-<p>The TAPE variable specifies the default tape device to write to. May
-be overridden with the <a href="smbtar.1.html#minust"><strong>-t</strong></a> option.
-<p><a name="BUGS"></a>
-<h2>BUGS</h2>
-
-<p>The <strong>smbtar</strong> script has different options from ordinary tar and tar
-called from <a href="smbclient.1.html"><strong>smbclient</strong></a>.
-<p><a name="CAVEATS"></a>
-<h2>CAVEATS</h2>
-
-<p>Sites that are more careful about security may not like the way the
-script handles PC passwords. Backup and restore work on entire shares,
-should work on file lists. <strong>smbtar</strong> works best with GNU tar and may
-not work well with other versions.
-<p><a name="VERSION"></a>
-<h2>VERSION</h2>
-
-<p>This man page is correct for version 2.0 of the Samba suite.
-<p><a name="SEEALSO"></a>
-<h2>SEE ALSO</h2>
-
-<p><a href="smbclient.1.html"><strong>smbclient (1)</strong></a>, <a href="smb.conf.5.html"><strong>smb.conf
-(5)</strong></a>
-<p><a name="DIAGNOSTICS"></a>
-<h2>DIAGNOSTICS</h2>
-
-<p>See the <a href="smbclient.1.html#DIAGNOSTICS"><strong>DIAGNOSTICS</strong></a> section for
-the <a href="smbclient.1.html"><strong>smbclient</strong></a> command.
-<p><a name="AUTHOR"></a>
-<h2>AUTHOR</h2>
-
-<p>The original Samba software and related utilities were created by
-Andrew Tridgell <a href="mailto:samba@samba.org"><em>samba@samba.org</em></a>. Samba is now developed
-by the Samba Team as an Open Source project similar to the way the
-Linux kernel is developed.
-<p>Ricky Poulten <a href="mailto:poultenr@logica.co.uk"><em>poultenr@logica.co.uk</em></a> wrote the tar extension and
-this man page. The <strong>smbtar</strong> script was heavily rewritten and
-improved by Martin Kraemer <a href="mailto:Martin.Kraemer@mch.sni.de"><em>Martin.Kraemer@mch.sni.de</em></a>. Many
-thanks to everyone who suggested extensions, improvements, bug fixes,
-etc. The man page sources were converted to YODL format (another
-excellent piece of Open Source software available at
-<a href="ftp://ftp.icce.rug.nl/pub/unix/"><strong>ftp://ftp.icce.rug.nl/pub/unix/</strong></a>)
-and updated for the Samba2.0 release by Jeremy Allison,
-<a href="mailto:samba@samba.org"><em>samba@samba.org</em></a>.
-<p>See <a href="samba.7.html"><strong>samba (7)</strong></a> to find out how to get a full
-list of contributors and details on how to submit bug reports,
-comments etc.
-<p></body>
-</html>
+<HTML
+><HEAD
+><TITLE
+>smbtar</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="REFENTRY"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><H1
+><A
+NAME="SMBTAR"
+>smbtar</A
+></H1
+><DIV
+CLASS="REFNAMEDIV"
+><A
+NAME="AEN5"
+></A
+><H2
+>Name</H2
+>smbtar -- shell script for backing up SMB/CIFS shares
+ directly to UNIX tape drives</DIV
+><DIV
+CLASS="REFSYNOPSISDIV"
+><A
+NAME="AEN8"
+></A
+><H2
+>Synopsis</H2
+><P
+><B
+CLASS="COMMAND"
+>smbtar</B
+> {-s server} [-p password] [-x services] [-X] [-d directory] [-u user] [-t tape] [-t tape] [-b blocksize] [-N filename] [-i] [-r] [-l loglevel] [-v] {filenames}</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN26"
+></A
+><H2
+>DESCRIPTION</H2
+><P
+>This tool is part of the <A
+HREF="samba.7.html"
+TARGET="_top"
+> Samba</A
+> suite.</P
+><P
+><B
+CLASS="COMMAND"
+>smbtar</B
+> is a very small shell script on top
+ of <A
+HREF="smbclient.1.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbclient(1)</B
+></A
+>
+ which dumps SMB shares directly to tape. </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN34"
+></A
+><H2
+>OPTIONS</H2
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>-s server</DT
+><DD
+><P
+>The SMB/CIFS server that the share resides
+ upon.</P
+></DD
+><DT
+>-x service</DT
+><DD
+><P
+>The share name on the server to connect to.
+ The default is "backup".</P
+></DD
+><DT
+>-X</DT
+><DD
+><P
+>Exclude mode. Exclude filenames... from tar
+ create or restore. </P
+></DD
+><DT
+>-d directory</DT
+><DD
+><P
+>Change to initial <TT
+CLASS="PARAMETER"
+><I
+>directory
+ </I
+></TT
+> before restoring / backing up files. </P
+></DD
+><DT
+>-v</DT
+><DD
+><P
+>Verbose mode.</P
+></DD
+><DT
+>-p password</DT
+><DD
+><P
+>The password to use to access a share.
+ Default: none </P
+></DD
+><DT
+>-u user</DT
+><DD
+><P
+>The user id to connect as. Default:
+ UNIX login name. </P
+></DD
+><DT
+>-t tape</DT
+><DD
+><P
+>Tape device. May be regular file or tape
+ device. Default: <TT
+CLASS="PARAMETER"
+><I
+>$TAPE</I
+></TT
+> environmental
+ variable; if not set, a file called <TT
+CLASS="FILENAME"
+>tar.out
+ </TT
+>. </P
+></DD
+><DT
+>-b blocksize</DT
+><DD
+><P
+>Blocking factor. Defaults to 20. See
+ <B
+CLASS="COMMAND"
+>tar(1)</B
+> for a fuller explanation. </P
+></DD
+><DT
+>-N filename</DT
+><DD
+><P
+>Backup only files newer than filename. Could
+ be used (for example) on a log file to implement incremental
+ backups. </P
+></DD
+><DT
+>-i</DT
+><DD
+><P
+>Incremental mode; tar files are only backed
+ up if they have the archive bit set. The archive bit is reset
+ after each file is read. </P
+></DD
+><DT
+>-r</DT
+><DD
+><P
+>Restore. Files are restored to the share
+ from the tar file. </P
+></DD
+><DT
+>-l log level</DT
+><DD
+><P
+>Log (debug) level. Corresponds to the
+ <TT
+CLASS="PARAMETER"
+><I
+>-d</I
+></TT
+> flag of <B
+CLASS="COMMAND"
+>smbclient(1)
+ </B
+>. </P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN95"
+></A
+><H2
+>ENVIRONMENT VARIABLES</H2
+><P
+>The <TT
+CLASS="PARAMETER"
+><I
+>$TAPE</I
+></TT
+> variable specifies the
+ default tape device to write to. May be overridden
+ with the -t option. </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN99"
+></A
+><H2
+>BUGS</H2
+><P
+>The <B
+CLASS="COMMAND"
+>smbtar</B
+> script has different
+ options from ordinary tar and tar called from smbclient. </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN103"
+></A
+><H2
+>CAVEATS</H2
+><P
+>Sites that are more careful about security may not like
+ the way the script handles PC passwords. Backup and restore work
+ on entire shares, should work on file lists. smbtar works best
+ with GNU tar and may not work well with other versions. </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN106"
+></A
+><H2
+>DIAGNOSTICS</H2
+><P
+>See the <I
+CLASS="EMPHASIS"
+>DIAGNOSTICS</I
+> section for the
+ <A
+HREF="smbclient.1.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbclient(1)</B
+>
+ </A
+> command.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN112"
+></A
+><H2
+>VERSION</H2
+><P
+>This man page is correct for version 2.2 of
+ the Samba suite.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN115"
+></A
+><H2
+>SEE ALSO</H2
+><P
+><A
+HREF="smbd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbd(8)</B
+></A
+>,
+ <A
+HREF="smbclient.1.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbclient(1)</B
+></A
+>,
+ <A
+HREF="smb.conf.5.html"
+TARGET="_top"
+>smb.conf(5)</A
+>,
+ </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN123"
+></A
+><H2
+>AUTHOR</H2
+><P
+>The original Samba software and related utilities
+ were created by Andrew Tridgell. Samba is now developed
+ by the Samba Team as an Open Source project similar
+ to the way the Linux kernel is developed.</P
+><P
+><A
+HREF="mailto:poultenr@logica.co.uk"
+TARGET="_top"
+>Ricky Poulten</A
+>
+ wrote the tar extension and this man page. The <B
+CLASS="COMMAND"
+>smbtar</B
+>
+ script was heavily rewritten and improved by <A
+HREF="mailto:Martin.Kraemer@mch.sni.de"
+TARGET="_top"
+>Martin Kraemer</A
+>. Many
+ thanks to everyone who suggested extensions, improvements, bug
+ fixes, etc. The man page sources were converted to YODL format (another
+ excellent piece of Open Source software, available at
+ <A
+HREF="ftp://ftp.icce.rug.nl/pub/unix/"
+TARGET="_top"
+> ftp://ftp.icce.rug.nl/pub/unix/</A
+>) and updated for the Samba 2.0
+ release by Jeremy Allison. The conversion to DocBook for
+ Samba 2.2 was done by Gerald Carter.</P
+></DIV
+></BODY
+></HTML
+>
\ No newline at end of file
-
-
-
-
-
-
-<html><head><title>swat (8)</title>
-
-<link rev="made" href="mailto:samba@samba.org">
-</head>
-<body>
-
-<hr>
-
-<h1>swat (8)</h1>
-<h2>Samba</h2>
-<h2>23 Oct 1998</h2>
-
-
-
-<p><a name="NAME"></a>
-<h2>NAME</h2>
- swat - Samba Web Administration Tool
-<p><a name="SYNOPSIS"></a>
-<h2>SYNOPSIS</h2>
-
-<p><strong>swat</strong> [<a href="swat.8.html#minuss">-s smb config file</a>] [<a href="swat.8.html#minusa">-a</a>]
-<p><a name="DESCRIPTION"></a>
-<h2>DESCRIPTION</h2>
-
-<p>This program is part of the <strong>Samba</strong> suite.
-<p><strong>swat</strong> allows a Samba administrator to configure the complex
-<a href="smb.conf.5.html"><strong>smb.conf</strong></a> file via a Web browser. In
-addition, a swat configuration page has help links to all the
-configurable options in the <a href="smb.conf.5.html"><strong>smb.conf</strong></a> file
-allowing an administrator to easily look up the effects of any change.
-<p><strong>swat</strong> is run from <strong>inetd</strong>
-<p><a name="OPTIONS"></a>
-<h2>OPTIONS</h2>
-
-<p><dl>
-<p><a name="minuss"></a>
-<p></p><dt><strong><strong>-s smb configuration file</strong></strong><dd> The default configuration file path is
-determined at compile time.
-<p>The file specified contains the configuration details required by the
-<a href="smbd.8.html"><strong>smbd</strong></a> server. This is the file that <strong>swat</strong> will
-modify. The information in this file includes server-specific
-information such as what printcap file to use, as well as descriptions
-of all the services that the server is to provide. See <a href="smb.conf.5.html">smb.conf
-(5)</a> for more information.
-<p><a name="minusa"></a>
-<p></p><dt><strong><strong>-a</strong></strong><dd>
-<p>This option disables authentication and puts <strong>swat</strong> in demo mode. In
-that mode anyone will be able to modify the
-<a href="smb.conf.5.html"><strong>smb.conf</strong></a> file.
-<p>Do NOT enable this option on a production server.
-<p></dl>
-<p><a name="INSTALLATION"></a>
-<h2>INSTALLATION</h2>
-
-<p>After you compile SWAT you need to run <code>"make install"</code> to install the
-swat binary and the various help files and images. A default install
-would put these in:
-<p><pre>
-
-/usr/local/samba/bin/swat
-/usr/local/samba/swat/images/*
-/usr/local/samba/swat/help/*
-
-</pre>
-
-<p><a name="INETD"></a>
-<h2>INETD INSTALLATION</h2>
-
-<p>You need to edit your <code>/etc/inetd.conf</code> and <code>/etc/services</code> to
-enable <strong>SWAT</strong> to be launched via inetd.
-<p>In <code>/etc/services</code> you need to add a line like this:
-<p><code>swat 901/tcp</code>
-<p>Note for NIS/YP users - you may need to rebuild the NIS service maps
-rather than alter your local <code>/etc/services</code> file.
-<p>the choice of port number isn't really important except that it should
-be less than 1024 and not currently used (using a number above 1024
-presents an obscure security hole depending on the implementation
-details of your <strong>inetd</strong> daemon).
-<p>In <code>/etc/inetd.conf</code> you should add a line like this:
-<p><code>swat stream tcp nowait.400 root /usr/local/samba/bin/swat swat</code>
-<p>One you have edited <code>/etc/services</code> and <code>/etc/inetd.conf</code> you need
-to send a HUP signal to inetd. To do this use <code>"kill -1 PID"</code> where
-PID is the process ID of the inetd daemon.
-<p><a name="LAUNCHING"></a>
-<h2>LAUNCHING</h2>
-
-<p>To launch <strong>swat</strong> just run your favorite web browser and point it at
-<code>http://localhost:901/</code>.
-<p><strong>Note that you can attach to <strong>swat</strong> from any IP connected machine but
-connecting from a remote machine leaves your connection open to
-password sniffing as passwords will be sent in the clear over the
-wire.</strong>
-<p><h2>FILES</h2>
-
-<p><strong>/etc/inetd.conf</strong>
-<p>This file must contain suitable startup information for the
-meta-daemon.
-<p><strong>/etc/services</strong>
-<p>This file must contain a mapping of service name (e.g., swat) to
-service port (e.g., 901) and protocol type (e.g., tcp).
-<p><strong>/usr/local/samba/lib/smb.conf</strong>
-<p>This is the default location of the <em>smb.conf</em> server configuration
-file that <strong>swat</strong> edits. Other common places that systems install
-this file are <em>/usr/samba/lib/smb.conf</em> and <em>/etc/smb.conf</em>.
-<p>This file describes all the services the server is to make available
-to clients. See <strong>smb.conf (5)</strong> for more information.
-<p><a name="WARNINGS"></a>
-<h2>WARNINGS</h2>
-
-<p><strong>swat</strong> will rewrite your <a href="smb.conf.5.html"><strong>smb.conf</strong></a> file. It
-will rearrange the entries and delete all comments,
-<a href="smb.conf.5.html#include"><strong>"include="</strong></a> and
-<a href="smb.conf.5.html#copy"><strong>"copy="</strong></a> options. If you have a
-carefully crafted <a href="smb.conf.5.html"><strong>smb.conf</strong></a> then back it up
-or don't use <strong>swat</strong>!
-<p><a name="VERSION"></a>
-<h2>VERSION</h2>
-
-<p>This man page is correct for version 2.0 of the Samba suite.
-<p><a name="SEEALSO"></a>
-<h2>SEE ALSO</h2>
-
-<p><strong>inetd (8)</strong>, <a href="nmbd.8.html"><strong>nmbd (8)</strong></a>,
-<a href="smb.conf.5.html"><strong>smb.conf (5)</strong></a>.
-<p><a name="AUTHOR"></a>
-<h2>AUTHOR</h2>
-
-<p>The original Samba software and related utilities were created by
-Andrew Tridgell (samba@samba.org). Samba is now developed
-by the Samba Team as an Open Source project similar to the way the
-Linux kernel is developed.
-<p>The original Samba man pages were written by Karl Auer. The man page
-sources were converted to YODL format (another excellent piece of Open
-Source software, available at
-<a href="ftp://ftp.icce.rug.nl/pub/unix/"><strong>ftp://ftp.icce.rug.nl/pub/unix/</strong></a>)
-and updated for the Samba2.0 release by Jeremy Allison.
-<a href="mailto:samba@samba.org"><em>samba@samba.org</em></a>.
-<p>See <a href="samba.7.html"><strong>samba (7)</strong></a> to find out how to get a full
-list of contributors and details on how to submit bug reports,
-comments etc.
-</body>
-</html>
+<HTML
+><HEAD
+><TITLE
+>swat</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="REFENTRY"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><H1
+><A
+NAME="SWAT"
+>swat</A
+></H1
+><DIV
+CLASS="REFNAMEDIV"
+><A
+NAME="AEN5"
+></A
+><H2
+>Name</H2
+>swat -- Samba Web Administration Tool</DIV
+><DIV
+CLASS="REFSYNOPSISDIV"
+><A
+NAME="AEN8"
+></A
+><H2
+>Synopsis</H2
+><P
+><B
+CLASS="COMMAND"
+>nmblookup</B
+> [-s <smb config file>] [-a]</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN13"
+></A
+><H2
+>DESCRIPTION</H2
+><P
+>This tool is part of the <A
+HREF="samba.7.html"
+TARGET="_top"
+> Samba</A
+> suite.</P
+><P
+><B
+CLASS="COMMAND"
+>swat</B
+> allows a Samba administrator to
+ configure the complex <A
+HREF="smb.conf.5.html"
+TARGET="_top"
+><TT
+CLASS="FILENAME"
+> smb.conf(5)</TT
+></A
+> file via a Web browser. In addition,
+ a <B
+CLASS="COMMAND"
+>swat</B
+> configuration page has help links
+ to all the configurable options in the smb.conf file allowing an
+ administrator to easily look up the effects of any change. </P
+><P
+>swat is run from inetd </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN23"
+></A
+><H2
+>OPTIONS</H2
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>-s smb configuration file</DT
+><DD
+><P
+>The default configuration file path is
+ determined at compile time. The file specified contains
+ the configuration details required by the <B
+CLASS="COMMAND"
+>smbd
+ </B
+> server. This is the file that swat will modify.
+ The information in this file includes server-specific
+ information such as what printcap file to use, as well as
+ descriptions of all the services that the server is to provide.
+ See <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> for more information.
+ </P
+></DD
+><DT
+>-a</DT
+><DD
+><P
+>This option disables authentication and puts
+ swat in demo mode. In that mode anyone will be able to modify
+ the smb.conf file. </P
+><P
+><I
+CLASS="EMPHASIS"
+>Do NOT enable this option on a production
+ server. </I
+></P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN38"
+></A
+><H2
+>INSTALLATION</H2
+><P
+>After you compile SWAT you need to run <B
+CLASS="COMMAND"
+>make install
+ </B
+> to install the <B
+CLASS="COMMAND"
+>swat</B
+> binary
+ and the various help files and images. A default install would put
+ these in: </P
+><P
+></P
+><UL
+><LI
+><P
+>/usr/local/samba/bin/swat</P
+></LI
+><LI
+><P
+>/usr/local/samba/swat/images/*</P
+></LI
+><LI
+><P
+>/usr/local/samba/swat/help/*</P
+></LI
+></UL
+><DIV
+CLASS="REFSECT2"
+><A
+NAME="AEN50"
+></A
+><H3
+>Inetd Installation</H3
+><P
+>You need to edit your <TT
+CLASS="FILENAME"
+>/etc/inetd.conf
+ </TT
+> and <TT
+CLASS="FILENAME"
+>/etc/services</TT
+>
+ to enable SWAT to be launched via inetd.</P
+><P
+>In <TT
+CLASS="FILENAME"
+>/etc/services</TT
+> you need to
+ add a line like this: </P
+><P
+><B
+CLASS="COMMAND"
+>swat 901/tcp</B
+></P
+><P
+>Note for NIS/YP users - you may need to rebuild the
+ NIS service maps rather than alter your local <TT
+CLASS="FILENAME"
+> /etc/services</TT
+> file. </P
+><P
+>the choice of port number isn't really important
+ except that it should be less than 1024 and not currently
+ used (using a number above 1024 presents an obscure security
+ hole depending on the implementation details of your
+ <B
+CLASS="COMMAND"
+>inetd</B
+> daemon). </P
+><P
+>In <TT
+CLASS="FILENAME"
+>/etc/inetd.conf</TT
+> you should
+ add a line like this: </P
+><P
+><B
+CLASS="COMMAND"
+>swat stream tcp nowait.400 root
+ /usr/local/samba/bin/swat swat</B
+></P
+><P
+>One you have edited <TT
+CLASS="FILENAME"
+>/etc/services</TT
+>
+ and <TT
+CLASS="FILENAME"
+>/etc/inetd.conf</TT
+> you need to send a
+ HUP signal to inetd. To do this use <B
+CLASS="COMMAND"
+>kill -1 PID
+ </B
+> where PID is the process ID of the inetd daemon. </P
+></DIV
+><DIV
+CLASS="REFSECT2"
+><A
+NAME="AEN71"
+></A
+><H3
+>Launching</H3
+><P
+>To launch swat just run your favorite web browser and
+ point it at "http://localhost:901/".</P
+><P
+>Note that you can attach to swat from any IP connected
+ machine but connecting from a remote machine leaves your
+ connection open to password sniffing as passwords will be sent
+ in the clear over the wire. </P
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN75"
+></A
+><H2
+>FILES</H2
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+><TT
+CLASS="FILENAME"
+>/etc/inetd.conf</TT
+></DT
+><DD
+><P
+>This file must contain suitable startup
+ information for the meta-daemon.</P
+></DD
+><DT
+><TT
+CLASS="FILENAME"
+>/etc/services</TT
+></DT
+><DD
+><P
+>This file must contain a mapping of service name
+ (e.g., swat) to service port (e.g., 901) and protocol type
+ (e.g., tcp). </P
+></DD
+><DT
+><TT
+CLASS="FILENAME"
+>/usr/local/samba/lib/smb.conf</TT
+></DT
+><DD
+><P
+>This is the default location of the <TT
+CLASS="FILENAME"
+>smb.conf(5)
+ </TT
+> server configuration file that swat edits. Other
+ common places that systems install this file are <TT
+CLASS="FILENAME"
+> /usr/samba/lib/smb.conf</TT
+> and <TT
+CLASS="FILENAME"
+>/etc/smb.conf
+ </TT
+>. This file describes all the services the server
+ is to make available to clients. </P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN96"
+></A
+><H2
+>WANRNIGS</H2
+><P
+><B
+CLASS="COMMAND"
+>swat</B
+> will rewrite your <TT
+CLASS="FILENAME"
+>smb.conf
+ </TT
+> file. It will rearrange the entries and delete all
+ comments, <TT
+CLASS="PARAMETER"
+><I
+>include=</I
+></TT
+> and <TT
+CLASS="PARAMETER"
+><I
+>copy="
+ </I
+></TT
+> options. If you have a carefully crafted <TT
+CLASS="FILENAME"
+> smb.conf</TT
+> then back it up or don't use swat! </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN104"
+></A
+><H2
+>VERSION</H2
+><P
+>This man page is correct for version 2.2 of
+ the Samba suite.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN107"
+></A
+><H2
+>SEE ALSO</H2
+><P
+><B
+CLASS="COMMAND"
+>inetd(5)</B
+>,
+ <A
+HREF="smbd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbd(8)</B
+></A
+>,
+ <A
+HREF="smb.conf.5.html"
+TARGET="_top"
+>smb.conf(5)</A
+>
+ </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN114"
+></A
+><H2
+>AUTHOR</H2
+><P
+>The original Samba software and related utilities
+ were created by Andrew Tridgell. Samba is now developed
+ by the Samba Team as an Open Source project similar
+ to the way the Linux kernel is developed.</P
+><P
+>The original Samba man pages were written by Karl Auer.
+ The man page sources were converted to YODL format (another
+ excellent piece of Open Source software, available at
+ <A
+HREF="ftp://ftp.icce.rug.nl/pub/unix/"
+TARGET="_top"
+> ftp://ftp.icce.rug.nl/pub/unix/</A
+>) and updated for the Samba 2.0
+ release by Jeremy Allison. The conversion to DocBook for
+ Samba 2.2 was done by Gerald Carter</P
+></DIV
+></BODY
+></HTML
+>
\ No newline at end of file
-
-
-
-
-
-<html><head><title>winbindd (8)</title>
-
-<link rev="made" href="mailto:samba-bugs@samba.org">
-</head>
-<body>
-
-<hr>
-
-<h1>winbindd (8)</h1>
-<h2>Samba</h2>
-<h2>13 Jun 2000</h2>
-
-
-
-<p><a name="NAME"></a>
-<h2>NAME</h2>
- winbindd - Name Service Switch daemon for resolving names from NT servers
-<p><a name="SYNOPSIS"></a>
-<h2>SYNOPSIS</h2>
-
-<p><strong>winbindd</strong> [<a href="winbindd.8.html#minusd">-d debuglevel</a>] [<a href="winbindd.8.html#minusi">-i</a>]
-<p><a name="DESCRIPTION"></a>
-<h2>DESCRIPTION</h2>
-
-<p>This program is part of the <strong>Samba</strong> suite version 3.0 and describes
-functionality not yet implemented in the main version of Samba.
-<p><strong>winbindd</strong> is a daemon that provides a service for the Name Service
-Switch capability that is present in most modern C libraries. The Name
-Service Switch allows user and system information to be obtained from
-different databases services such as NIS or DNS. The exact behaviour can
-be configured throught the <code>/etc/nsswitch.conf</code> file. Users and groups
-are allocated as they are resolved to a range of user and group ids
-specified by the administrator of the Samba system.
-<p>The service provided by <strong>winbindd</strong> is called `winbind' and can be
-used to resolve user and group information from a Windows NT server.
-The service can also provide authentication services via an associated
-PAM module.
-<p>The following nsswitch databases are implemented by the <strong>winbindd</strong>
-service:
-<p><dl>
-<p><p></p><dt><strong>passwd</strong><dd>
-<p>User information traditionally stored in the <strong>passwd(5)</strong> file and used by
-<strong>getpwent(3)</strong> functions.
-<p><p></p><dt><strong>group</strong><dd>
-<p>Group information traditionally stored in the <strong>group(5)</strong> file and used by
-<strong>getgrent(3)</strong> functions.
-<p></dl>
-<p>For example, the following simple configuration in the
-<code>/etc/nsswitch.conf</code> file can be used to initially resolve user and group
-information from <code>/etc/passwd</code> and <code>/etc/group</code> and then from the
-Windows NT server.
-<p><pre>
-
- passwd: files winbind
- group: files winbind
-
-</pre>
-
-<p><a name="OPTIONS"></a>
-<h2>OPTIONS</h2>
-
-<p>The following options are available to the <strong>winbindd</strong> daemon:
-<p><dl>
-<p><a name="minusd"></a>
-<p></p><dt><strong><strong>-d debuglevel</strong></strong><dd>
-Sets the debuglevel to an integer between 0 and 100. 0 is for no debugging
-and 100 is for reams and reams. To submit a bug report to the Samba Team,
-use debug level 100 (see <strong>BUGS.txt</strong>).
-<p><a name="minusi"></a>
-<p></p><dt><strong><strong>-i</strong></strong><dd>
-Tells <strong>winbindd</strong> to not become a daemon and detach from the current terminal.
-This option is used by developers when interactive debugging of <strong>winbindd</strong> is
-required.
-<p></dl>
-<p><a name="NAMEANDIDRESOLUTION"></a>
-<h2>NAME AND ID RESOLUTION</h2>
-
-<p>Users and groups on a Windows NT server are assigned a relative id (rid)
-which is unique for the domain when the user or group is created. To
-convert the Windows NT user or group into a unix user or group, a mapping
-between rids and unix user and group ids is required. This is one of the
-jobs that <strong>winbindd</strong> performs.
-<p>As <strong>winbindd</strong> users and groups are resolved from a server, user and group
-ids are allocated from a specified range. This is done on a first come,
-first served basis, although all existing users and groups will be mapped
-as soon as a client performs a user or group enumeration command. The
-allocated unix ids are stored in a database file under the Samba lock
-directory and will be remembered.
-<p>WARNING: The rid to unix id database is the only location where the user
-and group mappings are stored by <strong>winbindd</strong>. If this file is deleted or
-corrupted, there is no way for <strong>winbindd</strong> to determine which user and
-group ids correspond to Windows NT user and group rids.
-<p><a name="CONFIGURATION"></a>
-<h2>CONFIGURATION</h2>
-
-<p>Configuration of the <strong>winbindd</strong> daemon is done through configuration
-parameters in the <a href="smb.conf.5.html"><strong>smb.conf</strong></a> file. All parameters
-should be specified in the [global] section of
-<a href="smb.conf.5.html"><strong>smb.conf</strong></a>.
-<p><dl>
-<p><p></p><dt><strong>winbind separator</strong><dd>
-<p>The winbind separator option allows you to specify how NT domain names
-and user names are combined into unix user names when presented to
-users. By default winbind will use the traditional \ separator so
-that the unix user names look like DOMAIN\username. In some cases
-this separator character may cause problems as the \ character has
-special meaning in unix shells. In that case you can use the winbind
-separator option to specify an alternative sepataror character. Good
-alternatives may be / (although that conflicts with the unix directory
-separator) or a + character. The + character appears to be the best
-choice for 100% compatibility with existing unix utilities, but may be
-an aesthetically bad choice depending on your taste.
-<p><strong>Default:</strong>
-<code> winbind separator = \</code>
-<p><strong>Example:</strong>
-<code> winbind separator = +</code>
-<p><p></p><dt><strong>winbind uid</strong><dd>
-<p>The winbind uid parameter specifies the range of user ids that are
-allocated by the <strong>winbindd</strong> daemon. This range of
-ids should have no existing local or nis users within it as strange
-conflicts can occur otherwise.
-<p><strong>Default:</strong>
-<code> winbind uid = <empty string></code>
-<p><strong>Example:</strong>
-<code> winbind uid = 10000-20000</code>
-<p><p></p><dt><strong>winbind gid</strong><dd>
-<p>The winbind gid parameter specifies the range of group ids that are
-allocated by the <strong>winbindd</strong> daemon. This range of group ids should have
-no existing local or nis groups within it as strange conflicts can occur
-otherwise.
-<p><strong>Default:</strong>
-<code> winbind gid = <empty string></code>
-<p><strong>Example:</strong>
-<code> winbind gid = 10000-20000</code>
-<p><p></p><dt><strong>winbind cache time</strong><dd>
-<p>This parameter specifies the number of seconds the <strong>winbindd</strong> daemon will
-cache user and group information before querying a Windows NT server
-again. When a item in the cache is older than this time <strong>winbindd</strong> will ask
-the domain controller for the sequence number of the servers account
-database. If the sequence number has not changed then the cached item is
-marked as valid for a further "winbind cache time" seconds. Otherwise the
-item is fetched from the server. This means that as long as the account
-database is not actively changing <strong>winbindd</strong> will only have to send one
-sequence number query packet every "winbind cache time" seconds.
-<p><strong>Default:</strong>
-<code> winbind cache time = 15</code>
-<p><p></p><dt><strong>winbind enum users</strong><dd>
-<p>On large installations it may be necessary to suppress the enumeration of
-users through the <code>setpwent</code>, <code>getpwent</code> and <code>endpwent</code> group of
-system calls. If the <code>winbind enum users</code> parameter is false, calls to
-the <code>getpwent</code> system call will not return any data.
-<p>Warning: Turning off user enumeration may cause some programs to behave
-oddly. For example, the finger program relies on having access to the full
-user list when searching for matching usernames.
-<p><strong>Default:</strong>
-<code> winbind enum users = true</code>
-<p><p></p><dt><strong>winbind enum groups</strong><dd>
-<p>On large installations it may be necessary to suppress the enumeration of
-groups through the <code>setgrent</code>, <code>getgrent</code> and <code>endgrent</code> group of
-system calls. If the <code>winbind enum groups</code> parameter is false, calls to
-the <code>getgrent</code> system call will not return any data.
-<p>Warning: Turning off group enumeration may cause some programs to behave
-oddly.
-<p><strong>Default:</strong>
-<code> winbind enum groups = true</code>
-<p><p></p><dt><strong>template homedir</strong><dd>
-<p>When filling out the user information for a Windows NT user, the
-<strong>winbindd</strong> daemon uses this parameter to fill in the home directory for
-that user. If the string <code>%D</code> is present it is substituted with the
-user's Windows NT domain name. If the string <code>%U</code> is present it is
-substituted with the user's Windows NT user name.
-<p><strong>Default:</strong>
-<code> template homedir = /home/%D/%U</code>
-<p><p></p><dt><strong>template shell</strong><dd>
-<p>When filling out the user information for a Windows NT user, the
-<strong>winbindd</strong> daemon uses this parameter to fill in the shell for that user.
-<p><strong>Default:</strong>
-<code> template shell = /bin/false</code>
-<p></dl>
-<p><a name="EXAMPLESETUP"></a>
-<h2>EXAMPLE SETUP</h2>
-
-<p>To setup <strong>winbindd</strong> for user and group lookups plus authentication from
-a domain controller use something like the following setup. This was
-tested on a RedHat 6.2 Linux box.
-<p>In <code>/etc/nsswitch.conf</code> put the following:
-<pre>
-
- passwd: files winbind
- group: files winbind
-
-</pre>
-
-<p>In <code>/etc/pam.d/*</code> replace the <code>auth</code> lines with something like this:
-<pre>
-
- auth required /lib/security/pam_securetty.so
- auth required /lib/security/pam_nologin.so
- auth sufficient /lib/security/pam_winbind.so
- auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok
-
-</pre>
-
-<p>Note in particular the use of the <code>sufficient</code> keyword and the
-<code>use_first_pass</code> keyword.
-<p>Now replace the account lines with this:
-<pre>
-
- account required /lib/security/pam_winbind.so
-
-</pre>
-
-<p>The next step is to join the domain. To do that use the samedit
-program like this:
-<pre>
-
- samedit -S '*' -W DOMAIN -UAdministrator
-
-</pre>
-
-<p>The username after the -U can be any Domain user that has administrator
-priviliges on the machine. Next from within samedit, run the command:
-<pre>
-
- createuser MACHINE$ -j DOMAIN -L
-
-</pre>
-
-<p>This assumes your domain is called <code>DOMAIN</code> and your Samba workstation
-is called <code>MACHINE</code>.
-<p>Next copy <code>libnss_winbind.so.2</code> to <code>/lib</code> and <code>pam_winbind.so</code> to
-<code>/lib/security</code>.
-<p>Finally, setup a smb.conf containing directives like the following:
-<pre>
-
- [global]
- winbind separator = +
+<HTML
+><HEAD
+><TITLE
+>winbindd</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="REFENTRY"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><H1
+><A
+NAME="WINBINDD"
+>winbindd</A
+></H1
+><DIV
+CLASS="REFNAMEDIV"
+><A
+NAME="AEN5"
+></A
+><H2
+>Name</H2
+>winbindd -- Name Service Switch daemon for resolving names
+ from NT servers</DIV
+><DIV
+CLASS="REFSYNOPSISDIV"
+><A
+NAME="AEN8"
+></A
+><H2
+>Synopsis</H2
+><P
+><B
+CLASS="COMMAND"
+>nmblookup</B
+> [-d debuglevel] [-i] [-S] [-r] [-A] [-h] [-B <broadcast address>] [-U <unicast address>] [-d <debug level>] [-s <smb config file>] [-i <NetBIOS scope>] [-T] {name}</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN24"
+></A
+><H2
+>DESCRIPTION</H2
+><P
+>This tool is part of the <A
+HREF="samba.7.html"
+TARGET="_top"
+> Samba</A
+> suite version 3.0 and describes functionality not
+ yet implemented in the main version of Samba.</P
+><P
+><B
+CLASS="COMMAND"
+>winbindd</B
+> is a daemon that provides
+ a service for the Name Service Switch capability that is present
+ in most modern C libraries. The Name Service Switch allows user
+ and system information to be obtained from different databases
+ services such as NIS or DNS. The exact behaviour can be configured
+ throught the <TT
+CLASS="FILENAME"
+>/etc/nsswitch.conf</TT
+> file.
+ Users and groups are allocated as they are resolved to a range
+ of user and group ids specified by the administrator of the
+ Samba system.</P
+><P
+>The service provided by winbindd is called `winbind' and
+ can be used to resolve user and group information from a
+ Windows NT server. The service can also provide authentication
+ services via an associated PAM module. </P
+><P
+>The following nsswitch databases are implemented by
+ the winbindd service: </P
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>passwd</DT
+><DD
+><P
+>User information traditionally stored in
+ the <TT
+CLASS="FILENAME"
+>passwd(5)</TT
+> file and used by
+ <B
+CLASS="COMMAND"
+>getpwent(3)</B
+> functions. </P
+></DD
+><DT
+>group</DT
+><DD
+><P
+>Group information traditionally stored in
+ the <TT
+CLASS="FILENAME"
+>group(5)</TT
+> file and used by
+ <B
+CLASS="COMMAND"
+>getgrent(3)</B
+> functions. </P
+></DD
+></DL
+></DIV
+><P
+>For example, the following simple configuration in the
+ <TT
+CLASS="FILENAME"
+>/etc/nsswitch.conf</TT
+> file can be used to initially
+ resolve user and group information from <TT
+CLASS="FILENAME"
+>/etc/passwd
+ </TT
+> and <TT
+CLASS="FILENAME"
+>/etc/group</TT
+> and then from the
+ Windows NT server. </P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>passwd: files winbind
+group: files winbind
+ </PRE
+></P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN52"
+></A
+><H2
+>OPTIONS</H2
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>-d debuglevel</DT
+><DD
+><P
+>Sets the debuglevel to an integer between
+ 0 and 100. 0 is for no debugging and 100 is for reams and
+ reams. To submit a bug report to the Samba Team, use debug
+ level 100 (see BUGS.txt). </P
+></DD
+><DT
+>-i</DT
+><DD
+><P
+>Tells <B
+CLASS="COMMAND"
+>winbindd</B
+> to not
+ become a daemon and detach from the current terminal. This
+ option is used by developers when interactive debugging
+ of <B
+CLASS="COMMAND"
+>winbindd</B
+> is required. </P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN65"
+></A
+><H2
+>NAME AND ID RESOLUTION</H2
+><P
+>Users and groups on a Windows NT server are assigned
+ a relative id (rid) which is unique for the domain when the
+ user or group is created. To convert the Windows NT user or group
+ into a unix user or group, a mapping between rids and unix user
+ and group ids is required. This is one of the jobs that <B
+CLASS="COMMAND"
+> winbindd</B
+> performs. </P
+><P
+>As winbindd users and groups are resolved from a server, user
+ and group ids are allocated from a specified range. This
+ is done on a first come, first served basis, although all existing
+ users and groups will be mapped as soon as a client performs a user
+ or group enumeration command. The allocated unix ids are stored
+ in a database file under the Samba lock directory and will be
+ remembered. </P
+><P
+>WARNING: The rid to unix id database is the only location
+ where the user and group mappings are stored by winbindd. If this
+ file is deleted or corrupted, there is no way for winbindd to
+ determine which user and group ids correspond to Windows NT user
+ and group rids. </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN71"
+></A
+><H2
+>CONFIGURATION</H2
+><P
+>Configuration of the <B
+CLASS="COMMAND"
+>winbindd</B
+> daemon
+ is done through configuration parameters in the <TT
+CLASS="FILENAME"
+>smb.conf(5)
+ </TT
+> file. All parameters should be specified in the
+ [global] section of smb.conf. </P
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>winbind separator</DT
+><DD
+><P
+>The winbind separator option allows you
+ to specify how NT domain names and user names are combined
+ into unix user names when presented to users. By default,
+ <B
+CLASS="COMMAND"
+>winbindd</B
+> will use the traditional '\'
+ separator so that the unix user names look like
+ DOMAIN\username. In some cases this separator character may
+ cause problems as the '\' character has special meaning in
+ unix shells. In that case you can use the winbind separator
+ option to specify an alternative sepataror character. Good
+ alternatives may be '/' (although that conflicts
+ with the unix directory separator) or a '+ 'character.
+ The '+' character appears to be the best choice for 100%
+ compatibility with existing unix utilities, but may be an
+ aesthetically bad choice depending on your taste. </P
+><P
+>Default: <B
+CLASS="COMMAND"
+>winbind separator = \ </B
+>
+ </P
+><P
+>Example: <B
+CLASS="COMMAND"
+>winbind separator = + </B
+></P
+></DD
+><DT
+>winbind uid</DT
+><DD
+><P
+>The winbind uid parameter specifies the
+ range of user ids that are allocated by the winbindd daemon.
+ This range of ids should have no existing local or nis users
+ within it as strange conflicts can occur otherwise. </P
+><P
+>Default: <B
+CLASS="COMMAND"
+>winbind uid = <empty string>
+ </B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>winbind uid = 10000-20000</B
+></P
+></DD
+><DT
+>winbind gid</DT
+><DD
+><P
+>The winbind gid parameter specifies the
+ range of group ids that are allocated by the winbindd daemon.
+ This range of group ids should have no existing local or nis
+ groups within it as strange conflicts can occur otherwise.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>winbind gid = <empty string>
+ </B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>winbind gid = 10000-20000
+ </B
+> </P
+></DD
+><DT
+>winbind cache time</DT
+><DD
+><P
+>This parameter specifies the number of
+ seconds the winbindd daemon will cache user and group information
+ before querying a Windows NT server again. When a item in the
+ cache is older than this time winbindd will ask the domain
+ controller for the sequence number of the servers account database.
+ If the sequence number has not changed then the cached item is
+ marked as valid for a further <TT
+CLASS="PARAMETER"
+><I
+>winbind cache time
+ </I
+></TT
+> seconds. Otherwise the item is fetched from the
+ server. This means that as long as the account database is not
+ actively changing winbindd will only have to send one sequence
+ number query packet every <TT
+CLASS="PARAMETER"
+><I
+>winbind cache time
+ </I
+></TT
+> seconds. </P
+><P
+>Default: <B
+CLASS="COMMAND"
+>winbind cache time = 15</B
+>
+ </P
+></DD
+><DT
+>winbind enum users</DT
+><DD
+><P
+>On large installations it may be necessary
+ to suppress the enumeration of users through the <B
+CLASS="COMMAND"
+> setpwent()</B
+>, <B
+CLASS="COMMAND"
+>getpwent()</B
+> and
+ <B
+CLASS="COMMAND"
+>endpwent()</B
+> group of system calls. If
+ the <TT
+CLASS="PARAMETER"
+><I
+>winbind enum users</I
+></TT
+> parameter is false,
+ calls to the <B
+CLASS="COMMAND"
+>getpwent</B
+> system call will not
+ return any data. </P
+><P
+><I
+CLASS="EMPHASIS"
+>Warning:</I
+> Turning off user enumeration
+ may cause some programs to behave oddly. For example, the finger
+ program relies on having access to the full user list when
+ searching for matching usernames. </P
+><P
+>Default: <B
+CLASS="COMMAND"
+>winbind enum users = yes </B
+></P
+></DD
+><DT
+>winbind enum groups</DT
+><DD
+><P
+>On large installations it may be necessary
+ to suppress the enumeration of groups through the <B
+CLASS="COMMAND"
+> setgrent()</B
+>, <B
+CLASS="COMMAND"
+>getgrent()</B
+> and
+ <B
+CLASS="COMMAND"
+>endgrent()</B
+> group of system calls. If
+ the <TT
+CLASS="PARAMETER"
+><I
+>winbind enum groups</I
+></TT
+> parameter is
+ false, calls to the <B
+CLASS="COMMAND"
+>getgrent()</B
+> system
+ call will not return any data. </P
+><P
+><I
+CLASS="EMPHASIS"
+>Warning:</I
+> Turning off group
+ enumeration may cause some programs to behave oddly.
+ </P
+><P
+>Default: <B
+CLASS="COMMAND"
+>winbind enum groups = no </B
+>
+ </P
+></DD
+><DT
+>template homedir</DT
+><DD
+><P
+>When filling out the user information
+ for a Windows NT user, the <B
+CLASS="COMMAND"
+>winbindd</B
+> daemon
+ uses this parameter to fill in the home directory for that user.
+ If the string <TT
+CLASS="PARAMETER"
+><I
+>%D</I
+></TT
+> is present it is
+ substituted with the user's Windows NT domain name. If the
+ string <TT
+CLASS="PARAMETER"
+><I
+>%U</I
+></TT
+> is present it is substituted
+ with the user's Windows NT user name. </P
+><P
+>Default: <B
+CLASS="COMMAND"
+>template homedir = /home/%D/%U </B
+>
+ </P
+></DD
+><DT
+>template shell</DT
+><DD
+><P
+>When filling out the user information for
+ a Windows NT user, the <B
+CLASS="COMMAND"
+>winbindd</B
+> daemon
+ uses this parameter to fill in the shell for that user.
+ </P
+><P
+>Default: <B
+CLASS="COMMAND"
+>template shell = /bin/false </B
+>
+ </P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN152"
+></A
+><H2
+>EXAMPLE SETUP</H2
+><P
+>To setup winbindd for user and group lookups plus
+ authentication from a domain controller use something like the
+ following setup. This was tested on a RedHat 6.2 Linux box. </P
+><P
+>In <TT
+CLASS="FILENAME"
+>/etc/nsswitch.conf</TT
+> put the
+ following:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>passwd: files winbind
+group: files winbind
+ </PRE
+></P
+><P
+>In <TT
+CLASS="FILENAME"
+>/etc/pam.d/*</TT
+> replace the
+ <TT
+CLASS="PARAMETER"
+><I
+>auth</I
+></TT
+> lines with something like this: </P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>auth required /lib/security/pam_securetty.so
+auth required /lib/security/pam_nologin.so
+auth sufficient /lib/security/pam_winbind.so
+auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok
+ </PRE
+></P
+><P
+>Note in particular the use of the <TT
+CLASS="PARAMETER"
+><I
+>sufficient</I
+></TT
+>
+ keyword and the <TT
+CLASS="PARAMETER"
+><I
+>use_first_pass</I
+></TT
+> keyword. </P
+><P
+>Now replace the account lines with this: </P
+><P
+><B
+CLASS="COMMAND"
+>account required /lib/security/pam_winbind.so
+ </B
+></P
+><P
+>The next step is to join the domain. To do that use the
+ <B
+CLASS="COMMAND"
+>samedit</B
+> program like this: </P
+><P
+><B
+CLASS="COMMAND"
+>samedit -S '*' -W DOMAIN -UAdministrator</B
+></P
+><P
+>The username after the <TT
+CLASS="PARAMETER"
+><I
+>-U</I
+></TT
+> can be any Domain
+ user that has administrator priviliges on the machine. Next from
+ within <B
+CLASS="COMMAND"
+>samedit</B
+>, run the command: </P
+><P
+><B
+CLASS="COMMAND"
+>createuser MACHINE$ -j DOMAIN -L</B
+></P
+><P
+>This assumes your domain is called "DOMAIN" and your Samba
+ workstation is called "MACHINE". </P
+><P
+>Next copy <TT
+CLASS="FILENAME"
+>libnss_winbind.so.2</TT
+> to
+ <TT
+CLASS="FILENAME"
+>/lib</TT
+> and <TT
+CLASS="FILENAME"
+>pam_winbind.so</TT
+>
+ to <TT
+CLASS="FILENAME"
+>/lib/security</TT
+>.</P
+><P
+>Finally, setup a smb.conf containing directives like the
+ following: </P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>[global]
+ winbind separator = +
winbind cache time = 10
template shell = /bin/bash
template homedir = /home/%D/%U
workgroup = DOMAIN
security = domain
password server = *
-
-</pre>
-
-<p>Now start <strong>winbindd</strong> and you should find that your user and group
-database is expanded to include your NT users and groups, and that you
-can login to your unix box as a domain user, using the <code>DOMAIN+user</code>
-syntax for the username. You may wish to use the commands "getent
-passwd" and "getent group" to confirm the correct operation of
-<strong>winbindd</strong>.
-<p><a name="NOTES"></a>
-<h2>NOTES</h2>
-
-<p>The following notes are useful when configuring and running <strong>winbindd</strong>:
-<p><dl>
-<p><p></p><dt><strong></strong><dd>
-<a href="nmbd.8.html"><strong>nmbd</strong></a> must be running on the local machine for
-<strong>winbindd</strong> to work.
-<p><p></p><dt><strong></strong><dd>
-<strong>winbindd</strong> queries the list of trusted domains for the Windows NT server
-on startup and when a SIGHUP is received. Thus, for a running <strong>winbindd</strong>
-to become aware of new trust relationships between servers, it must be sent
-a SIGHUP signal.
-<p><p></p><dt><strong></strong><dd>
-Client processes resolving names through the <strong>winbindd</strong> nsswitch module
-read an environment variable named <code>WINBINDD_DOMAIN</code>. If this variable
-contains a comma separated list of Windows NT domain names, then <strong>winbindd</strong>
-will only resolve users and groups within those Windows NT domains.
-<p><p></p><dt><strong></strong><dd>
-PAM is really easy to misconfigure. Make sure you know what you are doing
-when modifying PAM configuration files. It is possible to set up PAM
-such that you can no longer log into your system.
-<p><p></p><dt><strong></strong><dd>
-If more than one UNIX machine is running <strong>winbindd</strong>, then in general the
-user and groups ids allocated by <strong>winbindd</strong> will not be the same. The
-user and group ids will only be valid for the local machine.
-<p><p></p><dt><strong></strong><dd>
-If the the Windows NT RID to UNIX user and group id mapping file
-is damaged or destroyed then the mappings will be lost.
-<p></dl>
-<p><a name="SIGNALS"></a>
-<h2>SIGNALS</h2>
-
-<p>The following signals can be used to manipulate the <strong>winbindd</strong> daemon.
-<p><dl>
-<p><p></p><dt><strong><code>SIGHUP</code></strong><dd>
-<p>Reload the <code>smb.conf</code> file and apply any parameter changes to the running
-version of <strong>winbindd</strong>. This signal also clears any cached user and group
-information. The list of other domains trusted by <strong>winbindd</strong> is also
-reloaded.
-<p><p></p><dt><strong><code>SIGUSR1</code></strong><dd>
-<p>The <code>SIGUSR1</code> signal will cause <strong>winbindd</strong> to write status information
-to the winbind log file including information about the number of user and
-group ids allocated by <strong>winbindd</strong>.
-<p>Log files are stored in the filename specified by the <strong>log file</strong> parameter.
-<p></dl>
-<p><a name="FILES"></a>
-<h2>FILES</h2>
-
-<p>The following files are relevant to the operation of the <strong>winbindd</strong>
-daemon.
-<p><dl>
-<p><p></p><dt><strong>/etc/nsswitch.conf(5)</strong><dd>
-<p>Name service switch configuration file.
-<p><p></p><dt><strong>/tmp/.winbindd/pipe</strong><dd>
-<p>The UNIX pipe over which clients communicate with the <strong>winbindd</strong> program.
-For security reasons, the winbind client will only attempt to connect to the
-<strong>winbindd</strong> daemon if both the <code>/tmp/.winbindd</code> directory and
-<code>/tmp/.winbindd/pipe</code> file are owned by root.
-<p><p></p><dt><strong>/lib/libnss_winbind.so.X</strong><dd>
-<p>Implementation of name service switch library.
-<p><p></p><dt><strong>$LOCKDIR/winbindd_idmap.tdb</strong><dd>
-<p>Storage for the Windows NT rid to UNIX user/group id mapping. The lock
-directory is specified when Samba is initially compiled using the
-<code>--with-lockdir</code> option. This directory is by default
-<code>/usr/local/samba/var/locks</code>.
-<p><p></p><dt><strong>$LOCKDIR/winbindd_cache.tdb</strong><dd>
-<p>Storage for cached user and group information.
-<p></dl>
-<p><a name="SEEALSO"></a>
-<h2>SEE ALSO</h2>
-
-<p><a href="samba.7.html"><strong>samba(7)</strong></a>, <a href="smb.conf.5.html"><strong>smb.conf(5)</strong></a>,
-<strong>nsswitch.conf(5)</strong>, <a href="wbinfo.1.html"><strong>wbinfo(1)</strong></a>
-<p><a name="AUTHOR"></a>
-<h2>AUTHOR</h2>
-
-<p>The original Samba software and related utilities were created by
-Andrew Tridgell. Samba is now developed by the Samba Team as an Open
-Source project.
-<p><strong>winbindd</strong> was written by Tim Potter.
-</body>
-</html>
+ </PRE
+></P
+><P
+>Now start winbindd and you should find that your user and
+ group database is expanded to include your NT users and groups,
+ and that you can login to your unix box as a domain user, using
+ the DOMAIN+user syntax for the username. You may wish to use the
+ commands <B
+CLASS="COMMAND"
+>getent passwd</B
+> and <B
+CLASS="COMMAND"
+>getent group
+ </B
+> to confirm the correct operation of winbindd.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN191"
+></A
+><H2
+>Notes</H2
+><P
+>The following notes are useful when configuring and
+ running <B
+CLASS="COMMAND"
+>winbindd</B
+>: </P
+><P
+><B
+CLASS="COMMAND"
+>nmbd</B
+> must be running on the local machine
+ for <B
+CLASS="COMMAND"
+>winbindd</B
+> to work. <B
+CLASS="COMMAND"
+>winbindd</B
+>
+ queries the list of trusted domains for the Windows NT server
+ on startup and when a SIGHUP is received. Thus, for a running <B
+CLASS="COMMAND"
+> winbindd</B
+> to become aware of new trust relationships between
+ servers, it must be sent a SIGHUP signal. </P
+><P
+>Client processes resolving names through the <B
+CLASS="COMMAND"
+>winbindd</B
+>
+ nsswitch module read an environment variable named <TT
+CLASS="PARAMETER"
+><I
+> $WINBINDD_DOMAIN</I
+></TT
+>. If this variable contains a comma separated
+ list of Windows NT domain names, then winbindd will only resolve users
+ and groups within those Windows NT domains. </P
+><P
+>PAM is really easy to misconfigure. Make sure you know what
+ you are doing when modifying PAM configuration files. It is possible
+ to set up PAM such that you can no longer log into your system. </P
+><P
+>If more than one UNIX machine is running <B
+CLASS="COMMAND"
+>winbindd</B
+>,
+ then in general the user and groups ids allocated by winbindd will not
+ be the same. The user and group ids will only be valid for the local
+ machine.</P
+><P
+>If the the Windows NT RID to UNIX user and group id mapping
+ file is damaged or destroyed then the mappings will be lost. </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN207"
+></A
+><H2
+>Signals</H2
+><P
+>The following signals can be used to manipulate the
+ <B
+CLASS="COMMAND"
+>winbindd</B
+> daemon. </P
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>SIGHUP</DT
+><DD
+><P
+>Reload the <TT
+CLASS="FILENAME"
+>smb.conf(5)</TT
+>
+ file and apply any parameter changes to the running
+ version of winbindd. This signal also clears any cached
+ user and group information. The list of other domains trusted
+ by winbindd is also reloaded. </P
+></DD
+><DT
+>SIGUSR1</DT
+><DD
+><P
+>The SIGUSR1 signal will cause <B
+CLASS="COMMAND"
+> winbindd</B
+> to write status information to the winbind
+ log file including information about the number of user and
+ group ids allocated by <B
+CLASS="COMMAND"
+>winbindd</B
+>.</P
+><P
+>Log files are stored in the filename specified by the
+ log file parameter.</P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN224"
+></A
+><H2
+>Files</H2
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+><TT
+CLASS="FILENAME"
+>/etc/nsswitch.conf(5)</TT
+></DT
+><DD
+><P
+>Name service switch configuration file.</P
+></DD
+><DT
+>/tmp/.winbindd/pipe</DT
+><DD
+><P
+>The UNIX pipe over which clients communicate with
+ the <B
+CLASS="COMMAND"
+>winbindd</B
+> program. For security reasons, the
+ winbind client will only attempt to connect to the winbindd daemon
+ if both the <TT
+CLASS="FILENAME"
+>/tmp/.winbindd</TT
+> directory
+ and <TT
+CLASS="FILENAME"
+>/tmp/.winbindd/pipe</TT
+> file are owned by
+ root. </P
+></DD
+><DT
+>/lib/libnss_winbind.so.X</DT
+><DD
+><P
+>Implementation of name service switch library.
+ </P
+></DD
+><DT
+>$LOCKDIR/winbindd_idmap.tdb</DT
+><DD
+><P
+>Storage for the Windows NT rid to UNIX user/group
+ id mapping. The lock directory is specified when Samba is initially
+ compiled using the <TT
+CLASS="FILENAME"
+>--with-lockdir</TT
+> option.
+ This directory is by default <TT
+CLASS="FILENAME"
+>/usr/local/samba/var/locks
+ </TT
+>. </P
+></DD
+><DT
+>$LOCKDIR/winbindd_cache.tdb</DT
+><DD
+><P
+>Storage for cached user and group information.
+ </P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN253"
+></A
+><H2
+>VERSION</H2
+><P
+>This man page is correct for version 2.2 of
+ the Samba suite. winbindd is however not available in
+ stable release of Samba as of yet.</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN256"
+></A
+><H2
+>SEE ALSO</H2
+><P
+><TT
+CLASS="FILENAME"
+>nsswitch.conf(5)</TT
+>,
+ <A
+HREF="samba.7.html"
+TARGET="_top"
+>samba(7)</A
+>,
+ <A
+HREF="wbinfo.1.html"
+TARGET="_top"
+>wbinfo(1)</A
+>,
+ <A
+HREF="smb.conf.5.html"
+TARGET="_top"
+>smb.conf(5)</A
+></P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN263"
+></A
+><H2
+>AUTHOR</H2
+><P
+>The original Samba software and related utilities
+ were created by Andrew Tridgell. Samba is now developed
+ by the Samba Team as an Open Source project similar
+ to the way the Linux kernel is developed.</P
+><P
+><B
+CLASS="COMMAND"
+>wbinfo</B
+> and <B
+CLASS="COMMAND"
+>winbindd</B
+>
+ were written by Tim Potter.</P
+><P
+>The conversion to DocBook for Samba 2.2 was done
+ by Gerald Carter</P
+></DIV
+></BODY
+></HTML
+>
\ No newline at end of file
-.TH "smbtar " "1" "23 Oct 1998" "Samba" "SAMBA"
-.PP
-.SH "NAME"
-smbtar \- shell script for backing up SMB/CIFS shares directly to UNIX tape drives
-.PP
-.SH "SYNOPSIS"
-.PP
-\fBsmbtar\fP -s server [-p password] [-x service] [-X] [-d directory] [-u user] [-t tape] [-b blocksize] [-N filename] [-i] [-r] [-l log level] [-v] filenames
-.PP
-.SH "DESCRIPTION"
-.PP
-This program is part of the \fBSamba\fP suite\&.
-.PP
-\fBsmbtar\fP is a very small shell script on top of
-\fBsmbclient\fP which dumps SMB shares directly
-to tape\&.
-.PP
-.SH "OPTIONS"
-.PP
-.IP
-.IP "\fB-s server\fP"
-The SMB/CIFS server that the share resides upon\&.
-.IP
-.IP "\fB-x service\fP"
-The share name on the server to connect
-to\&. The default is \f(CWbackup\fP\&.
-.IP
-.IP "\fB-X\fP"
-Exclude mode\&. Exclude filenames\&.\&.\&. from tar create or
-restore\&.
-.IP
-.IP "\fB-d directory\fP"
-Change to initial \fIdirectory\fP before restoring
-/ backing up files\&.
-.IP
-.IP "\fB-v\fP"
-Verbose mode\&.
-.IP
-.IP "\fB-p password\fP"
-The password to use to access a share\&. Default:
-none
-.IP
-.IP "\fB-u user\fP"
-The user id to connect as\&. Default: UNIX login name\&.
-.IP
-.IP "\fB-t tape\fP"
-Tape device\&. May be regular file or tape
-device\&. Default: \fITAPE\fP environmental variable; if not set, a file
-called \f(CWtar\&.out\fP\&.
-.IP
-.IP "\fB-b blocksize\fP"
-Blocking factor\&. Defaults to 20\&. See \fBtar (1)\fP
-for a fuller explanation\&.
-.IP
-.IP "\fB-N filename\fP"
-Backup only files newer than filename\&. Could be
-used (for example) on a log file to implement incremental backups\&.
-.IP
-.IP "\fB-i\fP"
-Incremental mode; tar files are only backed up if they
-have the archive bit set\&. The archive bit is reset after each file is
-read\&.
-.IP
-.IP "\fB-r\fP"
-Restore\&. Files are restored to the share from the tar
-file\&.
-.IP
-.IP "\fB-l log level\fP"
-Log (debug) level\&. Corresponds to the
-\fB-d\fP flag of \fBsmbclient
-(1)\fP\&.
-.IP
-.PP
-.SH "ENVIRONMENT VARIABLES"
-.PP
-The TAPE variable specifies the default tape device to write to\&. May
-be overridden with the \fB-t\fP option\&.
-.PP
-.SH "BUGS"
-.PP
-The \fBsmbtar\fP script has different options from ordinary tar and tar
-called from \fBsmbclient\fP\&.
-.PP
-.SH "CAVEATS"
-.PP
-Sites that are more careful about security may not like the way the
-script handles PC passwords\&. Backup and restore work on entire shares,
-should work on file lists\&. \fBsmbtar\fP works best with GNU tar and may
-not work well with other versions\&.
-.PP
-.SH "VERSION"
-.PP
-This man page is correct for version 2\&.0 of the Samba suite\&.
-.PP
-.SH "SEE ALSO"
-.PP
-\fBsmbclient (1)\fP, \fBsmb\&.conf
-(5)\fP
-.PP
-.SH "DIAGNOSTICS"
-.PP
-See the \fBDIAGNOSTICS\fP section for
-the \fBsmbclient\fP command\&.
-.PP
-.SH "AUTHOR"
-.PP
-The original Samba software and related utilities were created by
-Andrew Tridgell samba@samba\&.org\&. Samba is now developed
-by the Samba Team as an Open Source project similar to the way the
-Linux kernel is developed\&.
-.PP
-Ricky Poulten poultenr@logica\&.co\&.uk wrote the tar extension and
-this man page\&. The \fBsmbtar\fP script was heavily rewritten and
-improved by Martin Kraemer Martin\&.Kraemer@mch\&.sni\&.de\&. Many
-thanks to everyone who suggested extensions, improvements, bug fixes,
-etc\&. The man page sources were converted to YODL format (another
-excellent piece of Open Source software available at
-\fBftp://ftp\&.icce\&.rug\&.nl/pub/unix/\fP)
-and updated for the Samba2\&.0 release by Jeremy Allison,
-samba@samba\&.org\&.
-.PP
-See \fBsamba (7)\fP to find out how to get a full
-list of contributors and details on how to submit bug reports,
-comments etc\&.
-.PP
+.\" This manpage has been automatically generated by docbook2man-spec
+.\" from a DocBook document. docbook2man-spec can be found at:
+.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/>
+.\" Please send any bug reports, improvements, comments, patches,
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.TH "SMBTAR" "1" "22 February 2001" "" ""
+.SH NAME
+smbtar \- shell script for backing up SMB/CIFS shares directly to UNIX tape drives
+.SH SYNOPSIS
+.sp
+\fBsmbtar\fR \fB-s server\fR [ \fB-p password\fR ] [ \fB-x services\fR ] [ \fB-X\fR ] [ \fB-d directory\fR ] [ \fB-u user\fR ] [ \fB-t tape\fR ] [ \fB-t tape\fR ] [ \fB-b blocksize\fR ] [ \fB-N filename\fR ] [ \fB-i\fR ] [ \fB-r\fR ] [ \fB-l loglevel\fR ] [ \fB-v\fR ] \fBfilenames\fR
+.SH "DESCRIPTION"
+.PP
+This tool is part of the Samba <URL:samba.7.html> suite.
+.PP
+\fBsmbtar\fR is a very small shell script on top
+of \fBsmbclient(1)\fR <URL:smbclient.1.html>
+which dumps SMB shares directly to tape.
+.SH "OPTIONS"
+.TP
+\fB-s server\fR
+The SMB/CIFS server that the share resides
+upon.
+.TP
+\fB-x service\fR
+The share name on the server to connect to.
+The default is "backup".
+.TP
+\fB-X\fR
+Exclude mode. Exclude filenames... from tar
+create or restore.
+.TP
+\fB-d directory\fR
+Change to initial \fIdirectory
+\fRbefore restoring / backing up files.
+.TP
+\fB-v\fR
+Verbose mode.
+.TP
+\fB-p password\fR
+The password to use to access a share.
+Default: none
+.TP
+\fB-u user\fR
+The user id to connect as. Default:
+UNIX login name.
+.TP
+\fB-t tape\fR
+Tape device. May be regular file or tape
+device. Default: \fI$TAPE\fR environmental
+variable; if not set, a file called \fItar.out
+\fR\&.
+.TP
+\fB-b blocksize\fR
+Blocking factor. Defaults to 20. See
+\fBtar(1)\fR for a fuller explanation.
+.TP
+\fB-N filename\fR
+Backup only files newer than filename. Could
+be used (for example) on a log file to implement incremental
+backups.
+.TP
+\fB-i\fR
+Incremental mode; tar files are only backed
+up if they have the archive bit set. The archive bit is reset
+after each file is read.
+.TP
+\fB-r\fR
+Restore. Files are restored to the share
+from the tar file.
+.TP
+\fB-l log level\fR
+Log (debug) level. Corresponds to the
+\fI-d\fR flag of \fBsmbclient(1)
+\fR\&.
+.SH "ENVIRONMENT VARIABLES"
+.PP
+The \fI$TAPE\fR variable specifies the
+default tape device to write to. May be overridden
+with the -t option.
+.SH "BUGS"
+.PP
+The \fBsmbtar\fR script has different
+options from ordinary tar and tar called from smbclient.
+.SH "CAVEATS"
+.PP
+Sites that are more careful about security may not like
+the way the script handles PC passwords. Backup and restore work
+on entire shares, should work on file lists. smbtar works best
+with GNU tar and may not work well with other versions.
+.SH "DIAGNOSTICS"
+.PP
+See the \fBDIAGNOSTICS\fR section for the
+\fBsmbclient(1)\fR
+ <URL:smbclient.1.html> command.
+.SH "VERSION"
+.PP
+This man page is correct for version 2.2 of
+the Samba suite.
+.SH "SEE ALSO"
+.PP
+\fBsmbd(8)\fR <URL:smbd.8.html>,
+\fBsmbclient(1)\fR <URL:smbclient.1.html>,
+smb.conf(5) <URL:smb.conf.5.html>,
+.SH "AUTHOR"
+.PP
+The original Samba software and related utilities
+were created by Andrew Tridgell. Samba is now developed
+by the Samba Team as an Open Source project similar
+to the way the Linux kernel is developed.
+.PP
+Ricky Poulten <URL:mailto:poultenr@logica.co.uk>
+wrote the tar extension and this man page. The \fBsmbtar\fR
+script was heavily rewritten and improved by Martin Kraemer <URL:mailto:Martin.Kraemer@mch.sni.de>. Many
+thanks to everyone who suggested extensions, improvements, bug
+fixes, etc. The man page sources were converted to YODL format (another
+excellent piece of Open Source software, available at
+ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0
+release by Jeremy Allison. The conversion to DocBook for
+Samba 2.2 was done by Gerald Carter.
-.TH "swat " "8" "23 Oct 1998" "Samba" "SAMBA"
-.PP
-.SH "NAME"
+.\" This manpage has been automatically generated by docbook2man-spec
+.\" from a DocBook document. docbook2man-spec can be found at:
+.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/>
+.\" Please send any bug reports, improvements, comments, patches,
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.TH "SWAT" "8" "22 February 2001" "" ""
+.SH NAME
swat \- Samba Web Administration Tool
-.PP
-.SH "SYNOPSIS"
-.PP
-\fBswat\fP [-s smb config file] [-a]
-.PP
-.SH "DESCRIPTION"
-.PP
-This program is part of the \fBSamba\fP suite\&.
-.PP
-\fBswat\fP allows a Samba administrator to configure the complex
-\fBsmb\&.conf\fP file via a Web browser\&. In
-addition, a swat configuration page has help links to all the
-configurable options in the \fBsmb\&.conf\fP file
-allowing an administrator to easily look up the effects of any change\&.
-.PP
-\fBswat\fP is run from \fBinetd\fP
-.PP
-.SH "OPTIONS"
-.PP
-.IP
-.IP "\fB-s smb configuration file\fP"
-The default configuration file path is
-determined at compile time\&.
-.IP
-The file specified contains the configuration details required by the
-\fBsmbd\fP server\&. This is the file that \fBswat\fP will
-modify\&. The information in this file includes server-specific
-information such as what printcap file to use, as well as descriptions
-of all the services that the server is to provide\&. See smb\&.conf
-(5) for more information\&.
-.IP
-.IP "\fB-a\fP"
-.IP
-This option disables authentication and puts \fBswat\fP in demo mode\&. In
-that mode anyone will be able to modify the
-\fBsmb\&.conf\fP file\&.
-.IP
-Do NOT enable this option on a production server\&.
-.IP
-.PP
-.SH "INSTALLATION"
-.PP
-After you compile SWAT you need to run \f(CW"make install"\fP to install the
-swat binary and the various help files and images\&. A default install
-would put these in:
-.PP
-
-.nf
-
+.SH SYNOPSIS
+.sp
+\fBnmblookup\fR [ \fB-s <smb config file>\fR ] [ \fB-a\fR ]
+.SH "DESCRIPTION"
+.PP
+This tool is part of the Samba <URL:samba.7.html> suite.
+.PP
+\fBswat\fR allows a Samba administrator to
+configure the complex \fI smb.conf(5)\fR <URL:smb.conf.5.html> file via a Web browser. In addition,
+a \fBswat\fR configuration page has help links
+to all the configurable options in the smb.conf file allowing an
+administrator to easily look up the effects of any change.
+.PP
+swat is run from inetd
+.SH "OPTIONS"
+.TP
+\fB-s smb configuration file\fR
+The default configuration file path is
+determined at compile time. The file specified contains
+the configuration details required by the \fBsmbd
+\fRserver. This is the file that swat will modify.
+The information in this file includes server-specific
+information such as what printcap file to use, as well as
+descriptions of all the services that the server is to provide.
+See \fIsmb.conf\fR for more information.
+.TP
+\fB-a\fR
+This option disables authentication and puts
+swat in demo mode. In that mode anyone will be able to modify
+the smb.conf file.
+\fBDo NOT enable this option on a production
+server. \fR
+.SH "INSTALLATION"
+.PP
+After you compile SWAT you need to run \fBmake install
+\fRto install the \fBswat\fR binary
+and the various help files and images. A default install would put
+these in:
+.TP 0.2i
+\(bu
/usr/local/samba/bin/swat
+.TP 0.2i
+\(bu
/usr/local/samba/swat/images/*
+.TP 0.2i
+\(bu
/usr/local/samba/swat/help/*
-
-.fi
-
-
-.PP
-.SH "INETD INSTALLATION"
-.PP
-You need to edit your \f(CW/etc/inetd\&.conf\fP and \f(CW/etc/services\fP to
-enable \fBSWAT\fP to be launched via inetd\&.
-.PP
-In \f(CW/etc/services\fP you need to add a line like this:
-.PP
-\f(CWswat 901/tcp\fP
-.PP
-Note for NIS/YP users - you may need to rebuild the NIS service maps
-rather than alter your local \f(CW/etc/services\fP file\&.
-.PP
-the choice of port number isn\'t really important except that it should
-be less than 1024 and not currently used (using a number above 1024
-presents an obscure security hole depending on the implementation
-details of your \fBinetd\fP daemon)\&.
-.PP
-In \f(CW/etc/inetd\&.conf\fP you should add a line like this:
-.PP
-\f(CWswat stream tcp nowait\&.400 root /usr/local/samba/bin/swat swat\fP
-.PP
-One you have edited \f(CW/etc/services\fP and \f(CW/etc/inetd\&.conf\fP you need
-to send a HUP signal to inetd\&. To do this use \f(CW"kill -1 PID"\fP where
-PID is the process ID of the inetd daemon\&.
-.PP
-.SH "LAUNCHING"
-.PP
-To launch \fBswat\fP just run your favorite web browser and point it at
-\f(CWhttp://localhost:901/\fP\&.
-.PP
-\fBNote that you can attach to \fBswat\fP from any IP connected machine but
-connecting from a remote machine leaves your connection open to
-password sniffing as passwords will be sent in the clear over the
-wire\&.\fP
-.PP
-.SH "FILES"
-.PP
-\fB/etc/inetd\&.conf\fP
-.PP
-This file must contain suitable startup information for the
-meta-daemon\&.
-.PP
-\fB/etc/services\fP
-.PP
-This file must contain a mapping of service name (e\&.g\&., swat) to
-service port (e\&.g\&., 901) and protocol type (e\&.g\&., tcp)\&.
-.PP
-\fB/usr/local/samba/lib/smb\&.conf\fP
-.PP
-This is the default location of the \fIsmb\&.conf\fP server configuration
-file that \fBswat\fP edits\&. Other common places that systems install
-this file are \fI/usr/samba/lib/smb\&.conf\fP and \fI/etc/smb\&.conf\fP\&.
-.PP
-This file describes all the services the server is to make available
-to clients\&. See \fBsmb\&.conf (5)\fP for more information\&.
-.PP
-.SH "WARNINGS"
-.PP
-\fBswat\fP will rewrite your \fBsmb\&.conf\fP file\&. It
-will rearrange the entries and delete all comments,
-\fB"include="\fP and
-\fB"copy="\fP options\&. If you have a
-carefully crafted \fBsmb\&.conf\fP then back it up
-or don\'t use \fBswat\fP!
-.PP
-.SH "VERSION"
-.PP
-This man page is correct for version 2\&.0 of the Samba suite\&.
-.PP
-.SH "SEE ALSO"
-.PP
-\fBinetd (8)\fP, \fBnmbd (8)\fP,
-\fBsmb\&.conf (5)\fP\&.
-.PP
-.SH "AUTHOR"
-.PP
-The original Samba software and related utilities were created by
-Andrew Tridgell (samba@samba\&.org)\&. Samba is now developed
-by the Samba Team as an Open Source project similar to the way the
-Linux kernel is developed\&.
-.PP
-The original Samba man pages were written by Karl Auer\&. The man page
-sources were converted to YODL format (another excellent piece of Open
-Source software, available at
-\fBftp://ftp\&.icce\&.rug\&.nl/pub/unix/\fP)
-and updated for the Samba2\&.0 release by Jeremy Allison\&.
-samba@samba\&.org\&.
-.PP
-See \fBsamba (7)\fP to find out how to get a full
-list of contributors and details on how to submit bug reports,
-comments etc\&.
+.SS "INETD INSTALLATION"
+.PP
+You need to edit your \fI/etc/inetd.conf
+\fRand \fI/etc/services\fR
+to enable SWAT to be launched via inetd.
+.PP
+In \fI/etc/services\fR you need to
+add a line like this:
+.PP
+\fBswat 901/tcp\fR
+.PP
+Note for NIS/YP users - you may need to rebuild the
+NIS service maps rather than alter your local \fI /etc/services\fR file.
+.PP
+the choice of port number isn't really important
+except that it should be less than 1024 and not currently
+used (using a number above 1024 presents an obscure security
+hole depending on the implementation details of your
+\fBinetd\fR daemon).
+.PP
+In \fI/etc/inetd.conf\fR you should
+add a line like this:
+.PP
+\fBswat stream tcp nowait.400 root
+/usr/local/samba/bin/swat swat\fR
+.PP
+One you have edited \fI/etc/services\fR
+and \fI/etc/inetd.conf\fR you need to send a
+HUP signal to inetd. To do this use \fBkill -1 PID
+\fRwhere PID is the process ID of the inetd daemon.
+.SS "LAUNCHING"
+.PP
+To launch swat just run your favorite web browser and
+point it at "http://localhost:901/".
+.PP
+Note that you can attach to swat from any IP connected
+machine but connecting from a remote machine leaves your
+connection open to password sniffing as passwords will be sent
+in the clear over the wire.
+.SH "FILES"
+.TP
+\fB\fI/etc/inetd.conf\fB\fR
+This file must contain suitable startup
+information for the meta-daemon.
+.TP
+\fB\fI/etc/services\fB\fR
+This file must contain a mapping of service name
+(e.g., swat) to service port (e.g., 901) and protocol type
+(e.g., tcp).
+.TP
+\fB\fI/usr/local/samba/lib/smb.conf\fB\fR
+This is the default location of the \fIsmb.conf(5)
+\fRserver configuration file that swat edits. Other
+common places that systems install this file are \fI /usr/samba/lib/smb.conf\fR and \fI/etc/smb.conf
+\fR\&. This file describes all the services the server
+is to make available to clients.
+.SH "WANRNIGS"
+.PP
+\fBswat\fR will rewrite your \fIsmb.conf
+\fRfile. It will rearrange the entries and delete all
+comments, \fIinclude=\fR and \fIcopy="
+\fRoptions. If you have a carefully crafted \fI smb.conf\fR then back it up or don't use swat!
+.SH "VERSION"
+.PP
+This man page is correct for version 2.2 of
+the Samba suite.
+.SH "SEE ALSO"
+.PP
+\fBinetd(5)\fR,
+\fBsmbd(8)\fR <URL:smbd.8.html>,
+smb.conf(5) <URL:smb.conf.5.html>
+.SH "AUTHOR"
+.PP
+The original Samba software and related utilities
+were created by Andrew Tridgell. Samba is now developed
+by the Samba Team as an Open Source project similar
+to the way the Linux kernel is developed.
+.PP
+The original Samba man pages were written by Karl Auer.
+The man page sources were converted to YODL format (another
+excellent piece of Open Source software, available at
+ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0
+release by Jeremy Allison. The conversion to DocBook for
+Samba 2.2 was done by Gerald Carter
-.TH "winbindd " "8" "13 Jun 2000" "Samba" "SAMBA"
-.PP
-.SH "NAME"
-winbindd \- Name Service Switch daemon for resolving names from NT servers
-.PP
-.SH "SYNOPSIS"
-.PP
-\fBwinbindd\fP [-d debuglevel] [-i]
-.PP
-.SH "DESCRIPTION"
-.PP
-This program is part of the \fBSamba\fP suite version 3\&.0 and describes
-functionality not yet implemented in the main version of Samba\&.
-.PP
-\fBwinbindd\fP is a daemon that provides a service for the Name Service
-Switch capability that is present in most modern C libraries\&. The Name
-Service Switch allows user and system information to be obtained from
-different databases services such as NIS or DNS\&. The exact behaviour can
-be configured throught the \f(CW/etc/nsswitch\&.conf\fP file\&. Users and groups
-are allocated as they are resolved to a range of user and group ids
-specified by the administrator of the Samba system\&.
-.PP
-The service provided by \fBwinbindd\fP is called `winbind\' and can be
-used to resolve user and group information from a Windows NT server\&.
-The service can also provide authentication services via an associated
-PAM module\&.
-.PP
-The following nsswitch databases are implemented by the \fBwinbindd\fP
-service:
-.PP
-.IP
-.IP "passwd"
-.IP
-User information traditionally stored in the \fBpasswd(5)\fP file and used by
-\fBgetpwent(3)\fP functions\&.
-.IP
-.IP "group"
-.IP
-Group information traditionally stored in the \fBgroup(5)\fP file and used by
-\fBgetgrent(3)\fP functions\&.
-.IP
-.PP
+.\" This manpage has been automatically generated by docbook2man-spec
+.\" from a DocBook document. docbook2man-spec can be found at:
+.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/>
+.\" Please send any bug reports, improvements, comments, patches,
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.TH "WINBINDD" "8" "22 February 2001" "" ""
+.SH NAME
+winbindd \- Name Service Switch daemon for resolving names from NT servers
+.SH SYNOPSIS
+.sp
+\fBnmblookup\fR [ \fB-d debuglevel\fR ] [ \fB-i\fR ] [ \fB-S\fR ] [ \fB-r\fR ] [ \fB-A\fR ] [ \fB-h\fR ] [ \fB-B <broadcast address>\fR ] [ \fB-U <unicast address>\fR ] [ \fB-d <debug level>\fR ] [ \fB-s <smb config file>\fR ] [ \fB-i <NetBIOS scope>\fR ] [ \fB-T\fR ] \fBname\fR
+.SH "DESCRIPTION"
+.PP
+This tool is part of the Samba <URL:samba.7.html> suite version 3.0 and describes functionality not
+yet implemented in the main version of Samba.
+.PP
+\fBwinbindd\fR is a daemon that provides
+a service for the Name Service Switch capability that is present
+in most modern C libraries. The Name Service Switch allows user
+and system information to be obtained from different databases
+services such as NIS or DNS. The exact behaviour can be configured
+throught the \fI/etc/nsswitch.conf\fR file.
+Users and groups are allocated as they are resolved to a range
+of user and group ids specified by the administrator of the
+Samba system.
+.PP
+The service provided by winbindd is called `winbind' and
+can be used to resolve user and group information from a
+Windows NT server. The service can also provide authentication
+services via an associated PAM module.
+.PP
+The following nsswitch databases are implemented by
+the winbindd service:
+.TP
+\fBpasswd\fR
+User information traditionally stored in
+the \fIpasswd(5)\fR file and used by
+\fBgetpwent(3)\fR functions.
+.TP
+\fBgroup\fR
+Group information traditionally stored in
+the \fIgroup(5)\fR file and used by
+\fBgetgrent(3)\fR functions.
+.PP
For example, the following simple configuration in the
-\f(CW/etc/nsswitch\&.conf\fP file can be used to initially resolve user and group
-information from \f(CW/etc/passwd\fP and \f(CW/etc/group\fP and then from the
-Windows NT server\&.
-.PP
+\fI/etc/nsswitch.conf\fR file can be used to initially
+resolve user and group information from \fI/etc/passwd
+\fRand \fI/etc/group\fR and then from the
+Windows NT server.
+.PP
+.PP
+.sp
+.nf
+passwd: files winbind
+group: files winbind
+
+.sp
+.fi
+.PP
+.SH "OPTIONS"
+.TP
+\fB-d debuglevel\fR
+Sets the debuglevel to an integer between
+0 and 100. 0 is for no debugging and 100 is for reams and
+reams. To submit a bug report to the Samba Team, use debug
+level 100 (see BUGS.txt).
+.TP
+\fB-i\fR
+Tells \fBwinbindd\fR to not
+become a daemon and detach from the current terminal. This
+option is used by developers when interactive debugging
+of \fBwinbindd\fR is required.
+.SH "NAME AND ID RESOLUTION"
+.PP
+Users and groups on a Windows NT server are assigned
+a relative id (rid) which is unique for the domain when the
+user or group is created. To convert the Windows NT user or group
+into a unix user or group, a mapping between rids and unix user
+and group ids is required. This is one of the jobs that \fB winbindd\fR performs.
+.PP
+As winbindd users and groups are resolved from a server, user
+and group ids are allocated from a specified range. This
+is done on a first come, first served basis, although all existing
+users and groups will be mapped as soon as a client performs a user
+or group enumeration command. The allocated unix ids are stored
+in a database file under the Samba lock directory and will be
+remembered.
+.PP
+WARNING: The rid to unix id database is the only location
+where the user and group mappings are stored by winbindd. If this
+file is deleted or corrupted, there is no way for winbindd to
+determine which user and group ids correspond to Windows NT user
+and group rids.
+.SH "CONFIGURATION"
+.PP
+Configuration of the \fBwinbindd\fR daemon
+is done through configuration parameters in the \fIsmb.conf(5)
+\fRfile. All parameters should be specified in the
+[global] section of smb.conf.
+.TP
+\fBwinbind separator\fR
+The winbind separator option allows you
+to specify how NT domain names and user names are combined
+into unix user names when presented to users. By default,
+\fBwinbindd\fR will use the traditional '\\'
+separator so that the unix user names look like
+DOMAIN\\username. In some cases this separator character may
+cause problems as the '\\' character has special meaning in
+unix shells. In that case you can use the winbind separator
+option to specify an alternative sepataror character. Good
+alternatives may be '/' (although that conflicts
+with the unix directory separator) or a '+ 'character.
+The '+' character appears to be the best choice for 100%
+compatibility with existing unix utilities, but may be an
+aesthetically bad choice depending on your taste.
-.nf
-
+Default: \fBwinbind separator = \\ \fR
- passwd: files winbind
- group: files winbind
+Example: \fBwinbind separator = + \fR
+.TP
+\fBwinbind uid\fR
+The winbind uid parameter specifies the
+range of user ids that are allocated by the winbindd daemon.
+This range of ids should have no existing local or nis users
+within it as strange conflicts can occur otherwise.
-.fi
-
+Default: \fBwinbind uid = <empty string>
+\fR
+Example: \fBwinbind uid = 10000-20000\fR
+.TP
+\fBwinbind gid\fR
+The winbind gid parameter specifies the
+range of group ids that are allocated by the winbindd daemon.
+This range of group ids should have no existing local or nis
+groups within it as strange conflicts can occur otherwise.
-.PP
-.SH "OPTIONS"
-.PP
-The following options are available to the \fBwinbindd\fP daemon:
-.PP
-.IP
-.IP "\fB-d debuglevel\fP"
-Sets the debuglevel to an integer between 0 and 100\&. 0 is for no debugging
-and 100 is for reams and reams\&. To submit a bug report to the Samba Team,
-use debug level 100 (see \fBBUGS\&.txt\fP)\&.
-.IP
-.IP "\fB-i\fP"
-Tells \fBwinbindd\fP to not become a daemon and detach from the current terminal\&.
-This option is used by developers when interactive debugging of \fBwinbindd\fP is
-required\&.
-.IP
-.PP
-.SH "NAME AND ID RESOLUTION"
-.PP
-Users and groups on a Windows NT server are assigned a relative id (rid)
-which is unique for the domain when the user or group is created\&. To
-convert the Windows NT user or group into a unix user or group, a mapping
-between rids and unix user and group ids is required\&. This is one of the
-jobs that \fBwinbindd\fP performs\&.
-.PP
-As \fBwinbindd\fP users and groups are resolved from a server, user and group
-ids are allocated from a specified range\&. This is done on a first come,
-first served basis, although all existing users and groups will be mapped
-as soon as a client performs a user or group enumeration command\&. The
-allocated unix ids are stored in a database file under the Samba lock
-directory and will be remembered\&.
-.PP
-WARNING: The rid to unix id database is the only location where the user
-and group mappings are stored by \fBwinbindd\fP\&. If this file is deleted or
-corrupted, there is no way for \fBwinbindd\fP to determine which user and
-group ids correspond to Windows NT user and group rids\&.
-.PP
-.SH "CONFIGURATION"
-.PP
-Configuration of the \fBwinbindd\fP daemon is done through configuration
-parameters in the \fBsmb\&.conf\fP file\&. All parameters
-should be specified in the [global] section of
-\fBsmb\&.conf\fP\&.
-.PP
-.IP
-.IP "winbind separator"
-.IP
-The winbind separator option allows you to specify how NT domain names
-and user names are combined into unix user names when presented to
-users\&. By default winbind will use the traditional \e separator so
-that the unix user names look like DOMAIN\eusername\&. In some cases
-this separator character may cause problems as the \e character has
-special meaning in unix shells\&. In that case you can use the winbind
-separator option to specify an alternative sepataror character\&. Good
-alternatives may be / (although that conflicts with the unix directory
-separator) or a + character\&. The + character appears to be the best
-choice for 100% compatibility with existing unix utilities, but may be
-an aesthetically bad choice depending on your taste\&.
-.IP
-\fBDefault:\fP
-\f(CW winbind separator = \e\fP
-.IP
-\fBExample:\fP
-\f(CW winbind separator = +\fP
-.IP
-.IP "winbind uid"
-.IP
-The winbind uid parameter specifies the range of user ids that are
-allocated by the \fBwinbindd\fP daemon\&. This range of
-ids should have no existing local or nis users within it as strange
-conflicts can occur otherwise\&.
-.IP
-\fBDefault:\fP
-\f(CW winbind uid = <empty string>\fP
-.IP
-\fBExample:\fP
-\f(CW winbind uid = 10000-20000\fP
-.IP
-.IP "winbind gid"
-.IP
-The winbind gid parameter specifies the range of group ids that are
-allocated by the \fBwinbindd\fP daemon\&. This range of group ids should have
-no existing local or nis groups within it as strange conflicts can occur
-otherwise\&.
-.IP
-\fBDefault:\fP
-\f(CW winbind gid = <empty string>\fP
-.IP
-\fBExample:\fP
-\f(CW winbind gid = 10000-20000\fP
-.IP
-.IP "winbind cache time"
-.IP
-This parameter specifies the number of seconds the \fBwinbindd\fP daemon will
-cache user and group information before querying a Windows NT server
-again\&. When a item in the cache is older than this time \fBwinbindd\fP will ask
-the domain controller for the sequence number of the servers account
-database\&. If the sequence number has not changed then the cached item is
-marked as valid for a further "winbind cache time" seconds\&. Otherwise the
-item is fetched from the server\&. This means that as long as the account
-database is not actively changing \fBwinbindd\fP will only have to send one
-sequence number query packet every "winbind cache time" seconds\&.
-.IP
-\fBDefault:\fP
-\f(CW winbind cache time = 15\fP
-.IP
-.IP "winbind enum users"
-.IP
-On large installations it may be necessary to suppress the enumeration of
-users through the \f(CWsetpwent\fP, \f(CWgetpwent\fP and \f(CWendpwent\fP group of
-system calls\&. If the \f(CWwinbind enum users\fP parameter is false, calls to
-the \f(CWgetpwent\fP system call will not return any data\&.
-.IP
-Warning: Turning off user enumeration may cause some programs to behave
-oddly\&. For example, the finger program relies on having access to the full
-user list when searching for matching usernames\&.
-.IP
-\fBDefault:\fP
-\f(CW winbind enum users = true\fP
-.IP
-.IP "winbind enum groups"
-.IP
-On large installations it may be necessary to suppress the enumeration of
-groups through the \f(CWsetgrent\fP, \f(CWgetgrent\fP and \f(CWendgrent\fP group of
-system calls\&. If the \f(CWwinbind enum groups\fP parameter is false, calls to
-the \f(CWgetgrent\fP system call will not return any data\&.
-.IP
-Warning: Turning off group enumeration may cause some programs to behave
-oddly\&.
-.IP
-\fBDefault:\fP
-\f(CW winbind enum groups = true\fP
-.IP
-.IP "template homedir"
-.IP
-When filling out the user information for a Windows NT user, the
-\fBwinbindd\fP daemon uses this parameter to fill in the home directory for
-that user\&. If the string \f(CW%D\fP is present it is substituted with the
-user\'s Windows NT domain name\&. If the string \f(CW%U\fP is present it is
-substituted with the user\'s Windows NT user name\&.
-.IP
-\fBDefault:\fP
-\f(CW template homedir = /home/%D/%U\fP
-.IP
-.IP "template shell"
-.IP
-When filling out the user information for a Windows NT user, the
-\fBwinbindd\fP daemon uses this parameter to fill in the shell for that user\&.
-.IP
-\fBDefault:\fP
-\f(CW template shell = /bin/false\fP
-.IP
-.PP
-.SH "EXAMPLE SETUP"
-.PP
-To setup \fBwinbindd\fP for user and group lookups plus authentication from
-a domain controller use something like the following setup\&. This was
-tested on a RedHat 6\&.2 Linux box\&.
-.PP
-In \f(CW/etc/nsswitch\&.conf\fP put the following:
+Default: \fBwinbind gid = <empty string>
+\fR
+Example: \fBwinbind gid = 10000-20000
+\fR.TP
+\fBwinbind cache time\fR
+This parameter specifies the number of
+seconds the winbindd daemon will cache user and group information
+before querying a Windows NT server again. When a item in the
+cache is older than this time winbindd will ask the domain
+controller for the sequence number of the servers account database.
+If the sequence number has not changed then the cached item is
+marked as valid for a further \fIwinbind cache time
+\fRseconds. Otherwise the item is fetched from the
+server. This means that as long as the account database is not
+actively changing winbindd will only have to send one sequence
+number query packet every \fIwinbind cache time
+\fRseconds.
-.nf
-
+Default: \fBwinbind cache time = 15\fR
+.TP
+\fBwinbind enum users\fR
+On large installations it may be necessary
+to suppress the enumeration of users through the \fB setpwent()\fR, \fBgetpwent()\fR and
+\fBendpwent()\fR group of system calls. If
+the \fIwinbind enum users\fR parameter is false,
+calls to the \fBgetpwent\fR system call will not
+return any data.
- passwd: files winbind
- group: files winbind
+\fBWarning:\fR Turning off user enumeration
+may cause some programs to behave oddly. For example, the finger
+program relies on having access to the full user list when
+searching for matching usernames.
-.fi
-
+Default: \fBwinbind enum users = yes \fR
+.TP
+\fBwinbind enum groups\fR
+On large installations it may be necessary
+to suppress the enumeration of groups through the \fB setgrent()\fR, \fBgetgrent()\fR and
+\fBendgrent()\fR group of system calls. If
+the \fIwinbind enum groups\fR parameter is
+false, calls to the \fBgetgrent()\fR system
+call will not return any data.
-.PP
-In \f(CW/etc/pam\&.d/*\fP replace the \f(CWauth\fP lines with something like this:
+\fBWarning:\fR Turning off group
+enumeration may cause some programs to behave oddly.
-.nf
-
+Default: \fBwinbind enum groups = no \fR
+.TP
+\fBtemplate homedir\fR
+When filling out the user information
+for a Windows NT user, the \fBwinbindd\fR daemon
+uses this parameter to fill in the home directory for that user.
+If the string \fI%D\fR is present it is
+substituted with the user's Windows NT domain name. If the
+string \fI%U\fR is present it is substituted
+with the user's Windows NT user name.
- auth required /lib/security/pam_securetty\&.so
- auth required /lib/security/pam_nologin\&.so
- auth sufficient /lib/security/pam_winbind\&.so
- auth required /lib/security/pam_pwdb\&.so use_first_pass shadow nullok
+Default: \fBtemplate homedir = /home/%D/%U \fR
+.TP
+\fBtemplate shell\fR
+When filling out the user information for
+a Windows NT user, the \fBwinbindd\fR daemon
+uses this parameter to fill in the shell for that user.
-.fi
-
-
-.PP
-Note in particular the use of the \f(CWsufficient\fP keyword and the
-\f(CWuse_first_pass\fP keyword\&.
-.PP
-Now replace the account lines with this:
-
-.nf
-
-
- account required /lib/security/pam_winbind\&.so
-
-.fi
-
-
-.PP
-The next step is to join the domain\&. To do that use the samedit
-program like this:
-
-.nf
-
-
- samedit -S \'*\' -W DOMAIN -UAdministrator
-
-.fi
-
-
-.PP
-The username after the -U can be any Domain user that has administrator
-priviliges on the machine\&. Next from within samedit, run the command:
-
-.nf
-
-
- createuser MACHINE$ -j DOMAIN -L
-
-.fi
-
-
-.PP
-This assumes your domain is called \f(CWDOMAIN\fP and your Samba workstation
-is called \f(CWMACHINE\fP\&.
-.PP
-Next copy \f(CWlibnss_winbind\&.so\&.2\fP to \f(CW/lib\fP and \f(CWpam_winbind\&.so\fP to
-\f(CW/lib/security\fP\&.
-.PP
-Finally, setup a smb\&.conf containing directives like the following:
-
-.nf
-
-
- [global]
- winbind separator = +
+Default: \fBtemplate shell = /bin/false \fR
+.SH "EXAMPLE SETUP"
+.PP
+To setup winbindd for user and group lookups plus
+authentication from a domain controller use something like the
+following setup. This was tested on a RedHat 6.2 Linux box.
+.PP
+In \fI/etc/nsswitch.conf\fR put the
+following:
+.PP
+.sp
+.nf
+passwd: files winbind
+group: files winbind
+
+.sp
+.fi
+.PP
+In \fI/etc/pam.d/*\fR replace the
+\fIauth\fR lines with something like this:
+.PP
+.sp
+.nf
+auth required /lib/security/pam_securetty.so
+auth required /lib/security/pam_nologin.so
+auth sufficient /lib/security/pam_winbind.so
+auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok
+
+.sp
+.fi
+.PP
+Note in particular the use of the \fIsufficient\fR
+keyword and the \fIuse_first_pass\fR keyword.
+.PP
+Now replace the account lines with this:
+.PP
+\fBaccount required /lib/security/pam_winbind.so
+\fR.PP
+The next step is to join the domain. To do that use the
+\fBsamedit\fR program like this:
+.PP
+\fBsamedit -S '*' -W DOMAIN -UAdministrator\fR
+.PP
+The username after the \fI-U\fR can be any Domain
+user that has administrator priviliges on the machine. Next from
+within \fBsamedit\fR, run the command:
+.PP
+\fBcreateuser MACHINE$ -j DOMAIN -L\fR
+.PP
+This assumes your domain is called "DOMAIN" and your Samba
+workstation is called "MACHINE".
+.PP
+Next copy \fIlibnss_winbind.so.2\fR to
+\fI/lib\fR and \fIpam_winbind.so\fR
+to \fI/lib/security\fR.
+.PP
+Finally, setup a smb.conf containing directives like the
+following:
+.PP
+.sp
+.nf
+[global]
+ winbind separator = +
winbind cache time = 10
template shell = /bin/bash
template homedir = /home/%D/%U
workgroup = DOMAIN
security = domain
password server = *
+
+.sp
+.fi
+.PP
+Now start winbindd and you should find that your user and
+group database is expanded to include your NT users and groups,
+and that you can login to your unix box as a domain user, using
+the DOMAIN+user syntax for the username. You may wish to use the
+commands \fBgetent passwd\fR and \fBgetent group
+\fRto confirm the correct operation of winbindd.
+.SH "NOTES"
+.PP
+The following notes are useful when configuring and
+running \fBwinbindd\fR:
+.PP
+\fBnmbd\fR must be running on the local machine
+for \fBwinbindd\fR to work. \fBwinbindd\fR
+queries the list of trusted domains for the Windows NT server
+on startup and when a SIGHUP is received. Thus, for a running \fB winbindd\fR to become aware of new trust relationships between
+servers, it must be sent a SIGHUP signal.
+.PP
+Client processes resolving names through the \fBwinbindd\fR
+nsswitch module read an environment variable named \fI $WINBINDD_DOMAIN\fR. If this variable contains a comma separated
+list of Windows NT domain names, then winbindd will only resolve users
+and groups within those Windows NT domains.
+.PP
+PAM is really easy to misconfigure. Make sure you know what
+you are doing when modifying PAM configuration files. It is possible
+to set up PAM such that you can no longer log into your system.
+.PP
+If more than one UNIX machine is running \fBwinbindd\fR,
+then in general the user and groups ids allocated by winbindd will not
+be the same. The user and group ids will only be valid for the local
+machine.
+.PP
+If the the Windows NT RID to UNIX user and group id mapping
+file is damaged or destroyed then the mappings will be lost.
+.SH "SIGNALS"
+.PP
+The following signals can be used to manipulate the
+\fBwinbindd\fR daemon.
+.TP
+\fBSIGHUP\fR
+Reload the \fIsmb.conf(5)\fR
+file and apply any parameter changes to the running
+version of winbindd. This signal also clears any cached
+user and group information. The list of other domains trusted
+by winbindd is also reloaded.
+.TP
+\fBSIGUSR1\fR
+The SIGUSR1 signal will cause \fB winbindd\fR to write status information to the winbind
+log file including information about the number of user and
+group ids allocated by \fBwinbindd\fR.
-.fi
-
-
-.PP
-Now start \fBwinbindd\fP and you should find that your user and group
-database is expanded to include your NT users and groups, and that you
-can login to your unix box as a domain user, using the \f(CWDOMAIN+user\fP
-syntax for the username\&. You may wish to use the commands "getent
-passwd" and "getent group" to confirm the correct operation of
-\fBwinbindd\fP\&.
-.PP
-.SH "NOTES"
-.PP
-The following notes are useful when configuring and running \fBwinbindd\fP:
-.PP
-.IP
-.IP ""
-\fBnmbd\fP must be running on the local machine for
-\fBwinbindd\fP to work\&.
-.IP
-.IP ""
-\fBwinbindd\fP queries the list of trusted domains for the Windows NT server
-on startup and when a SIGHUP is received\&. Thus, for a running \fBwinbindd\fP
-to become aware of new trust relationships between servers, it must be sent
-a SIGHUP signal\&.
-.IP
-.IP ""
-Client processes resolving names through the \fBwinbindd\fP nsswitch module
-read an environment variable named \f(CWWINBINDD_DOMAIN\fP\&. If this variable
-contains a comma separated list of Windows NT domain names, then \fBwinbindd\fP
-will only resolve users and groups within those Windows NT domains\&.
-.IP
-.IP ""
-PAM is really easy to misconfigure\&. Make sure you know what you are doing
-when modifying PAM configuration files\&. It is possible to set up PAM
-such that you can no longer log into your system\&.
-.IP
-.IP ""
-If more than one UNIX machine is running \fBwinbindd\fP, then in general the
-user and groups ids allocated by \fBwinbindd\fP will not be the same\&. The
-user and group ids will only be valid for the local machine\&.
-.IP
-.IP ""
-If the the Windows NT RID to UNIX user and group id mapping file
-is damaged or destroyed then the mappings will be lost\&.
-.IP
-.PP
-.SH "SIGNALS"
-.PP
-The following signals can be used to manipulate the \fBwinbindd\fP daemon\&.
-.PP
-.IP
-.IP "\f(CWSIGHUP\fP"
-.IP
-Reload the \f(CWsmb\&.conf\fP file and apply any parameter changes to the running
-version of \fBwinbindd\fP\&. This signal also clears any cached user and group
-information\&. The list of other domains trusted by \fBwinbindd\fP is also
-reloaded\&.
-.IP
-.IP "\f(CWSIGUSR1\fP"
-.IP
-The \f(CWSIGUSR1\fP signal will cause \fBwinbindd\fP to write status information
-to the winbind log file including information about the number of user and
-group ids allocated by \fBwinbindd\fP\&.
-.IP
-Log files are stored in the filename specified by the \fBlog file\fP parameter\&.
-.IP
-.PP
-.SH "FILES"
-.PP
-The following files are relevant to the operation of the \fBwinbindd\fP
-daemon\&.
-.PP
-.IP
-.IP "/etc/nsswitch\&.conf(5)"
-.IP
-Name service switch configuration file\&.
-.IP
-.IP "/tmp/\&.winbindd/pipe"
-.IP
-The UNIX pipe over which clients communicate with the \fBwinbindd\fP program\&.
-For security reasons, the winbind client will only attempt to connect to the
-\fBwinbindd\fP daemon if both the \f(CW/tmp/\&.winbindd\fP directory and
-\f(CW/tmp/\&.winbindd/pipe\fP file are owned by root\&.
-.IP
-.IP "/lib/libnss_winbind\&.so\&.X"
-.IP
-Implementation of name service switch library\&.
-.IP
-.IP "$LOCKDIR/winbindd_idmap\&.tdb"
-.IP
-Storage for the Windows NT rid to UNIX user/group id mapping\&. The lock
-directory is specified when Samba is initially compiled using the
-\f(CW--with-lockdir\fP option\&. This directory is by default
-\f(CW/usr/local/samba/var/locks\fP\&.
-.IP
-.IP "$LOCKDIR/winbindd_cache\&.tdb"
-.IP
-Storage for cached user and group information\&.
-.IP
-.PP
-.SH "SEE ALSO"
-.PP
-\fBsamba(7)\fP, \fBsmb\&.conf(5)\fP,
-\fBnsswitch\&.conf(5)\fP, \fBwbinfo(1)\fP
-.PP
-.SH "AUTHOR"
-.PP
-The original Samba software and related utilities were created by
-Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open
-Source project\&.
-.PP
-\fBwinbindd\fP was written by Tim Potter\&.
+Log files are stored in the filename specified by the
+log file parameter.
+.SH "FILES"
+.TP
+\fB\fI/etc/nsswitch.conf(5)\fB\fR
+Name service switch configuration file.
+.TP
+\fB/tmp/.winbindd/pipe\fR
+The UNIX pipe over which clients communicate with
+the \fBwinbindd\fR program. For security reasons, the
+winbind client will only attempt to connect to the winbindd daemon
+if both the \fI/tmp/.winbindd\fR directory
+and \fI/tmp/.winbindd/pipe\fR file are owned by
+root.
+.TP
+\fB/lib/libnss_winbind.so.X\fR
+Implementation of name service switch library.
+.TP
+\fB$LOCKDIR/winbindd_idmap.tdb\fR
+Storage for the Windows NT rid to UNIX user/group
+id mapping. The lock directory is specified when Samba is initially
+compiled using the \fI--with-lockdir\fR option.
+This directory is by default \fI/usr/local/samba/var/locks
+\fR\&.
+.TP
+\fB$LOCKDIR/winbindd_cache.tdb\fR
+Storage for cached user and group information.
+.SH "VERSION"
+.PP
+This man page is correct for version 2.2 of
+the Samba suite. winbindd is however not available in
+stable release of Samba as of yet.
+.SH "SEE ALSO"
+.PP
+\fInsswitch.conf(5)\fR,
+samba(7) <URL:samba.7.html>,
+wbinfo(1) <URL:wbinfo.1.html>,
+smb.conf(5) <URL:smb.conf.5.html>
+.SH "AUTHOR"
+.PP
+The original Samba software and related utilities
+were created by Andrew Tridgell. Samba is now developed
+by the Samba Team as an Open Source project similar
+to the way the Linux kernel is developed.
+.PP
+\fBwbinfo\fR and \fBwinbindd\fR
+were written by Tim Potter.
+.PP
+The conversion to DocBook for Samba 2.2 was done
+by Gerald Carter
git.samba.org / samba.git / commitdiff