Samba Server Installation, Configuration, and Security Stephen Hilt shilt@cs.siu.edu
History � SMB – Server Message Block – IBM First definition of NetBIOS - Sep, 1984 � CIFS – Common Internet File System – CIFS is an enhanced version of Microsoft's open, cross-platform Server Message Block (SMB) protocol
CIFS � CIFS Provides five basic Services – File Sharing – Network Printing – Authentication and authorization – Name Resolution – Service announcement (file server and printer “browsing”
Samba � Samba not only serves Linux files though CIFS, but it can also perform all basic functions of a Windows NT 4.0 – Domain Logins – Roaming Windows user profiles – CIFS print Spooling � All figured out though reverse-engineering – New features from Microsoft take a while to show up in Samba
Instillation � Most major Distributions include Samba � www.samba.org – ./configure, make, make install � Step by Step instructions on Samba’s Website
Configuration � GUI from the distribution � Smb.conf – /etc/samba/smb.conf – or /etc/smb.conf
Configuration � Example [global] # workgroup = NT- Domain-Name or Workgroup-Name Workgroup = SAMPLE
Configuration / security � Samba allows control over security – Only works if you use it � Two basic levels – Hosts allow, who can access the samba resources # List the hosts that may access Samba-shared objects # Here, only hosts on two class C nets are allowed Hosts allow = 192.168.1. 131.230.
Configuration / security – Block access from the internet to the CIFS TCP port with a packet-filtering firewall. � Port 137 through port 139
Configuration � For your printers # Automatically load your printer list from a file Printcap name = /etc/printcap load printers = yes � Make a log file for each machine, and limit its size # log file and size limit log file = /var/log/samba/log.%m Max log size = 500
Configuration � Set the security mode – Most people will want user-level security � security_level.txt in Samba Documentation security = user – share, user, server are the three levels for security mode.
Configuration � Share home Directories [homes] comment = Home Directories browseable = no writeable = yes
Configuration � Printers # share all printers [printers] comment = All Printers path = /var/spool/samba browseable = no writeable = no printable = yes
Configuration � Share a directory # share a specific directory [myshare] comment = Shared Directory path = /usr/share public = no writeable = yes printable = no create mask = 0775
Passwords � Samba does not use /etc/passwd and /etc/shadow for authentication � Uses smbpasswd – /etc/samba – Contains username and two hashed passwords � First password LANMAN has � Second NT password hash – based on MD4
Passwords � Encrypt the passwords – ENCRYPTION.txt, Win95.txt, and WinNT.txt encrypt passwords = yes smb passwd file = /etc/smbpasswd
Passwords � You cannot decrypt the hashes – However, all you need is a user’s has to impersonate that computer – Run the following commands # chmod 700 /etc/samba # chmod 600 /etc/samba/smbpasswd
Passwords � Use a different password for your Samba access and Linux access, and change the Samba password often. – /etc/samba > smbpasswd Old SMB password : <password> New SMB password: <new password> Retype new SMB password < new password> password changed.
Samba Vs NFS � Unlike NFS Samba requires no kernel modifications, and runs entire as a user process � Two Processes – smbd – file and print services – nmbd – other CIFS components � Name resolution, and service aaouncement � /etc/rc.d/init.d/smb start, stop, restart
Summary � smb.conf file is set up so that when users log into their PCs, their home directories and the shared directory are both available. They can also print to all printers that the server knows about.
Recommend
More recommend
