Using MS Windows NT as an Authentication Server
This method involves the additions of the following parameters in the smb.conf
file:
encrypt passwords = Yes
|
security = server
|
password server = "NetBIOS_name_of_a_DC"
|
There are two ways of identifying whether or not a username and password pair is valid.
One uses the reply information provided as part of the authentication messaging
process, the other uses just an error code.
The downside of this mode of configuration is that for security reasons Samba
will send the password server a bogus username and a bogus password, and if the remote
server fails to reject the bogus username and password pair, then an alternative mode of
identification or validation is used. Where a site uses password lockout, after a
certain number of failed authentication attempts, this will result in user lockouts.
Use of this mode of authentication requires a standard UNIX account for the user.
This account can be blocked to prevent logons by non-SMB/CIFS clients.