In networks where predominantly Windows clients are found, it is often
preferable that users may only register with a valid account and password.
This can done with the help of a
Samba server. In a Windows-based network, this
task is handled by a Windows NT server configured as a primary
domain controller (PDC). The entries that must be made in the
[global]
section of
smb.conf
are shown in Example 32.3, “Global Section in smb.conf”.
Example 32.3. Global Section in smb.conf
[global] workgroup = TUX-NET domain logons = Yes domain master = Yes
If encrypted passwords are used for verification purposes—this
is the default setting with well-maintained MS Windows 9x installations, MS
Windows NT 4.0 from service pack 3, and all later products—the
Samba server must be able to handle these. The
entry encrypt passwords = yes
in the
[global]
section enables this (with
Samba version 3, this is now the default). In
addition, it is necessary to prepare user accounts and passwords in an
encryption format that conforms with Windows. Do this with the command
smbpasswd -a name
. Create the domain
account for the computers, required by the Windows NT domain concept, with
the following commands:
With the useradd command, a dollar sign is added.
The command smbpasswd inserts this automatically when the
parameter -m
is used. The commented configuration example
(/usr/share/doc/packages/Samba/examples/smb.conf.SuSE
)
contains settings that automate this task.
Example 32.5. Automated Setup of a Machine Account
add machine script = /usr/sbin/useradd -g nogroup -c "NT Machine Account" \ -s /bin/false %m\$
To make sure that Samba can execute this script
correctly, choose a
Samba user with the required administrator
permissions. To do so, select one user and add it to the ntadmin
group. After that, all users
belonging to this Linux group can be assigned Domain
Admin
status with the command:
net groupmap add ntgroup="Domain Admins" unixgroup=ntadmin
More information about this topic is provided in Chapter 12 of the Samba
HOWTO Collection, found in
/usr/share/doc/packages/samba/Samba-HOWTO-Collection.pdf
.