SAMBA Server Message Block File & Print Server
Service Profile Type: System-V managed service Packages: samba-common, samba-client Daemons: nmbd, smbd Script: smb Ports: 137/udp, 138/udp 139/tcp Configuration: /etc/samba/smb.conf
SaMBa Client & Server for the Common Internet File System (CIFS) Microsoft's name for its SMB protocol implementation Contains components of the LanManager and NetBIOS protocols Samba may provide performance improvements over ‘native’ CIFS Hhtp://
The goal of SAMBA A single integrated work-group spanning Windows and Linux machines
The view from Windows Linux based resources look identical to Windows based resources. Using Universal Naming conventions (UNC): \\toltec\spirit
The view from Linux # smbstatus Processing section "[homes]“ Processing section "[printers]“ Processing section "[spirit]“ Samba version Service uid gid pid machine spirit jay jay 7735 maya ( ) Sun Aug 12 12: spirit jay jay 7779 aztec ( ) Sun Aug 12 12: jay jay jay 7735 maya ( ) Sun Aug 12 12:
The view from Linux Locked files: Pid DenyMode R/W Oplock Name DENY_WRITE RDONLY NONE /u/RegClean.exe Sun Aug 12 13:01: Share mode memory usage (bytes): (99%) free + 136(0%) used + 72(0%) overhead = (100%) total
Samba Services Authentication & Authorization of users File & Printer Sharing Name Resolution Comprises part of WINS, allows mapping of NetBIOS names to IP addresses WINS is independent of DNS Browsing (service announcements)
WINS Windows Internet Naming Service (WINS) Microsoft's implementation of NetBIOS Name Server (NBNS) on Windows Handles naming in NetBIOS Workstations preload names at boot Distributed model No hierarchy Deprecated from Windows 2000 onwards DNS and Active Directory preferred but may still be present in mixed environments.
NetBIOS Names 16 Bytes in length 15 bytes for the selected name All standard characters a-z, A-Z, 0-9 and # $ % ^ & ( ) - ' { }. ~ are allowed. It is normal practice to use the same machine name for the DNS record and the NetBIOS record. The 16th byte indicates the unique service provided by the machine E.g. Standard Workstation Serviceis00
Querying NetBIOS names C:\>nbtstat -a toltec NetBIOS Remote Machine Name Table Name Type Status TOLTEC UNIQUE Registered...
Workgroups SMB groups are the same as Windows Workgroups. There are predefined group resource types. Nbtstat output: NetBIOS Remote Machine Name Table Name Type Status METRAN GROUP Registered..__MSBROWSE__. GROUP Registered
Smb.conf sections Similar layout to the windows.ini file split into different [ … ] sections [global]: generic server or global settings which apply to each share [homes]: used to grant some or all users access to their home directories [printers]: defines printer resources and services
Sample global section # Simple global section [global] Log file = /var/log/samba/samba.log Load printers=yes Max log size=50 Netbios name=RHL Server string=Samba Server Workgroup=Tardis
Configuring File and Directory Sharing Shares should have their own [ … ] section Options include Public- can be accessed by guest account Browseable – share is visible in browse lists Writeable – resource is read and write enabled Printable – resource is a printer, not a disk Group: all connections to the share use the specified group as their primary group
Example # share Ronan’s Home Dir [ronan-home] Comment= Ronan’s Home Directory Path = /home/rbradley Browseable=yes Writeable=yes Public = yes createMode=0664 DirectoryMode=0775 maxConnections=1 Printable = no
Printing Printers defined in /etc/cups/printers.conf Global options as follows: [printers] path = /var/spool/samba browsable = yes public = yes guest ok = yes writeable = no printable = yes
Printing [LibertyLane] Comment = Staff Printer LaserJet 5 printer = prll valid users = rbradley smcneally path = /var/spool/prll public = no writeable = no printable = yes By default, samba assumes printing is via cups, this can be overridden with the printing= parameter in the [global] section
Other examples [lp] print command = lpr -s -P %p %s; rm %s printable = yes browseable = no [nec-raw] comment = Main PostScript printer driver for Windows clients printer driver = NEC SilentWriter 95 printable = yes browseable = yes
Supporting WINS Turn WINS support on add in [global]: wins support = yes Specify the name resolution order name resolve order = wins lmhosts hosts bcast This step is unncessary as the default order is host lmhosts wins bcast
Name resolution options host means use the system resolver library to determine the IP address of a name lmhosts means to read name-IP mappings from the NetBIOS lmhosts file /etc/samba/lmhosts If this doesn’t exist, lmhosts lookup will be skipped wins tells the server to maintain a WINS database Names will be added and updated as clients connect bcast uses the NetBIOS broadcast mechanism to find the addresses of all hosts Broadcast storms
Authentication There are a number of mechanisms for implementing Authentication in Samba By setting the security= setting this can be controlled by administrators User: Validation is done on a per-user basis, requiring a local smbpasswd file and also smbusers file Server: Validation done by another server
Local file based Authentication When local file based authentication is used, specify that passwords should be stored encrypted in smb.conf encrypted passwords = yes When server based authentication is used, specify the servers to be contacted for authentication information (used when security option is not user). password server = host1 host2 host3
Adding users and setting passwords with local authentication To add a user smbadduser ronan.bradley:rbradley UNIX Username: Windows Username, need not match Encrypted (by default) passwords stored in /etc/samba/smbpasswd Users added with smbadduser and smbpasswd Users defined in /etc/samba/passwd must exist in /etc/passwd
Passwords with local authentication Encrypted passwords stored in /etc/samba/smbpasswd Users added with smbadduser and smbpasswd Users defined in /etc/samba/passwd must exist in /etc/passwd To add a user smbadduser rbradley:rbradley UNIX Username: Windows Username, need not match Use smbpasswd for subsequent password changes for all users
Winbind winbind maps between windows user and group IDs and unix user and group IDs COMP+rbradley or STUDENT\srooney6 or COMP\STAFF or STUDENT:FT211-4
Linux Client access with Samba Smbclient is the standard client utility, useful for testing and for scripts Smbfs is an optional kernel component which allows Linux to mount an SMB share directly, in similar fashion to mounting an NFS share Not available on UML
Smbclient syntax If you do not specify username%password, smbclient will use the upper case version of USER or LOGNAME variable and the PASSWORD variable (if set) If you use the –U option smbclient –U rbradley%letmein Not a great idea, as the command issued is visible in the history and in the ps information Smbclient includes an ftp-like shell
Sample smbclient –L output smbclient -L toltec added interface ip= bcast= nmask= Password: Domain=[METRAN] OS=[Unix] Server=[Samba 2.2.5] Sharename Type Comment test Disk For testing only, please IPC$ IPC IPC Service (Samba 2.2.5) HP Printer HP 932C on Maya ADMIN$ Disk IPC Service (Samba 2.2.5) Server Comment MAYA Windows 98 MIXTEC Samba TOLTEC Samba ZAPOTEC Workgroup Master METRAN TOLTEC
Samba Daemons Nmbd: NetBIOS name server Resource browsing WINS server Smbd: SMB/CIFS server Authentication and authorization File and Printer Sharing
Samba Daemon When an SMB client starts, it needs to know the IP address being used by a particular host Client broadcasts this request on the network and receives a response from nmbd containing the NetBIOS information
Configuration Testing testparm is used to test the correct configuration of your samba settings To check what access will be granted to a given host, you can also supply the IP address of a given host testparm Will return which resources are accessible to that host
Samba Client smbclient can be used as a command-line file retrieval/transfer tool smbclient //machine/resource cd directory get file Also allows simple view of shared resources smbclient –L hostname user%password may be specified with the –U option or by setting and exporting USER and PASSWORD environment variables
Samba Client If you do not specify username%password, smbclient will use the upper case version of USER or LOGNAME variable and the PASSWORD variable (if set) If you use the –U option smbclient –U rbradley%letmein Not a great idea, as the command issued is visible in the history and in the ps information Smbclient includes an ftp-like shell
Sample smbclient –L output smbclient -L toltec added interface ip= bcast= nmask= Password: Domain=[METRAN] OS=[Unix] Server=[Samba 2.2.5] Sharename Type Comment test Disk For testing only, please IPC$ IPC IPC Service (Samba 2.2.5) HP Printer HP 932C on Maya ADMIN$ Disk IPC Service (Samba 2.2.5) Server Comment MAYA Windows 98 MIXTEC Samba TOLTEC Samba ZAPOTEC Workgroup Master METRAN TOLTEC
smbmount SMB file system can be supported by the LINUX kernel Not available in UML Can use smbmount to mount a SMB-shared resource smbmount service mountpoint –o options smbmount //server/resource /mnt/smb –o username=smbuser Must set CONFIG_SMB-FS set on for smbmount to work
Samba mounts in /etc/fstab Samba mounts can be performed automatically upon system boot by editing /etc/fstab Specify the UNC path the local mount point smbfs as the file system and a username //server1/resource /mnt/smb smbfs deaults,username=nobody 0 0
Samba Resources html