- ACE - Access Control Entry - contains SID and access rights
- ACL - Access Control List - list of ACEs for an object
- CIFS - Common Internet File System - Microsoft's name for their Windows network file system structure, also known as SMB
- DC - Domain Controller (PDC or SDC)
- deny modes - specified when a client opens a file, telling server what other types of access are allowed while this client has the file open (may deny none, read, write, all)
- DMB - Domain Master Browser - coordinates browse lists across domains
- Domain (or NT Domain) - a group of PCs which need only log in to the PDC in order to access any service in the domain
- FID - file identifier
- IPC$ - InterProgram Communications share provided by servers - used for connections to named pipes
- IPX - Internetwork Packet eXchange - Novell's network protocol
- LMB - Local Master Browser - local WINS server for browse requests
- lock - request by a client to prevent other clients from reading and/or writing to all or a section of a file
- machine name - NetBIOS name for a PC
- NBNS - NetBIOS Name Service - another name for WINS
- NBSS - NetBIOS Session Service - SMB client/server protocol
- NCP - Netware Core Protocol, or Netware Control Program (Novell)
- NetBIOS - Network Basic Input Output System - first version of SMB - not routable; NetBIOS over TCP/IP (or UDP) is routable and is standard network/transport layer used by SMB; NetBIOS may also ride on IPX and DECnet
- NetBIOS name - name of clent for SMB purposes - not necessarily related to DNS names
- NetBEUI - NetBIOS Enhanced User Interface - routable version of NetBIOS
- nmbd - WINS daemon, providing NetBIOS name advertising (DMB) and resolution on UNIX
- oplock - opportunistic lock - only circumstance when a server sends an unsolicited message to a client (when two clients request oplocks which are incompatible, first will be broken)
- PDC - Primary Domain Controller - provides authentication services for multiple CIFS servers
- Redirector - that part of client which interfaces local file and print requests to server
- SAM - Security Access Manager (used by DCs for authentication)
- Samba - SMB implementation for UNIX
- SDC - Secondary Domain Controller - backup to PDC
- share - a directory (sub-)tree or printer provided by a server
- share level security - client only needs to supply a password for the share
- SID Security Identifier - user or group id
- SMB - Server Message Block (see CIFS) - roughly analogous to Netware NCP
- smbd - SMB daemon, providing CIFS file and print services from UNIX; also handles share and user mode authentication
- smbfs - SMB file system, supported directly by Linux kernel code
- TID - tree (path) identifier provided upon connection to share
- UID - user identifier provided upon authentication - must accompany all requests to share
- user level security - each client must be authenticated by server
- WINS - Windows Internet Name Service
- workgroup - each PC in workgroup does its own authentication for shares it provides
- connect to / disconnect from file and print shares
- open / close (print) files
- read / write file
- create / delete files, directories
- search directory
- get / set file attributes
- lock / unlock ranges of bytes in files
- file_read_data (r--)
- file_list_directory (r-x)
- file_write_data (-w-)
- file_add_file (to directory) (-w-)
- file_add_subdirectory (to directory) (-w-)
- file_execute (--x)
- file_delete_child (file or subdir in directory) (-w-)
- file_read_attributes (r-x for directory)
- file_write_attributes (-w- for directory)
There are many others.
Samba does not grant more access than the UNIX host allows through permissions.
UNIX "other" permissions map into the NT group EVERYONE.
- name of computer, 15 characters long (padded with spaces), uppercase
-
16th character is the NetBIOS suffix:
There are many others.hex value Meaning 00 workstation redirector 03 messenger service 1B DMB 1C DC 1D LMB 1E browser elections 20 file server -
full format is
\\netbiosname\sharename
- Clients keep NetBIOS names in cache for 10-15 minutes.
- On an NT-based system (NT, 2000, XP), static NetBIOS name to IP address mappings are in C:\WINNT\SYSTEM32\DRIVERS\ETC\LMHOSTS
- print$ is the share name for downloading printer drivers
mount -wo remount /
cd /usr/src
tar -xzf samba-3.0.22.tar.gz
cd samba-3.0.22
cd source
(./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --with-piddir=/var/run --with-fhs --with-smbmount) 2>&1 | tee -a ../../samba.out
(make) 2>&1 | tee -a ../../samba.out
(make install) 2>&1 | tee -a ../../samba.out
mv /usr/lib/samba/libsmbclient.so /usr/lib
ln -sf ../libsmbclient.so /usr/lib/samba
ln -sf libsmbclient.so /usr/lib/libsmbclient.so.0
chmod 644 /usr/include/lib{smbclient,msrpc}.h
install -m755 nsswitch/libnss_win{s,bind}.so /lib
ln -sf libnss_winbind.so /lib/libnss_winbind.so.2
ln -sf libnss_wins.so /lib/libnss_wins.so.2
if [ -f nsswitch/pam_winbind.so ]; then
install -m755 nsswitch/pam_winbind.so /lib/security
fi
install -m644 ../examples/smb.conf.default /etc/samba
install -m755 -d /usr/share/doc/samba-3.0.22
install -m644 ../docs/*.pdf /usr/share/doc/samba-3.0.22
ln -s ../../samba/swat /usr/share/doc/samba-3.0.22
chmod 4755 /usr/bin/smb{mnt,umount}
groupadd -g 99 nogroup
useradd -c "Unprivileged Nobody" -d /dev/null -g nogroup -s /bin/false -u 99 nobody
cd /sources/blfs-bootscripts-20060624
make install-samba
make install-winbind
cd
mount -ro remount /
- cp /etc/samba/smb.conf.default /etc/samba/smb.conf
- Add firewall rules to permit both TCP and UDP access to ports 137-139 and 445. Start samba using "/etc/rc.d/init.d/samba start". Examine the tail of the system log file.
- Add a user test by executing "useradd test && smbpasswd -a test". The test user's Samba password should also be "test". Do not give the test user a UNIX password.
- Test samba by executing "smbclient -U test -L (your IP address)", both from your PC and from another.