Introduction to Samba, File Sharing Protocol

Not to be confused with ...

• a specific genre of afro-Brazilian music or folk dance or
• the Society for Ambulatory Anesthesia
• Special Agents Mutual Benefit Association

Samba is an...

• an open source software suite
• file and print services to SMB/CIFS clients- Windows boxes
• runs on UNIX platforms, but speaks to Windows clients like a native.

CIFS, Common Internet File System (formerly SMB) is the file sharing protocol used by Microsoft Windows 95, 98, ME, NT, 2000, and XP operating systems to share files and printers across the network.


Similar to CIFS, NFS (Network File System) is the file sharing protocol which is used in Unix based platforms to share files across the network.

Samba consists of two key programs smbd and nmbd. Thier job is to implement the four basic modern-day CIFS services, which are...

• File and print services
• Authentication and Authorization
• Name resolution
• Service announcement (browsing)

• File and print services are provided by smbd
• Name resolution and service announcement are provided by nmbd

... provided by smbd

The SMB daemon also handles ``share mode'' and ``user mode'' authentication and authorization to protect shared file and print services with passwords.
Share Mode - Single password assigned to a directory or share
User Mode - Each user has a username/password and admin can grant or deny access on an individual basis

A domain is a concept used in NT server operating systems whereby a user may be granted access to a number of computer resources with the use of a single username and password combination.

Until the release of Samba Version 2, only Microsoft owned code to implement the NT Domain Authentication protocols. Samba rules.

... provided by nmbd


These two services involve the management and distribution of NetBIOS names.


There are two types of name resolution..

• broadcast and point-to-point
• NBNS (NetBIOS Name Service) or WINS (Windows Internet Name Service)

Samba comes with a variety of utilities.

smbclient

• a simple SMB client, similar to an FTP utility
• can be used from a UNIX system to connect to remote SMB shares, transfer files, and print files to network printers

nmblookup

• NetBIOS Name Service client
• find NetBIOS names on a network, lookup thier IP addresses
• query a remote machine for a list of names the machine believes it owns

swat

• the Samba Web Administration Tool
• configure Samba remotely, over the web

smbfs

• the SMB Filesystem allows Linux to map a remote SMB share into its directory structure

The /mnt/blah directory might actually be an SMB share, yet you can read, write, edit, delete and copy files from it just as you would local files.

smbsh

• SMB Shell runs like a UNIX Shell

		#### man page ####
	 	smbsh allows you to access an NT filesystem using UNIX commands such as
	    ls,  egrep, and rcp. You must use a shell that is dynamically linked in
	    order for smbsh to work correctly.
	

Samba is configured by editing the smb.conf file.

• simple text file, designed to look like Windows *.ini files
• fully documented for easy editing but can alsobe manipulated in GUI form via SWAT

Samba's configuration file is typically here:

		/etc/samba/smb.conf
	
	

At minimum contains...

	[global]
	   workgroup = MYGROUP
	   server string = Samba Server
	   hosts allow = 192.168. 127.
	   printcap name = /etc/printcap
	   load printers = yes
	   printing = bsd
	   log file = /var/log/samba/%m.log
	   max log size = 0
	   security = user
	   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
	   encrypt passwords = yes
	   smb passwd file = /etc/samba/smbpasswd
	[homes]
	   comment = Home Directories
	   browseable = no
	   writable = yes
	[printers]
	   comment = All Printers
	   path = /var/spool/samba
	   browseable = no
	   guest ok = no
	   printable = yes
	

SMB passwords are stored in a distinct password file.

Usually /etc/samba/smbpasswd

The /etc/samba/smbusers contains a mapping between UNIX users and Samba users. This configuration file allows you to map Windows Users to unix users.

For example, if you had a user who logged onto their Windows PC as Fred, but you wished them to use the username fb on the linux system, you would enter the following into the smbusers file...

	    fb = Fred
	

Use the smbpasswd command.

	[root@blahBox root]# smbpasswd -a 

		New SMB password:
		Retype new SMB password:
		Added user bob.
	

Use the -d switch to disable a user.

	[root@blahBox root]# smbpasswd -d 

	

Use the -x switch to delete a user.

	[root@blahBox root]# smbpasswd -x 
	
	

To start Samba, run the following..

	[root@blahBox root]# /etc/init.d/smb start|stop|restart
	

or..

[root@blahBox root]# service smb start start|stop|restart

Test by executing the following commands..

1. Create a directory in /mnt/ to map the SMB share to..
   

   		[root@blahBox root]# mkdir /mnt/sambaTest
   		

2. Mount the share...

   		[root@blahBox root]# mount -t smbfs -o username=,password= //blahBox/share /mnt/sambaTest
   		

Samba log files: /var/log/samba/*

Tail the log files with the following...

		[root@blahBox root]# tail -f /var/log/samba/*.log
	

Log files contain common SMB info like the following...

	  # Samba name server BLAHBOX is now a local master browser for workgroup MDKGROUP on subnet 192.168.1.69
	  or
	  # blahBox(192.168.1.69) connect to service  as user  (uid=500, gid=500) (pid 942)
	
	

1. Working TCP/IP configuration
2. Log off from Start Menu and log back in as your Samba user
3. Go to Run and enter \\blahBox\share
4. This will display your home directory, Windows-style

lpr

• The Line Printer Daemon protocol (or LPR, LPD) also known as the Berkeley printing system
• a set of programs that provide printer spooling and network print server functionality
• Common Implementations: official BSD UNIX operating system and the LPRng project
• the Common Unix Printing System (or CUPS) borrows heavily from LPD

• printers must be defined /etc/printcap and /etc/smb.conf
• the SMB-networking client builds the print job on itself
• transfer the entire job over the network to the Samba server
• on the server, Samba has its own temporary print spool directory to which the job is copied
• once the transfer is complete, it is then passed to the UNIX print spooler

"Your UNIX lp print queue is visible as the \\cericon\lp network printer and should be entered as such in the configuration wizard"

• add the service swat 901/tcp to your /etc/services file
• add the following to your /etc/xinetd.conf file.
  

  		swat stream tcp nowait root /usr/sbin/tcpd /usr/sbin/swat
  		

• Create a file /etc/xinetd.d/swat
  

  	
  		 service swat
  		{
  		    port            = 901
  		    socket_type     = stream
  		    wait            = no
  		    only_from       = localhost 192.168.0.0/16
  		    user            = root
  		    server          = /usr/sbin/swat
  		    server_args     = -s /etc/samba/smb.conf
  		    log_on_failure  += USERID
  		    disable = no
  		}
  		

Go to http://blahBox:901/ in your favorite browser..

You should login as root ( swat does not use smbpasswd to authenticate this login).

• 28 July 2005 Samba 3.0.20rc1 Available for Download
• Current in Development: fairly major redesign of Samba version 4

Andrew Tridgell, the creator of Samba, visited Hong Kong during mid-march 2004 where he introduced Samba 4 development to the Hong Kong Linux Users Group

"The new version aims to be a much more complete implementation of the SMB/CIFS filesharing protocol and the related DCERPC/MSRPC protocols. The new design also aims to be much more maintainable, by utilising code generation techniques where possible and much more robust and complete protocol parsing techniques for the parts of the protocol that are not am enabled tocode generation techniques."