Samba IPX/SPX Interface - (MAC) Karte - SMB TCP/IP Treiber - NetBIOS Applikation Netzwerk Karten NDIS (2,3,3.1,4,5) NDIS NetBEUI based) - nfsiod based File Sharing is responsible for mount request mount for responsible is - and Common Internet File System File Internet Common 網路芳鄰 Block) Message (Server SMB … printers, files, to access Share NetBIOS on Based mountd nfsd RPC onBased • • • • • • • • CIFS (Microsoft) FTP (File Transfer Protocol) Transfer (FileFTP NFS (UNIX Network
Computer Center, CS, NCTU 2 ) System allowing applications to applications allowing oriented communication oriented - Input/Output layer layer Network Basic Network ( File and printer sharing service sharing printer and File Authentication API related to the session the to related API network area a local over communicate resolution and registration name for Service Name connection for service Session communication connectionless for service distribution Datagram • • • • • • SMB NetBIOS Service SMB of and NetBIOS
Computer Center, CS, NCTU 3 Network Network - Net network - when accessing just as BIOS does in local filesystem Input/Output network scheme filesystem networking protocols networking token ring and network ) routing protocol ) based - Sytek (NBF for software communication over IBM’s PC filesystem API Network Network Basic NetBIOS Extended User Interface Extended User NetBIOS – NetBIOS Frames NetBIOS – Microsoft created a NetBIOS implementation for its MS developed as an – – NetBIOS relied on proprietary proprietary on reliedNetBIOS NetBEUI the using protocolBy NBF Difference between local Used to share or access network filesystem In 1987 NBT LAN In 1985,IBM went forward with the 1985 topology 1983 • • • • • • • NetBIOS NetBIOS over TCP/IP NetBIOS NetBIOS (API) NetBIOS NetBIOS System
Computer Center, CS, NCTU 4 Peer to peer (Workgroup model) peer (Workgroup to Peer NetBIOS NetBIOS Naming Service
Computer Center, CS, NCTU 5 WINS NetBIOS NetBIOS Naming Service
Computer Center, CS, NCTU 6 SMB 3.0 (Previously named SMB 2.2) named SMB 3.0 (Previously – netbios filesystem SMB 2.1 – Microsoft introduced SMB2 with Windows vista Windows SMB2 with introduced Microsoft Microsoft merged the SMB protocol with LAN Manager Manager LANwith SMB protocol the merged Microsoft for in Windows SMB protocol to features add and merged Microsoft CIFSSMB as renames Microsoft Server Server Message Block – – – – Support for symbolic link, hard link, larger file sizes, … sizes, file larger link,hard link,symbolic for Support 445 port TCP over connections direct supportingat attempt Initial locking opportunistica new with enhancement Performance interfaces network physical use of multiple the Enables Run on top of topRun on used versioncommon the most to modifications considerable made has Microsoft – 2006 7 Windows 2012 Server 8/Windows Windows Original designed by IBM with the aim of turning DOS interrupt local file access access file local interrupt DOS turning of aim the with IBM by designed Original network a into 1990 1992 Workgroup 1996 • • • • • • • SMB SMB SMB SMB
Computer Center, CS, NCTU 7 IPX/SPX Interface - (MAC) Karte - SMB TCP/IP Treiber - NetBIOS Applikation Netzwerk Karten NDIS (2,3,3.1,4,5) NDIS NetBEUI i '^s.*m.*b'/usr/share/dict/words - Napster, Simba Andrew Tridgwell developed the first version of Samba Samba of version first the developed Tridgwell Andrew – – Windows communication grep Using serverPathworks sniffer on DEC Using a packet software Samba - 1991 protocol SMB speak that A UNIXapplication (SMB) Block Message Server Name: Original the use not Can • • • Why ? Why samba SAMBA UNIX
Computer Center, CS, NCTU 8 name just like Microsoft does Microsoft like just name NetBIOS Sharing files or printers just like Microsoft does Microsoft like just orprinters files Sharing does Microsoft like just identity user Authenticate Resolve • • • Sharing What SAMBA cando?
Computer Center, CS, NCTU 9 6 BD net/samba46 BD - samba46 /ports/net/samba4 install install usr Samba Samba 4.6.8 portmaster pkg % cd / cd % % % • • • Using package Using ports Install SAMBA
Computer Center, CS, NCTU 10 smb.conf / etc ) /local/ ) usr / ) ) ) smbpasswd winbindd / pdbedit nmbd smbd / / sbin sbin sbin /local/bin/ /local/ smb.conf usr smb.conf.sample lmhosts /local/bin/ / / (/ usr /local/ /local/ 644 usr services (/ etc etc (/ usr usr (/ (/ Manage the Samba Manage database theSamba user Management of sharing sharing printersfilesand Management of directories, and manage ResolveNetBIOS name workgroup WINS chmod /local/ /local/ usr usr smbpasswd nmbd winbindd pdbedit / / smbd • • • • • • • Major execution files Major execution Configuration files Configuration SAMBA componentsSAMBA
Computer Center, CS, NCTU 11 chiahung u - w - pdbedit sudo - chiahung - ] db / var [/ 4C39EB51: - derek chiahung:1000: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX: 3CDEC7966A2F9837F9F628DC13CC02AE: ]: [U LCT 1000 513 - - tdb 4261865294 4261865294 - - /samba4 db / var 129722405 129722405 - - profile \ v - L - 3763889141 3763889141 chiahung - - chiahung \ \ 21 21 - - Hung Tsai 5 5 - pdbedit - - derek 1 1 derek \ - - \ \ chiahung \ sudo Default path: database / smbpasswd - . Now samba stores accounts and passwords in passwords and accounts stores samba Now v.s : • chiahung - samba4 password file password samba4 tdb desc Drive: dial: [~] [~] SAMBA password SAMBA https://www.samba.org/samba/docs/man/manpages/smbpasswd.5.html Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF : Logon hours ------Password can change: Mon, 12 Jul 2010 00:03:29 CST 00:03:29 Jul 2010 Mon, 12 can change: Password never change: must Password 0 : password Last bad 0 : count Bad password Logoff time: never Logoff time: never time: Kickoff CST 00:03:29 Jul 2010 Mon, 12 set: last Password Workstations: Munged 0 Logon time: Profile Path: Path: Profile DEREK Domain: Account Full Name: Chia Full Name: Home Directory: HomeDir Logon Script: Account Flags: [U ] [U Flags: Account S User SID: S SID: Group Primary ------Unix username: NT username: derek
Computer Center, CS, NCTU 12 file can not login (to disable)(to login not can file smbpasswd c “[DX]” test “[DX]” c - r v - c username c - - command a username a x username L r user - - - - command pdbedit Add user new user delete List Add user new in account some Let enable) (to resume account disable some Let dbedit a d e p pdbedit pdbedit pdbedit - - - • • • • • • • pdbedit smbpasswd SAMBA password SAMBA
Computer Center, CS, NCTU 13 - ] ] ] dir ] - para3 = value3 = para3 … value4 = para4 … para1 = value1 = para1 … value2 = para2 … homes global printers [ [share # comments # [ [ service - Printer Sharing Setting Home Sharing Setting Global setting – – – Each section in the smb.conf file represents either a share meta a share eitherrepresentsor a filesectionsmb.conf in the Each service is special Global section Meta Sections • smb.conf SAMBA configurationSAMBA file
Computer Center, CS, NCTU 14 ” – dos charset dos “ , ” charset sabsd unix “ chwong , ” CP850 CP850 name name = charset charset = netbios name unix dos charset = display charset display “ Ex: servicesetting; individual or services,regardlessall to Apply 140.113. = 140.113.235. allow hostsEx: Group name join to name Group = workgroup Ex: hostthis of Description CourseSA of Server = Samba stringserver Ex: hostthis of name NetBIOS Ex: Global Setting Global Setting (1) Charset Settings hosts allow server string netbios workgroup • • • • • GlobalConfiguration SAMBA configuration configuration file SAMBA
Computer Center, CS, NCTU 15 – passwd log.%m /log/samba/ var Add thisAdd account intoyour /etc/ – Otherwise, the user used nobodyOtherwise,is the log Full path of file = / Ex:log file size = 500 log Ex: max If this is yes, no password is required no is password yes,If this is = no Ex:guest ok map to this guest requestwillany samba use service, thisIf guest can guest account = ftp Ex:guest account Global Setting Global Setting (2) log file log (KB) size log max guest account guest guest ok (or public = yes) = public (or ok guest • • • • SAMBA configuration configuration file SAMBA
Computer Center, CS, NCTU 16 – tdbsam backend = security security = user passdb It is highly recommended not to use this feature – – – Ex: share: no need of id and password tologinneedof share: id and password no password option, and loginwith id user: default controller by check domain: domain id and password server byAD and password check id ads: another id and serverserver:bypassword check Global Setting Global Setting (3) security = [share/user/server/domain] = security • SAMBA configuration configuration file SAMBA
Computer Center, CS, NCTU 17 v m tdb log.% Yes – pcguest raw 50 CP850 /log/samba/ MYGROUP * :* backend = var USER allow allow guests = = / config charset = guest account = security = idmap cups options = server server string = Samba Server Version % unix workgroup = log file max log size = usershare ] Global Setting Global Setting (4) [global Example of global setting global of Example SAMBA configuration configuration file SAMBA
Computer Center, CS, NCTU 18 Samba server Hostname server Samba directory home User name Login time Date Current Client NetBIOS name NetBIOS Client Hostname Client IP Client name NetBIOS server Samba %H %U %T %M %I %L %h %m %m • • • • • • • • Default parametersin Defaultsamba Samba Samba parameters
Computer Center, CS, NCTU 19 – (write list) (write Default permission when directory is created Only Only users on this can write content if read only Default permission when file is created Description of this directory Sharing directory path Display sharing name or not Home Sharing Setting Sharing Home (1) Setting guest ok (or public = yes) admin users = $username users =$username admin %S = users valid createmask mode / create mask mode / directorydirectory comment path browseable writeable,read only • • • • • • • • • Home sharing setting sharing Home SAMBA configuration configuration file SAMBA
Computer Center, CS, NCTU 20 – = Book = Book Picture = /home/image = no = yes = yes = 0664 = 0775 Sharing Sharing Setting (2) writable writable create mode directory mode comment path read only public Example of image sharing image of Example [Image] SAMBA configuration configuration file SAMBA
Computer Center, CS, NCTU 21 /null dev = yes bsd name name = / spoolss dditional tuning dditional A ead size ead prediction ead socket options = socket TCP_NODELAY options = TCP_NODELAY socket SO_RCVBUF=8192 SO_SNDBUF=8192 r r … load printers = load no printing = printcap disable protocol max = SMB2 • • • • • • • • • • Performance Performance tuning Disable printer SAMBA configuration file configurationSAMBA
Computer Center, CS, NCTU 22 } start|stop " " YES YES YES" =" =" =" /samba { /samba ="YES" rc.d / etc smbd_enable nmbd_enable – – rc.conf samba_enable winbindd_enable /local/ / usr etc / / • • Script Starting SAMBA
Computer Center, CS, NCTU 23 UG/Films/[USA UG/Animation hscc hscc Name Time Name SharePath Oplock Mon Oct 18 17:58:462010 Connected at Mon Oct 18 17:12:022010 Mon Oct 18 17:12:022010 pc (140.113.240.135) - d30aedc531 (140.113.240.124) - bdeca39d90d4(140.113.240.133) Machine hscc simba Access R/W Access R/W pc - d30aedc531 - hscc machine machine bdeca39d90d4 hscc simba Group hscc hscc smbstatus DenyMode - Report on current Samba connections connections Samba currenton Report pid 47944 47945 48533 smbstatus Uid chiahung zn hscc -
[~]
47946 509 DENY_NONE 0x100001 RDONLY NONE NONE /home/ 47946 0x100001 509 RDONLY DENY_NONE 47947 509 DENY_NONE 0x100001 RDONLY NONE NONE /home/ 47947 0x100001 509 RDONLY DENY_NONE ------Pid Locked files: Pegasus hscc zn ------Service 47944 48533Pegasus 47945 ------PID Username PID Username Samba Samba version 3.0.37 hscc Computer Center, CS, NCTU 24 user_ID U - host_IP L - List sharable resource sharableList Loginwith username L [hostname] L U [username] smbclient - - • • • A client program that can talk to an SMB SMB server an to talk can that program A client Usage: Tool: smbclient (1)
Computer Center, CS, NCTU 25 chiahung Service (HSCC SAMBA) (HSCC Service U - Comment ------IPC Directories Home hscc L - SAMBA LABPC - (2) EC219 HSCC JJSU 2AMW1GP6PMLTL77 Type Type ---- IPC Disk Comment ------HSCC Master ------smbclient - password: chiahung - chiahung's ------HSCC ------EC219 HSCCLAB LAB635 LAB636 Sharename ------IPC$ chiahung Server Workgroup Workgroup smbclient Domain=[HSCCLAB] OS=[Unix] Server=[Samba 3.0.37] Server=[Samba OS=[Unix] Domain=[HSCCLAB] 3.0.37] Server=[Samba OS=[Unix] Domain=[HSCCLAB] hsccws5[~] hsccws5[~] Enter Tool:
Computer Center, CS, NCTU 26 server sata Service IPC directory ftp directorytest IPC$ IPC$ Video Image \ \ \ SATA SATA SATA \ \ \ \ \ \ smbtree :~ $ :~ MANGOCOLD MANGOCOLD SATA \ \ \ \ server) sata ( mango@mango WORKGORUP SANA b - Only print a list of all the domains and servers responding on broadcast or known by theby knownor broadcast serversrespondingand on domains the all ofa list print Only Only print a list of all the domains known on broadcast or by the master browser master the by or broadcast on known domains the all of a list print Only Query network nodes by sending requests as broadcasts instead of querying the local master master local the querying ofinstead as broadcastsrequests sending by nodes networkQuery smbtree b b D S - browser. - - browser.master • • • smbtree smbtree A smb browser program in text mode text in program browser A smb Usage: Tool:
Computer Center, CS, NCTU 27 mount_point ’ dir N ‘//NetBIOS name/ N ‘//NetBIOS - I IP name) or I IP host - ( Do not ask for ask a password. Do not Do not use NetBIOS name resolver and connect directly to host, which to host, name NetBIOS directlyconnectresolveruse Do not and address.name an a validor IP can DNS be either mount_smbfs I N - - • • Mount_smbfs Mount a shared resource from an SMB file server an SMB file from resource a shared Mount Usage: Tool:
Computer Center, CS, NCTU 28 correctness /smb4.conf etc /local/ ]” usr ]” ]” . /smb4.conf configuration file for for internal file configuration etc files from / from files /local/ ROLE_STANDALONE section "[homes section "[printers section "[public section config usr / services file OK file services smb.conf role: enter to see a dump of your service definitions service your of dump a see to enter smb testparm Loaded Server Press testparm Load Processing Processing Processing • • check an check Usage Tool:
Computer Center, CS, NCTU 29 swat stream swat tcp stream nowait/400 /usr/local/sbin/swat root swat Unmark Unmark • Browse http://sabsd.cs.nctu.edu.tw:901/ Browse Edit /etc/inetd.conf Edit inetd Restart SWAT (1) SWAT
Computer Center, CS, NCTU 30 Root access Root SWAT (2) SWAT
Computer Center, CS, NCTU 31