There are three reasons why security = domain is better. The FIRST is because this method enables the Samba server to PARTICIPATE in domain trust RELATIONSHIPS. This is impossible with server-level security. The second reason is that, under server-level security, each smbd process must keep an open CONNECTION with the authentication server. This can drain a Windows NT PDC quickly. Under domain-level security, this connection is MAINTAINED only long enough to perform the validation, thus conserving valuable resources. The final reason is that, as a domain member, the Samba server has access to much more information about user accounts, which can be used to automate the creation and deletion of user accounts upon demand.

There are three reasons why security = domain is better. The first is because this method enables the Samba server to participate in domain trust relationships. This is impossible with server-level security. The second reason is that, under server-level security, each smbd process must keep an open connection with the authentication server. This can drain a Windows NT PDC quickly. Under domain-level security, this connection is maintained only long enough to perform the validation, thus conserving valuable resources. The final reason is that, as a domain member, the Samba server has access to much more information about user accounts, which can be used to automate the creation and deletion of user accounts upon demand.