mirror of
https://github.com/samba-team/samba.git
synced 2025-02-24 13:57:43 +03:00
regenerate
This commit is contained in:
parent
89bbec5216
commit
57c9a6a1e8
@ -1,43 +1,92 @@
|
||||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<HTML
|
||||
><HEAD
|
||||
><TITLE
|
||||
>Unified Logons between Windows NT and UNIX using Winbind</TITLE
|
||||
><META
|
||||
NAME="GENERATOR"
|
||||
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
|
||||
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
|
||||
"><LINK
|
||||
REL="HOME"
|
||||
TITLE="SAMBA Project Documentation"
|
||||
HREF="Samba-HOWTO.html"><LINK
|
||||
REL="PREVIOUS"
|
||||
TITLE="security = domain in Samba 2.x"
|
||||
HREF="domain-security.html"><LINK
|
||||
REL="NEXT"
|
||||
TITLE="How to Configure Samba 2.2 as a Primary Domain Controller"
|
||||
HREF="samba-pdc.html"></HEAD
|
||||
><BODY
|
||||
CLASS="ARTICLE"
|
||||
CLASS="CHAPTER"
|
||||
BGCOLOR="#FFFFFF"
|
||||
TEXT="#000000"
|
||||
LINK="#0000FF"
|
||||
VLINK="#840084"
|
||||
ALINK="#0000FF"
|
||||
><DIV
|
||||
CLASS="ARTICLE"
|
||||
><DIV
|
||||
CLASS="TITLEPAGE"
|
||||
><H1
|
||||
CLASS="TITLE"
|
||||
CLASS="NAVHEADER"
|
||||
><TABLE
|
||||
SUMMARY="Header navigation table"
|
||||
WIDTH="100%"
|
||||
BORDER="0"
|
||||
CELLPADDING="0"
|
||||
CELLSPACING="0"
|
||||
><TR
|
||||
><TH
|
||||
COLSPAN="3"
|
||||
ALIGN="center"
|
||||
>SAMBA Project Documentation</TH
|
||||
></TR
|
||||
><TR
|
||||
><TD
|
||||
WIDTH="10%"
|
||||
ALIGN="left"
|
||||
VALIGN="bottom"
|
||||
><A
|
||||
NAME="WINBIND"
|
||||
>Unified Logons between Windows NT and UNIX using Winbind</A
|
||||
></H1
|
||||
><HR></DIV
|
||||
HREF="domain-security.html"
|
||||
ACCESSKEY="P"
|
||||
>Prev</A
|
||||
></TD
|
||||
><TD
|
||||
WIDTH="80%"
|
||||
ALIGN="center"
|
||||
VALIGN="bottom"
|
||||
></TD
|
||||
><TD
|
||||
WIDTH="10%"
|
||||
ALIGN="right"
|
||||
VALIGN="bottom"
|
||||
><A
|
||||
HREF="samba-pdc.html"
|
||||
ACCESSKEY="N"
|
||||
>Next</A
|
||||
></TD
|
||||
></TR
|
||||
></TABLE
|
||||
><HR
|
||||
ALIGN="LEFT"
|
||||
WIDTH="100%"></DIV
|
||||
><DIV
|
||||
CLASS="CHAPTER"
|
||||
><H1
|
||||
><A
|
||||
NAME="WINBIND">Chapter 11. Unified Logons between Windows NT and UNIX using Winbind</H1
|
||||
><DIV
|
||||
CLASS="SECT1"
|
||||
><H1
|
||||
CLASS="SECT1"
|
||||
><A
|
||||
NAME="AEN3"
|
||||
>Abstract</A
|
||||
></H1
|
||||
NAME="AEN1394">11.1. Abstract</H1
|
||||
><P
|
||||
>Integration of UNIX and Microsoft Windows NT through
|
||||
a unified logon has been considered a "holy grail" in heterogeneous
|
||||
computing environments for a long time. We present
|
||||
<I
|
||||
<SPAN
|
||||
CLASS="emphasis"
|
||||
><I
|
||||
CLASS="EMPHASIS"
|
||||
>winbind</I
|
||||
></SPAN
|
||||
>, a component of the Samba suite
|
||||
of programs as a solution to the unified logon problem. Winbind
|
||||
uses a UNIX implementation
|
||||
@ -49,12 +98,10 @@ CLASS="EMPHASIS"
|
||||
></DIV
|
||||
><DIV
|
||||
CLASS="SECT1"
|
||||
><HR><H1
|
||||
><H1
|
||||
CLASS="SECT1"
|
||||
><A
|
||||
NAME="AEN7"
|
||||
>Introduction</A
|
||||
></H1
|
||||
NAME="AEN1398">11.2. Introduction</H1
|
||||
><P
|
||||
>It is well known that UNIX and Microsoft Windows NT have
|
||||
different models for representing user and group information and
|
||||
@ -103,12 +150,10 @@ NAME="AEN7"
|
||||
></DIV
|
||||
><DIV
|
||||
CLASS="SECT1"
|
||||
><HR><H1
|
||||
><H1
|
||||
CLASS="SECT1"
|
||||
><A
|
||||
NAME="AEN20"
|
||||
>What Winbind Provides</A
|
||||
></H1
|
||||
NAME="AEN1411">11.3. What Winbind Provides</H1
|
||||
><P
|
||||
>Winbind unifies UNIX and Windows NT account management by
|
||||
allowing a UNIX box to become a full member of a NT domain. Once
|
||||
@ -145,12 +190,10 @@ NAME="AEN20"
|
||||
location (on the domain controller).</P
|
||||
><DIV
|
||||
CLASS="SECT2"
|
||||
><HR><H2
|
||||
><H2
|
||||
CLASS="SECT2"
|
||||
><A
|
||||
NAME="AEN27"
|
||||
>Target Uses</A
|
||||
></H2
|
||||
NAME="AEN1418">11.3.1. Target Uses</H2
|
||||
><P
|
||||
>Winbind is targeted at organizations that have an
|
||||
existing NT based domain infrastructure into which they wish
|
||||
@ -169,12 +212,10 @@ NAME="AEN27"
|
||||
></DIV
|
||||
><DIV
|
||||
CLASS="SECT1"
|
||||
><HR><H1
|
||||
><H1
|
||||
CLASS="SECT1"
|
||||
><A
|
||||
NAME="AEN31"
|
||||
>How Winbind Works</A
|
||||
></H1
|
||||
NAME="AEN1422">11.4. How Winbind Works</H1
|
||||
><P
|
||||
>The winbind system is designed around a client/server
|
||||
architecture. A long running <B
|
||||
@ -189,12 +230,10 @@ CLASS="COMMAND"
|
||||
in detail below.</P
|
||||
><DIV
|
||||
CLASS="SECT2"
|
||||
><HR><H2
|
||||
><H2
|
||||
CLASS="SECT2"
|
||||
><A
|
||||
NAME="AEN36"
|
||||
>Microsoft Remote Procedure Calls</A
|
||||
></H2
|
||||
NAME="AEN1427">11.4.1. Microsoft Remote Procedure Calls</H2
|
||||
><P
|
||||
>Over the last two years, efforts have been underway
|
||||
by various Samba Team members to decode various aspects of
|
||||
@ -215,12 +254,10 @@ NAME="AEN36"
|
||||
></DIV
|
||||
><DIV
|
||||
CLASS="SECT2"
|
||||
><HR><H2
|
||||
><H2
|
||||
CLASS="SECT2"
|
||||
><A
|
||||
NAME="AEN40"
|
||||
>Name Service Switch</A
|
||||
></H2
|
||||
NAME="AEN1431">11.4.2. Name Service Switch</H2
|
||||
><P
|
||||
>The Name Service Switch, or NSS, is a feature that is
|
||||
present in many UNIX operating systems. It allows system
|
||||
@ -295,12 +332,10 @@ CLASS="FILENAME"
|
||||
></DIV
|
||||
><DIV
|
||||
CLASS="SECT2"
|
||||
><HR><H2
|
||||
><H2
|
||||
CLASS="SECT2"
|
||||
><A
|
||||
NAME="AEN56"
|
||||
>Pluggable Authentication Modules</A
|
||||
></H2
|
||||
NAME="AEN1447">11.4.3. Pluggable Authentication Modules</H2
|
||||
><P
|
||||
>Pluggable Authentication Modules, also known as PAM,
|
||||
is a system for abstracting authentication and authorization
|
||||
@ -344,12 +379,10 @@ CLASS="FILENAME"
|
||||
></DIV
|
||||
><DIV
|
||||
CLASS="SECT2"
|
||||
><HR><H2
|
||||
><H2
|
||||
CLASS="SECT2"
|
||||
><A
|
||||
NAME="AEN64"
|
||||
>User and Group ID Allocation</A
|
||||
></H2
|
||||
NAME="AEN1455">11.4.4. User and Group ID Allocation</H2
|
||||
><P
|
||||
>When a user or group is created under Windows NT
|
||||
is it allocated a numerical relative identifier (RID). This is
|
||||
@ -370,12 +403,10 @@ NAME="AEN64"
|
||||
></DIV
|
||||
><DIV
|
||||
CLASS="SECT2"
|
||||
><HR><H2
|
||||
><H2
|
||||
CLASS="SECT2"
|
||||
><A
|
||||
NAME="AEN68"
|
||||
>Result Caching</A
|
||||
></H2
|
||||
NAME="AEN1459">11.4.5. Result Caching</H2
|
||||
><P
|
||||
>An active system can generate a lot of user and group
|
||||
name lookups. To reduce the network cost of these lookups winbind
|
||||
@ -393,12 +424,10 @@ NAME="AEN68"
|
||||
></DIV
|
||||
><DIV
|
||||
CLASS="SECT1"
|
||||
><HR><H1
|
||||
><H1
|
||||
CLASS="SECT1"
|
||||
><A
|
||||
NAME="AEN71"
|
||||
>Installation and Configuration</A
|
||||
></H1
|
||||
NAME="AEN1462">11.5. Installation and Configuration</H1
|
||||
><P
|
||||
>Many thanks to John Trostel <A
|
||||
HREF="mailto:jtrostel@snapserver.com"
|
||||
@ -420,12 +449,10 @@ Future revisions of this document will incorporate that
|
||||
information.</P
|
||||
><DIV
|
||||
CLASS="SECT2"
|
||||
><HR><H2
|
||||
><H2
|
||||
CLASS="SECT2"
|
||||
><A
|
||||
NAME="AEN78"
|
||||
>Introduction</A
|
||||
></H2
|
||||
NAME="AEN1469">11.5.1. Introduction</H2
|
||||
><P
|
||||
>This HOWTO describes the procedures used to get winbind up and
|
||||
running on my RedHat 7.1 system. Winbind is capable of providing access
|
||||
@ -441,9 +468,12 @@ somewhat to fit the way your distribution works.</P
|
||||
><UL
|
||||
><LI
|
||||
><P
|
||||
> <I
|
||||
> <SPAN
|
||||
CLASS="emphasis"
|
||||
><I
|
||||
CLASS="EMPHASIS"
|
||||
>Why should I to this?</I
|
||||
></SPAN
|
||||
>
|
||||
</P
|
||||
><P
|
||||
@ -455,9 +485,12 @@ CLASS="EMPHASIS"
|
||||
></LI
|
||||
><LI
|
||||
><P
|
||||
> <I
|
||||
> <SPAN
|
||||
CLASS="emphasis"
|
||||
><I
|
||||
CLASS="EMPHASIS"
|
||||
>Who should be reading this document?</I
|
||||
></SPAN
|
||||
>
|
||||
</P
|
||||
><P
|
||||
@ -473,29 +506,36 @@ CLASS="EMPHASIS"
|
||||
></DIV
|
||||
><DIV
|
||||
CLASS="SECT2"
|
||||
><HR><H2
|
||||
><H2
|
||||
CLASS="SECT2"
|
||||
><A
|
||||
NAME="AEN91"
|
||||
>Requirements</A
|
||||
></H2
|
||||
NAME="AEN1482">11.5.2. Requirements</H2
|
||||
><P
|
||||
>If you have a samba configuration file that you are currently
|
||||
using... <I
|
||||
using... <SPAN
|
||||
CLASS="emphasis"
|
||||
><I
|
||||
CLASS="EMPHASIS"
|
||||
>BACK IT UP!</I
|
||||
></SPAN
|
||||
> If your system already uses PAM,
|
||||
<I
|
||||
<SPAN
|
||||
CLASS="emphasis"
|
||||
><I
|
||||
CLASS="EMPHASIS"
|
||||
>back up the <TT
|
||||
CLASS="FILENAME"
|
||||
>/etc/pam.d</TT
|
||||
> directory
|
||||
contents!</I
|
||||
></SPAN
|
||||
> If you haven't already made a boot disk,
|
||||
<I
|
||||
<SPAN
|
||||
CLASS="emphasis"
|
||||
><I
|
||||
CLASS="EMPHASIS"
|
||||
>MAKE ONE NOW!</I
|
||||
></SPAN
|
||||
></P
|
||||
><P
|
||||
>Messing with the pam configuration files can make it nearly impossible
|
||||
@ -534,12 +574,10 @@ CLASS="FILENAME"
|
||||
></DIV
|
||||
><DIV
|
||||
CLASS="SECT2"
|
||||
><HR><H2
|
||||
><H2
|
||||
CLASS="SECT2"
|
||||
><A
|
||||
NAME="AEN105"
|
||||
>Testing Things Out</A
|
||||
></H2
|
||||
NAME="AEN1496">11.5.3. Testing Things Out</H2
|
||||
><P
|
||||
>Before starting, it is probably best to kill off all the SAMBA
|
||||
related daemons running on your server. Kill off all <B
|
||||
@ -579,12 +617,10 @@ CLASS="FILENAME"
|
||||
> RPMs installed.</P
|
||||
><DIV
|
||||
CLASS="SECT3"
|
||||
><HR><H3
|
||||
><H3
|
||||
CLASS="SECT3"
|
||||
><A
|
||||
NAME="AEN116"
|
||||
>Configure and compile SAMBA</A
|
||||
></H3
|
||||
NAME="AEN1507">11.5.3.1. Configure and compile SAMBA</H3
|
||||
><P
|
||||
>The configuration and compilation of SAMBA is pretty straightforward.
|
||||
The first three steps may not be necessary depending upon
|
||||
@ -645,16 +681,14 @@ It will also build the winbindd executable and libraries. </P
|
||||
></DIV
|
||||
><DIV
|
||||
CLASS="SECT3"
|
||||
><HR><H3
|
||||
><H3
|
||||
CLASS="SECT3"
|
||||
><A
|
||||
NAME="AEN135"
|
||||
>Configure <TT
|
||||
NAME="AEN1526">11.5.3.2. Configure <TT
|
||||
CLASS="FILENAME"
|
||||
>nsswitch.conf</TT
|
||||
> and the
|
||||
winbind libraries</A
|
||||
></H3
|
||||
winbind libraries</H3
|
||||
><P
|
||||
>The libraries needed to run the <B
|
||||
CLASS="COMMAND"
|
||||
@ -750,12 +784,10 @@ and echos back a check to you.</P
|
||||
></DIV
|
||||
><DIV
|
||||
CLASS="SECT3"
|
||||
><HR><H3
|
||||
><H3
|
||||
CLASS="SECT3"
|
||||
><A
|
||||
NAME="AEN168"
|
||||
>Configure smb.conf</A
|
||||
></H3
|
||||
NAME="AEN1559">11.5.3.3. Configure smb.conf</H3
|
||||
><P
|
||||
>Several parameters are needed in the smb.conf file to control
|
||||
the behavior of <B
|
||||
@ -825,12 +857,10 @@ TARGET="_top"
|
||||
></DIV
|
||||
><DIV
|
||||
CLASS="SECT3"
|
||||
><HR><H3
|
||||
><H3
|
||||
CLASS="SECT3"
|
||||
><A
|
||||
NAME="AEN184"
|
||||
>Join the SAMBA server to the PDC domain</A
|
||||
></H3
|
||||
NAME="AEN1575">11.5.3.4. Join the SAMBA server to the PDC domain</H3
|
||||
><P
|
||||
>Enter the following command to make the SAMBA server join the
|
||||
PDC domain, where <TT
|
||||
@ -871,12 +901,10 @@ is your DOMAIN name.</P
|
||||
></DIV
|
||||
><DIV
|
||||
CLASS="SECT3"
|
||||
><HR><H3
|
||||
><H3
|
||||
CLASS="SECT3"
|
||||
><A
|
||||
NAME="AEN195"
|
||||
>Start up the winbindd daemon and test it!</A
|
||||
></H3
|
||||
NAME="AEN1586">11.5.3.5. Start up the winbindd daemon and test it!</H3
|
||||
><P
|
||||
>Eventually, you will want to modify your smb startup script to
|
||||
automatically invoke the winbindd daemon when the other parts of
|
||||
@ -994,20 +1022,16 @@ CLASS="COMMAND"
|
||||
></DIV
|
||||
><DIV
|
||||
CLASS="SECT3"
|
||||
><HR><H3
|
||||
><H3
|
||||
CLASS="SECT3"
|
||||
><A
|
||||
NAME="AEN231"
|
||||
>Fix the init.d startup scripts</A
|
||||
></H3
|
||||
NAME="AEN1622">11.5.3.6. Fix the init.d startup scripts</H3
|
||||
><DIV
|
||||
CLASS="SECT4"
|
||||
><H4
|
||||
CLASS="SECT4"
|
||||
><A
|
||||
NAME="AEN233"
|
||||
>Linux</A
|
||||
></H4
|
||||
NAME="AEN1624">11.5.3.6.1. Linux</H4
|
||||
><P
|
||||
>The <B
|
||||
CLASS="COMMAND"
|
||||
@ -1098,12 +1122,10 @@ CLASS="PROGRAMLISTING"
|
||||
></DIV
|
||||
><DIV
|
||||
CLASS="SECT4"
|
||||
><HR><H4
|
||||
><H4
|
||||
CLASS="SECT4"
|
||||
><A
|
||||
NAME="AEN250"
|
||||
>Solaris</A
|
||||
></H4
|
||||
NAME="AEN1641">11.5.3.6.2. Solaris</H4
|
||||
><P
|
||||
>On solaris, you need to modify the
|
||||
<TT
|
||||
@ -1169,12 +1191,10 @@ esac</PRE
|
||||
></DIV
|
||||
><DIV
|
||||
CLASS="SECT4"
|
||||
><HR><H4
|
||||
><H4
|
||||
CLASS="SECT4"
|
||||
><A
|
||||
NAME="AEN257"
|
||||
>Restarting</A
|
||||
></H4
|
||||
NAME="AEN1648">11.5.3.6.3. Restarting</H4
|
||||
><P
|
||||
>If you restart the <B
|
||||
CLASS="COMMAND"
|
||||
@ -1193,12 +1213,10 @@ if you were a local user.</P
|
||||
></DIV
|
||||
><DIV
|
||||
CLASS="SECT3"
|
||||
><HR><H3
|
||||
><H3
|
||||
CLASS="SECT3"
|
||||
><A
|
||||
NAME="AEN263"
|
||||
>Configure Winbind and PAM</A
|
||||
></H3
|
||||
NAME="AEN1654">11.5.3.7. Configure Winbind and PAM</H3
|
||||
><P
|
||||
>If you have made it this far, you know that winbindd and samba are working
|
||||
together. If you want to use winbind to provide authentication for other
|
||||
@ -1251,12 +1269,10 @@ CLASS="COMMAND"
|
||||
></P
|
||||
><DIV
|
||||
CLASS="SECT4"
|
||||
><HR><H4
|
||||
><H4
|
||||
CLASS="SECT4"
|
||||
><A
|
||||
NAME="AEN280"
|
||||
>Linux/FreeBSD-specific PAM configuration</A
|
||||
></H4
|
||||
NAME="AEN1671">11.5.3.7.1. Linux/FreeBSD-specific PAM configuration</H4
|
||||
><P
|
||||
>The <TT
|
||||
CLASS="FILENAME"
|
||||
@ -1380,12 +1396,10 @@ double prompts for passwords.</P
|
||||
></DIV
|
||||
><DIV
|
||||
CLASS="SECT4"
|
||||
><HR><H4
|
||||
><H4
|
||||
CLASS="SECT4"
|
||||
><A
|
||||
NAME="AEN313"
|
||||
>Solaris-specific configuration</A
|
||||
></H4
|
||||
NAME="AEN1704">11.5.3.7.2. Solaris-specific configuration</H4
|
||||
><P
|
||||
>The /etc/pam.conf needs to be changed. I changed this file so that my Domain
|
||||
users can logon both locally as well as telnet.The following are the changes
|
||||
@ -1467,12 +1481,10 @@ configured in the pam.conf.</P
|
||||
></DIV
|
||||
><DIV
|
||||
CLASS="SECT1"
|
||||
><HR><H1
|
||||
><H1
|
||||
CLASS="SECT1"
|
||||
><A
|
||||
NAME="AEN320"
|
||||
>Limitations</A
|
||||
></H1
|
||||
NAME="AEN1711">11.6. Limitations</H1
|
||||
><P
|
||||
>Winbind has a number of limitations in its current
|
||||
released version that we hope to overcome in future
|
||||
@ -1508,12 +1520,10 @@ NAME="AEN320"
|
||||
></DIV
|
||||
><DIV
|
||||
CLASS="SECT1"
|
||||
><HR><H1
|
||||
><H1
|
||||
CLASS="SECT1"
|
||||
><A
|
||||
NAME="AEN330"
|
||||
>Conclusion</A
|
||||
></H1
|
||||
NAME="AEN1721">11.7. Conclusion</H1
|
||||
><P
|
||||
>The winbind system, through the use of the Name Service
|
||||
Switch, Pluggable Authentication Modules, and appropriate
|
||||
@ -1523,6 +1533,64 @@ NAME="AEN330"
|
||||
cost of running a mixed UNIX and NT network.</P
|
||||
></DIV
|
||||
></DIV
|
||||
><DIV
|
||||
CLASS="NAVFOOTER"
|
||||
><HR
|
||||
ALIGN="LEFT"
|
||||
WIDTH="100%"><TABLE
|
||||
SUMMARY="Footer navigation table"
|
||||
WIDTH="100%"
|
||||
BORDER="0"
|
||||
CELLPADDING="0"
|
||||
CELLSPACING="0"
|
||||
><TR
|
||||
><TD
|
||||
WIDTH="33%"
|
||||
ALIGN="left"
|
||||
VALIGN="top"
|
||||
><A
|
||||
HREF="domain-security.html"
|
||||
ACCESSKEY="P"
|
||||
>Prev</A
|
||||
></TD
|
||||
><TD
|
||||
WIDTH="34%"
|
||||
ALIGN="center"
|
||||
VALIGN="top"
|
||||
><A
|
||||
HREF="Samba-HOWTO.html"
|
||||
ACCESSKEY="H"
|
||||
>Home</A
|
||||
></TD
|
||||
><TD
|
||||
WIDTH="33%"
|
||||
ALIGN="right"
|
||||
VALIGN="top"
|
||||
><A
|
||||
HREF="samba-pdc.html"
|
||||
ACCESSKEY="N"
|
||||
>Next</A
|
||||
></TD
|
||||
></TR
|
||||
><TR
|
||||
><TD
|
||||
WIDTH="33%"
|
||||
ALIGN="left"
|
||||
VALIGN="top"
|
||||
>security = domain in Samba 2.x</TD
|
||||
><TD
|
||||
WIDTH="34%"
|
||||
ALIGN="center"
|
||||
VALIGN="top"
|
||||
> </TD
|
||||
><TD
|
||||
WIDTH="33%"
|
||||
ALIGN="right"
|
||||
VALIGN="top"
|
||||
>How to Configure Samba 2.2 as a Primary Domain Controller</TD
|
||||
></TR
|
||||
></TABLE
|
||||
></DIV
|
||||
></BODY
|
||||
></HTML
|
||||
>
|
Loading…
x
Reference in New Issue
Block a user