Authentication is proving that you are who you say you are. You do this every day, during such activities as printing a document or saving a file to a network drive. When things are working correctly, the steps taken by a server to authenticate a request are often taken for granted. You enter a password, and it is used whenever the client machine needs to access a network resource on your behalf. Authentication is a prerequiste to authorization. Authorization is what the server does to verify that the authenticated user should (or should not) gain access to the requested resource (such as the printer or file share).
Chapter 1 described the basic steps necessary to connect to a share. The second step, after negotiating the protocol dialect, is the session setup, a packet exchange in which the client sends some proof of identify. This proof must be validated somehow. In this chapter, you will see how Samba can be configured to verify this request using a set of local user accounts. More advanced authentication environments involving domain controllers are covered in Chapters 9 and 10.
The SMB/CIFS protocol has two security levels:
user and share. Samba implements these levels across five security modes
defined by the global
security parameter in smb.conf.[*] Only three of these values are relevant to modern Samba servers, all of which are variations of SMB/CIFS user-level authentication. In this chapter, we cover ...