|
Finally, the BDC has to be capable of being found by the workstations. This can be done by configuring the
Samba smb.conf file
[global]
section as shown in
Minimal
Setup for Being a BDC.
Example5.3.Minimal Setup for Being a BDC
workgroup = MIDEARTH
|
passdb backend = ldapsam:ldap://slave-ldap.quenya.org
|
domain master = no
|
domain logons = yes
|
ldap suffix = dc=abmas,dc=biz
|
ldap user suffix = ou=Users
|
ldap group suffix = ou=Groups
|
ldap machine suffix = ou=Computers
|
ldap idmap suffix = ou=Idmap
|
ldap admin dn = cn=sambadmin,dc=quenya,dc=org
|
idmap backend = ldap:ldap://master-ldap.quenya.org
|
idmap uid = 10000-20000
|
idmap gid = 10000-20000
|
Fully documented working example network configurations using OpenLDAP and Samba
as available in the
Samba-3
by Example” that may be obtained from local and on-line book stores.
This configuration causes the BDC to register only the name MIDEARTH<1C> with the WINS server. This is
not a problem, as the name MIDEARTH<1C> is a NetBIOS group name that is meant to be registered by more
than one machine. The parameter
domain master = no forces the BDC not to
register MIDEARTH<1B>, which is a unique NetBIOS name that is reserved for the PDC.
The
idmap backend
will redirect the
winbindd
utility to use the LDAP
database to store all mappings for Windows SIDs to UIDs and GIDs for UNIX accounts in a repository that is
shared. The BDC will however depend on local resolution of UIDs and GIDs via NSS and the
nss_ldap
utility.
|
