Und das fiel mir grad in die Hände:
password server (G)
By specifying the name of another SMB server (such
as a WinNT box) with this option, and using "secu
rity = domain" or "security = server" you can get
Samba to do all its username/password validation
via a remote server.
This options sets the name of the password server
to use. It must be a NetBIOS name, so if the
machine´s NetBIOS name is different from its inter
net name then you may have to add its NetBIOS name
to the lmhosts file which is stored in the same
directory as the smb.conf file.
The name of the password server is looked up using
the parameter "name resolve order=" and so may
resolved by any method and order described in that
parameter.
The password server much be a machine capable of
using the "LM1.2X002" or the "LM NT 0.12" protocol,
and it must be in user level security mode.
NOTE: Using a password server means your UNIX box
(running Samba) is only as secure as your password
server. DO NOT CHOOSE A PASSWORD SERVER THAT YOU
DON´T COMPLETELY TRUST.
Never point a Samba server at itself for password
serving. This will cause a loop and could lock up
your Samba server!
The name of the password server takes the standard
substitutions, but probably the only useful one is
%m, which means the Samba server will use the
incoming client as the password server. If you use
this then you better trust your clients, and you
better restrict them with hosts allow!
(Anonym)
