Note
Samba-2.2.4 and later Samba 2.2.x series releases can autojoin a Windows NT4-style domain just by executing:
root#
smbpasswd -j
DOMAIN_NAME
-r
PDC_NAME
\
-U Administrator%
password
Samba-3 can do the same by executing:
root#
net rpc join -U Administrator%
password
It is not necessary with Samba-3 to specify the
DOMAIN_NAME
or the
PDC_NAME
, as it figures this out from the smb.conf file settings.
Use of this mode of authentication requires there to be a standard UNIX account for each user in order to
assign a UID once the account has been authenticated by the Windows domain controller. This account can be
blocked to prevent logons by clients other than MS Windows through means such as setting an invalid shell in
the /etc/passwd entry. The best way to allocate an invalid shell to a user account is to
set the shell to the file /bin/false .
Domain controllers can be located anywhere that is convenient. The best advice is to have a BDC on every
physical network segment, and if the PDC is on a remote network segment the use of WINS (see
Network Browsing for more information) is almost essential.
An alternative to assigning UIDs to Windows users on a Samba member server is presented in
Winbind,
Winbind: Use of Domain Accounts.
For more information regarding domain membership,
Domain Membership.
|