Hi,
Please correct any wrong statement below :)
I have this machine to be promoted to our file server:
- Ubuntu 12.04
- Samba 3.6.3-2ubuntu2.11 as *Domain Member*
- LDAP slave from the PDC,
- libnss-ldap and libpam-ldap, getent OK from LDAP
With the following (sanitized output from testparm) smb.conf:
[global]
workgroup = FOOBAR
security = DOMAIN
passdb backend = ldapsam:ldap://localhost
name resolve order = wins bcast lmhosts hosts
dns proxy = No
wins server = <pdc.ip.add.ress>
ldap admin dn = cn=admin,ou=FOOBAR
ldap delete dn = Yes
ldap group suffix = ou=Group
ldap idmap suffix = ou=idmap
ldap machine suffix = ou=Host
ldap passwd sync = yes
ldap suffix = ou=FOOBAR
ldap ssl = no
ldap user suffix = ou=People
idmap config * : backend = tdb
The _ou=idmap tree on LDAP is completely empty_.
Users and groups on LDAP already have their samba attributes, users also
have their sambaProfilePath, sambaHomePath, sambaHomeDrive and
sambaLogonScript information on LDAP, so I won't need corresponding
defaults on smb.conf.
BUT winbindd man page says:
> Even if winbind is not used for nsswitch, it still provides a service
> to *smbd*, ntlm_auth and the
> pam_winbind.so PAM module, by managing connections to domain
> controllers. In this configuration the idmap
> config * : range parameter is not required. (This is known as
> `netlogon proxy only mode?.)
Given I don't use ntlm_auth nor pam_winbind, but (obviously) use smbd I
may ask:
1. Do I need any of the idmap * or winbind params on smb.conf?
2. Will I benefit from winbind somehow or will it just be on the way?
3. Do I need winbind running at all?
4. Given I have the required builtin groups on LDAP (Domain Admins,
Domain Groups, etc), and all other groups have their samba information
already there by other 3rd party tool (LdapAdmin), is there any need to
"net groupmap" something?
5. Can ou=idmap,ou=FOOBAR be removed?
Thanks in advance and best regards.
--
*Marcio Merlone*
