This is done by editing /etc/samba/smb.conf for a proper setup in the network 

environment:

Example 6 2   Changes to smb.conf for Linux client domain authentication

[global]

workgroup = ITSOAUSNT

security = domain

password server = ITSONT00,ITSONT01,ITSONT02,ITSONT03

...

...

winbind separator = +

idmap uid = 10000 20000

idmap gid = 10000 20000

winbind enum users = yes

winbind enum groups = yes

template homedir = /home/%D+%U

template shell = /bin/bash

6.3.2  Integrating existing network services

After the winbind daemon has started, the command 

wbinfo  u

 should deliver 

the current user list of the Windows domain. But before this works, it is necessary 

to join the domain with the Linux client. As long there is no machine account in 

the domain for the client, it will not be possible to fetch the list of users via 

winbind. Therefore we have to join the Domain with the following command:

net join  a ITSOAUSNT  U administrator

Important:

 Do not forget to join the domain with the command 

net join  a 

. This creates a valid machine account on the domain controller 

and gives the Linux client a valid SID for authentication.

As we are now able to read the user database on Windows, only two more steps 

are needed to log in on the Linux client with an existing account managed by the 

existing Windows domain.

Next, nsswitch.conf is changed according to 7.2,  How to use winbind to make 

domain users known locally  on page 136 ,which delivers the mapping of 

Windows users and Groups to the Linux uids and gids. 

Example 6 3   Changes to /etc/nsswitch.conf

passwd: files winbind

group: files winbind

 Chapter 6. Client migration scenario 

119