HP CIFS Server 3.0d Administrator's Guide version A.02.02 (Edition 5)
Winbind Support
Overview
Chapter 7 165
Overview
UNIX and Microsoft Windows NT/ADS have different models to
represent user and group information and use different technologies for
implementing them. Winbind is a component of the Samba suite of
programs that resolve Windows users and groups to HP-UX UIDs and
GIDs. Winbind uses a UNIX implementation and the Name Services
Switch (NSS) to allow Windows NT domain users to appear and operate
as UNIX users on a HP-UX system. Winbind stores the ID mappings
database in a tdb file or an LDAP directory.
Winbind provides the following two features:
• Identity resolution via Name Service Switch (NSS)
The Name Service Switch (NSS) is a feature which allows system
information such as hostname, user names, and group names to be
resolved from different sources.
The NSS application programming interface allows winbind to
present itself as a source of system information when resolving
HP-UX user names and groups. Winbind uses the NSS interfce to
enumerate the users and groups on a HP-UX machine running
winbind and to see all users and groups in a Windows domain.
Winbind provides the library routine,
/etc/lib/libnss_winbind.1, which interfaces to the winbind
daemon to resolve ID mappings.
• User and group ID allocation
Winbind maintains a database called winbind_idmap.tdb where it
stores mapping data between HP-UX UIDs/GIDs and Windows SIDs
(Security Identifiers). It stores the UID and GID allocated from
idmap uid and gid range that it has mapped to the Windows SID. If
the idmap backend has been specified as ldapsam:ldap://<ldap
server name>, then winbind obtains this information from the
LDAP directory server instead of using a local mapping file.
For more information about winbind, refer to chapter 23, “Winbind:Use
of Domain Accounts” in the Samba 3.0 HOWTO Reference Guide at the
following web site:
http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/