"Authenticating other Samba Servers"
In a system that has a number of servers you only need one password database. The machines that don't have their own ask the PDC to check for them. The following lines in smb.conf are typical, 'password server' points to the PDC, samba machine or an NT, that has the password list :
# Samba 2.0.7
# partial smb.conf on turkey
#
[global]
...
security = domain
workgroup = dAgobAh
password server = 192.168.20.222 ; magpie (samba PDC)
encrypt passwords = yes
...
The samba server in question will have to 'join the domain', that requires the PDC to have a machine account for it. This is no different to the machine account requirements to allow an NTworkstation to join the domain. For example, if we want a linux samba server called 'turkey' to ask our PDC called 'magpie' to do its authentication then 'magpie' will need an entry in its smbpasswd (assuming it's also samba) that starts with 'turkey$'. After the machine account for 'turkey' has been created on 'magpie' and the above entries have been added to 'turkey's' smb.conf, reload smb on 'turkey'
(root)# service smb restart
Note: the servers without the password list still need an account for each user, this means a line in /etc/passwd. If the server is only being used to offer Samba type file or print shares then the /etc/passwd line does not need a password. If the shares being offered are not user specific, ie a common (read only ?) area or perhaps just printing then the /etc/passwd does not need a home directory. A typical line in /etc/passwd for a server that allows domain users to connect to the samba shares but does not offer a home share ('cos it's on the PDC) and does not allow logon to the unix prompt would be like this:
obi-wan:x:542:100
bi-wan kenobi:/dev/null:/bin/false