| SUSE LINUX – Administration Guide Chapter 25. Samba / 25.2. Samba as Login Server | ||||
|---|---|---|---|---|
 | Chapter 25. Samba | 25.3. Configuring a Samba Server with YaST |  | |
| SUSE LINUX – Administration Guide Chapter 25. Samba / 25.2. Samba as Login Server | ||||
|---|---|---|---|---|
| Chapter 25. Samba | 25.3. Configuring a Samba Server with YaST | | |
In networks where predominantly Windows clients are found, it is often preferable that users may only register with a valid account and password. This can done with the help of a Samba server. In a Windows-based network, this task is handled by a Windows NT server configured as a primary domain controller (PDC). The entries that must be made in the [global] section of smb.conf are shown in Example 25.3. “Global Section in smb.conf”.
Example 25.3. Global Section in smb.conf
[global] workgroup = TUX-NET domain logons = Yes domain master = Yes
If encrypted passwords are used for verification purposes — this is the default setting with well-maintained MS Windows 9x installations, MS Windows NT 4.0 from service pack 3, and all later products — the Samba server must be able to handle these. The entry encrypt passwords = yes in the [global] section enables this (with Samba version 3, this is now the default). In addition, it is necessary to prepare user accounts and passwords in an encryption format that conforms with Windows. Do this with the command smbpasswd -a name. Create the domain account for the computers, required by the Windows NT domain concept, with the following commands:
With the useradd command, a dollar sign is added. The command smbpasswd inserts this automatically when the parameter -m is used. The commented configuration example (/usr/share/doc/packages/Samba/examples/smb.conf.SuSE) contains settings that automate this task.
Example 25.5. Automated Setup of a Machine Account
add machine script = /usr/sbin/useradd -g nogroup -c "NT Machine Account" \ -s /bin/false %m\$
To make sure Samba can execute this script correctly, choose a Samba user with the required administrator permissions. To do so, select one user and add it to the ntadmin group. After that, all users belonging to this Linux group can be assigned Domain Admin status with the command:
net groupmap add ntgroup="Domain Admins" unixgroup=ntadmin
More information about this topic is provided in Chapter 12 of the Samba HOWTO Collection, found in /usr/share/doc/packages/samba/Samba-HOWTO-Collection.pdf.
