[ Prev ] [ Index ] [ Next ]

smb

Created Thursday 24/7/2003

The SMB protocol is part of the Samba suite (now called CIFS/SMB) and is the protocol used for connecting to a windows share within a Linux environment. The smb suite includes a bunch of different applications which use the smb protocol to perform a variety of different functions such as file transfer with smbclient(1) and smbget(1), disk mounts of windows partitions (including FAT16, VFAT and NTFS) with smbmount(1) and so on. The smb protocol can be used to connect Linux to Linux hosts, which is useful to gaining access to a disk partition in a dual boot environment which is currently booted as Linux.

The smb server process are smbd, which provides and nmbd for netbios. These are started via regular init.d scripts and both are started by the same startup script /etc/init.d/smb. The smbcontrol program can be used to communicate with the CIFS and Netbios daemons.

Note: Samba is now called CIFS/SMB (Common Internet File system)

1. Starting Samba

The Samba service is started by the /etc/init.d/smb init script. The SMB/CIFS server loads the configuration from /etc/samba/smb.conf (see section #2) and starts the Samba (smbd) and Netbios server (nmbd) if configured (not a good idea).

	bash # /etc/init.d/smb start

Use chkconfig(8) to determine which runlevels, if any, automatically start the Samba server:

	bash $ chkconfig --list|grep -i smb

To enable Samba for runlevels 3 and 5, issue ckconfig(8) with the --level option, passing the name of the Samba service. Argument after the service name is an action keyword, which should be either on (to enable the service) or off to disable it.

	bash # chkconfig --levels 35 smb on

Note: By default, the on and off keywords only affect runlevels 2,3,4,5

2. Linux SMB configuration

The partitions on a Linux server can be shared using CIFS. This is not necessarily recommended unless tight security controls are in place as the CIFS suite provides access to the shares under its control via Netbios which is notoriously slack in terms of security. However, with a simple CIFS configuration, the user home directories, printers and temp directory can all be made available via SMB by editing the default entries in the smb configuration file, which is typically /etc/samba/smb.conf, see smb.conf(5) for more information.

In addition to the prepackaged shares (such as the user homes and printers) specific shares can also be introduced by adding entries to the smb.conf. The smb.conf is maintained in a windows ini-file like format, where sections are started with headings like [section]. Each of these sections contains attributes that are specific to that section and are used to control attributes of the share.

The following is an example of creating a specific CIFS/SMB share to the path /public/share on the local host. This part of the file system is shared as read-write with write operations restricted to users in the group staff. This example is lifted from the samba doco.

	# A publicly accessible directory, but read only, except for people in the "staff" group
	[public]
	   comment = Public Share
	   path = /public/share
	   public = yes
	   writable = yes
	   printable = no
	   write list = +staff

3. Attaching to a Domain share

The smbclient(1) program can be used to attach to any type of share in a windows network, including Domain Shares. When connecting to shares hosted by a Domain Controller, be sure to specify the domain attribute, which can be done using the --workgroup option, providing the domain as the argument or by specifying the domain in the form domain=name in an attributes file, which is then given as the argument to smbclient's --authentication-file (-A) option.

The following two examples connect to the domain MYDOMAIN, with username of myusername and password mypassword. The first example uses the relevant smbclient(1) command line options to specify domain, user and pwd and the second uses an authentication file.

Example 1: Connect to the service Dev on host myhost on domain MYDOMAN using smbclient(1) command line options:

	bash $ smbclient -U myusername -P mypassword -W MYDOMAIN //myhost/Dev

Example 2: Connect to the service Dev on host myhost on domain MYDOMAIN using an authentication file:

	bash $ cat << EOF > /tmp/authfile.smb
	username = foo
	domain = MYDOMAIN
	password = foo
	EOF

	bash $ smbclient -A /tmp/authfile.smb //myhost/Dev

4. Mounting a windows share with SMB

4.A Mounting a CIFS share with mount(1)

To mount a cifs share, use mount and specify a filesystem type of cifs. The username, password and domain should be specified with -o options. E.g., to mount a CIFS share called PUBLIC from server 192.168.1.100, authenticating as user foo, password bar on domain WORKGROUP

    bash #  mount -t cifs //192.168.1.100/public /mnt/tmp -ouser=foo,pass=bar,dom=WORKGROUP

4.B Using smbmount (deprecated)
Note: The filesystem type for mounting a windows share via samba is smbfs

The CIFS/SMB protocol can be used to mount an NT network share. However, for the mount(8) operation to use smb, Samba/CIFS must be complied with the smbmount option enabled. If compiling Samba from source, the smbmount option is enabled by specifing the --with-smbmount option to configure (see gnu for more information on configiure):

	bash $ ./configure --with-smbmount
	bash # make install

The smbmount and smbmnt programs are installed with the Samba distribution (or are installed when compiling from source with --with-smbmount option enabled). These programs can run standalone (as root) or via mount(8) (also must be run as root). When run as standalone, be sure to supply any required network authentication credentials. If no credentials are specified, then the credientials supplied to the Samba server will be the same as those of the unix user running smbmount(3) command.

The following example mounts the service Dev from host myhost using smbmount standalone. The mount request is done with username of foo, which is the username passed on to the samba server. The samba server will then request a password, before completing the mount request. The password can also be specified along with username= in the smbmount options (e.g., -ousername=foo,password=foo)

	bash # smbmount //myhost/Dev /mnt/samba/ -ousername=foo

If smbmount is to be executed from the mount(8) command, then be sure to provide smbfs as the filesystem type (-t option). The following mount performs the same operation as the previous smbmount, but uses mount(8) to instead. Again, the username (and password) , must be specified of the Samba authorizataion requires different credentials than those of the unix user running the smbmount command. Use the the -o option of mount to specify the username and password (if required)

	bash # mount -t smbfs //myhost/Dev /mnt/samba -ousername=foo,password=foo

If the password= option is not provided to the smbmount (or mount) commands, then the an the mount process to ask for a password before the mount request is completed. This is because the mount request is directed through the smb server, which requires authentication (see section SMB authentication).

Warning: The kernel must have smbfs support compiled in. Only available on linux at present (Feb 2003).

5. File transfer with SMB

File transfer both to and from a windows share can be done with CIFS/SMB using the smbclient(1) and smbget(1) programs. The first example uses smbclient to establish a session (connection) to a non-domain share. Within the smbclient shell (indicated by smb: \>) use the dir, get and put commands within the smbclient shell to perform file transfer. The following establishes an open connection to host 89.1.6.22 to the C-Drive share, which is created by windows during its installation and is called C$ by default.

Note: The smbclient session is indicated with smb: \>

	bash $ smbclient -U foo //192.168.1.3/c$
	Password: xxx

	Domain=[FLUENCY] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager]
	smb: \>
	smb: \> pwd
	Current directory is \\192.168.1.3\c$\
	smb: \> dir
	  apache-ant-1.6.2                    D        0  Thu Apr 13 16:53:23 2006
	  AUTOEXEC.BAT                        A        0  Fri Mar 28 17:26:25 2003
	  bea                                 D        0  Wed Apr  6 15:16:35 2005
	  bea813                              D        0  Fri Apr  8 16:10:40 2005
	  boot.ini                         AHSR      211  Mon Sep 27 19:40:36 2004
	smb: \> get boot.ini
	getting file \boot.ini of size 211 as boot.ini (103.0 kb/s) (average 10.8 kb/s)
	smb: \> quit

6. SMB authentication

Users connecting to an smb share managed by smbd(1), hosted on a Linux environment do not use linux authenication (kerberos) by default. Instead, users and their corresponding passwords are maintained in the Samba environment, typically a text file in the samba configuration directory which is normally /etc/samba/smbusers. This is normally a plain text file, with one user per line. The password entires are md5 hashes of the passwords created by the smbpassword(1) program.

7. See Also

The CIFS/SMB project is maintained at samba.org (CIFS) and is installed with the base Fedora Core packages. The Samba rpm installs user documentation to the usual place, usually /usr/share/doc, and is normally named as samba-common-<ver>. The version 3.0.28 samba doco, for example, is installed to /usr/share/doc/samba-common-3.0.28

There are several rpm's for CIFS and these are broken up into server and client components, with other components for integrating with (e.g.,) Kerberos/PAM authentication and Gnome. The following is a list of the CIFS rpms installed with the Fedora Core base.

	bash $ rpm -aq | egrep 'samba|smb'
	libsmbios-bin-0.13.13-1.fc8.x86_64
	libsmbios-libs-0.13.13-1.fc8.x86_64
	pam_smb-1.1.7-7.2.2.i386
	libsmbclient-3.0.28-0.fc8.x86_64
	samba-common-3.0.28-0.fc8.x86_64
	samba-client-3.0.28-0.fc8.x86_64
	gnome-vfs2-smb-2.20.1-1.fc8.x86_64
	pam_smb-1.1.7-7.2.2.x86_64

The rpm's for CIFS/SMB provide the libraries and binaries for managing the smb protocol. The general role of each of these rpms is:

Stuart Moorfoot © 24 July 2003 foo@bund.com.au

Backlinks: