20.1 Features and Benefits


Integration of UNIX and Microsoft Windows NT through a unified logon has been considered a " holy grail " in heterogeneous computing environments for a long time.

There is one other facility without which UNIX and Microsoft Windows network interoperability would suffer greatly. It is imperative that there be a mechanism for sharing files across UNIX systems and to be able to assign domain user and group ownerships with integrity.

winbind is a component of the Samba suite of programs that solves the unified logon problem. Winbind uses a UNIX implementation of Microsoft RPC calls, Pluggable Authentication Modules, and the Name Service Switch to allow Windows NT domain users to appear and operate as UNIX users on a UNIX machine. This chapter describes the Winbind system, explaining the functionality it provides, how it is configured, and how it works internally.

Winbind provides three separate functions:

  • Authentication of user credentials (via PAM).

  • Identity resolution (via NSS).

  • Winbind maintains a database called winbind_idmap.tdb in which it stores mappings between UNIX UIDs / GIDs and NT SIDs. This mapping is used only for users and groups that do not have a local UID/GID. It stored the UID/GID allocated from the idmap uid/gid range that it has mapped to the NT SID. If idmap backend has been specified as ldapsam:url then instead of using a local mapping Winbind will obtain this information from the LDAP database.

N OTE

graphics/round_pencil.gif

If winbindd is not running, smbd (which calls winbindd ) will fall back to using purely local information from /etc/passwd and /etc/group and no dynamic mapping will be used.




Official Samba-3 HOWTO and Reference Guide
The Official Samba-3 HOWTO and Reference Guide, 2nd Edition
ISBN: 0131882228
EAN: 2147483647
Year: 2005
Pages: 297

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net