1 / 66

INFO 321 Server Technologies II

INFO 321 Server Technologies II. 1. What is Samba?. Samba is essentially a TCP/IP file and print server for Microsoft Windows clients It can support any SMB/CIFS-enabled client SMB/CIFS? SMB is Server (or Session) Message Block Common Internet File System (CIFS) is Windows File Sharing.

stan
Download Presentation

INFO 321 Server Technologies II

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. INFO 321Server Technologies II 1

  2. What is Samba? Samba is essentially a TCP/IP file and print server for Microsoft Windows clients It can support any SMB/CIFS-enabled client SMB/CIFS? SMB is Server (or Session) Message Block Common Internet File System (CIFS) is Windows File Sharing

  3. SMB SMB was originally developed to run over NetBIOS (Network Basic Input Output System) LANs in the mid-1980’s SMB was originally for MS-DOS and PC-DOS SMB is the file sharing protocol inside CIFS The inventor of SMB was Dr. Barry Feigenbaum of IBM, who initially called it BAF Notice the name Samba contains SaMBa

  4. SMB As of Windows 2000, the connection to NetBIOS was removed, thankfully There exists NBT (NetBIOS over TCP/IP) SMB over TCP/IP without NBT is "naked" When running naked, SMB defaults to using TCP port 445 instead of the NBT Session Service port (TCP/139) SMB should work over any transport protocol

  5. CIFS CIFS is a network file system plus a set of auxiliary services supported by a bunch of underlying protocols Most of which are not particularly well documented by Microsoft; you may faint now CIFS is "Microsoft's way of doing network file sharing“ since about 1996 There is no RFC number for SMB or CIFS Microsoft's implementations are the de facto CIFS standards

  6. So what? “One of Samba’s big strengths is that you can use it to blend your mix of Windows and Linux machines together without requiring a separate Windows server. Samba includes support for Active Directory, Unicode, new authentication and filename mangling systems, printing support, trust relationships, LDAP integration and loadable RPC modules.” From The Unofficial Samba HOWTO

  7. If that’s not enough “Samba is software that can be run on a platform other than Microsoft Windows, for example, UNIX, Linux, IBM System 390, OpenVMS, and other operating systems. Samba uses the TCP/IP protocol that is installed on the host server. When correctly configured, it allows that host to interact with a Microsoft Windows client or server as if it is a Windows file and print server.” From What is Samba?

  8. Samba Today Samba is on version 3.5.6 (as of January 19, 2011), and is available for the following platforms UNIX - AIX (IBM UNIX), HP-UX (HP UNIX), Solaris (Sun UNIX) Linux - Debian, Fedora, RedHat, SuSE MVS (IBM mainframes) Novell (NetWare) VMS (was DEC, now HP OpenVMS) From http://us1.samba.org/samba/ftp/Binary_Packages/

  9. SMB addressing - UNC A Universal Naming Convention (UNC) path might look something like this: \\ubiqx\cifs\SMB.html ...and would parse out like this: ubiqx = The name of the server cifs = The directory path SMB.html = The file name No! Much of this section adapted from Implementing CIFS

  10. SMB addressing - UNC UNC doesn't provide a protocol specification That's not because it always assumes SMB The UNC format can support all sorts of filesharing protocols, but it is up to the underlying OS or application to figure out which one to use Protocol and transport discovery are handled by trial-and-error, with each possibility tested until something works You might imagine a system with AppleTalk, NetWare, and SMB all enabled has a lot of work to do

  11. UNC The UNC format is handled natively by Microsoft & IBM's family of operating systems: DOS, OS/2, & Windows Samba's smbclient utility can also parse UNC names, but it does so at the application level rather than within the OS and it only ever tries to deal with SMB Even so, smbclient must handle both NBT and naked transport, which can be tricky

  12. UNC SMB is the server identifier field because it will accept addresses in addition to names Recognized server names are: NetBIOS names DNS hostnames IP addresses Going from an IP address to a NetBIOS name involves guesswork

  13. Share names The directory path looks just like a directory path, but there is one small thing that makes it different; that thing is called the "share name“ A given directory can have one or many share names The idea is similar to symbolic links (symlinks) in Unix, or shortcuts in Windows The share is a named pointer--with its own set of attributes--to the object being made available

  14. File name File names are straightforward, right? No. Windows is case insensitive But UNIX and Linux are case sensitive Other problem areas include filename lengths valid characters file access permissions the end-of-line delimiter in text files

  15. SMB URL Fortunately, there such a thing as an SMB URL It fits into the general URI syntax and can be used to specify files, directories, and other SMB-shared stuff It is intended as a more portable, and more complete way to specify SMB paths at the application level

  16. Reach out … and touch an SMB server To do this we need two steps to identify who we’re talking to, and how Server identifier interpretation Transport discovery

  17. Server identifier interpretation Try a URL like this smb://server/ Assuming the server’s name is ‘server’ To resolve the name server, try It could be an IPv4 address That’s easy; and IPv6 addresses should be in brackets, smb://[fe80::240:f4ff:fe1f:8243]/

  18. Server identifier interpretation It could be a NetBIOS Name Look for un-escaped dots in the NetBIOS name smb://my%2Enode.scope/ has a NetBIOS Name of ‘my.node’ and Scope ID of ‘scope’ Use a NBT Name Query to get the server’s IP address It could be a DNS name Try DNS to get the IP address

  19. Port number please? Now we need to divine the port number Port 139 is for NBT Port 445 is for raw TCP Which one applies? And if other security protocols are being used, higher port numbers could apply So this is another mess to figure out, if you weren’t given it

  20. Transport discovery Try running naked Open a TCP connection to port 445 on the server, but do not send an NBT SESSION REQUEST--just start sending SMB messages and see if that works Try NBT transport Try reverse-mapping a NetBIOS Name

  21. Can we do something? All that was just to establish a connection to an SMB server Now we can look at SMB commands They may contain a header, parameters, and data Image from http://www.ubiqx.org/cifs/figures/smb-03.html

  22. SMB Header The SMB header typically has eight 4-Byte lines SMB_HEADER { PROTOCOL = "\xffSMB" (4B) COMMAND = <SMB Command code (1 B)> The CIFS Technical Reference lists these STATUS = <Status code> (4B) FLAGS = <Old flags> (1 B)

  23. SMB Header FLAGS2 = <New flags> (2 B) EXTRA = <Sometimes used for additional data> (12 B) The PidHigh subfield is used to accommodate systems that have 32-bit Process IDs The 8-byte Signature subfield is for SMB message signing, as in a digital signature When not in use, these fields must be filled with zeros

  24. SMB Header TID = <Tree ID> (2B) The SMB used to open a share is called a "Tree Connect“; the TID field is used to identify connections to shares once they have been established PID = <Process ID> (2B) The "Process ID" is set by the client, and is intended as an identifier for the process sending the SMB request The most important thing to note regarding the PID is that file locking and access modes are maintained relative to the value in this field

  25. SMB Header UID = <User ID> (2B) The "User ID" is also known as a VUID (Virtual User ID) It is assigned by the server after the user logs in, and is valid until the user logs off It does not need to be the user's actual User ID on the server system

  26. SMB Header MID = <Multiplex ID> (2B) } The "Multiplex ID“ is used by the client to keep track of multiple outstanding requests The server must echo back the MID and the PID provided in the client request The client can use those values to make sure that the reply is matched up to the correct request

  27. SMB Message Parameters SMB_PARAMETERS { WordCount = <Number of words in the Words array> (1 B) Words[WordCount] = <SMB parameters; varies with SMB command> (2*WordCount B) } The SMB_PARAMETERS.Words block is limited in length to 510 bytes

  28. SMB Message Parameters Each SMB message type (species?) has a different record structure that is carried in the Words block Think of that structure as representing the parameters passed to a function (the function identified by the SMB command code listed in the header)

  29. SMB Message Data SMB_DATA { ByteCount = <Number of bytes in the Bytes field> (2 B) Bytes[ByteCount] = <Contents varies with SMB command> (ByteCount B) } SMB_DATA.Bytes may be as much as 65,535 bytes in length

  30. Parameters vs Data blocks So if the Parameters block and the Data block look alike, it’s not just you “…any functional distinction that may have separated the Parameter and Data blocks has been blurred” - Implementing CIFS

  31. AndX messages SMB can form a linked list of related messages using a format called AndX messages The AndX message has two fields in a 4-Byte line AndXCommand (1 B) (reserved) (1 B) AndXOffset (2 B)

  32. AndX messages The AndXCommand field provides the SMB command code for the next AndX block in the list (not the current one) The AndXOffset value in each AndX parameter block gives the offset (relative to the start of the SMB) of the next AndX block; AndXOffset of the last AndX block has a value of zero (0) Figure from http://www.ubiqx.org/cifs/figures/smb-05.html

  33. AndX messages The AndXOffset contains the byte index, relative to the start of the SMB header, of that next AndX block--think of it as a pointer Since the AndXOffset value is independent of the SMB_PARAMETERS.WordCount and SMB_DATA.ByteCount values, it is possible to provide padding between the AndX blocks

  34. Start the conversation After establishing the transport protocol, the SMB client and server can exchange messages The first one is always NEGOTIATE PROTOCOL REQUEST/RESPONSE, which does just that It’s followed by SESSION SETUP REQUEST Didn’t we already do that?

  35. Transport vs user sessions No, we established the transport layer session; now it’s time to establish a user logon session In the second message in the handout, we have AccountName = "GUEST“ This is to log on as the GUEST user

  36. Find a tree Once a user logon is done, often the next command is to find the shared directory tree TREE CONNECT does this Recall the tree concept identifies shared folders

  37. SMB Connection After transport disconnect, all resources are released, not too surprisingly Figure from http://www.ubiqx.org/cifs/figures/smb-06.html

  38. Ok, enough SMB! Aren’t you glad someone wrote Samba to do all this stuff for you? Who, you ask? Aussie Andrew Tridgell reverse engineered SMB and started Samba in 1992 Samba exists only on the non-Windows side; a Windows system only needs to be configured for ‘Microsoft networking’ Much of this section is from (Nemeth, 2007) and the Samba3-HOWTO

  39. Samba = Unix CIFS server Samba can provide these services File sharing Network printing Authentication and authorization Name resolution Service announcement Browse file servers or printers

  40. Samba services Samba can also Do basic Windows primary domain controller functions With LDAP, serve as a backup domain controller Support some other Windows functions such as domain logins, roaming user profiles, and CIFS print spooling

  41. Samba processes Samba is implemented in Linux mostly via two processes (daemons, to be precise): The daemon smbd provides file sharing, network printing, authentication and authorization The daemon nmbd provides name resolution and service announcement Samba runs as a normal user process, binding to the CIFS sockets

  42. Installing Samba Most Linux distributions include Samba, but you can download the latest from samba.org, and install it root# rpm -Uvh samba-3.0.20-1.i386.rpm Create a mount point for shared files root# mkdir /plans root# chmod 755 /plans From Samba ByExample

  43. Installing Samba Then install the smb.conf file (which we’ll get to soon) Verify that the /etc/hosts file contains the following entry: 192.168.1.1 server Start samba root# chkconfigsmb on root# /etc/rc.d/init.d/smb restart

  44. Simple smb.conf file # Global Parameters [global] workgroup = MIDEARTH security = SHARE [Plans] path = /plans read only = Yes guest ok = Yes

  45. From the PC side Make sure the PC is in the workgroup (e.g. MIDEARTH) Make sure its IP address is in the same range as the Samba system (192.168.1.x), and they have the same netmask (255.255.255.0) Find the samba server in the Network Neighborhood

  46. Is Samba alive? Check samba status with root# smbclient -L localhost -U% The -U% option gives no user name and password And prove it can handle a login root# smbclient -L server -Uroot%password That should establish basic file sharing

  47. Samba configuration file Like most Unix-y apps, it has a ‘.conf’ file which governs how it runs /etc/smb.conf or /etc/samba/smb.conf or maybe /usr/local/samba/lib/smb.conf When Samba is running, it checks the conf file every few seconds, so changes will take effect quite quickly (no reboot needed)

  48. Config file sections Each section in the smb.conf file (“stanza”) represents either a share or a meta-service on the Samba server The [global] stanza contains settings that apply to the whole Samba server Samba supports a number of meta-services, each of which serves its own purpose From (Samba3-HOWTO)

  49. Config file meta-services The [homes] stanza is a meta-service that causes Samba to provide a personal home share for each user The [printers] stanza is a meta-service that establishes print queue support, and species the location of the intermediate spool directory into which print jobs are received from Windows clients prior to being dispatched to the UNIX/Linux print spooler

  50. Really minimal smb.conf file [global] workgroup = WKG netbios name = MYNAME [share1] path = /tmp [share2] path = /my shared folder comment = Some random files

More Related