Authentication of Clients
At
this point, we should discuss how Samba authenticates users. Each
user who attempts to connect to a share not allowing guest access
must provide a password to
make a successful connection. What
Samba does with that password—and consequently the strategy
Samba will use to handle user authentication—is the arena of
the security configuration option. Samba currently
supports
four
security levels on its network:
share, user,
server, and domain.
- Share-level security
Each share in the workgroup has one or more passwords associated with it. Anyone who knows a valid password for the share can access it.
- User-level security
Each share in the workgroup is configured to allow access from certain users. With each initial tree connection, the Samba server verifies users and their passwords to allow them access to the share.
- Server-level security
This is the same as user-level security, except that the Samba server uses another server to validate users and their passwords before granting access to the share.
- Domain-level security
Samba becomes a member of a Windows NT domain and uses one of the domain’s domain controllers—either the PDC or a BDC—to perform authentication. Once authenticated, the user is given a special token that allows her access to any share with appropriate access rights. With this token, the domain controller will not have to revalidate the user’s password each time she attempts to access another share within the domain. The domain controller can ...
Get Using Samba, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
