Samba Security Modes; User-Level Security - Red Hat ENTERPRISE LINUX 5 - DEPLOYMENT Deployment Manual

# Set per user paths with pdbedit
logon drive = H:
domain logons = Yes
os level = 35
preferred master = Yes
domain master = Yes
[homes]
comment = Home Directories
valid users = %S
read only = No
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon/scripts
browseable = No
read only = No
# For profiles to work, create a user directory under the
# path shown.
mkdir -p /var/lib/samba/profiles/john
[Profiles]
comment = Roaming Profile Share
path = /var/lib/samba/profiles
read only = No
browseable = No
guest ok = Yes
profile acls = Yes
# Other resource shares ... ...
Note
If you need more than one domain controller or have more than 250 users, do not use a
tdbsam authentication backend. LDAP is recommended in these cases.
20.6.3.2. Primary Domain Controller (PDC) with Active Directory
Although it is possible for Samba to be a member of an Active Directory, it is not possible for Samba to
operate as an Active Directory domain controller.

20.7. Samba Security Modes

There are only two types of security modes for Samba, share-level and user-level, which are
collectively known as security levels. Share-level security can only be implemented in one way,
while user-level security can be implemented in one of four different ways. The different ways of
implementing a security level are called security modes.

20.7.1. User-Level Security

User-level security is the default setting for Samba. Even if the security = user directive is not
listed in the smb.conf file, it is used by Samba. If the server accepts the client's username/password,
the client can then mount multiple shares without specifying a password for each instance. Samba can
also accept session-based username/password requests. The client maintains multiple authentication
contexts by using a unique UID for each logon.
In smb.conf, the security = user directive that sets user-level security is:
Samba Security Modes
281