SAMBA
Samba is the
standard open source Windows interoperability suite of programs for Linux. It
implements the server message block (SMB)
protocol. SMB allows Microsoft Windows®, Linux, UNIX, and other
operating systems to access files and printers shared from servers that support
this protocol. Samba's use of SMB allows it to appear as a Windows
server to Windows clients.
SAMBA PPACKAGE CHECKIN ON SYSTEM
In order to use Samba,
first ensure the samba package is installed on your system by
running, as root:
~]# yum install samba
INTRODUCTION TO SAMBA
Samba is an important
component to seamlessly integrate Linux Servers and Desktops into Active Directory
(AD) environments. It can function both as a domain controller (NT4-style) or
as a regular domain member (AD or NT4-style).
WHAT SAMBA CAN DO?
Serve directory trees
and printers to Linux, UNIX, and Windows clients Assist in network browsing
(with NetBIOS) Authenticate Windows domain logins Provide Windows Internet Name Service (WINS)
name server resolution Act as a Windows NT®-style Primary Domain Controller (PDC) Act as a Backup Domain Controller (BDC) for a Samba-based PDC Act as an
Active Directory domain member server Join a Windows NT/2000/2003/2008
PDC/Windows Server 2012
WHAT SAMBA CANNOT DO?
Act as a BDC for a
Windows PDC (and vice versa)
Act as an Active
Directory domain controller
SAMBA DAEMONS AND RELATED SERVICES
Samba is comprised of
three daemons (smbd, nmbd, and winbindd). Three services
( smb, nmb,
and winbind) control how the daemons are started, stopped, and other
service-related features. These services act as different init scripts. Each
daemon is listed in detail below, as well as which specific service has control
over it.
smbd
The smbd server
daemon provides file sharing and printing services to Windows clients. In
addition, it is responsible for user authentication, resource locking, and data
sharing through the SMB protocol. Thedefault ports on which the server
listens for SMB traffic are TCP ports 139 and 445.The
smbd daemon is controlled by the smb service.
nmbd
The nmbd server
daemon understands and replies to NetBIOS name service requests such as those produced
by SMB/CIFS in Windows-based systems. These systems include Windows 95/98/ME, Windows
NT, Windows 2000, Windows XP, and LanManager clients. It also participates in
the browsing protocols that make up the Windows Network Neighborhood view.
The default port that the server listens to for NMB traffic is UDP port
137.
The nmbd daemon
is controlled by the nmb service.
winbindd
The winbind service
resolves user and group information received from a server running Windows NT, 2000,
2003, Windows Server 2008, or Windows Server 2012. This makes Windows user and
group information understandable by UNIX platforms. This is achieved by using
Microsoft RPC calls, Pluggable
Authentication Modules (PAM), and the Name Service Switch (NSS). This allows Windows NT domain and
Active Directory users to appear and operate as UNIX users on a UNIX machine.
Though bundled with the Samba distribution, the winbind service is
controlled separately from the smb service.
The winbind daemon
is controlled by the winbind service and does not require the smb service
to be started in order to operate. winbind is also used when Samba is an
Active Directory member, and may also be used on a Samba domain controller (to
implement nested groups and interdomain trust). Because winbind is a
client-side service used to connect to Windows NT-based servers.
CONNECTING TO AN SMB SHARE
CONNECTING TO AN SMB SHARE USING THE NAUTILUS FILE
MANAGER
GNOME Nautilus file
manager to can be used for manually browse the network or to directly connect to
a server message block (SMB) share.
BROWSING THE SMB NETWORK NEIGHBORHOOD
To browse the network
and connect to an SMB share:
1. Select Places → Browse Network from
the GNOME panel.
2. Double-click Windows
Network to display the available domains and work groups.
3. Double-click the
domain or work group name to display the hosts within this domain or workgroup.
4. Double-click a host
entry to display the SMB shares.
If the server requires
authentication, Nautilus displays a dialog to enter the user name and password.
DIRECTLY CONNECTING TO AN SMB HOST OR SHARE
If the host name of the
SMB server is known and optionally the share name, you can enter it directly to
connect to the share:
1. Open a Nautilus window.
For example, select Places →
Browse Network from the GNOME panel.
2. Press the Ctrl+L
combination to enable the editable URL bar.
3. Enter smb://host_name into the URL bar
and press Enter to list all SMB shares on this host.
Alternatively, enter smb://host_name/share_name to
directly access a share.
CONNECTING TO AN SMB SHARE USING smbclient
The smbclient utility
enables to connect to an SMB share and perform operations, similar to an FTP
client.
1. For example, to
connect to Demo_Share share on the SMB-Server host and authenticate
using the administrator user name, enter:
# smbclient
//SMB-Server/Demo_Share -Uadministrator
2. After you
successfully logged in, enter help to display a list of available
commands:
smb:\> help
For example, to change
into the Example directory, enter:
smb:\> cd Example
3. To disconnect, enter:
smb:\> exit
MOUNTING THE SHARE
Sometimes it is useful
to mount a Samba share to a directory so that the files in the directory can be
treated as if they are part of the local file system. To mount a Samba share to
a directory, create a directory to mount it to (if it does not already exist),
and execute the
following command as root:
mount -t cifs //servername/sharename /mnt/point/ -o
username=username,password=password
This command mounts sharename from servername in the local directory /mnt/point/.
The mount.cifs utility
is a separate RPM (independent from Samba). In order to use
mount.cifs, first
ensure the cifs-utils package is installed on your system by running, as
root:
~]# yum install cifs-utils
cifs-utils package also
contains the cifs.upcall binary called by the kernel in order to perform
kerberized CIFS mounts.
CAUTIONS
Some CIFS servers require
plain text passwords for authentication. Support for
plain text password
authentication can be enabled using the following command as
root:
~]# echo 0x37 > /proc/fs/cifs/SecurityFlags
IMPORTANT TO NOTE:- This operation can expose
passwords by removing password
encryption.