Networking / Beginners

Server-Level Security

Server-level security mode is almost identical to the user-mode security mode. The only exception is that the authentication is not performed within the same server. A separate SMB server is used to authenticate the users. This server can be a Windows NT computer, a SAMBA server, or any other server that is fully compatible with the SMB protocol. The server that is used to perform this authentication can be specified in the global section in the smb.conf file with the following directive:

server = <SERVERNAME>

The <SERVERNAME> should be a valid Netbios name of the SMB computer. The server-level security has a major disadvantage, however. SAMBA is used mainly to support Windows file-sharing features with Linux computers. When SAMBA connects to a remote server, the connection doesn't close down after the authentication is complete. The connection remains active until either the SAMBA daemon that requested authentication sends a close connection request or the requesting daemon is dead. In both cases, long active connections are required. If the authenticating server is a Windows server, the limited simultaneous license restraint in some versions of Windows, such as Windows 2000 and Windows NT server, can be a hindrance.

Domain-Level Security

If domain-level security is set in SAMBA, it needs to perform all authentications from the Primary Domain Controller (PDC). Before SAMBA can send authentication requests to the PDC of the network, it must be added in the NT domain using Server Manager for domains. An important thing to note here is that the SAMBA server should not be made the PDC of the network.

Unlike the share-level security, once a user has been authenticated with domain level security, the user is not asked for individual passwords for shares. After authentication, the user is granted a ticket that can be universally used to access all permissible shares.

Because the authenticated user already has a session ticket to access all information, domain-level security mode doesn't require the SAMBA server to maintain a continuous connection with the PDC of the network.

[Previous] [Contents]

In this tutorial:

  1. Linux Other Network Servers
  2. Setting the FTP User Account
  3. Configurations File for FTP Server
  4. ftpusers
  5. Anonymous FTP
  6. Using Proper Password and Group Files
  7. Anonymous FTP Warnings
  8. Sendmail
  9. Sendmail Security
  10. Domain Name Service
  11. Domain Name Space
  12. Services Offered By a DNS Server
  13. DNS Transactions
  14. BIND
  15. BIND Configuration
  16. Resource Records (RR)
  17. Start of Authority (SOA)
  18. nslookup
  19. BIND Security
  20. Host Name Spoofing
  21. Running BIND with Least Privileges
  22. DNS Security Extensions (DNSEC)
  23. SAMBA
  24. SMB Protocol
  25. Mounting the SMB File System
  26. SAMBA Security
  27. Server-Level Security