[Table of Contents] [Previous] [Next]
Samba now supports a new value for the "security" global parameter in smb.conf. By setting "security = domain" in the configuration file, a samba server is able to act as a full member of an NT Domain (even if it has a Samba server as a PDC ). The Samba box can join the NT domain, but users must still be defined in the local /etc/passwd file. Jeremy Allison wrote a good article for Linuxworld explaining the domain security model support in Samba 2.0 (see lw-10-samba.html ). You should also refer to DOMAIN_MEMBER.txt included in the Samba distribution. The "security = domain" support is included in Samba 2.0.
Here are the steps for settings things up. When the instructions refer to the client machine, they are speaking of the samba machine which you want to join the NT Domain.
Once the Samba server has joined the NT domain, the Samba box can validate users against the NT PDC. However, Samba will need some way of mapping the determined user's NT RID ( relative ID ) to a valid unix uid. There are two ways to do this. One is to use the "username map =" parameter.
The other is to create accounts for all your NT users in /etc/passwd on the unix box. There are some scripts available to help in the migration. These perl scripts are available for download from the /pub/samba/contributed diretory in one of the Samba ftp mirrors. The in a tarball is named domain_member_scripts.tar.gz.
Accounts created on the unix box are only used to get a valid uid. They are not used for validation. You can therefore set the password field to whatever lock string for your system is. Under most ( if not all ) versions of unix this is the '*' character. Here is an example /etc/passwd entry.
jdoe:*:1124:100:NT Dummy account:/dev/null:/bin/False
Once you get to here, you should now be able to mount shares from the samba server using valid domain accounts.
[Table of Contents] [Previous] [Next]
This FAQ is maintained by Jerry Carter E-mail comments / suggestions jerry@samba.org
All trademarks are the sole property of their respective owners.