Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Mail Systems
Eclipse Documentation

How To Guides
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Problem Solutions
Privacy Policy




Samba HowTo Guide
Prev Home Next

Server Security (User Level Security)

Server security mode is left over from the time when Samba was not capable of acting as a domain member server. It is highly recommended not to use this feature. Server security mode has many drawbacks that include:

  • Potential account lockout on MS Windows NT4/200x password servers.

  • Lack of assurance that the password server is the one specified.

  • Does not work with Winbind, which is particularly needed when storing profiles remotely.

  • This mode may open connections to the password server and keep them open for extended periods.

  • Security on the Samba server breaks badly when the remote password server suddenly shuts down.

  • With this mode there is NO security account in the domain that the password server belongs to for the Samba server.

In server security mode the Samba server reports to the client that it is in user-level security. The client then does a session setup as described earlier. The Samba server takes the username/password that the client sends and attempts to log into the password server by sending exactly the same username/password that it got from the client. If that server is in user-level security and accepts the password, then Samba accepts the client's connection. This parameter allows the Samba server to use another SMB server as the password server.

You should also note that at the start of all this, when the server tells the client what security level it is in, it also tells the client if it supports encryption. If it does, it supplies the client with a random cryptkey. The client will then send all passwords in encrypted form. Samba supports this type of encryption by default.

The parameter security = server means that Samba reports to clients that it is running in user mode but actually passes off all authentication requests to another user mode server. This requires an additional parameter password server that points to the real authentication server. The real authentication server can be another Samba server, or it can be a Windows NT server, the latter being natively capable of encrypted password support.

Samba HowTo Guide
Prev Home Next

  Published under the terms fo the GNU General Public License Design by Interspire