1 / 27

CT320 : Advanced Network and System Administration

CT320 : Advanced Network and System Administration. Samba (Original Slides by Dr. James Walden, NKU) . Topics. Why Samba? Workgroups NetBIOS Daemons samba.conf Security Users Passwords Permissions. What is Samba?. Open source UNIX implementation of SMB.

mateja
Télécharger la présentation

CT320 : Advanced Network and System Administration

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CT320 : Advanced Network and System Administration Samba (Original Slides by Dr. James Walden, NKU) CT320: Advanced Network and System Administration

  2. Topics • Why Samba? • Workgroups • NetBIOS • Daemons • samba.conf • Security • Users • Passwords • Permissions CT320: Advanced Network and System Administration

  3. What is Samba? Open source UNIX implementation of SMB. SMB – Server Message Block Protocol for sharing files, printers, serial ports, Communications such as named pipes Samba servers provide: • File sharing. • Printer sharing. • Network browsing. • WINS name resolution. • Primary and backup domain controllers. CT320: Advanced Network and System Administration

  4. Why Samba? • Free • Faster than Windows SMB servers • More reliable than Windows servers • Handles heterogenous networks CT320: Advanced Network and System Administration

  5. Workgroups CT320: Advanced Network and System Administration

  6. NetBIOS • Designed to run over older network types • Token ring • NetBEUI • IPX • NetBIOS over TCP/IP (NBT or NetBT) • Name service • Datagram communication • Session-based communication CT320: Advanced Network and System Administration

  7. Name Registration Machines requests names and either: 1. NetBIOS name server (NBNS) handles req. 2. Client with name defends ownership. CT320: Advanced Network and System Administration

  8. Name Resolution Machines asks which host has name X: NetBIOS name server (NBNS) handles req. Client with name responds with its address. CT320: Advanced Network and System Administration

  9. Node Types b-node: Uses broadcast naming only. p-node: Uses NBNS naming only. m-node: Broadcast registration, then notifies NBNS of name. Broadcast resolution, fails over to NBNS. h-node: Uses NBNS, then fails over to broadcast. Default for most Windows. CT320: Advanced Network and System Administration

  10. NetBIOS Namespace 15-character flat namespace. Legal: A-Za-z0-9 ! @ # $ % ^ & ( ) – ‘ {} ~ Names have an associated resource type. 00: Standard workstation service. 03: Windows messenger service. 1B: Domain master browser service. 1D: Master browser. 20: File and print server. CT320: Advanced Network and System Administration

  11. NetBIOS Browsing • Finding computers and resources on net. • Contain master for computers. • Contain individual host for resources. • Local master browser maintains list of hosts. • If local master down, election determines which machine becomes new local master browser. CT320: Advanced Network and System Administration

  12. Daemons nmbd Name resolution and registration; browsing. Supports NetBIOS name server and WINS. smbd File and print sharing; authentication. winbindd NT and ADS domain service. Not needed if not using domains. CT320: Advanced Network and System Administration

  13. /etc/samba/smb.conf Ini format configuration file. [section] section descriptors. [global] section values apply to all sections. Other sections describe shared resources. var = value format Many, many options. # and ; are comments Validate with testparm command. CT320: Advanced Network and System Administration

  14. Example /etc/samba/smb.conf [global] workgroup = DOCS netbios name = DOCS_SRV security = share [data] comment = Documentation Server path = /export read only = Yes guest only = Yes CT320: Advanced Network and System Administration

  15. Samba Firewalling Port 137: NetBIOS network browsing. Port 138: NetBIOS name service. Port 139: File/print sharing. Port 445: Used by W2k/XP when NetBIOS over TCP/IP disabled. CT320: Advanced Network and System Administration

  16. Authentication Types Share Shares have one or more passwords. Anyone with password can access share. User Each share configured to allow certain users. Samba server verifies user/password pairs. Server Same as user-level, but uses another server. Domain Domain controller provides authentication types. CT320: Advanced Network and System Administration

  17. Username mapping Samba server username checks • Check for exact username. • Checks for username in lowercase. • Checks for Username in lc, first letter uc. Username map file File specified in smb.conf. username map = /etc/samba/usermap Contains UNIX / Samba username pairs: darwin = DouglasArwin jwalden = James Walden users = @accounts nobody = * CT320: Advanced Network and System Administration

  18. Access Control valid users Only these users have access. Group names preceded by @ sign. invalid users These users do not have access. Takes precedence over valid users tag. admin users These users have root access to share. CT320: Advanced Network and System Administration

  19. Samba Passwords Stored in /etc/samba/smbpasswd Set by smbpaswd command. CT320: Advanced Network and System Administration

  20. Account Backends Plaintext Passes plaintext auth to /etc/{passwd,shadow} Smbpasswd Text file with encrypted NT passwords. tdbsam Binary database with smbpassword + SAM info. ldapsam LDAP with POSIX + sambaSamAccount objs. CT320: Advanced Network and System Administration

  21. Password Synchronization Configuration options: unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *old*password* %o\n *new*password* %n\n *new*password* %n\n *changed* CT320: Advanced Network and System Administration

  22. Sharing Home Directories Use special [homes] share. If user attempts to connect to share not specified in /etc/smb.conf: • Creates new disk share called [username] • Share path is set to username’s home dir. • Options to set to [globals] + [homes] options, with [homes] options winning any conflicts. • Samba connects user to new share. Caveat: may not want root, bin, &c to share. CT320: Advanced Network and System Administration

  23. Permission Mapping • Preserve MS DOS file permissions on UNIX: • Since MS DOS uses file extensions instead of X bits, • map perms to owner, group, and world execute bits. • Ex: map archive = yes, map system = yes, map hidden = yes MS DOS Permissions • Read-only • System • Hidden • Archive UNIX Permissions • Read • Write • eXecute CT320: Advanced Network and System Administration

  24. Creation Masks Samba masks UNIX octal permissions: file and directory. Execute bits used for permission mapping. Can set user and group ownerships too. Example [data] create mask = 755 directory mask = 755 force user = joe force group = accounting CT320: Advanced Network and System Administration

  25. ACLs • Samba can map NT ACLs to POSIX ACLs. • nt acl support = yes • If not set, maps NT ACLs to UNIX rwx perms. • POSIX ACLs do not support all NT ACLs • Ex: Take Ownership CT320: Advanced Network and System Administration

  26. Additional Features • Samba domain controllers. • Samba/LDAP integration. • Using Samba from Windows. • Samba Print servers. CT320: Advanced Network and System Administration

  27. References • Aeleen Frisch, Essential System Administration, 3rd edition, O’Reilly, 2002. • Evi Nemeth et al, UNIX System Administration Handbook, 3rd edition, Prentice Hall, 2001. • RedHat, Red Hat Enterprise Linux 4 System Administration Guide, http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/sysadmin-guide/, 2005. • John H. Terpstra,, Jelmer R. Vernooij,Official Samba-3 HOWTO and Reference Guide, 2nd Edition, Prentice Hall PTR, http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/, 2005. • John H. Terpstra, Samba-3 by Example: Practical Exercises to Successful Deployment, 2nd Edition, Prentice Hall PTR, http://www.samba.org/samba/docs/Samba3-ByExample.pdf, 2005. • Jay Ts, Robert Eckstein, David Collier-Brown, Using Samba, 2nd edition, http://www.samba.org/samba/docs/using_samba/toc.html, O’Reilly, 2003. CT320: Advanced Network and System Administration

More Related