• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

Linux OS Service ‘winbind’

by admin

Winbind unifies UNIX and Windows NT account management by allowing a UNIX box to become a full member of a NT domain. The service provided by winbind daemon, is called winbind and can be used to resolve user and group information from a Windows NT server, which makes it understandable by UNIX platforms. The service can also provide authentication services via an associated PAM module. The pam_winbind module supports the auth, account and password module-types.

The winbind service is provided by samba-common package, as a component of samba.

Service Control

To control the winbind service immediately, use the “service” or “systemctl” utility:

# service winbind
Usage: /etc/init.d/winbind {start|stop|restart|reload|status|condrestart}

Configuration

1. Configure /etc/nsswitch

The file /etc/nsswitch tells the system where to lookup passwords and groups, among other things. The definition shown here will cause it first to look in local files /etc/passwd and /etc/group, and then use winbind to query Window Server:

# /etc/nsswitch.conf
...
passwd:     files winbind
shadow:     files winbind
group:      files winbind
...

2. Update PAM configuration file

In the /etc/pam.d/system-auth, the main PAM authentication configuration file, replace the auth lines:

auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_nologin.so
auth sufficient /lib/security/pam_winbind.so
auth required /lib/security/pam_unix.so   use_first_pass shadow nullok

with the below line:

account required /lib/security/pam_winbind.so

3. Join in the Domain

In order to join the domain, use the net program like this:

# net join -S PDC -U Administrator

The username after the -U can be any Domain user that has administrator privileges on the machine. Substitute the name or IP of your PDC/window Server for “PDC”

4. Modify /etc/samba/smb.conf

Modify /etc/samba/smb.conf so it contains directives like the following:

# vi /etc/samba/smb.conf
[global]
winbind separator = +
winbind cache time = 10
template shell = /bin/bash
template homedir = /home/%D/%U
idmap uid = 10000-20000
idmap gid = 10000-20000
workgroup = DOMAIN
security = domain
password server = *

5. Start winbind service.

Start winbind and you should find that your user and group database is expanded to include your NT users and groups, and that you can login to your unix box as a domain user, using the DOMAIN+user syntax for the username.

# service winbind start

After winbind service is started, you may check/get information from winbind daemon using wbinfo tool.

# wbinfo
Usage: wbinfo [OPTION...]
  -u, --domain-users                   Lists all domain users
  -g, --domain-groups                  Lists all domain groups
  -N, --WINS-by-name=NETBIOS-NAME      Converts NetBIOS name to IP
  -I, --WINS-by-ip=IP                  Converts IP address to NetBIOS name
  -n, --name-to-sid=NAME               Converts name to sid
  -s, --sid-to-name=SID                Converts sid to name
  -U, --uid-to-sid=UID                 Converts uid to sid
  -G, --gid-to-sid=GID                 Converts gid to sid
  -S, --sid-to-uid=SID                 Converts sid to uid
  -Y, --sid-to-gid=SID                 Converts sid to gid
  -A, --allocate-rid                   Get a new RID out of idmap
  -c, --create-user=name               Create a local user account
  -x, --delete-user=name               Delete a local user account
  -C, --create-group=name              Create a local group
  -X, --delete-group=name              Delete a local group
  -o, --add-to-group=user:group        Add user to group
  -O, --del-from-group=user:group      Remove user from group
  -t, --check-secret                   Check shared secret
  -m, --trusted-domains                List trusted domains
  --sequence                           Show sequence numbers of all domains
  -D, --domain-info=STRING             Show most of the info we have about the
                                       domain
  -r, --user-groups=USER               Get user groups
  --user-sids=SID                      Get user group sids for user SID
  -a, --authenticate=user%password     authenticate user
  --set-auth-user=user%password        Store user and password used by
                                       winbindd (root only)
  --get-auth-user                      Retrieve user and password used by
                                       winbindd (root only)
  -p, --ping                           Ping winbindd to see if it is alive
  --domain=domain                      Define to the domain to restrict
                                       operation

Filed Under: Linux, Linux Services

Some more articles you might also be interested in …

  1. How to Execute Scripts/Commands using /etc/rc.d/rc.local in CentOS/RHEL 7
  2. How to block non-root user from creating crontab entry in Linux
  3. fuser Command Examples in Linux
  4. Configuring Persistent Storage in CentOS/RHEL 5,6 for Single Path using udev rules
  5. tar Command Examples in Linux
  6. Configure Persistent NIC Names of Network Adaptors in CentOS/RHEL using udev Rules
  7. How to Find and Delete Empty Directories and Files in Linux
  8. How to Copy / Move Files and Directories in Linux with “cp” and “mv” commands
  9. “yum clean all” not clearing yum repository cache in CentOS/RHEL/OEL
  10. CIFS Share Filesystem Is Not Mounted after Reboot on CentOS/RHEL 7

You May Also Like

Primary Sidebar

Recent Posts

  • qemu-system-x86_64: command not found
  • timedatectl: command not found
  • mpirun.openmpi: command not found
  • startkde: command not found

© 2022 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright