Note that using security=server versus security=domain is a less scalable approach. Using security=server keeps a connection open to the PDC the whole time the user is accessing Samba resources. If enough people are doing this, you can exceed the number of connections that the PDC can accept. Using security=domain requires a little more work up front, but avoids the problem of exhausting connections to your PDC.
Mark Post -----Original Message----- From: Wolfe, Gordon W [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 20, 2001 11:04 AM To: [EMAIL PROTECTED] Subject: Re: SAMBA help We do this all the time. You just need three lines in your /etc/smb.conf file: security = server password server = <dns name of NT password server> encrypt passwords = yes "Christmas is a funny season. What other time of the year do you sit in front of a dead tree and eat candy out of your socks?" Gordon Wolfe, Ph.D. (425)865-5940 VM Technical Services, The Boeing Company > ---------- > From: John Summerfield > Reply To: Linux on 390 Port > Sent: Thursday, December 20, 2001 7:08 AM > To: [EMAIL PROTECTED] > Subject: Re: SAMBA help > > > is there a way to authenticate SAMBA users against a NT PDC without > > creating an entry in /etc/passwd > > The other day when I was reading the Samba docs they say you can. > > > # Security mode. Most people will want user level security. See > # security_level.txt for details. > security = user > > and in /usr/share/doc/samba-2.2.1a/docs/textdocs/security_level.txt > Note: Samba-2.0.0 now adds the "domain" security mode. Please refer to > the smb.conf man page for usage information and to the document > docs/textdocs/DOMAIN_MEMBER.txt for further background details. > > Of the above, "security = server" means that Samba reports to clients > that > it is running in "user mode" but actually passes off all authentication > requests to another "user mode" server. This requires an additional > parameter "password server =" that points to the real authentication > server. > That real authentication server can be another Samba server or can be a > Windows NT server, the later natively capable of encrypted password > support. > > > So, read the docus;-) Try www.samba.org if you don't have them locally. > > > -- > Cheers > John Summerfield > > Microsoft's most solid OS: http://www.geocities.com/rcwoolley/ > > Note: mail delivered to me is deemed to be intended for me, for my > disposition. > >
