To add a Win NT machine to a Samba domain, you need to create a user entry for it in the password file. This is the Samba equivalent of creating a machine account in the SAM database. The username should be the name of the machine, appended with a "$". Set no password, and set the home directory to /dev/null, and shell to /bin/false. (You might have to escape the "$" on the command line with a "\", if required)

# useradd ntserver$ -s /bin/false -d /dev/null

The next step is to go to the NT machine, and set the domain name to SAMBADOM (where SAMBADOM is the domain name). Take care not to check the "create a machine account" check box. This feature is not yet supported. You should get a message saying "Welcome to the SAMBADOM domain".

Understanding server configuration options

If you look at the man page for the smb.conf file (man 5 smb.conf), you値l find a number of configuration options that you can use to tweak the performance and customize your Samba configuration further. Due to the lack of space here, I値l take a look at only a few configuration options.

One of the more misunderstood configuration parameters is the "security=" option. We値l take a brief look at what the various options mean.

security=share

This is the conventional, and most brain-dead option available. Shares exported will be available to any machine in the workgroup without further authentication. This is commonly used for machines sharing public shares, CD-ROMs, etc. Use this only when you have no security concerns whatsoever.

security=server

Server level security is used when you want the Samba server to authenticate users against another Samba or Windows NT machine acting as a domain controller. This is a good idea when you have a number of machines on your network, with users needing to logon to the domain to be able to access the shares. In this case, you値l have to configure the "password server" parameter to specify the names of the authentication servers (normally the PDC and BDC).

security=user

In this scheme, the Samba server actually acts as a workgroup controller, authenticating Windows NT and Win 9x clients. A separate user list has to be maintained, and users are added using the "smbpasswd" command. In this case, the Samba server maintains its equivalent of an NT SAM database.

security=domain

Domain level security is used in the case described above, when adding a Samba server to a Win NT domain. Here too, you値l need to specify the "password server" parameter. So how痴 this different to the "security=server" configuration? For one, when using server level security, the Samba server will open and maintain a network connection to the domain controller during the entire session. This can be a significant drain on network resources. In domain level security, a connection is established for exchanging authentication information only.

There are some new parameters in Samba 2.0.7 as well. Most of these deal with the new utmp and wtmp support (experimental, I might add) included in this version. This will enable users logged in via Samba to be seen using the "who" command, and all login information to be recorded in the system logs, not just the samba logs. You値l need to specifically compile support for this using the
"謡ith-utmp" flag to "configure".