tid represents an instance of an authenticated connection to a server resource. Tid is returned by the server to the client when the client successfully connects to a resource, and the client uses Tid in subsequent requests referring to the resource.
If the server is executing in share level security mode, Tid is the only thing used to allow access to the shared resource. Thus if the user is able to perform a successful connection to the server specifying the appropriate netname and passwd (if any) the resource may be accessed according to the access rights associated with the shared resource (same for all who gained access this way).
If however the server is executing in user level security mode, access to the resource is based on the uid (validated on the SMB_COM_SESSION_SETUP_ANDX request) and the tid is NOT associated with access control but rather merely defines the resource (such as the shared directory tree).
In most SMB requests, Tid must contain a valid value. Exceptions include prior to getting a tid established including SMB_COM_NEGOTIATE, SMB_COM_TREE_CONNECT, SMB_COM_ECHO, and SMB_COM_SESSION_SETUP_ANDX. 0xFFFF should be used for Tid for these situations. The server is always responsible for enforcing use of a valid tid where appropriate.