Basically yes. For the system to assign a specific LDAP user as owner of a file it uses libnss-ldap (which is installed by libpam-ldap). libnss-ldap uses the files /etc/ldap.conf and /etc/ldap.secret to connect to the LDAP server and look up the user. You can test the connection and if it sees the users with "getent passwd".
In theory you could live without the libnss-ldap thing, but then system doesn't have any control over who owns what.
Here are the steps we do for our secondary servers :
install :
libnss-ldap
libpam-ldap
(just ignore the config steps here since you copy the files over anyway later)
edit /etc/nsswitch.conf :
Quote:
passwd: compat ldap
group: compat ldap
shadow: compat ldap
|
copy :
scp root@machine1:/etc/ldap.* /etc/
scp
root@machine1:/etc/samba/smb.conf /etc/samba/
(in your case you don't need to copy the smb.conf)
change ldap password:
smbpasswd -w realPassword