pavement

WINBIND

From FreeBSDwiki
(Difference between revisions)
Jump to: navigation, search
m (Minor edits)
m (Minor edit for ftp to FTP)
 
Line 3: Line 3:
 
The main use of this service is in conjunction with [[Samba]] to authenticate against Active Directory (or classic NT Domains) for shares hosted by Samba.  In other words a Windows user who signs in against Active Directory can access a Samba share on FreeBSD and for that share to be secured for access by that user's Windows account or group memberships.  So a share can be limited to those in the Active Directory group 'Accounts Team' or simply the user 'Bob' for example.  Permissions can be expanded by using [[ACL]] settings at the file system level.  
 
The main use of this service is in conjunction with [[Samba]] to authenticate against Active Directory (or classic NT Domains) for shares hosted by Samba.  In other words a Windows user who signs in against Active Directory can access a Samba share on FreeBSD and for that share to be secured for access by that user's Windows account or group memberships.  So a share can be limited to those in the Active Directory group 'Accounts Team' or simply the user 'Bob' for example.  Permissions can be expanded by using [[ACL]] settings at the file system level.  
  
It is also possible to use WINBIND in other [[PAM]]-enabled services, such as [[ftp]], [[IMAP]], kde-np [[POP3]], [[SSH]], xdm, [[su]] and [[Telnet]] in order to authenticate users against Active Directory.
+
It is also possible to use WINBIND in other [[PAM]]-enabled services, such as [[FTP]], [[IMAP]], kde-np [[POP3]], [[SSH]], xdm, [[su]] and [[Telnet]] in order to authenticate users against Active Directory.
 
   
 
   
 
The SSH service can be configured to use WINBIND and utilise a support utility called ''pam_mkhomedir'' (available from Ports) to automatically create a home directory (typically '/home/DOMAINNAME/Username/') following a successful login.
 
The SSH service can be configured to use WINBIND and utilise a support utility called ''pam_mkhomedir'' (available from Ports) to automatically create a home directory (typically '/home/DOMAINNAME/Username/') following a successful login.
  
 
[[Category:FreeBSD Terminology]]
 
[[Category:FreeBSD Terminology]]

Latest revision as of 12:50, 18 October 2007

WINBIND is a service that originates from source code intended to give Samba the Domain Controller functionality of Windows NT. It now exists as an authentication subsystem, installable through the Ports system, and utilised through the NSSwitch service.

The main use of this service is in conjunction with Samba to authenticate against Active Directory (or classic NT Domains) for shares hosted by Samba. In other words a Windows user who signs in against Active Directory can access a Samba share on FreeBSD and for that share to be secured for access by that user's Windows account or group memberships. So a share can be limited to those in the Active Directory group 'Accounts Team' or simply the user 'Bob' for example. Permissions can be expanded by using ACL settings at the file system level.

It is also possible to use WINBIND in other PAM-enabled services, such as FTP, IMAP, kde-np POP3, SSH, xdm, su and Telnet in order to authenticate users against Active Directory.

The SSH service can be configured to use WINBIND and utilise a support utility called pam_mkhomedir (available from Ports) to automatically create a home directory (typically '/home/DOMAINNAME/Username/') following a successful login.

Personal tools