SAMBA Server Message Block File & Print Server
Service Profile l l l Type: System-V managed service Packages: samba-common, samba-client Daemons: nmbd, smbd Script: smb Ports: 137/udp, 138/udp 139/tcp Configuration: /etc/samba/smb. conf
Sa. MBa l Client & Server for the Common Internet File System (CIFS) l l Microsoft's name for its SMB protocol implementation Contains components of the Lan. Manager and Net. BIOS protocols Samba may provide performance improvements over ‘native’ CIFS Hhtp: //www. samba. org
The goal of SAMBA l A single integrated work-group spanning Windows and Linux machines
The view from Windows l l Linux based resources look identical to Windows based resources. Using Universal Naming conventions (UNC): l \toltecspirit
![The view from Linux # smbstatus Processing section "[homes]“ Processing section "[printers]“ Processing section](https://present5.com/presentation/79b309371294af981b00bad2eed00f41/image-6.jpg "The view from Linux # smbstatus Processing section \"[homes]“ Processing section \"[printers]“ Processing section")
The view from Linux # smbstatus Processing section "[homes]“ Processing section "[printers]“ Processing section "[spirit]“ Samba version 2. 2. 6 Service uid gid pid machine spirit jay maya aztec maya jay jay jay 7735 7779 7735 (172. 16. 1. 6) Sun Aug 12 12: 17 (172. 16. 1. 2) Sun Aug 12 12: 49 (172. 16. 1. 6) Sun Aug 12 12: 56 2005
The view from Linux Locked files: Pid Deny. Mode R/W Oplock Name --------------------------------------------------7735 DENY_WRITE RDONLY NONE /u/Reg. Clean. exe Sun Aug 12 13: 01: 22 2005 Share mode memory usage (bytes): 1048368(99%) free + 136(0%) used + 72(0%) overhead = 1048576(100%) total
Samba Services l l l Authentication & Authorization of users File & Printer Sharing Name Resolution l l l Comprises part of WINS, allows mapping of Net. BIOS names to IP addresses WINS is independent of DNS Browsing (service announcements)
WINS l Windows Internet Naming Service (WINS) l l Handles naming in Net. BIOS l l Microsoft's implementation of Net. BIOS Name Server (NBNS) on Windows Workstations preload names at boot Distributed model No hierarchy Deprecated from Windows 2000 onwards l DNS and Active Directory preferred but may still be present in mixed environments.
Net. BIOS Names l l 16 Bytes in length 15 bytes for the selected name l l l All standard characters a-z, A-Z, 0 -9 and ! @ # $ % ^ & ( ) - ' { }. ~ are allowed. It is normal practice to use the same machine name for the DNS record and the Net. BIOS record. The 16 th byte indicates the unique service provided by the machine l E. g. Standard Workstation Service is 00
Querying Net. BIOS names C: >nbtstat -a toltec Net. BIOS Remote Machine Name Table Name Type Status ----------------------TOLTEC <00> UNIQUE Registered TOLTEC <03> UNIQUE Registered TOLTEC <20> UNIQUE Registered. . .
Workgroups l SMB groups are the same as Windows Workgroups. l There are predefined group resource types. Nbtstat output: Net. BIOS Remote Machine Name Table Name Type Status --------------------------------METRAN <00> GROUP Registered METRAN <1 E> GROUP Registered. . __MSBROWSE__. <01> GROUP Registered l
Smb. conf sections l l Similar layout to the windows. ini file split into different [ … ] sections [global]: generic server or global settings which apply to each share [homes]: used to grant some or all users access to their home directories [printers]: defines printer resources and services
![Sample global section # Simple global section [global] Log file = /var/log/samba. log Load](https://present5.com/presentation/79b309371294af981b00bad2eed00f41/image-14.jpg "Sample global section # Simple global section [global] Log file = /var/log/samba. log Load")
Sample global section # Simple global section [global] Log file = /var/log/samba. log Load printers=yes Max log size=50 Netbios name=RHL Server string=Samba Server Workgroup=Tardis
Configuring File and Directory Sharing l l Shares should have their own [ … ] section Options include l l l Public- can be accessed by guest account Browseable – share is visible in browse lists Writeable – resource is read and write enabled Printable – resource is a printer, not a disk Group: all connections to the share use the specified group as their primary group
![Example # share Ronan’s Home Dir [ronan-home] Comment= Ronan’s Home Directory Path = /home/rbradley](https://present5.com/presentation/79b309371294af981b00bad2eed00f41/image-16.jpg "Example # share Ronan’s Home Dir [ronan-home] Comment= Ronan’s Home Directory Path = /home/rbradley")
Example # share Ronan’s Home Dir [ronan-home] Comment= Ronan’s Home Directory Path = /home/rbradley Browseable=yes Writeable=yes Public = yes create. Mode=0664 Directory. Mode=0775 max. Connections=1 Printable = no
![Printing l l Printers defined in /etc/cups/printers. conf Global options as follows: l [printers]](https://present5.com/presentation/79b309371294af981b00bad2eed00f41/image-17.jpg "Printing l l Printers defined in /etc/cups/printers. conf Global options as follows: l [printers]")
Printing l l Printers defined in /etc/cups/printers. conf Global options as follows: l [printers] l l l path = /var/spool/samba browsable = yes public = yes guest ok = yes writeable = no printable = yes
![Printing l [Liberty. Lane] l l l l Comment = Staff Printer Laser. Jet](https://present5.com/presentation/79b309371294af981b00bad2eed00f41/image-18.jpg "Printing l [Liberty. Lane] l l l l Comment = Staff Printer Laser. Jet")
Printing l [Liberty. Lane] l l l l Comment = Staff Printer Laser. Jet 5 printer = prll valid users = rbradley smcneally path = /var/spool/prll public = no writeable = no printable = yes By default, samba assumes printing is via cups, this can be overridden with the printing= parameter in the [global] section
![Other examples l [lp] l l print command = lpr -s -P %p %s;](https://present5.com/presentation/79b309371294af981b00bad2eed00f41/image-19.jpg "Other examples l [lp] l l print command = lpr -s -P %p %s;")
Other examples l [lp] l l print command = lpr -s -P %p %s; rm %s printable = yes browseable = no [nec-raw] l l comment = Main Post. Script printer driver for Windows clients printer driver = NEC Silent. Writer 95 printable = yes browseable = yes
![Supporting WINS l Turn WINS support on add in [global]: l l wins support](https://present5.com/presentation/79b309371294af981b00bad2eed00f41/image-20.jpg "Supporting WINS l Turn WINS support on add in [global]: l l wins support")
Supporting WINS l Turn WINS support on add in [global]: l l wins support = yes Specify the name resolution order l name resolve order = wins lmhosts bcast l This step is unncessary as the default order is host lmhosts wins bcast
Name resolution options l l host means use the system resolver library to determine the IP address of a name lmhosts means to read name-IP mappings from the Net. BIOS lmhosts file /etc/samba/lmhosts l l wins tells the server to maintain a WINS database l l If this doesn’t exist, lmhosts lookup will be skipped Names will be added and updated as clients connect bcast uses the Net. BIOS broadcast mechanism to find the addresses of all hosts l Broadcast storms
Authentication l l There a number of mechanisms for implementing Authentication in Samba By setting the security= setting this can be controlled by administrators l l User: Validation is done on a per-user basis, requiring a local smbpasswd file and also smbusers file Server: Validation done by another server
Local file based Authentication l When local file based authentication is used, specify that passwords should be stored encrypted in smb. conf l l encrypted passwords = yes When server based authentication is used, specify the servers to be contacted for authentication information (used when security option is not user). l password server = host 1 host 2 host 3
Adding users and setting passwords with local authentication l To add a user l l l smbadduser ronan. bradley: rbradley UNIX Username: Windows Username, need not match Encrypted (by default) passwords stored in /etc/samba/smbpasswd Users added with smbadduser and smbpasswd Users defined in /etc/samba/passwd must exist in /etc/passwd
Passwords with local authentication l l Encrypted passwords stored in /etc/samba/smbpasswd Users added with smbadduser and smbpasswd Users defined in /etc/samba/passwd must exist in /etc/passwd To add a user l l l smbadduser rbradley: rbradley UNIX Username: Windows Username, need not match Use smbpasswd for subsequent password changes for all users
Winbind l l winbind maps between windows user and group IDs and unix user and group IDs COMP+rbradley or STUDENTsrooney 6 or COMPSTAFF or STUDENT: FT 211 -4
Linux Client access with Samba l Smbclient is the standard client utility, useful for testing and for scripts l Smbfs is an optional kernel component which allows Linux to mount an SMB share directly, in similar fashion to mounting an NFS share l Not available on UML
Smbclient syntax l l If you do not specify username%password, smbclient will use the upper case version of USER or LOGNAME variable and the PASSWORD variable (if set) If you use the –U option l l l smbclient –U rbradley%letmein Not a great idea, as the command issued is visible in the history and in the ps information Smbclient includes an ftp-like shell
Sample smbclient –L output smbclient -L toltec added interface ip=172. 16. 1. 1 bcast=172. 16. 1. 255 nmask=255. 0 Password: Domain=[METRAN] OS=[Unix] Server=[Samba 2. 2. 5] Sharename Type Comment -------------test Disk For testing only, please IPC$ IPC Service (Samba 2. 2. 5) HP Printer HP 932 C on Maya ADMIN$ Disk IPC Service (Samba 2. 2. 5) l Server ----MAYA MIXTEC TOLTEC ZAPOTEC Workgroup --------METRAN Comment ------Windows 98 Samba 2. 2. 5 Master ------TOLTEC
Samba Daemons l Nmbd: Net. BIOS name server l l l Resource browsing WINS server Smbd: SMB/CIFS server l l Authentication and authorization File and Printer Sharing
Samba Daemon l When an SMB client starts, it needs to know the IP address being used by a particular host l Client broadcasts this request on the network and receives a response from nmbd containing the Net. BIOS information
Configuration Testing l l testparm is used to test the correct configuration of your samba settings To check what access will be granted to a given host, you can also supply the IP address of a given host l l testparm 147. 252. 224. 78 Will return which resources are accessible to that host
Samba Client l smbclient can be used as a command-line file retrieval/transfer tool l l Also allows simple view of shared resources l l smbclient //machine/resource l cd directory l get file smbclient –L hostname user%password may be specified with the –U option or by setting and exporting USER and PASSWORD environment variables
Samba Client l l If you do not specify username%password, smbclient will use the upper case version of USER or LOGNAME variable and the PASSWORD variable (if set) If you use the –U option l l l smbclient –U rbradley%letmein Not a great idea, as the command issued is visible in the history and in the ps information Smbclient includes an ftp-like shell
Sample smbclient –L output smbclient -L toltec added interface ip=172. 16. 1. 1 bcast=172. 16. 1. 255 nmask=255. 0 Password: Domain=[METRAN] OS=[Unix] Server=[Samba 2. 2. 5] Sharename Type Comment -------------test Disk For testing only, please IPC$ IPC Service (Samba 2. 2. 5) HP Printer HP 932 C on Maya ADMIN$ Disk IPC Service (Samba 2. 2. 5) l Server ----MAYA MIXTEC TOLTEC ZAPOTEC Workgroup --------METRAN Comment ------Windows 98 Samba 2. 2. 5 Master ------TOLTEC
smbmount l SMB file system can be supported by the LINUX kernel l l Not available in UML Can use smbmount to mount a SMB-shared resource l smbmount service mountpoint –o options l smbmount //server/resource /mnt/smb –o username=smbuser l Must set CONFIG_SMB-FS set on for smbmount to work
Samba mounts in /etc/fstab l l Samba mounts can be performed automatically upon system boot by editing /etc/fstab Specify l l l the UNC path the local mount point smbfs as the file system and a username //server 1/resource /mnt/smb smbfs deaults, username=nobody 0 0
Samba Resources l http: //info. ccone. at/INFO/Samba/introduction. html
Скачать презентацию SAMBA Server Message Block File Print Server
79b309371294af981b00bad2eed00f41.ppt