<p>To setup winbindd for user and group lookups plus authentication from
a domain controller use something like the following setup. This was
tested on a RedHat 6.2 Linux box.
-<p>In /etc/nsswitch.conf put the following:
+<p>In <code>/etc/nsswitch.conf</code> put the following:
<pre>
passwd: files winbind
</pre>
-<p>In /etc/pam.d/* replace the auth lines with something like this:
+<p>In <code>/etc/pam.d/*</code> replace the <code>auth</code> lines with something like this:
<pre>
auth required /lib/security/pam_securetty.so
</pre>
-<p>Note in particular the use of the sufficient keyword and the
-use_first_pass keyword.
+<p>Note in particular the use of the <code>sufficient</code> keyword and the
+<code>use_first_pass</code> keyword.
<p>Now replace the account lines with this:
<pre>
</pre>
-<p>This assumes your domain is called DOMAIN and your Samba workstation
-is called MACHINE.
-<p>Next copy libnss_winbind.so.2 to /lib and pam_winbind.so to
-/lib/security.
+<p>This assumes your domain is called <code>DOMAIN</code> and your Samba workstation
+is called <code>MACHINE</code>.
+<p>Next copy <code>libnss_winbind.so.2</code> to <code>/lib</code> and <code>pam_winbind.so</code> to
+<code>/lib/security</code>.
<p>Finally, setup a smb.conf containing directives like the following:
<pre>
<p>Now start winbindd and you should find that your user and group
database is expanded to include your NT users and groups, and that you
-can login to your unix box as a domain user, using the DOMAIN+user
+can login to your unix box as a domain user, using the <code>DOMAIN+user</code>
syntax for the username. You may wish to use the commands "getent
passwd" and "getent group" to confirm the correct operation of
winbindd.
-<p>NOTE: nmbd must be running on the local machine for winbindd to work.
+<p>NOTE: <a href="nmbd.8.html"><strong>nmbd</strong></a> must be running on the local machine for
+<a href="winbindd.8.html"><strong>winbindd</strong></a> to work.
+<p><a name="SIGNALS"></a>
+<h2>SIGNALS</h2>
+
+<p>The following signals can be used to manipulate the
+<a href="winbindd.8.html"><strong>winbindd</strong></a> daemon.
+<p><dl>
+<p><p></p><dt><strong><code>SIGHUP</code></strong><dd>
+<p>Reload the <code>smb.conf</code> file and apply any parameter changes to the running
+version of <a href="winbindd.8.html"><strong>winbindd</strong></a>. This signal also clears any
+cached user and group information.
+<p><p></p><dt><strong><code>SIGUSR1</code></strong><dd>
+<p>The <code>SIGUSR1</code> signal will cause <a href="winbindd.8.html"><strong>winbindd</strong></a> to
+write status information to the winbind log file including information
+about the number of user and group ids allocated by
+<a href="winbindd.8.html"><strong>winbindd</strong></a>.
+<p>Log files are stored in the filename specified by the <strong>log file</strong> parameter.
+<p></dl>
<p><a name="FILES"></a>
<h2>FILES</h2>
a domain controller use something like the following setup\&. This was
tested on a RedHat 6\&.2 Linux box\&.
.PP
-In /etc/nsswitch\&.conf put the following:
+In \f(CW/etc/nsswitch\&.conf\fP put the following:
.nf
.PP
-In /etc/pam\&.d/* replace the auth lines with something like this:
+In \f(CW/etc/pam\&.d/*\fP replace the \f(CWauth\fP lines with something like this:
.nf
.PP
-Note in particular the use of the sufficient keyword and the
-use_first_pass keyword\&.
+Note in particular the use of the \f(CWsufficient\fP keyword and the
+\f(CWuse_first_pass\fP keyword\&.
.PP
Now replace the account lines with this:
.PP
-This assumes your domain is called DOMAIN and your Samba workstation
-is called MACHINE\&.
+This assumes your domain is called \f(CWDOMAIN\fP and your Samba workstation
+is called \f(CWMACHINE\fP\&.
.PP
-Next copy libnss_winbind\&.so\&.2 to /lib and pam_winbind\&.so to
-/lib/security\&.
+Next copy \f(CWlibnss_winbind\&.so\&.2\fP to \f(CW/lib\fP and \f(CWpam_winbind\&.so\fP to
+\f(CW/lib/security\fP\&.
.PP
Finally, setup a smb\&.conf containing directives like the following:
.PP
Now start winbindd and you should find that your user and group
database is expanded to include your NT users and groups, and that you
-can login to your unix box as a domain user, using the DOMAIN+user
+can login to your unix box as a domain user, using the \f(CWDOMAIN+user\fP
syntax for the username\&. You may wish to use the commands "getent
passwd" and "getent group" to confirm the correct operation of
winbindd\&.
.PP
-NOTE: nmbd must be running on the local machine for winbindd to work\&.
+NOTE: \fBnmbd\fP must be running on the local machine for
+\fBwinbindd\fP to work\&.
+.PP
+.SH "SIGNALS"
+.PP
+The following signals can be used to manipulate the
+\fBwinbindd\fP daemon\&.
+.PP
+.IP
+.IP "\f(CWSIGHUP\fP"
+.IP
+Reload the \f(CWsmb\&.conf\fP file and apply any parameter changes to the running
+version of \fBwinbindd\fP\&. This signal also clears any
+cached user and group information\&.
+.IP
+.IP "\f(CWSIGUSR1\fP"
+.IP
+The \f(CWSIGUSR1\fP signal will cause \fBwinbindd\fP to
+write status information to the winbind log file including information
+about the number of user and group ids allocated by
+\fBwinbindd\fP\&.
+.IP
+Log files are stored in the filename specified by the \fBlog file\fP parameter\&.
+.IP
.PP
.SH "FILES"
.PP
a domain controller use something like the following setup. This was
tested on a RedHat 6.2 Linux box.
-In /etc/nsswitch.conf put the following:
+In tt(/etc/nsswitch.conf) put the following:
verb(
passwd: files winbind
group: files winbind
)
-In /etc/pam.d/* replace the auth lines with something like this:
+In tt(/etc/pam.d/*) replace the tt(auth) lines with something like this:
verb(
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_nologin.so
auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok
)
-Note in particular the use of the sufficient keyword and the
-use_first_pass keyword.
+Note in particular the use of the tt(sufficient) keyword and the
+tt(use_first_pass) keyword.
Now replace the account lines with this:
verb(
createuser MACHINE$ -j DOMAIN -L
)
-This assumes your domain is called DOMAIN and your Samba workstation
-is called MACHINE.
+This assumes your domain is called tt(DOMAIN) and your Samba workstation
+is called tt(MACHINE).
-Next copy libnss_winbind.so.2 to /lib and pam_winbind.so to
-/lib/security.
+Next copy tt(libnss_winbind.so.2) to tt(/lib) and tt(pam_winbind.so) to
+tt(/lib/security).
Finally, setup a smb.conf containing directives like the following:
verb(
Now start winbindd and you should find that your user and group
database is expanded to include your NT users and groups, and that you
-can login to your unix box as a domain user, using the DOMAIN+user
+can login to your unix box as a domain user, using the tt(DOMAIN+user)
syntax for the username. You may wish to use the commands "getent
passwd" and "getent group" to confirm the correct operation of
winbindd.
-NOTE: nmbd must be running on the local machine for winbindd to work.
+NOTE: url(bf(nmbd))(nmbd.8.html) must be running on the local machine for
+url(bf(winbindd))(winbindd.8.html) to work.
+
+label(SIGNALS)
+manpagesection(SIGNALS)
+
+The following signals can be used to manipulate the
+url(bf(winbindd))(winbindd.8.html) daemon.
+
+startdit()
+
+dit(tt(SIGHUP))
+
+Reload the tt(smb.conf) file and apply any parameter changes to the running
+version of url(bf(winbindd))(winbindd.8.html). This signal also clears any
+cached user and group information.
+
+dit(tt(SIGUSR1))
+
+The tt(SIGUSR1) signal will cause url(bf(winbindd))(winbindd.8.html) to
+write status information to the winbind log file including information
+about the number of user and group ids allocated by
+url(bf(winbindd))(winbindd.8.html).
+
+Log files are stored in the filename specified by the bf(log file) parameter.
+
+enddit()
label(FILES)
manpagefiles()
git.samba.org / ira / wip.git / commitdiff