The following is a Samba 2.0.7 configuration we use to do authentication for logons to our Windows Terminal Servers (NT 4.0 SP 6a with Citrix MetaFrame 1.8 SP 2). It also serves home shares, group shares, etc. This Samba runs as a PDC on our NIS master, and uses a passwd chat for password synchronization.
[global]
# Use machine-specific config, if it exists
config file = /usr/local/samba/lib/smb.conf.%m
# NT Domain
workgroup = MEEMDOM
netbios name = QUINCY
server string = Samba %v
security = USER
# Logging
status = Yes
socket options = TCP_NODELAY
logon script = scripts\%U.cmd
logon path = \\%N\%U\ntsetup\profile
logon drive = H:
logon home = \\%N\%U
domain logons = Yes
domain master = Yes
preferred master = Yes
local master = Yes
wins support = Yes
hosts allow = 141.219.24., 141.219.25., 141.219.26., 141.219.27., 141.219.33.240, 141.219.32.250
# This currently doesn't work in 2.0.7, but is supposed to map the
# Unix realname to NT realname
unix realname = Yes
# Required for NT domain logons
encrypt passwords = Yes
min password length = 6
null passwords = No
# This syncs the Unix password whenever smbpasswd is used or a
# password is changed from the NT dialog
unix password sync = Yes
passwd program = /bin/passwd %u
passwd chat = *New*password* %n\n *new*password* %n\n *changed*
smb passwd file = /usr/local/samba/private/smbpasswd
# Useful for debugging password chats
#passwd chat debug = yes
#log file = /tmp/samba.log
#log level = 100
load printers = Yes
printing = sysv
printcap name = /usr/local/samba/lib/printcap
veto files=/*.vbs/*.VBS/
[homes]
comment = Home directories
create mask = 0755
blocking locks = No
writable = Yes
browseable = No
[netlogon]
path = /usr/local/samba/netlogon
browseable = No
[printers]
path = /tmp
printable = Yes
[g_drive]
comment = Groups drive
path = /usr/local/gdrive
create mask = 0660
force create mode = 0660
directory mask = 02770
force directory mode = 02770
writable = Yes
guest ok = Yes
[i_drive]
comment = Typists' I drive
path = /home/mefac/typing
write list = @metyping
writable = Yes
browseable = No
guest ok = Yes
[marcweb]
comment = MARC web pages
path = /local/marcweb
write list = @marcweb
force group = +marcweb
create mask = 0775
[ftp]
comment = Department ftp server
path = /local/ftp
writable = Yes
guest ok = Yes
[web]
comment = Department web pages
path = /local/web
writable = Yes
guest ok = Yes