for Linux Authentication, the user authentication runs over the Samba, NT or Kerberos
server.
Click Expert Settings for advanced conguration options. For example, use the Mount
Server Directories table to enable mounting server home directory automatically with
authentication. This way users will be able to access their home directories when hosted
on CIFS. For details, see the the pam_mount man page.
After completing all settings, conrm the dialog to nish the conguration.
19.6 Samba as Login Server
In networks where predominantly Windows clients are found, it is often preferable that
users may only register with a valid account and password. In a Windows-based network,
this task is handled by a primary domain controller (PDC). You can use a Windows
NT server congured as PDC, but this task can also be done with a Samba server. The
entries that must be made in the [global] section of smb.conf are shown in Ex-
ample 19.3, “Global Section in smb.conf” (page 357).
Example 19.3:
Global Section in smb.conf
[global]
workgroup = TUX-NET
domain logons = Yes
domain master = Yes
If encrypted passwords are used for verication purposes the Samba server must be
able to handle these. The entry encrypt passwords = yes in the [global]
section enables this (with Samba version 3, this is now the default). In addition, it is
necessary to prepare user accounts and passwords in an encryption format that conforms
with Windows. Do this with the command smbpasswd -a name. Create the domain
account for the computers, required by the Windows domain concept, with the following
commands:
useradd hostname\$
smbpasswd -a -m hostname
With the useradd command, a dollar sign is added. The command smbpasswd inserts
this automatically when the parameter -m is used. The commented conguration example
(/usr/share/doc/packages/samba/examples/smb.conf.SUSE) contains
settings that automate this task.
Samba 357
