Each server makes a set of resources available to clients on the network. A resource being shared may be a directory tree, named pipe, printer, etc. So far as clients are concerned, the server has no storage or service dependencies on any other servers; a client considers the server to be the sole provider of the file (or other resource) being accessed.
The CIFS protocol requires server authentication of users before file accesses are allowed, and each server authenticates its own users. A client system must send authentication information to the server before the server will allow access to its resources.
The CIFS protocol defines two methods which can be selected by the server for security: share level and user level:
When a user level server validates the account name and password presented by the client, an identifier representing that authenticated instance of the user is returned to the client in the Uid field of the response SMB. This Uid must be included in all further requests made on behalf of the user from that client. A share level server returns no useful information in the Uid field.
The user level security model was added after the original dialect of the CIFS protocol was issued, and subsequently some clients may not be capable of sending account name and passwords to the server. A server in user level security mode communicating with one of these clients will allow a client to connect to resources even if the client has not sent account name and password information:
1. If the client's computer name is identical to an account-name known on the server, and if the password supplied to connect to the shared resource matches that account’s password, an implicit "user logon" will be performed using those values.
If the above fails, the server may fail the request or assign a default account name of its choice.
2. The value of Uid in subsequent requests by the client will be ignored and all access will be validated assuming the account name selected above.