Samba Winbind Configuration
Much of the configuration
of Winbind is done using Samba. The main Winbind options appear in
smb.conf
(although, as described earlier, some
options are set in the PAM and NSS configuration files, as well).
Thus, you must know how to set these Samba options. Running the
Winbind daemon is also critically important to getting the system
running.
Tip
This configuration occurs on the domain member server—the Linux system you want to configure to use a domain controller’s account database. If you use a Samba server as the domain controller, it requires its own configuration, which need not include most of the options described here.
Winbind Options in smb.conf
You should configure the smb.conf file on the
domain member server much as you would for any Samba server on a
domain, as described in Chapter 3. Most
notably, you should set the workgroup,
security, encrypt passwords,
and password
server global
options:
workgroup =GREENHOUSEsecurity = Domain encrypt passwords = Yes password server =192.168.1.1
You should adjust the values of the workgroup and
password server parameters for your network, of
course. The security parameter must be set to
Domain, and encrypt
passwords must be set to Yes.
Tip
If your domain controller supports AD, you can set
security
=
ADS instead of security
=
Domain, but this configuration requires setting additional options and can be finicky. It provides somewhat better security on your LAN because it uses the extremely robust Kerberos ...