On Windows systems in the network security level setting.
In SAMBA server, also introduces the concept of this security level. Every security level corresponds to a set of default security policy. In SAMBA server, the security level is divided into four levels, namely share, User, Server, and Domain. As a system administrator needs to know about these four security levels of differences, and on the basis of enterprise network deployment and security requirements, to select the appropriate security level. I. Introduction to the various levels of security and application environment. 1, Domian security level. This is the SAMBA server's highest security level. When set to this level of security, the SAMBA server itself and not on the identity of the client for authentication. But the work to a dedicated domain controller or any other server. In previous articles, I remember that said use SAMBA server as a client and Windwos Linux servers but the biggest benefit is the Linux operating system can be added to a Microsoft domain. That is, the deployment of a SAMBA server Linux operating system support: Microsoft domain environment. So if your business is now the network environment is a domain environment, you can use this security level. System administrators can take the SAMBA server is joined to a Microsoft domain, and let the domain controller is responsible for client authentication. You can let the Microsoft domain controller is responsible for server and client interaction, handle user login, authentication, directory, search, and other related jobs, to provide higher security. To this end which this security level, there is a prior condition that the enterprise network in the domain management. Security level 2, Servder and User security levels. These two security levels very similar to this I will describe here together. User security levels are the Samba server's default security levels, he said before users access the server, you must use a valid account number and password to sign in. In other words, the client must have a valid user name and password to access it. Also note that a problem is that the system administrator needs to clear the authentication. Some of the system time of its authentication occurs at file specific access. That is, the client does not have a password, you can access the shared documents list information. But you want to access a particular file, you need to provide a password. But User security levels. At this security level, the authentication occurs at the time of the connection. This means the client is unable to provide a valid user name and password, then even if list information can be accessed. Server security levels in a User security levels and Domian security level. Client access to the Samba server, also need to provide a valid user name and password information. Only at this security level, there will be another independent server is responsible for the verification of identity. This security level Domian is very similar. Just at this security level is domain environment of mandatory requirements. But take this security level, with the Domain security level there is a big difference. That is, in the Server security level, if the other server verification fails, then the server will automatically downgrade the security level for the User. Then use User security levels of the set of authentication mechanisms. Visible for clients, potential User and Server the two security level is no different. However, the system administrator, but you can make a big fuss about. As you can depending on the security level, set different access policies, access permissions, and so on. Typically, if the requirements of the enterprise for security is relatively high, but also have a separate server to complete the mail, and other application services for authentication, you can consider using Server level. And you can enable through the prohibition of the SAMBA password file to limit the server uses the User level. 3. Share security level. This level is the SAMBA Server minimum levels of security. This time the client connects to a SAMBA server, does not need to provide a user name and password authentication information, you can access Linux shared resources on the server. Although this security level is way more convenient, but obviously their security is difficult to be guaranteed. The information in the log, it is difficult to reflect the client's access to information. But the system administrator should be noted that, at this point if its on a Linux system using the who command to query the logged-on user information, you will find a number of strange users. This is mainly because the share security level, the client does not need any account number and password to access. But at this point, SAMBA will automatically provide a valid Unix account to make the table the identity of the client. So a system administrator who will be in the list to see some strange account information. Due to the lack of security at this level, I do not suggest that you use this security level.
No comments:
Post a Comment