SAMBA

1
SAMBA in the SOHO/SMB Environment
Arun Khan arunk_at_surjait.com
424 E. State Parkway Schaumburg, IL
60173 847-490-0404 www.surjait.com
2
(No Transcript)
3
(No Transcript)
4
Surja IT AcademyA Few Words About Us

• Provide IT training on Open Source Technology -
  hands on workshops conducted by certified
  trainers.
• Provide consulting on Open Source Technology.
• Illinois Workforce Development - an approved
  vendor.
• Co-chair the CCS Linux SIG and host the Linux SIG
  meetings, held 2nd Thursday of every month.
• Located in the metropolitan Chicago area. For
  more information, please visit us at our web site
  www.surjait.com or call us at 847-490-0404, or
  email us at info_at_surjait.com.

5
What is SAMBA?

• Provides interoperability of resources between
  Linux/Unix hosts and hosts running MS Windows OS.

6
How did SAMBA get started?

• In early 1992, Andrew Tridgell wanted to mount a
  disk share from his Unix host on to a DOS PC.
• Reverse engineered the SMB/NetBIOS protocol using
  packet sniffer.
• Thus was born the SAMBA package as we know it
  today!
• Andrew has a big team, with members across the
  globe contributing to the SAMBA project.

7
The TCP/IP Properties

• NetBIOS Name service netbios-ns
  137/tcp, 137/udp
• NetBIOS Datagram service netbios-dgm
  138/tcp, 138/udp
• NetBIOS Session service netbios-ssn
  139/tcp, 139/udp
• NetBIOS tunneled over TCP/IP protocol makes it
  routable!

8
SMB on the Network Stack
9
Functionality Provided

• File and Print services
• Authentication and Authorization
• Name resolution
• Service announcement (browsing).

10
Components

• File and Print services provided by smbd daemon.
• Name Resolution and Browsing provided by nmbd
  daemon.
• Name Resolution - broadcast and point-to-point.
• WINS server NBNS (NetBIOS Name Service).
• Computers in a LAN hold an election to decide the
  Local Master Browser (LMB).
• The LMB's job is to keep a list of available
  services that you see in the Network Neighborhood

11
Security Levels

• Share Level - single password is given to
  everyone who is allowed to use the share.
• User Level - each user has their own username and
  password and the System Administrator can grant
  or deny access on an individual basis.

12
Configuration Global
global workgroup SOHO-SMB server string
Samba Server hosts allow 192.168. 127.
hosts deny 192.168.127.10 printcap name
/etc/printcap load printers yes printing
bsd log file /var/log/samba/m.log max
log size 0 security user socket options
TCP_NODELAY SO_RCVBUF8192 SO_SNDBUF8192
encrypt passwords yes smb passwd file
/etc/samba/smbpasswd
13
Configuration HOMES
homes comment Home Directories
browseable no writable yes
14
Configuration Printers
printers comment Printers path
/var/spool/samba browseable no writeable
no guest ok no printable yes
15
NT Domain Setup
Parameters to be set domain master
yes preferred master yes domain logons
yes logon script U.bat - per user logon
script Configure encrypted passwords encrypt
passwords yes smb passwd file
/etc/samba/smbpasswd Use smbpasswd -a ltuseridgt
to create encrypted passwords for Samba
16
Tools/Utilities

• /usr/bin/wbinfo
• /usr/sbin/winbindd
• /usr/bin/smbmount
• /usr/bin/smbprint
• /usr/bin/smbspool
• /usr/bin/smbtar
• /usr/bin/smbumount
• /usr/bin/make_printerdef
• /usr/bin/make_smbcodepage
• /usr/bin/smbpasswd

• /sbin/mount.smb
• /sbin/mount.smbfs
• /usr/bin/findsmb
• /usr/bin/nmblookup
• /usr/bin/rpcclient
• /usr/bin/smbcacls
• /usr/bin/smbclient
• /usr/bin/smbmnt
• /usr/bin/testparm
• /usr/bin/testprns

17
Examples
smbclient a ftp like client to connect to a
Samba server smbclient //milkyway/homes -U
jdoe added interface ip192.168.1.99
bcast192.168.1.255 nmask255.255.255.0 Password
DomainSOHO-SMB OSUnix ServerSamba
2.2.4 smb \gt help smbmount/mount mount a
Samba share mount -t smbfs -o usernamejdoe
//milkyway/homes /mnt/samba/ Password
18
Resources

• www.samba.org
• Source Code
• Mailing lists
• Docs and Presentations
• The Linux Documentation Project HOWTOs
• USENET linux.samba, linux.samba.announce,
  mailing-list.samba, comp.protocols.smb