installing samba
DESCRIPTION
Installing Samba. Vicki Insixiengmay Jonathan Krieger. Samba. "Samba is an Open Source/Free Software suite that provides seamless file and print services to SMB/CIFS clients." Source: www.samba.org Installed on any other platform than Microsoft Windows - PowerPoint PPT PresentationTRANSCRIPT
Installing Samba
Vicki Insixiengmay
Jonathan Krieger
Samba
"Samba is an Open Source/Free Software suite that provides seamless file and print services to SMB/CIFS clients." Source: www.samba.org
Installed on any other platform than Microsoft Windows Make use of TCP/IP protocol installed on Host server Allows Host to interact with Windows Client/Server
Four Samba Elements
File and Print Services
Authentication and Authorization
Name Resolution
Service Announcement (Browsing)
Model Samba Network
Source: “Using Samba” by
Robert Eckstein, David Collier-Brown, Peter Kelly
What Samba Does
Samba runs on Unix platforms. It speaks to Windows clients.
It allows a Unix system to move into a Windows “Network Neighborhood”.
Windows users can access file and print services.
SMBD
File and print services are provided by smbd, the SMB Daemon.
Handles "share mode" and "user mode" authentication and authorization. You can protect shared file and print services by requiring passwords.
Each user has their own username and password and the System Administrator can grant or deny access.
NMBD
The other two CIFS (Common Internet File System) pieces, name resolution and browsing, are handled by nmbd.
These two services basically involve the management and distribution of lists of NetBIOS (Network Basic Input Output System) names. NetBIOS is software loaded into memory.
Provides an interface between programs and the network hardware.
Name Resolution
Name resolution takes two forms: broadcast and point-to-point.
Client shouts out the name of the service it is looking for and waits for the machine with that name to answer with an IP address.
It is restricted to the local LAN so it doesn't cause too much trouble.
Name Resolution
Point-to-point includes use of an NBNS (NetBIOS Name Service) server
The clients send their NetBIOS names & IP addresses to the NBNS server, which keeps the information in a database.
When a client wants to talk to another client, it sends the other client's name to the NBNS server. If the name is on the list, the NBNS hands back an IP address.
Service Announcement (Browsing)
Ability to examine the servers and shares available on the network
A browse list keeps a list of current, active servers. This is stored on one machine in a network.
A local master browser updates the information in the browse list as computers sign on and off. This can be any server on the network.
smb.conf file
[global] [home] [printers]
Each section describes the accessibility for users
SWAT
SWAT Samba Web Administration Tool Locates parameters supported by Samba Always up to date as Samba parameters change Provides context-sensitive help for each
configuration parameter Stores only parameters settings other than defaults Port 901 Uses ISS RealSecure
Installing Samba
Downloaded latest version from samba.org Configured /etc/xinted.conf
Enable SWAT service SWAT http://localhost:901
Configured smb.conf Add IP addresses of Windows machines Password server – lab2.research.cs.uofs.edu
Problems
Windows machine recognizes Samba server, but does not allow access.
Solution: Different encryption/decryption systems for Windows and Unix. Find enableplaintextpassword and disenable
Windows encryption.
Adding Samba Users
Each user must be added adduser –g 100 plishka
Create passwords for user passwd plishka
Create Samba domain login passwords In /usr/bin smbpasswd –a plishka
References
www.samba.org http://www.mcsr.olemiss.edu/bookshelf/artic
les/Samba.html http://www.linuxhomenetworking.com/linux
-hn/samba.htm#_Toc91165136 http://www.oreilly.com/catalog/samba/
chapter/book/
Browsing Elections
A computer becomes a local master browser by holding a browsing election.
Samba can rig a browsing election for a variety of outcomes,including always becoming the local master browser of the subnet or never becoming it.
In smb.conf, [global]
#Browsing election optionsos level = 34local master = yes
Browsing Elections
Each machine in the election broadcasts information. Version of election protocol Operating system Amount of time client has been signed on Host name of client
Browsing Elections
How elections are decided Operating system is assigned a binary value according to
version Each computer is assigned a value according to its role The machine with the highest election protocol version wins
OR The machine with the highest operating system values In case of tie,
machine with setting of preferred master browser wins OR client signed on the longest wins OR client name that comes first alphabetically wins
ISS RealSecure
RealSecure provides an intrusion detection system that monitors suspicious behavior, making changes to the system in real time, such as terminating sessions or changing the firewall
The current versions of RealSecure Network Sensor include the ability to decode SAMBA/CIFS protocols for Windows networking.
Comprised of Network Sensor, OS Sensor, and Console
ISS RealSecure
Network Sensors work by comparing the traffic on the network against a set of rules defined in a number of policies.
OS Sensors runs as a process on the server that is being monitored. Every time a new log-file entry is generated by the operating system, OS Sensor reads it, and compares it against the signatures currently in force. If a match is found, it initiates the appropriate response. OS Sensor is able to detect local attacks and abuses that would normally be missed by the Network Sensor.
Console and the Sensors communicate with each other. The console defines the policy for each sensor. Includes:
Network Sensor security events connection events, OS Sensor security events
Synchronization of Usernames and Passwords
The Unix password sync global option allows Samba to update Unix password file when user changes his/her password. The password is stored on a Samba server in the smbpasswd file, located in /usr/local/samba/private by default.
[global] unix password sync = yes Samba changes the encrypted password and
attempts to change the standard Unix password by passing the username and new password to the program specified by the passwd program option.
Synchronization of Usernames and Passwords
Samba does not necessarily have access to the plaintext password for the user, so the password changing program must be invoked as root.