Much of the configuration
of Winbind is done using Samba. The main Winbind options appear in
(although, as described earlier, some
options are set in the PAM and NSS configuration files, as well).
Thus, you must know how to set these Samba options. Running the
Winbind daemon is also critically important to getting the system
This configuration occurs on the domain member server—the Linux system you want to configure to use a domain controller’s account database. If you use a Samba server as the domain controller, it requires its own configuration, which need not include most of the options described here.
You should configure the
smb.conf file on the
domain member server much as you would for any Samba server on a
domain, as described in Chapter 3. Most
notably, you should set the
GREENHOUSEsecurity = Domain encrypt passwords = Yes password server =
You should adjust the values of the
password server parameters for your network, of
security parameter must be set to
passwords must be set to
If your domain controller supports AD, you can set
ADS instead of
Domain, but this configuration requires setting additional options and can be finicky. It provides somewhat better security on your LAN because it uses the extremely robust Kerberos ...