Operation Manual
user authentication runs over the Samba server. After completing all settings, click
Finish to nish the conguration.
27.6 Samba as Login Server
In networks where predominantly Windows clients are found, it is often preferable that
users may only register with a valid account and password. In a Windows-based network,
this task is handled by a primary domain controller (PDC). You can use a Windows
NT server congured as PDC, but this task can also be done with a Samba server. The
entries that must be made in the [global] section of smb.conf are shown in Ex-
ample 27.3, “Global Section in smb.conf” (page 441).
Example 27.3
Global Section in smb.conf
[global]
workgroup = TUX-NET
domain logons = Yes
domain master = Yes
If encrypted passwords are used for verication purposes the Samba server must be
able to handle these. The entry encrypt passwords = yes in the [global]
section enables this (with Samba version 3, this is now the default). In addition, it is
necessary to prepare user accounts and passwords in an encryption format that conforms
with Windows. Do this with the command smbpasswd -a name. Create the domain
account for the computers, required by the Windows domain concept, with the following
commands:
useradd hostname\$
smbpasswd -a -m hostname
With the useradd command, a dollar sign is added. The command smbpasswd inserts
this automatically when the parameter -m is used. The commented conguration example
(/usr/share/doc/packages/samba/examples/smb.conf.SUSE) contains
settings that automate this task.
add machine script = /usr/sbin/useradd -g nogroup -c "NT Machine Account" \
-s /bin/false %m\$
To make sure that Samba can execute this script correctly, choose a Samba user with
the required administrator permissions and add it to the ntadmin group. Then all users
Samba 441