Domain Logons

Samba also supports domain logons whereby a user can log on to the network. Logon scripts can be set up for individual users. To configure such netlogon capability, you need to set up a netlogon share in the smb.conf file. The following sample is taken from the original smb.conf file. This share holds the netlogon scripts-in this case, the /home/netlogon directory-which should not be writable but should be accessible by all users (Guest OK):

 [netlogon]
 comment = Network Logon Service
 path = /home/netlogon
 guest ok = yes
 writeable = no
 share modes = no

The Global section would have the following parameters enabled:

domain logons = yes

With netlogon, you can configure Samba as an authentication server for both Linux and Windows hosts. A Samba username and password need to be set up for each host. In the Global section of the smb.conf file, be sure to enable encrypted passwords, user-level security, and domain logons, as well as an operating system level of 33 or more:

[global]
 encrypt passwords = yes
 security = user
 domain logons = yes
 os level = 33

Note

You can also configure Samba to be a Primary Domain Controller (PDC) for Windows NT networks. As a PDC, Samba can handle domain logons, retrieve lists of users and groups, and provide user-level security.