This Blog is intended to collect information of my various Intrests,pen my opinion on the information gathered and not intended to educate any one of the information posted,but are most welcome to share there view on them
Friday, July 30, 2010
About SMB protocol.
SMB (short for Server Message Block) is a protocol, the level of presentation of the OSI model of TCP / IP, created in 1985 by IBM.It is sometimes also referred to as CIFS (acronym for Common Internet File System, http://samba.org/cifs/) after being renamed by Microsoft in 1998.Among other things, Microsoft said the protocol support for symbolic links and hard, as well as support for large files.By coincidence this happened at the same time that Sun Microsystems was the launch of WebNFS (an extended version of NFS,http://www.sun.com/software/webnfs/overview.xml).
SMB was originally designed to work through protoclo NetBIOS, which in turn works on NetBEUI (acronym for NetBIOS EXtended UbeInterface, which translates as Extended User Interface NetBIOS), IPX / SPX (an acronym for Internet Packet Exchange /SequencedPacket Exchange, which translates as interred Packet Exchange / Sequential Packet Exchange) or NBT, but also can work directly on TCP / IP.
SAMBA is a suite of software, originally created by Andrew Tridgell and currently maintained by The Samba Team under the GNU General Public License, and implemented in UNIX ® systems based on the protocol SMB.Serves as a complete replacement for Windows ® NT, Warp ®, NFS ® and Netware ® servers.
The procedures in this manual have been tested to be applicable to systems with Red Hat ™ Enterprise Linux 4 or equivalent or later, and at least Samba 3.0.10 or later.
You need to have installed the following packages, which certainly are included in the installation disks of your favorite distribution:
Several customers for the SMB protoclo.
Files needed for client and serve
yum-y install samba samba-client
Added user accounts.
It is important to synchronize accounts between the Samba server and Windows ® stations.That is, if on a machine with Windows ® user entered as "paco" with password "elpatito16"in the Samba server must also exist that have the same name and same password.Like most user accounts to be used for access to samba not require access to the system command interpreter, you do not assign password to the mandate passwd and should be defined / sbin / nologin or / bin / false command interpreter for the user account is involved.
No need to be assigned an access code on the system with the mandate passwd, since the account has no access to the command interpreter.
If you need that the accounts can be used for access to other services such would Telnet, SSH, etc, ie to allow access to the command interpreter, you must specify / bin / bash as interpreter and also mandates should be assigned a password on the system with the mandate passwd:
useradd-s / bin / bash -windows userpasswd user-windowssmbpasswd-a user-windows
Main parameters of the smb.conf file.
Edit the file / etc / samba / smb.conf with any text editor.Within this you will notice that the information will be useful is annotated with a symbol # and the examples ; (semicolon), being the last ones we will use as reference.
We begin by establishing the working group by editing the parameter workgroup assigning a desired working group:
workgroup = mygroup
Optionally you can set the parameter netbios name different name for the server if at all necessary, but always taking into account that the name must correspond with the set in the file / etc / samba / lmhosts:
netbios name = maquinalinux
The parameter server string is descriptive.You can use a brief comment with a description of the server.
server string = Samba Server% v on% L
Useful parameters for safety.
Security is important and it can be established first by setting the access control list that defines which machines or networks will have access to the server.The parameter hosts allow is used to determine this.If the network consists of machines IP address from 192.168.1.1 to 192.168.1.254, the IP address range that is defined in hosts allow 192.168.1. so that only allow access to the machines.Please note the period at the end of each range.Modify it so that it is as follows:
hosts allow = 192.168.1.127.
The parameter interfaces can set from which the system's network interfaces will hear petitions.Samba will not respond to requests coming from any interface not specified.This is useful when running on a Samba server that also serves as a gateway for local network, preventing the establishment of connections from outside the local network.
For directories or volumes that will be to share in the same configuration file you will find various examples for different situations.In general, you can use the following example will work for the majority:
[Lo_que_sea] comment = comment that comes to mindpath = / any / path / you / want / share
The volume can use any of the following options:
Defines whether to be allowed access as a guest user.The value can be Yes orNo.
It is an equivalent parameter guest ok, that is defined if being allowed access as a guest user.The value can be Yes or No.
Sets whether this resource will show in the list of shared resources.The value can be Yes or No.
Defines whether the writing be allowed.Unlike the parameter is read only.The value can be Yes or No.Examples: "writable = Yes"is the same as"read only = No".Obviously "writable = No"is the same as"read only = Yes"
Define which users or groups can access the share.The values can be usernames separated by commas or group names preceded by an @.Example: guy, such-, @ managers
Define which users or groups can access with write permission.The values can be usernames separated by commas or group names preceded by an @.Example: guy, such-, @ managers
Define which users or groups can access with administrative permissions for the resource.That is, will have access to the resource by all operations as super-users.The values can be usernames separated by commas or group names preceded by an @.Example: guy, such-, @ managers
It's the same directory mode.Define what the system will permit the subdirectories created within the resort.Examples: 1777
Define what the system will permit the new files created within the resort.Example: 0644
The following example will be shared through Samba resource named ftp, which is located in the directory / var / ftp / pub on the hard disk.Be allowed access to any resource but it will be read only, except for the manager and fellow users.All new directory that is created will be allowed inside 755 and all files to be placed inside will be allowed 644.
[Ftp]comment = FTP Server Directorypath = / var / ftp / pubguest ok = Yesread only = Yeswrite list = guy, administratordirectory mask = 0755create mask = 0644
Specific options for primary domain controller (PDC).
Whether to configure Samba as primary domain controller, you must specify all the parameters described below.
If you want the access key system and Windows are kept synchronized, you must uncomment the following Lien:
unix password sync = Yes passwd program = / usr / bin / passwd% u passwd chat = * New * UNIX * password *% nn * Retype * new * UNIX * password *% nn * Passwd: * all * authentication * tokens * updated * successfully *
The parameter local master browser set the server as the domain (or master browser), the parameter domain master defines the domain master server, the parameter preferred master teacher defines the domino server as preferred servers if there are more present in the same domain and domain controllers; The parameter time server is used to set the stations must synchronize the time with the server join the domain, the parameter domain logons defines that the server will allow stations to authenticate against Samba.
local master = Yes domain master = Yes preferred master = Yes time server = Yes domain logons = Yes
Setting primary domain controller is also required to define where to store the user profiles.Windows 95, 98 and ME require defining the parameter logon home, while Windows NT, 2000 and XP require is made with the parameter logon path. For practical purposes and forecasting, using both parameters and define the H for this volume:
logon path =% LProfiles% U logon home =% L% U.profile logon drive = H:
If you are using Samba as primary domain controller, you must set the script to run the Windows machines to connect to the server.This is done through parameter logon script which can be defined or a script to use for each user (% U.bat) or by each machine (% m.bat) or in general for all (logon.cmd .)To keep things simple, set initially a general script for all the following:
logon script = logon.cmd
The primary domain controller will also need to define the scripts to run for various tasks such as high machines, users and groups and the low of them.
add user script = / usr / sbin / useradd% u add machine script = / usr / sbin / useradd-d / dev / null-g 100-s / bin / false-c "Machine Account"-M% u delete user script = / usr / sbin / userdel% u delete group script = / usr / sbin / groupdel% g add user to group script = / usr / bin / gpasswd-a% u% g September primary group script = / usr / sbin / usermod-g% g% u
The parameter add user script is used to define what is to be executed in the background on the system to create a new user account.The parameter add machine script is particularly important because it is the command used to enlist machine accounts(trust accounts or trust accounts) automatically.The parameter delete user script is to define the same for delete users, delete group script to remove groups, add user to group to add users to groups and set primary group script to establish a group as the key to a user.
AFTER STARTING THE SERVICE AND ADD IT TO BOOT.
Samba If you start first do the following:
/ Sbin / service smb start
If you restart the service, do the following:
/ Sbin / service smb restart
To make Samba start automatically every time you start the server just run the following command:
/ Sbin / chkconfig smb on
Accessing to Samba.
Undoubtedly, the most practical and safe is the command smbclient.This allows access to any Samba or Windows ® server as if the mandate ftp in text mode.
To access any resource in a Windows ® machine or SAMBA server, first determine what volumes or shares it owns.Use the commandsmbclient as follows:
smbclient-U user-L alguna_maquina
Which will return more or less as follows:
Domain = [MI-DOMAIN] OS = [Unix] Server = [Samba 3.0.7-1.3E]Comment Type sharename--------- ---- -------homes Disk Home Directoriesnetlogon Disk Network Logon ServiceDisk ftp ftpIPC $ IPC IPC Service (Samba Server 3.0.7-1.3E on my-server)ADMIN $ IPC IPC Service (Samba Server 3.0.7-1.3E on my-server)epl5900 Printer Created by redhat-config-printer 0.6.xhp2550bw Printer Created by redhat-config-printer 0.6.xAnonymous Login successfulDomain = [MI-DOMAIN] OS = [Unix] Server = [Samba 3.0.7-1.3E]Server Comment------- ---------Samba server my-server-3.0.7-1.3E on my serverWorkgroup Master------- ---------MI-MI-SERVER DOMAIN
The following corresponds to the basic syntax to browse the resources shared by Windows ® machine or server SAMBA:
smbclient / / alguna_maquina / resource-U user
smbclient / / LINUX / FTP-U jbarrios
After running the above, the system is asked to provide the user password jbarrios on the computer named LINUX.
smbclient / / LINUX / FTP-U jbarrios added interface ip = 192.168.1.254 192.168.1.255 nmask BCAST = = 255.255.255.0 Password: Domain = [myusername] OS = [Unix] Server = [Samba 2.2.1a] smb:>
Can be used virtually the same mandates that the interpreter ftp, as they would get, mget, put, of, etc.
For mounting of network drives.
If you need to view from GNU / Linux machines with Windows ® and interact with these shared directories, you need to do some additional steps.By default, and for security reasons, only root can use the mandates smbmnt and smbumount.You should then set SUID permissions to those mandates.You can do this by running as root as follows:
chmod 4755 / usr / bin / smbmnt chmod 4755 / usr / bin / smbumount
For access to a Windows ® machine, first determine what volumes or shares it owns.Use the command smbclient as follows:
Which will return more or less as follows:
Anonymous Login successfulDomain = [MI-DOMAIN] OS = [Unix] Server = [Samba 3.0.7-1.3E]Comment Type sharename--------- ---- -------homes Disk Home Directoriesnetlogon Disk Network Logon ServiceDisk ftp ftpIPC $ IPC IPC Service (Samba Server 3.0.7-1.3E on my-server)ADMIN $ IPC IPC Service (Samba Server 3.0.7-1.3E on my-server)epl5900 Printer Created by redhat-config-printer 0.6.xhp2550bw Printer Created by redhat-config-printer 0.6.xAnonymous Login successfulDomain = [MI-DOMAIN] OS = [Unix] Server = [Samba 3.0.7-1.3E]Server Comment------- ---------Samba server my-server-3.0.7-1.3E on my serverWorkgroup Master------- ---------MI-MI-SERVER DOMAIN
In the above example is a shared volume called algún_volumen.If we want to ride it, we must create a mount point.This can be created in any directory on which we write permissions.To install, then use the following command line:
smbmount / / alguna_maquina / algún_volumen / point / of / mount /
If the machine is Windows ® requires a username and password, you can add to the above options = el_necesario-username-password = el_requerido-workgroup = mygroup
If the distribution of GNU / Linux used is recent, you can also use the familiar command mount as follows:
mount-t smbfs-o username = el_necesario, password = el_requerido / / alguna_maquina / algún_volumen / point / of / mount /
If an account is generated pcguest, similar to the account nobody, we can mount SMB volumes without entering a password but with restricted privileges, or those that define a volume accessed by a guest user.This would be the method of choice for shared volumes in a local area network.It can generate an account pcguest or let the system take the user nobody.If you opt for the former, only high the account, NOT assign a password.Mount remote volumes as a guest user is very simple.A real example would be:
mount-t smbfs-o guest / / LINUX / FTP / / var / ftp
This volume mounts SAMBA machines with GNU / Linux on another machine with GNU / Linux.
You can also add an entry in / etc / fstab so you only have to be typed mount / point / of / mount.This line would be similar to the following:
/ / LINUX / FTP / var / ftp smbfs user, auto, guest, ro, gid = 100 0 0
Remember that the shared volume must be configured to allow guest users:
[FTP]comment = free software equipment (RPMS)path = / var / ftp / pubpublic = Yesguest ok = Yes