Hi Everyone,

Background information:

A linux development environment of Slackware 12.2 running Samba 3.2.15. This is sending shares out to a MS Windows AD domain (sbs 2003). I am NOT attempting a SSO- I have under 40 users so the administrative overhead isn't bad. (Compared to my futile attempts to get SSO to work- but that's another thread.)

Samba is successfully installed and configured. Users can see and access shares under either user level security or share level security from our XP SP3 workstations. Primary goal of Samba is as a file server for different departments (home directories, profiles, printers may come later).

The question, before migrating to my production server:

Is there a consensus on whether it is best to:

A. Deploy each directory (finance, QA, HR, etc) as user-level security and map an individual network drive to it through group policy login script, OR

B. Deploy the directory structure as a single network drive and restrict access via share level security.

I can't see any differences in the practical results, permissions wise. Option B allows me to restrict users from even seeing directories they shouldn't with hide unreadable = yes. Any reason not to go with it?

Any advice or opinions will be greatly appreciated!

It sounds like B is better, is it also simpler to implement?

My Samba skills are very rusty.

Nicely written post, BTW.

Option B is easier to implement as it means I only need to set up one login script that is used for all computer users. My only concerns are if there are security or performance issues with share level security that are not present with user level.

Anyways, there's no better way to learn than to do it, so I am setting it up that way on my production server this week.

Thanks for the reply,