In this section, the function and purpose of Samba's security modes are described. An accurate understanding of
how Samba implements each security mode as well as how to configure MS Windows clients for each mode will
significantly reduce user complaints and administrator heartache.
Microsoft Windows networking uses a protocol that was originally called the Server Message Block (SMB)
protocol. Since some time around 1996 the protocol has been better known as the Common Internet Filesystem
In the SMB/CIFS networking world, there are only two types of security:
. We refer to these collectively as
implementing these two security levels, Samba provides flexibilities that are not available with MS Windows
NT4/200x servers. In fact, Samba implements
security only one way, but has
four ways of implementing
security. Collectively, we call the Samba
implementations of the security levels
. They are known as
modes. They are documented in this chapter.
An SMB server informs the client, at the time of a session setup, the security level the server is running.
There are two options: share-level and user-level. Which of these two the client receives affects the way the
client then tries to authenticate itself. It does not directly affect (to any great extent) the way the Samba
server does security. This may sound strange, but it fits in with the client/server approach of SMB. In SMB
everything is initiated and controlled by the client, and the server can only tell the client what is
available and whether an action is allowed.
client refers to all agents whether it is a Windows workstation, a Windows server,
another Samba server, or any vanilla SMB or CIFS client application (e.g.,
make use of services provided by an SMB/CIFS server.