Samba/iX server mode security is just one of the security
policies of user level authentication. This mode of security is
one of the types in processing user authentication. After the user
is validated, access rights are enforced for the user:
To make Samba/iX operate in server security mode:
Add security = server in the [global] section for
smb.conf specifying security = server in
smb.conf, the server security mode is on.
Add password server = <yourNTserver>
This option will allow Samba/iX to ask a remote SMB server for
password checks, for example, a Windows NT server. This option will
be useful if you are integrating an MPE/iX into an already existing
NT domain. It is better to set your Windows NT (primary or backup
domain controller) server as the password server.
Please set the password parameter to the DNS name of the Windows NT
server.
NOTE: For the server security mode to work, Windows username should be
mapped to the user and account on the MPE/iX host. Now the users have to
provide correct passwords for the MPE/iX user and account name while logging on
to the server.
After setting up the configuration, client can proceed to
login to the Samba/iX server. When connecting to a service using
user level security, the client sends a session setup SMB that includes
username and password. This step is not necessary while using shared
level security.
In server level security, the Samba/iX server reports to the
client that it is in user level security. The client sends username
and password pair. The Samba/iX server takes the username/password
that the client send and attempts to login to the "password
server" by sending exactly the same username/password that
it got from the client. If that server is in user level security
and accepts the password then Samba/iX accepts the clients connection.
This allows the Samba/iX server to use another SMB server as the "password
server".
Some particular issues with Samba/iX and Windows NT;
one of the problems with Windows NT is that NT refuses
to connect to a server that is in user level security mode and that
doesn't support password encryption unless it first prompts
the user for a password.
This means even if you have the same password on the NT box
and the Samba/iX server you will get prompted for a password. Entering
the correct password will get you connected.