Samba for MPE/iX server mode security is just one of the security policies
of user level authentication. This mode of security is one of the types
in processing user authentication. After the user is validated, access
rights are enforced for the user:
To make Samba for MPE/iX operate in server security mode:
Add security = server in the [global] section for
smb.conf specifying security = server in
smb.conf, the server security mode is on.
Add password server = <yourNTserver>
This option will allow Samba for MPE/iX to ask a remote SMB server
for password checks, e.g., a Windows NT server. This option will be
useful if you are integrating an MPE/iX into an already existing NT
domain. It is better to set your Windows NT (primary or backup domain
controller) server as the password server.
Please set the password parameter to the DNS name of the Windows NT
server.
After setting up the configuration, the client can proceed
to login to the Samba for MPE/iX server. When connecting to a service
using user level security, the client sends a session setup SMB
that includes username and password. This step is not necessary
while using shared level security.
In server level security, the Samba for MPE/iX server reports
to the client in which it is in user level security. The client
sends username and password pair. The Samba for MPE/iX server takes
the username/password that the client sent and attempts to login
to the "password server" by sending exactly the
same username/password that it got from the client. If that server
is in user level security and accepts the password, Samba for MPE/iX
accepts the client's connection. This allows the Samba
for MPE/iX server to use another SMB server as the "password
server," the user authenticates against the NT password.
Some particular issues with Samba for MPE/iX and Windows NT:
one of the problems with Windows NT is that NT refuses
to connect to a server that is in user level security mode and doesn't
support password encryption unless it first prompts the user for a password.
This means that even if you have the same password on the
NT box and the Samba for MPE/iX server, you will get prompted for
a password. Entering the correct password will get you connected.