I would like users that are authenticated through the Windows 2000 Domain Controller here at work to connect to my gentoo samba box. I've set the 'security = server' and 'password server = WIN2000SERVER', but authenticated users still cannot connect to my samba box. Is there something I've missed? Do I need to do something to the smbpasswd file?

I've also tried the 'security = domain' 'password server = *' with the same results.

i would check to make sure you have encrypted passwords = yes. win2k needs passwords to be encrypted in order to connect to a samba machine.

that is done already

You can try one of these options.

Add all the users to the Linux passwd file.

Let Samba add the users to the passwd file.


To do the latter try this. The text comes from another post. Modify the script to fit the commands of your distro.


security = domain
password server = xxxxxx

These settings tell Samba to let the domain controller do the authentication. It will ignore the smbpasswd file and accept the password that has been authenticated by the domain conroller (password server).

The only catch here is that the user still needs to exist in the (Linux) passwd file.


There is also a way to automatically add the user to the passwd file if he doesn't exist on the Linux machine but is authenticated by the domain controller. The command needs to be entered under the global section of the smb.conf file.

add user script = useradd %u -c "Account from PDC" -s /bin/false -d /home/%u -m -n -g finance

This says to Samba:

add the user and use the username sent by the domain controller
useradd %u

the user comment is "Account from PDC"
- c "Account from PDC"

don't allow the user to log on locally (i.e. from the samba machine)
-s /bin/false

create a home directory under /home and call it the name of the user
-d /home/%u -m

add the user to the group finance
-n -g finance.

I got the script from the November 2002 edition of SysAdmin magazine in an article written by Arnie Miles. I haven't worked through all the security implications of letting Samba automatically adding users to the Linux machine.

I did as you suggested, but I still cannot access my Samba box with users that have not been added with the 'smbpasswd -a' command line. How do I execute that script? Can I write a script to add all users that are in the domain to the passwd file? I very likely can obtain a text file containing all users and their passwords. Is this a possible plan?

If you place the above mentioned script into your smb.conf file and restart the daemon, Samba will add the users as they attempt to connect to the server.

I did do that, but nogo. As I connected from Win98 machines (eventually I will be connecting with Win2k/XP boxes, also), I still got a prompt asking for the $IPC password. Entering the user's password form the domain did not go through. Would doing 'security = server' 'server = xxxxx' work instead of domain?

got it, whoot! I changed the security to server, and found that the '-n' option was bad (in my distro - Slackware). Once I corrected those two things, we're up and running! This is terrific! Thanks guys!!!!