WINBIND_KRB5_LOCATOR(7) 7 WINBIND_KRB5_LOCATOR(7)NAMEwinbind_krb5_locator - A plugin for MIT and Heimdal Kerberos for
detecting KDCs using Windows semantics.
DESCRIPTION
This plugin is part of the samba(7) suite.
winbind_krb5_locator is a plugin that permits MIT and Heimdal Kerberos
libraries to detect Kerberos Servers (for the KDC and kpasswd service)
using the same semantics that other tools of the Samba suite use. This
include site-aware DNS service record lookups and caching of closest
dc. The plugin uses the public locator API provided by most modern
Kerberos implementations.
PREREQUISITES
MIT Kerberos (at least version 1.5) or Heimdal Kerberos (at least
version 1.0) is required.
The plugin queries the winbindd(1M) daemon which needs to be configured
and started separately.
The winbind_krb5_locator.so file needs to be manually copied to the
plugin directory of the system Kerberos library. For MIT Kerberos this
is often: /usr/lib/krb5/plugins/libkrb5/. For Heimdal Kerberos this is
often: /usr/lib/plugin/krb5/. Please check your local Kerberos
installation for the correct paths. No modification in /etc/krb5.conf
is required to enable the use of this plugin.
After copying the locator plugin to the appropriate plugin directory it
should immediately be available for use. Users should be able to kinit
into their kerberized Windows environment without any modification or
servers being put manually into /etc/krb5.conf.
VERSION
This man page is correct for version 3 of the Samba suite.
AUTHOR
The original Samba software and related utilities were created by
Andrew Tridgell. Samba is now developed by the Samba Team as an Open
Source project similar to the way the Linux kernel is developed.
The winbind_krb5_locator manpage was written by Guenther Deschner.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
┌────────────────────┬─────────────────────────────────┐
│ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
├────────────────────┼─────────────────────────────────┤
│Availability │ SUNWsmbar, SUNWsmbac, SUNWsmbau │
├────────────────────┼─────────────────────────────────┤
│Interface Stability │ External │
└────────────────────┴─────────────────────────────────┘
NOTES
Source code for Samba is available in the SUNWsmbaS package.
Samba(7) delivers the set of four SMF(5) services as can be seen from
the following example:
$ svcs samba wins winbind swat
STATE STIME FMRI
disabled Apr_21 svc:/network/samba:default
disabled Apr_21 svc:/network/winbind:default
disabled Apr_21 svc:/network/wins:default
disabled Apr_21 svc:/network/swat:default
where the services are:
"samba"
runs the smbd daemon managing the CIFS sessions
"wins"
runs the nmbd daemon enabling the browsing (WINS)
"winbind"
runs the winbindd daemon making the domain idmap
"swat"
Samba Web Administration Tool is a service providing access to
browser-based Samba administration interface and on-line
documentation. The service runs on software loopback network
interface on port 901/tcp, i.e. opening "http://localhost:901/" in
browser will access the SWAT service on local machine.
Please note: SWAT uses HTTP Basic Authentication scheme where user name
and passwords are sent over the network in clear text. In the SWAT case
the user name is root. Transferring such sensitive data is advisable
only on the software loopback network interface or over secure
networks.
Samba 3.6 04/10/2012 WINBIND_KRB5_LOCATOR(7)