[Samba] winbind optional parameters on samba 4.10

Sérgio Basto sergio at serjux.com
Fri Feb 14 03:46:13 UTC 2020 

Hi,
I'd like do review and understand what parameters we can or should use
in /etc/samba/smb.conf configuration almost all for winbind
I use this smb.conf [1] , I'd like to know if new parameters still
valid for Samba 4.10 and what they do .

Thank you .

[1]
    workgroup = CORP
    realm = CORP.LOCAL
    winbind use default domain = yes
    idmap config * : backend = tdb
    idmap config * : range = 3000-7999
    idmap config CORP : backend = ad
    idmap config CORP : schema_mode = rfc2307
    idmap config CORP : range = 100000-200000
    idmap config CORP : unix_nss_info = yes
    idmap config CORP : unix_primary_group = yes
    template shell = /bin/false
    template homedir = /srv/samba/users/%U
    username map = /var/lib/samba/user.map
    vfs objects = acl_xattr
    map acl inherit = yes
    store dos attributes = yes

1.  what is this ?
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab

2. and is this ? 
# Renew the kerberos tickets
winbind refresh tickets = yes
winbind separator = +

3. what is this ?
# Enable offline logins
winbind offline logon = yes

4. This one is already defined with  schema_mode = rfc2307 , we don't
need isn't it ?  
# User uid/Gid from AD. (rfc2307)
winbind nss info = rfc2307

5. what is this ? 
winbind trusted domains only = no

6. what is enum user ? 
# Keep no in production, set yes when debugging, this slows down your
samba.
winbind enum users  = no
winbind enum groups = no

7. what change if I set 2 or 4 ? 
# Check depth of nested groups, ! slows down you samba, if to much
groups depth
# Samba default is 0, i suggest a minimal of 2 in this setup, advices
is 4.
winbind expand groups = 4


8. Map acl could be set just shares that we defined ? 
    map acl inherit = yes

I have 
[homes]
    comment = Home Directories
    valid users = %S, %D%w%S
    browseable = No
    read only = No
    hide unreadable = Yes
    inherit acls = Yes
    root preexec = /usr/local/sbin/mkhomedir.sh %U

9. and BTW these two are allowed ? 
    preferred master = no
    domain master = no

-- 
Sérgio M. B.

More information about the samba mailing list