pavement

WINBIND

From FreeBSDwiki
Jump to: navigation, search

WINBIND is a service that originates from source code intended to give Samba the Domain Controller functionality of Windows NT. It now exists as an authentication subsystem, installable through the Ports system, and utilised through the NSSwitch service.

The main use of this service is in conjunction with Samba to authenticate against Active Directory (or classic NT Domains) for shares hosted by Samba. In other words a Windows user who signs in against Active Directory can access a Samba share on FreeBSD and for that share to be secured for access by that user's Windows account or group memberships. So a share can be limited to those in the Active Directory group 'Accounts Team' or simply the user 'Bob' for example. Permissions can be expanded by using ACL settings at the file system level.

It is also possible to use WINBIND in other PAM-enabled services, such as FTP, IMAP, kde-np POP3, SSH, xdm, su and Telnet in order to authenticate users against Active Directory.

The SSH service can be configured to use WINBIND and utilise a support utility called pam_mkhomedir (available from Ports) to automatically create a home directory (typically '/home/DOMAINNAME/Username/') following a successful login.

Personal tools