Samba Winbind Configuration

Much of the configuration of Winbind is done using Samba. The main Winbind options appear in smb.conf (although, as described earlier, some options are set in the PAM and NSS configuration files, as well). Thus, you must know how to set these Samba options. Running the Winbind daemon is also critically important to getting the system running.


This configuration occurs on the domain member server—the Linux system you want to configure to use a domain controller’s account database. If you use a Samba server as the domain controller, it requires its own configuration, which need not include most of the options described here.

Winbind Options in smb.conf

You should configure the smb.conf file on the domain member server much as you would for any Samba server on a domain, as described in Chapter 3. Most notably, you should set the workgroup, security, encrypt passwords, and password server global options:

workgroup = GREENHOUSE
security = Domain
encrypt passwords = Yes
password server =

You should adjust the values of the workgroup and password server parameters for your network, of course. The security parameter must be set to Domain, and encrypt passwords must be set to Yes.


If your domain controller supports AD, you can set security = ADS instead of security = Domain, but this configuration requires setting additional options and can be finicky. It provides somewhat better security on your LAN because it uses the extremely robust Kerberos ...

Get Linux in a Windows World now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.