Networking / Beginners

Server-Level Security

Server-level security mode is almost identical to the user-mode security mode. The only exception is that the authentication is not performed within the same server. A separate SMB server is used to authenticate the users. This server can be a Windows NT computer, a SAMBA server, or any other server that is fully compatible with the SMB protocol. The server that is used to perform this authentication can be specified in the global section in the smb.conf file with the following directive:

server = <SERVERNAME>

The <SERVERNAME> should be a valid Netbios name of the SMB computer. The server-level security has a major disadvantage, however. SAMBA is used mainly to support Windows file-sharing features with Linux computers. When SAMBA connects to a remote server, the connection doesn't close down after the authentication is complete. The connection remains active until either the SAMBA daemon that requested authentication sends a close connection request or the requesting daemon is dead. In both cases, long active connections are required. If the authenticating server is a Windows server, the limited simultaneous license restraint in some versions of Windows, such as Windows 2000 and Windows NT server, can be a hindrance.

Domain-Level Security

If domain-level security is set in SAMBA, it needs to perform all authentications from the Primary Domain Controller (PDC). Before SAMBA can send authentication requests to the PDC of the network, it must be added in the NT domain using Server Manager for domains. An important thing to note here is that the SAMBA server should not be made the PDC of the network.

Unlike the share-level security, once a user has been authenticated with domain level security, the user is not asked for individual passwords for shares. After authentication, the user is granted a ticket that can be universally used to access all permissible shares.

Because the authenticated user already has a session ticket to access all information, domain-level security mode doesn't require the SAMBA server to maintain a continuous connection with the PDC of the network.

[Previous] [Contents]