Linux - Dominio Samba - 6/7 - smb.conf per Dominio

Parte 7/7 qui

Per aggiungere il client al dominio la procedura è sempre la solita per i client windows utilizzando come dominio:

INSTYLELOCALE

mentre il file smb.conf è il seguente:


# Global parameters
[global]
    workgroup = INSTYLELOCALE
    netbios name = PDC-SVR
    security = user
    enable privileges = yes
    #interfaces = 192.168.5.11
    #username map = /etc/samba/smbusers
    server string = Samba Server %v
    #security = ads
    encrypt passwords = Yes
    #min passwd length = 3
    #pam password change = no
    #obey pam restrictions = No

    # method 1:
    #unix password sync = no
    #ldap passwd sync = yes

    # method 2:
    unix password sync = yes
    ldap passwd sync = yes
    passwd program = /usr/sbin/smbldap-passwd -u "%u"
    passwd chat = "Changing *\nNew password*" %n\n "*Retype new password*" %n\n"

    log level = 10
    syslog = 10
    log file = /var/log/samba/log.%U
    max log size = 100000
    time server = Yes
    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    mangling method = hash2
    Dos charset = CP932
    Unix charset = UTF-8

    logon script = logon.bat
    logon drive = H:
        logon home =
        logon path =

    domain logons = Yes
    domain master = Yes
    os level = 65
    preferred master = Yes
    wins support = yes
    # passdb backend = ldapsam:"ldap://ldap1.company.com ldap://ldap2.company.com"
    passdb backend = ldapsam:ldap://127.0.0.1/
    ldap admin dn = cn=Manager,dc=instyle,dc=locale
    #ldap admin dn = cn=samba,ou=DSA,dc=company,dc=com
    ldap suffix = dc=instyle,dc=locale
        ldap group suffix = ou=Group
        ldap user suffix = ou=People
        ldap machine suffix = ou=Hosts
    ldap idmap suffix = ou=Idmap
        add user script = /usr/sbin/smbldap-useradd -m "%u"
        #ldap delete dn = Yes
        delete user script = /usr/sbin/smbldap-userdel "%u"
        add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
        add group script = /usr/sbin/smbldap-groupadd -p "%g"
        delete group script = /usr/sbin/smbldap-groupdel "%g"
        add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
        delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
    set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
    admin users = admin
    # printers configuration
    #printer admin = @"Print Operators"
    #load printers = Yes
    create mask = 0640
    directory mask = 0750
    #force create mode = 0640
    #force directory mode = 0750
    #nt acl support = No
    #printing = cups
    #printcap name = cups
    deadtime = 10
    guest account = nobody
    map to guest = Bad User
    dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
    #show add printer wizard = yes
    ; to maintain capital letters in shortcuts in any of the profile folders:
    preserve case = yes
    short preserve case = yes
    #case sensitive = no

[netlogon]
    path = /home/netlogon/
    browseable = No
    read only = yes

[profiles]
    path = /home/profiles
    read only = no
    create mask = 0600
    directory mask = 0700
    browseable = No
    guest ok = Yes
    profile acls = yes
    csc policy = disable
    # next line is a great way to secure the profiles
    #force user = %U
    # next line allows administrator to access all profiles
    #valid users = %U "Domain Admins"

;[printers]
;        comment = Network Printers
        #printer admin = @"Print Operators"
;        guest ok = yes
;        printable = yes
;        path = /home/spool/
;        browseable = No
;        read only  = Yes
;        printable = Yes
;        print command = /usr/bin/lpr -P%p -r %s
;        lpq command = /usr/bin/lpq -P%p
;        lprm command = /usr/bin/lprm -P%p %j
        # print command = /usr/bin/lpr -U%U@%M -P%p -r %s
        # lpq command = /usr/bin/lpq -U%U@%M -P%p
        # lprm command = /usr/bin/lprm -U%U@%M -P%p %j
        # lppause command = /usr/sbin/lpc -U%U@%M hold %p %j
        # lpresume command = /usr/sbin/lpc -U%U@%M release %p %j
        # queuepause command = /usr/sbin/lpc -U%U@%M stop %p
        # queueresume command = /usr/sbin/lpc -U%U@%M start %p

;[print$]
;        path = /home/printers
;        guest ok = No
;        browseable = Yes
;        read only = Yes
;        valid users = @"Print Operators"
;        write list = @"Print Operators"
;        create mask = 0664
;        directory mask = 0775

[public]
    path = /tmp
    guest ok = yes
    browseable = Yes
    writable = yes 

Parte 7/7 qui