useradd –-g smbuser –-d /dev/null –-s /dev/null ntuser
As you can see, both shell and home directory for ntuser is set to /dev/null. If your Windows users are not required to access the Unix box, you should use the above to deny access to the machine. Passwords are also not required to be set because Samba keeps the password hash in a separate file specified in the configuration file.
# Path to Samba password file
# Make sure only root has read/write access
smb passwd file = /usr/local/samba/smbpasswd
After adding a user (you can also use vipw to add a user), you need to add the user to the samba password database.
“smbpasswd –a” will add all users in Unix passwd file to smbpasswd file. The usage and syntax is similar to the Unix passwd command. To change a users’ password use “smbpasswd username”.
That will be enough for Samba to start authenticating Windows 9X clients. For NT workstations, some more work is to be done. You have to create a machine account for each NT client that will logon. A machine account is simply a regular /etc/passwd entry, with a “$” appended to the name of the NT machine.
useradd –-g smbuser -–d /dev/null -–s /dev/null ntclient$
Now add it to the password database
smbpasswd –a –m ntclient (the $ at the end is not required)
Samba can now accept logons from a NT client.
As you can see, configuring samba as a domain controller and domain member is a fairly easy job. The flip side is that since samba is the result of major amounts of hacking and reverse engineering, it doesn’t have all the functionality of a proper domain controller. There is an alternative branch, Samba TNG that adds more functionality in this area.
Samba Home Doing the Samba Samba TNG
Other articles by Mayank Sarup