Server-level security mode is almost identical to the user-mode security mode. The only exception is that the authentication is not performed within the same server. A separate SMB server is used to authenticate the users. This server can be a Windows NT computer, a SAMBA server, or any other server that is fully compatible with the SMB protocol. The server that is used to perform this authentication can be specified in the global section in the smb.conf file with the following directive:
server = <SERVERNAME>
The <SERVERNAME> should be a valid Netbios name of the SMB computer. The server-level security has a major disadvantage, however. SAMBA is used mainly to support Windows file-sharing features with Linux computers. When SAMBA connects to a remote server, the connection doesn't close down after the authentication is complete. The connection remains active until either the SAMBA daemon that requested authentication sends a close connection request or the requesting daemon is dead. In both cases, long active connections are required. If the authenticating server is a Windows server, the limited simultaneous license restraint in some versions of Windows, such as Windows 2000 and Windows NT server, can be a hindrance.
If domain-level security is set in SAMBA, it needs to perform all authentications from the Primary Domain Controller (PDC). Before SAMBA can send authentication requests to the PDC of the network, it must be added in the NT domain using Server Manager for domains. An important thing to note here is that the SAMBA server should not be made the PDC of the network.
Unlike the share-level security, once a user has been authenticated with domain level security, the user is not asked for individual passwords for shares. After authentication, the user is granted a ticket that can be universally used to access all permissible shares.
Because the authenticated user already has a session ticket to access all information, domain-level security mode doesn't require the SAMBA server to maintain a continuous connection with the PDC of the network.
In this tutorial:
- Linux Other Network Servers
- Setting the FTP User Account
- Configurations File for FTP Server
- Anonymous FTP
- Using Proper Password and Group Files
- Anonymous FTP Warnings
- Sendmail Security
- Domain Name Service
- Domain Name Space
- Services Offered By a DNS Server
- DNS Transactions
- BIND Configuration
- Resource Records (RR)
- Start of Authority (SOA)
- BIND Security
- Host Name Spoofing
- Running BIND with Least Privileges
- DNS Security Extensions (DNSEC)
- SMB Protocol
- Mounting the SMB File System
- SAMBA Security
- Server-Level Security