Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Mail Systems
Eclipse Documentation

How To Guides
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Problem Solutions
Privacy Policy




Samba HowTo Guide
Prev Home Next

Samba Security Modes

In this section, the function and purpose of Samba's security modes are described. An accurate understanding of how Samba implements each security mode as well as how to configure MS Windows clients for each mode will significantly reduce user complaints and administrator heartache.

Microsoft Windows networking uses a protocol that was originally called the Server Message Block (SMB) protocol. Since some time around 1996 the protocol has been better known as the Common Internet Filesystem (CIFS) protocol.

In the SMB/CIFS networking world, there are only two types of security: user-level and share level . We refer to these collectively as security levels . In implementing these two security levels, Samba provides flexibilities that are not available with MS Windows NT4/200x servers. In fact, Samba implements share-level security only one way, but has four ways of implementing user-level security. Collectively, we call the Samba implementations of the security levels security modes . They are known as share , user , domain , ADS , and server modes. They are documented in this chapter.

An SMB server informs the client, at the time of a session setup, the security level the server is running. There are two options: share-level and user-level. Which of these two the client receives affects the way the client then tries to authenticate itself. It does not directly affect (to any great extent) the way the Samba server does security. This may sound strange, but it fits in with the client/server approach of SMB. In SMB everything is initiated and controlled by the client, and the server can only tell the client what is available and whether an action is allowed.

The term client refers to all agents whether it is a Windows workstation, a Windows server, another Samba server, or any vanilla SMB or CIFS client application (e.g., smbclient ) that make use of services provided by an SMB/CIFS server.

Samba HowTo Guide
Prev Home Next

  Published under the terms fo the GNU General Public License Design by Interspire