HP CIFS Server 3.0d Administrator's Guide version A.02.02 (Edition 5)
Winbind Support
Overview
Chapter 7166
How Winbind works
Winbind works by using the winbind daemon
(/opt/samba/bin/winbindd) that communicates with a Windows
Domain Controller, the name services provided by the Name Service
Switch (NSS), and configuration options in the smb.conf file. With
winbind support, you need to set up the NSS configuration file,
/etc/nsswitch.conf, to enable a HP-UX system to look up UID and
GID mappings for users and groups that reside exclusively in the
Windows domain.
When a user connects to a CIFS server share, the user’s Windows SID
(Security Identifier) is mapped to a UID and set of GID within a range
specified in the smb.conf file. When the user creates or modifies a file
on the share, this mapped UID and GID pair is recorded as the owner
and group owner of the file.
When a UNIX procees needs to translate these UID and GID pairs into
user names, it calls standard C library functions, getpwname() and
getgrnam(), to search the user name associated with the UID and GID
pair. These routines in turn use the entries in the /etc/nsswitch.conf
file to determine which name services backend to use to obtain the
information. When the winbind entry is specified in the
/etc/nsswitch.conf file, the /usr/lib/libnss_winbind.1 routine is
called which interfaces with the winbind daemon, winbindd, to translate
the UID and GID back into the Windows SID, and then query the
password server for the user name associated with this SID.
An alternate method of Windows SID to UNIX UID and GID mappings
can be done using the idmap_rid facility. The idmap_rid facility with
winbind provides a unique mapping of Windows SIDs to local UNIX
UIDs and GIDs throughout a domain without requiring an LDAP. You
can use idmap_rid in a Windows NT or a Windows 2000/2003 ADS
domain. See “idmap_rid with Winbind Support” on page 173 for details.