Each user who attempts to connect to a share not allowing guest access must provide a password to make a successful connection. What Samba does with that password—and consequently the strategy Samba will use to handle user authentication—is the arena of the security configuration option. Samba currently supports four security levels on its network: share, user, server, and domain.
Each share in workgroup has one or more passwords associated with it. Anyone who knows a valid password for the share can access it
Each share in the workgroup is configured to allow access from certain users. With each initial tree connection, the Samba server verifies users and their passwords to allow them access to the share.
This is the same as user-level security, except that the Samba server uses another server to validate users and their passwords before granting access to the share.
Samba becomes a member of a Windows NT domain and uses one of the domain’s domain controllers—either the PDC or a BDC—to perform authentication. Once authenticated, the user is given a special token that allows her access to any share with appropriate access rights. With this token, the domain controller will not have to revalidate the user’s password each time she attempts to access another share within the domain. The domain controller can PDC or BDC, or Samba be a Windows NT/2000acting as a Windows NT PDC.
Samba Server Setting – Security Tab