35.5 Samba as Login Server
In networks where predominantly Windows clients are found, it is often
preferable that users may only register with a valid account and password.
In a Windows-based network, this
task is handled by a primary
domain controller (PDC). You can use a Windows NT server configured as
PDC, but this task can also be done with the help of a
Samba server. The entries that must be made in the
[global] section of
smb.conf are shown in Example 35-3.
Example 35-3
Global Section in smb.conf
[global]
workgroup = TUX-NET
domain logons = Yes
domain master = Yes
If encrypted passwords are used for verification purposes—this
is the default setting with well-maintained MS Windows 9x installations, MS
Windows NT 4.0 from service pack 3, and all later products—the
Samba server must be able to handle these. The
entry encrypt passwords = yes in the
[global] section enables this (with
Samba version 3, this is now the default). In
addition, it is necessary to prepare user accounts and passwords in an
encryption format that conforms with Windows. Do this with the command
smbpasswd -a name. Create the domain
account for the computers, required by the Windows NT domain concept, with
the following commands:
Example 35-4
Setting Up a Machine Account
useradd hostname\$
smbpasswd -a -m hostname
With the useradd command, a dollar sign is added.
The command smbpasswd inserts this automatically when the
parameter -m is used. The commented configuration example
(/usr/share/doc/packages/Samba/examples/smb.conf.SuSE)
contains settings that automate this task.
Example 35-5
Automated Setup of a Machine Account
add machine script = /usr/sbin/useradd -g nogroup -c "NT Machine Account" \
-s /bin/false %m\$
To make sure that Samba can execute this script
correctly, choose a
Samba user with the required administrator
permissions. To do so, select one user and add it to the ntadmin group. After that, all users
belonging to this Linux group can be assigned Domain
Admin status with the command:
net groupmap add ntgroup="Domain Admins" unixgroup=ntadmin
More information about this topic is provided in Chapter 12 of the Samba
HOWTO Collection, found in
/usr/share/doc/packages/samba/Samba-HOWTO-Collection.pdf.