pavement

WINBIND

From FreeBSDwiki
(Difference between revisions)
Jump to: navigation, search
(Edited links, some were upper case articles)
Line 3: Line 3:
 
The main use of this service is in conjunction with [[Samba]] to authenticate against Active Directory (or classic NT Domains) for shares hosted by Samba.  In other words a Windows user who signs in against Active Directory can access a Samba share on FreeBSD and for that share to be secured for access by that user's Windows account or group memberships.  So a share can be limited to those in the Active Directory group 'Accounts Team' or simply the user 'Bob'.  Permissions can be expanded by using [[ACL]] settings at the file system level.  
 
The main use of this service is in conjunction with [[Samba]] to authenticate against Active Directory (or classic NT Domains) for shares hosted by Samba.  In other words a Windows user who signs in against Active Directory can access a Samba share on FreeBSD and for that share to be secured for access by that user's Windows account or group memberships.  So a share can be limited to those in the Active Directory group 'Accounts Team' or simply the user 'Bob'.  Permissions can be expanded by using [[ACL]] settings at the file system level.  
  
It is also possible to use WINBIND in other [[PAM]]-enabled services, such as [[ftp]], [[imap]], kde-np [[pop]]3, [[ssh]], xdm, [[su]] and [[telnet]] in order to authenticate users against Active Directory.
+
It is also possible to use WINBIND in other [[PAM]]-enabled services, such as [[ftp]], [[IMAP]], kde-np [[POP3]], [[SSH]], xdm, [[su]] and [[telnet]] in order to authenticate users against Active Directory.
 
   
 
   
 
The SSH service can be configured to use WINBIND and utilise a support utility called ''pam_mkhomedir'' to automatically create a home directory (typically '/home/DOMAINNAME/Username/') following a successful login.
 
The SSH service can be configured to use WINBIND and utilise a support utility called ''pam_mkhomedir'' to automatically create a home directory (typically '/home/DOMAINNAME/Username/') following a successful login.

Revision as of 14:56, 17 October 2007

WINBIND is a service that originates from source code intended to give Samba the Domain Controller functionality of Windows NT. It now exists as an authentication subsystem, installable through the Ports system, and utilised through the NSSwitch system.

The main use of this service is in conjunction with Samba to authenticate against Active Directory (or classic NT Domains) for shares hosted by Samba. In other words a Windows user who signs in against Active Directory can access a Samba share on FreeBSD and for that share to be secured for access by that user's Windows account or group memberships. So a share can be limited to those in the Active Directory group 'Accounts Team' or simply the user 'Bob'. Permissions can be expanded by using ACL settings at the file system level.

It is also possible to use WINBIND in other PAM-enabled services, such as ftp, IMAP, kde-np POP3, SSH, xdm, su and telnet in order to authenticate users against Active Directory.

The SSH service can be configured to use WINBIND and utilise a support utility called pam_mkhomedir to automatically create a home directory (typically '/home/DOMAINNAME/Username/') following a successful login.

Personal tools