- Table of Contents
- Copyright
- About the Lead Authors
- About the Contributing Authors
- Acknowledgments
- Tell Us What You Think!
- Introduction
- I. Red Hat Linux Installation and User Services
- Chapter 1. Introduction to Red Hat Linux
- Chapter 2. Installation of Your Red Hat System
- Chapter 3. LILO and Other Boot Managers
- Chapter 4. Configuring the X Window System, Version 11
- Chapter 5. Window Managers
- Chapter 6. Connecting to the Internet
- Chapter 7. IRC, ICQ, and Chat Clients
- Chapter 8. Using Multimedia and Graphics Clients
- II. Configuring Services
- Chapter 9. System Startup and Shutdown
- Chapter 10. SMTP and Protocols
- Chapter 11. FTP
- Chapter 12. Apache Server
- Chapter 13. Internet News
- Chapter 14. Domain Name Service and Dynamic Host Configuration Protocol
- Chapter 15. NIS: Network Information Service
- Chapter 16. NFS: Network Filesystem
- Chapter 17. Samba
- Installing Samba
- Getting a Simple Samba Setup Running
- Configuring Samba
- Configuring a Samba File Server with linuxconf
- Sharing Files and Print Services
- Optimizing Samba Performance
- Testing Your Configuration
- Running the Samba Server
- Accessing Shares
- Common smb.conf Options
- Samba Resources
- Using Samba as a Logon Server
- Samba Troubleshooting Tips
- Samba Security
- Using SWAT for Web-Based Samba Configuration
- Using Samba as a Linux Migration Tool
- Summary
- III. System Administration and Management
- Chapter 18. Linux Filesystems, Disks, and Other Devices
- Chapter 19. Printing with Linux
- Chapter 20. TCP/IP Network Management
- Chapter 21. Linux System Administration
- Chapter 22. Backup and Restore
- Chapter 23. System Security
- IV. Red Hat Development and Productivity
- Chapter 24. Linux C/C++ Programming Tools
- Chapter 25. Shell Scripting
- Chapter 26. Automating Tasks
- Chapter 27. Configuring and Building Kernels
- Chapter 28. Emulators, Tools, and Window Clients
- V. Appendixes
- A. The Linux Documentation Project
- B. Top Linux Commands and Utilities
- C. The GNU General Public License
- D. Red Hat Linux RPM Package Listings
Using Samba as a Logon Server
Samba can be used to authenticate logons on Windows 9x, NT, and 2000 computers. Windows 2000 must have NetBIOS over TCP/IP enabled to interact with Samba.
This section gives instructions for setting up Samba to authenticate logons on Windows 9x clients. The version of Samba shipped with Red Hat Linux 7 is not well suited to authenticate logons on NT or Win2K hosts. Those hosts require Samba running as a PDC. PDC functionality is best accomplished with the Samba_TNG version of Samba, which can be downloaded from http://www.samba.org.
Samba can do all of the following:
- Replace the Windows client's logon mechanism with centralized authentication.
- Supply a logon script.
- Centrally administrate per-user Windows profiles.
Windows profiles are beyond the scope of this chapter. You can get profile details from:
- Samba Unleashed
- /usr/share/doc/samba-2.0.7/docs/textdocs/PROFILES.txt
- /usr/share/doc/samba-2.0.7/docs/textdocs/DOMAIN.txt
Basic Windows 9x Logon Authentication
In the following sample smb.conf, the server's hostname is mainserv, the workgroup is MYGROUP, the Windows 9x clients all use encrypted passwords, and there is no WINS server or domain controller other than the Samba server:
[global] netbios name=mainserv workgroup=MYGROUP encrypt passwords=yes wins support=yes preferred master=yes domain master=yes domain logons=yes [homes] writeable=yes
Restart Samba and you now have a server capable of assuming the logon authentication duties for Windows 9x clients. The next step is to set up the clients and users.
Each potential user must have a valid UNIX account and a valid smbpasswd entry. Assuming the user has a valid UNIX account, setting up the smbpasswd entry is simply a matter of doing the following as root:
# smbpasswd -a slitt
The preceding adds an smbpasswd entry for user slitt by prompting for the password and a password confirmation. The password should be the same as used on the client.
Now that the user is taken care of, modify the client computer to authenticate against Samba instead of locally. On the Windows 9x client, right-click any Network Neighborhood icon and choose Properties to pull up the Network dialog box. Select the Configuration tab, and highlight Client for Microsoft Networks in the The Following Network Components Are Installed drop-down list, and click the Properties button to bring up the Client for Microsoft Networks Properties dialog box.
Check the Logon to Windows NT Domain checkbox, type the workgroup name of the Samba server (which should match the client) in the Windows NT Domain text box, and check the Logon and Restore Network Connections radio button. Click OK all the way out of all dialog boxes, and answer affirmatively when asked if you want to restart the computer.
Upon restart, the Windows logon screen contains a third field, the domain. In the domain field, type in the workgroup name for the Samba server (which should already match the client workgroup name on the identification tab of the Network dialog box). If all is well, you're logged in.
If not, verify that the user and password used on the Windows client is matched by a user/password combination in smbpasswd. You can verify that you're really authenticating on the server by changing the password on the server, using the smbpasswd command, and then verifying that client logons now fail. Naturally, the original password must then be restored.
Enabling a Server-Hosted Logon Script
It's very handy to implement a server-hosted logon script. This section outlines a simple scheme, administered only by user root.
Start by creating directory /home/netlogon/scripts, owner and group root, mode 755.
Add the following to the smb.conf [global] section:
logon script=scripts\%U.bat
The preceding Samba parameter specifies that the logon script is a .bat file with a filename identical to the user, located in the scripts directory below the special [netlogon] share.
Create the [netlogon] share as follows:
[netlogon] path=/home/netlogon writeable=no guest ok=no oplocks=no
Next, assuming you'll log on to the client as user myuid, create the following /home/netlogon/scripts/myuid.bat:
echo This is user myuid c:\windows\command\choice.com
Restart Samba and log on. If all is well, upon client logon a DOS command prompt appears announcing that this is user myuid, and prompting for a Y or N keypress, after which the logon process completes.
Samba Troubleshooting Tips | Next Section
Account Sign In
View your cart