Samba

jnlin IPX/SPX Interface - (MAC) Karte - SMB TCP/IP Treiber - NetBIOS Applikation Netzwerk Karten NDIS (2,3,3.1,4,5) NDIS NetBEUI based) - nfsiod basedFile Sharing is responsible for mount request mount for responsible is - and and SMB () Message SMB (Server … printers, files, to access Share on NetBIOSBased nfsd on RPCBased System File Internet Common 網路芳鄰 mountd • • • • • • • • CIFS () FTP (File Transfer Protocol) Transfer FTP (File NFS (UNIX q q q Network

Computer Center, CS, NCTU 2 System) oriented communication oriented - Input/Output (Network Basic (Network Basic Session service for connection for service Session communication connectionless for service distribution Datagram service sharing printer and File Authentication API related to the session layer allowing applications to to applications allowing layer session the to API related network area local a over communicate resolution and registration name for Service Name • • • • • • SMB NetBIOS q q Service and ofNetBIOS SMB

Computer Center, CS, NCTU 3 Network - Net network - when accessingwhen just does as in BIOS local filesystem Input/Output network scheme filesystem networking protocols networking and network based - Sytek (NBF) routing protocol routing (NBF) forsoftware communication over IBM’s PC filesystem API Network Basic NetBIOS User Extended Interface – NetBIOS Frames – Microsoft created implementation a NetBIOS for its MS developed as an – – using the By NBF protocol NetBIOS relied on proprietary NetBIOS proprietary on relied NetBEUI Ø Ø Ø Ø In 1987 NBT 1985 topology Difference between local toUsed share or access network filesystem 1983 LAN In 1985, IBM went forward with the • • • • • • • NetBIOS TCP/IP over NetBIOS (API) q q NetBIOS System

Computer Center, CS, NCTU 4 Peer to peer (Workgroup model) (Workgroup peer to Peer q NetBIOS NamingNetBIOS Service

Computer Center, CS, NCTU 5 WINS q NetBIOS NamingNetBIOS Service

Computer Center, CS, NCTU 6 SMB SMB named 3.0 (Previously 2.2) – filesystem SMB 2.1 – Microsoft merged the SMB protocol with LAN Manager SMB Manager the with LAN protocol merged Microsoft to SMB for in Windows protocol features add and merged Microsoft SMB CIFS as renames Microsoft SMB2 vista introduced with Windows Microsoft Server Message Block – – – – Performance enhancement with a new opportunistic locking new opportunistic a with enhancement Performance interfaces network physical use of multiple the Enables Support for symbolic link, hard link, larger file sizes, … sizes, file larger link, hard link, forSupport symbolic 445 port TCP over connections direct supporting at attempt Initial Run on top of on top Run used version common most the to modifications considerable has made Microsoft – Ø Ø Ø Ø Ø Ø Windows 7 Windows 2012 Server 8/Windows Windows 1990 1992 Workgroup 1996 2006 Original designed by IBM with the aim of turning DOS interrupt local file access access file local turning DOS interrupt by IBM aim of with the designed Original into network a • • • • • • • SMB q SMB

Computer Center, CS, NCTU 7 IPX/SPX Interface - (MAC) Karte - SMB TCP/IP Treiber - NetBIOS Applikation Netzwerk Karten NDIS (2,3,3.1,4,5) NDIS NetBEUI i '^s.*m.*b'i /usr/share/dict/words - Napster, Simba Andrew Tridgwell developed the first version of Samba Samba of version first the developed Andrew Tridgwell – – Windows communication Samba grep Using aUsing packet sniffer DEC Pathworks on server software - Ø Ø Ø Can not use the Original Name: Server Message Block (SMB) Block Message Server Name: Original the use Cannot 1991 SMB protocol speak that A UNIX application • • • Why samba ? samba Why SAMBA q q UNIX

Computer Center, CS, NCTU 8 name just like Microsoft does Microsoft like just name NetBIOS Sharing files or printers just like Microsoft does Microsoft like just printers or files Sharing does Microsoft like just identity user Authenticate Resolve • • • Sharing q What SAMBA canWhat do? SAMBA

Computer Center, CS, NCTU 9 BD net/samba46 - /ports/net/samba46 install samba46 install usr Samba 4.6.8 pkg portmaster Ø % % cd / cd % % • • • Using package Using ports q q InstallSAMBA

Computer Center, CS, NCTU 10 smb.conf / etc ) /local/ ) usr / à ) ) ) smbpasswd winbindd / pdbedit nmbd smbd / / sbin sbin sbin /local/bin/ /local/ smb.conf usr smb.conf.sample lmhosts /local/bin/ / / (/ usr /local/ 644 /local/ usr (/ etc etc (/ usr usr (/ (/ WINS services Manage the Samba user database Management of sharing directories, files and printers Resolve NetBIOS name and manage workgroup chmod /local/ /local/ Ø Ø Ø Ø Ø usr usr winbindd pdbedit smbpasswd smbd nmbd / / • • • • • • • Major execution files execution Major Configuration files Configuration q q SAMBA components SAMBA

Computer Center, CS, NCTU 11 chiahung u - w - pdbedit sudo - chiahung - ] db / var [/ 4C39EB51: - derek chiahung:1000: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX: 3CDEC7966A2F9837F9F628DC13CC02AE: [U ]: LCT 1000 513 - - tdb 4261865294 4261865294 - - /samba4 db / var 129722405 129722405 - - profile \ v - L - 3763889141 3763889141 - - chiahung chiahung \ \ 21 21 - - Hung Tsai 5 5 - - - pdbedit 1 1 derek derek - - \ \ \ \ chiahung sudo Default database path: / path: Default database smbpasswd - . Ø Now samba stores accounts and passwords in v.s : • chiahung - samba4 password file password samba4 tdb desc Drive: dial: [~] q q SAMBA password SAMBA https://www.samba.org/samba/docs/man/manpages/smbpasswd.5.html Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF ------Password must change: never Last bad password : 0 Bad password count : 0 Logoff time: never Kickoff time: never Jul 2010 00:03:29 CST Password last set: Mon, 12 Jul 2010 00:03:29 CST Password can change: Mon, 12 Workstations: Munged Logon time: 0 Profile Path: Domain: DEREK Account Home Directory: HomeDir Logon Script: Account Flags: [U ] Account Flags: User SID: S Primary Group SID: S Full Name: Chia ------Unix username: NT username: derek

Computer Center, CS, NCTU 12 file can not login (to disable) (to login not can file smbpasswd c “[DX]” test c - r v - c username c - - command L r a username a x username - - - - command List user List pdbedit Let some disable account resume (to enable) (to resume account disable some Let Add new user user delete Add new user in account some Let Ø Ø Ø Ø Ø Ø Ø e a d pdbedit pdbedit - pdbedit pdbedit - - • • • • • • • pdbedit smbpasswd q q SAMBA password SAMBA

Computer Center, CS, NCTU 13 - ] ] ] dir ] - para4 = value4 … para1 = value1 … para2 = value2 … para3 = value3 … global printers homes # comments# [ [ [ [share service - Global setting Printer Sharing Setting Home Sharing Setting – – – Global section special is Meta Each section the in smb.conf file represents either a share or a meta service Ø Ø Ø Sections • smb.conf q SAMBA configurationSAMBA file

Computer Center, CS, NCTU 14 ” – dos charset “ , ” charset sabsd unix “ chwong , ” CP850 CP850 name = charset = netbios name unix charsetdos = display charset Apply to all services,Apply to regardless service individual or setting; hostsEx: 140.113.235. 140.113. allow = Ex: server string = Samba Server of SA Course SA of server Samba Server = string Ex: NetBIOS name this host of Ex: “ Ex: Group nameGroup join to = workgroup Ex: Description this host of Ø Ø Ø Ø Ø Ø Ø Global Setting (1) Ø Ø Ø hosts allow netbios Charset Settings workgroup server string • • • • • Global Configuration q SAMBA configurationSAMBA file

Computer Center, CS, NCTU 15 – passwd log.%m /log/samba/ var Add thisAdd account into your /etc/ – Ex: log file = / file log Ex: = 500 max sizeEx: log = If guest can samba use this service, any guest request map this to will guest account ftp guestEx: account = Otherwise, the user used is nobody path of file log Full If this is yes,If no password is required this is no guest = Ex: ok Ø Ø Ø Ø Ø Ø Global Setting (2) Ø Ø max log size (KB) size log max log file log guest ok (or public = yes) = public ok (or guest account guest • • • • SAMBA configurationSAMBA file

Computer Center, CS, NCTU 16 – tdbsam backend = passdb It is highly recommended not touse this feature security user = – – – ads: check and id password by AD server server: check andid password by another server Ex: share: no need of and id password login to anduser: id with password default login option, checkdomain: and id password domain controller by Ø Ø Ø Global Setting (3) Ø Ø Ø security = [share/user/server/domain] = security • SAMBA configurationSAMBA file

Computer Center, CS, NCTU 17 tdb log.%m – pcguest /log/samba/ * : backend = var allow guests = Yes = guests allow config charset = CP850 workgroup = MYGROUP / = log file max log size = 50 usershare = account guest = USER security idmap cups options = raw server string = Samba Server Version %v unix Global Setting (4) [global] Example of global setting of global Example q SAMBA configurationSAMBA file

Computer Center, CS, NCTU 18 Login name Login DateCurrent time Client IP Samba server NetBIOS name Samba server Hostname User home directory Client NetBIOS name Client Hostname Ø Ø Ø Ø Ø Ø Ø Ø %T %L %h %H %U %m %M %I • • • • • • • • Default parameters samba in q Samba parameters

Computer Center, CS, NCTU 19 – (write list) Default permission file when is created Default permission directory when iscreated Display sharing name or not Only users on this can write content if read only Description of this directory Sharing directory path Ø Ø Ø Ø Home Sharing Setting (1) Ø Ø create mode create / mask directory mode directory / mask yes) guest ok (or public = browseable read , writeable only $usernameadmin users = %S valid users = comment path • • • • • • • • • Home sharing setting sharing Home q SAMBA configurationSAMBA file

Computer Center, CS, NCTU 20 – = Book Picture = /home/image = no = yes = yes = 0664 = 0775 Sharing Setting (2) writable create mode mode directory comment path read only public Example of image sharing sharing of image Example [Image] q SAMBA configurationSAMBA file

Computer Center, CS, NCTU 21 /null dev = yes bsd name = / name spoolss Additional tuning tuning Additional read size read prediction read … max protocol = SMB2 protocol max = TCP_NODELAY options socket = TCP_NODELAY options socket SO_RCVBUF=8192 SO_SNDBUF=8192 load printers = no printers load = printing printcap disable • • • • • • • • • • Performance tuning Disable printer Disable q q SAMBA file configuration

Computer Center, CS, NCTU 22 } start|stop ="YES" ="YES" ="YES" /samba { /samba ="YES" rc.d / etc smbd_enable nmbd_enable – – rc.conf winbindd_enable samba_enable /local/ / Ø Ø usr etc / / • • Script q Starting SAMBA

Computer Center, CS, NCTU 23 UG/Films/[USA UG/Animation hscc hscc Name Time Name SharePath Oplock Connected at Mon Oct 18 17:12:02 2010 Mon Oct 18 17:12:02 2010 Mon Oct 18 17:58:46 2010 pc (140.113.240.135) - d30aedc531 (140.113.240.124) - bdeca39d90d4 (140.113.240.133) hscc simba Machine Access R/W Access R/W pc - d30aedc531 - hscc simba hscc hscc machine bdeca39d90d4 hscc Group Group smbstatus DenyMode - Report on current Samba connections connections Samba current on Report pid 47944 47945 48533 q smbstatus Uid chiahung zn hscc -

[~] [~]

47946 509 DENY_NONE 0x100001 RDONLY NONE /home/ NONE 0x100001 RDONLY 47946 509 DENY_NONE 47947 509 DENY_NONE 0x100001 RDONLY NONE /home/ NONE RDONLY 0x100001 47947 509 DENY_NONE ------Pid Locked files: Pegasus hscc zn ------Service 47944 48533 Pegasus 47945 ------PID UsernamePID Samba version 3.0.37 hscc Computer Center, CS, NCTU 24 user_ID U - host_IP L - Login with username with Login List sharableList resource Ø Ø U [username] L [hostname] - smbclient - • • • A client program that can talk to an SMB an server to talk can that program A client Usage: q q Tool: smbclient (1)

Computer Center, CS, NCTU 25 chiahung Service (HSCC SAMBA) U - Comment ------IPC Home Directories hscc L - SAMBA LABPC - (2) Type Type ---- IPC Disk Comment ------HSCC Master ------EC219 HSCC JJSU 2AMW1GP6PMLTL77 smbclient - password: chiahung - chiahung's EC219 EC219 HSCCLAB LAB635 LAB636 chiahung Server ------HSCC ------Sharename ------IPC$ Workgroup Workgroup smbclient Domain=[HSCCLAB] OS=[Unix] Server=[Samba 3.0.37] Server=[Samba OS=[Unix] Domain=[HSCCLAB] hsccws5[~] Enter 3.0.37] Server=[Samba OS=[Unix] Domain=[HSCCLAB] Tool:

Computer Center, CS, NCTU 26 server ftp directory ftp test directory sata Service IPC Video Video Image IPC$ IPC$ \ \ \ SATA SATA SATA \ \ \ \ \ \ smbtree :~ $ MANGOCOLD SATA \ \ \ \ server) sata WORKGORUP SANA ( mango@mango b - Only print a all the domains list of Only print and servers responding on broadcast known by the or Only print a all the domains list of Only print known on broadcast by the masteror browser Query nodes network by sending requests as broadcasts instead the local querying master of smbtree D S b - - master browser. - browser. • • • smbtree smbtree A smb browser program in text mode text A browser in smb program Usage: q q q Tool:

Computer Center, CS, NCTU 27 mount_point ’ dir N ‘//NetBIOS name/ - I or name) IP host - ( can be either a name valid DNS or an address. IP Do ask not for a password. Do use not NetBIOSname resolver and connect which directly host, to mount_smbfs Ø Ø N I - - • • Mount_smbfs Mount a from an SMB file server SMB an file from resource shared a Mount Usage: q q q Tool:

Computer Center, CS, NCTU 28 /smb4.conf etc /local/ usr /smb4.conf configuration file for internal correctness for internal file configuration etc files from / from files /local/ config usr / smb.conf smb testparm Press enter to see a dump of your service definitions service your of dump a see to enter Press Load "[homes]” section Processing "[printers]” section Processing "[public]” section Processing OK. file Loaded services ROLE_STANDALONE role: Server testparm • • check an an check Usage q q Tool:

Computer Center, CS, NCTU 29 swat stream tcp nowait/400 root /usr/local/sbin/swat tcp nowait/400swat root stream swat Unmark • Browse http://sabsd.cs.nctu.edu.tw:901/ Edit /etc/inetd.conf Edit inetd Restart q q q SWAT (1) SWAT

Computer Center, CS, NCTU 30 Root access Root q SWAT (2) SWAT

Computer Center, CS, NCTU 31