[Samba] winbind optional parameters on samba 4.10
Sérgio Basto
sergio at serjux.com
Fri Feb 14 03:46:13 UTC 2020
Hi,
I'd like do review and understand what parameters we can or should use
in /etc/samba/smb.conf configuration almost all for winbind
I use this smb.conf [1] , I'd like to know if new parameters still
valid for Samba 4.10 and what they do .
Thank you .
[1]
workgroup = CORP
realm = CORP.LOCAL
winbind use default domain = yes
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config CORP : backend = ad
idmap config CORP : schema_mode = rfc2307
idmap config CORP : range = 100000-200000
idmap config CORP : unix_nss_info = yes
idmap config CORP : unix_primary_group = yes
template shell = /bin/false
template homedir = /srv/samba/users/%U
username map = /var/lib/samba/user.map
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
1. what is this ?
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
2. and is this ?
# Renew the kerberos tickets
winbind refresh tickets = yes
winbind separator = +
3. what is this ?
# Enable offline logins
winbind offline logon = yes
4. This one is already defined with schema_mode = rfc2307 , we don't
need isn't it ?
# User uid/Gid from AD. (rfc2307)
winbind nss info = rfc2307
5. what is this ?
winbind trusted domains only = no
6. what is enum user ?
# Keep no in production, set yes when debugging, this slows down your
samba.
winbind enum users = no
winbind enum groups = no
7. what change if I set 2 or 4 ?
# Check depth of nested groups, ! slows down you samba, if to much
groups depth
# Samba default is 0, i suggest a minimal of 2 in this setup, advices
is 4.
winbind expand groups = 4
8. Map acl could be set just shares that we defined ?
map acl inherit = yes
I have
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
hide unreadable = Yes
inherit acls = Yes
root preexec = /usr/local/sbin/mkhomedir.sh %U
9. and BTW these two are allowed ?
preferred master = no
domain master = no
--
Sérgio M. B.
More information about the samba
mailing list