CH 23 SAMBA REVIEW Flashcards
INTRO TO SAMBA
- Samba - powerful suite of applications for UNIX/Linux systems to communicate with non-UNIX-based systems.
- Samba transparently provides fie and print sharing services to Windows clients.
a. Does this through use of native Microsoft networking protocols such as SMB (server message block) and CIFS. - Other protocols such as NFS are not required for a Samba implementation.
AUTHENTICATION
- One of the key issues with Samba is authentication.
- The way UNIX/Linux stores and uses authentication info (username/passwords) is radically different from Windows.
- This makes it important for systems admins to maintain consistency in the logins and passwords across platforms.
- The goal is to make cross-platform access seamless to the user.
AUTHENTICATION - PAM
PAM - Pluggable Authentication Modules
a. Integrates low-level authentication schemes into a high-level application programming interface (API). b. Can authenticate to X500-compatible services such as LDAP, Microsoft Active Directory, Novell eDirectory. c. Users will still need to be created on the Linux server as well as the authentication source, but passwords are maintained centerally
AUTHENTICATION - as a DOMAIN CONTROLLER
- A Linux server can be implemented as a domain controller.
a. Samba can be configured to be either a standalone domain controller or as a member of domain controller of a larger domain or forest.
b. Samba can serve as a PDC on old-style NT4 domains, or as PDC emulator in Active Directory implementations and work with the latest domain functional levels. - Samba can allow servers to be joined as a regular member server as well without domain-level functions.
SAMBA DAEMONS
There are several daemons that are used in the Samba subsystemsm but there are three key daemons:
- smbd
- nmbd
- Winbindd
SAMBA DAEMON - smbd
Samba daemon (smbd) -
- handles the sharing of file systems and printer services for clients.
- handles user authentication and resource-locking.
- binds to ports 139 and 445 and listens for requests.
- Every time a client authenticates, smbd spawns a copy of itself to handle the connectivity and the original goes back to listening.
a. The copy handles the connections for the client, as well as changes the user context from root to the authenticated user.
b. The copy stays in memory as long as the connection from the client is open.
SAMBA DAEMON - nmbd
NetBIOS Message Block daemon (nmbd) -
- Service that is responsible for handling NetBIOS (Network Basic Input/Output System) is a Microsoft protocol for communication between hosts, primarily for name resolution.
- nmbd can be used as a WINS replacement as it provides requests from master browsers, domain browsers and WINS server.
- Provides services related to the sessions layer of the OSI model.
- Binds to port 137.
- Does not spawn a new copy with each request.
- smbd and nmbd complement each other to provide full service to Windows clients.
SAMBA DAEMON - Winbindd
Windows Binding daemon (winbindd) -
- Used to query native Windows servers for user and group information.
- Daemon translates Windows user/group information into a format that Linux can understand (POSIX-compliance0
- Uses RPC and PAM.
INSTALLING SAMBA
Samba can be installed using the standard package tools.
$yum install samba samba-client
$apt-get install samba
Daemons are started using the standard commands:
$systemctl enable smb.service
$systemctl start smb.service
CONFIGURING SAMBA
You can configure by editing the config file or using the GUI tool SWAT.
1. Samba’s configuration file is called smb.conf
2. Samba Web Admin Tool, SWAT - allows system admins to configure Samba via a web browser.
a. SWAT is installed using the standard package tool.
$yum install samba-swat
b. The first time SWAT is run, the smb.conf file is replaced with a version optimized for SWAT’s use.
c. The only configuration that are saved by SWAT are differences from default settings.
CONFIGURING SAMBA using SWAT
The SWAT main screen allows an admin to access all of the configuration settings needed to effectively implement Samba.
Here are the menu items:
1. Globals - lists all settings that affects all aspects of Samba’s operation.
a. This includes items like security, logging, WINS, printing.
2. Shares - creates a file share for use by other clients accessing the Samba server.
a. Configurations such as security can be set here.
3. Printers - allows admins to configure how installed printers are shared (if at all)
a. All printers set up via CUPS or LPR are automatically shared when Samba is first setup.
b. Printers cannot be added here, but once added to CUPS or LPR they can be shared.
4. Status - shows the current status of the smbd and nmbd daemons, including which clients are currently connected.
a. page automatically refreshes
b. can also shut off Samba and reload it - required after most configuration changes.
5. View - allows you to view the smb.conf that is being generated by SWAT.
ACCESSING SAMBA SHARE
- A Samba share is accessible via a standard Universal Naming Convention (UNC) path
a. \fedora-instructor\share1 - Via Windows, the share can be directly accessed or even mapped to a drive letter.
a. In Windows, My Computer > Map network drive > choose Drive letter and folder \IP address of server. Finish - Linux can read Samba shares too (or standard Windows shares if enable)
a. mount -t cifs -o guest //fedora-instructor/share1 /mnt/fedora
Note: The UNC path is reflected using forward slashes in Linux.
CREATING SAMBA USERS
Assuming local authentication is in use (ie not setup as a domain member/controller) users are created using the smbpasswd command.
Example: $smbpasswd -a yyang New SMB password: yyangpassword Retype new SMB password: yyangpassword Added user yyang
