1 <html><head><meta http-equiv=
"Content-Type" content=
"text/html; charset=ISO-8859-1"><title>Chapter
1. Introduction to Samba
</title><link rel=
"stylesheet" href=
"samba.css" type=
"text/css"><meta name=
"generator" content=
"DocBook XSL Stylesheets V1.60.1"><link rel=
"home" href=
"index.html" title=
"SAMBA Project Documentation"><link rel=
"up" href=
"introduction.html" title=
"Part I. General Installation"><link rel=
"previous" href=
"introduction.html" title=
"Part I. General Installation"><link rel=
"next" href=
"install.html" title=
"Chapter 2. How to Install and Test SAMBA"></head><body bgcolor=
"white" text=
"black" link=
"#0000FF" vlink=
"#840084" alink=
"#0000FF"><div class=
"navheader"><table width=
"100%" summary=
"Navigation header"><tr><th colspan=
"3" align=
"center">Chapter
1. Introduction to Samba
</th></tr><tr><td width=
"20%" align=
"left"><a accesskey=
"p" href=
"introduction.html">Prev
</a> </td><th width=
"60%" align=
"center">Part I. General Installation
</th><td width=
"20%" align=
"right"> <a accesskey=
"n" href=
"install.html">Next
</a></td></tr></table><hr></div><div class=
"chapter" lang=
"en"><div class=
"titlepage"><div><div><h2 class=
"title"><a name=
"IntroSMB"></a>Chapter
1. Introduction to Samba
</h2></div><div><div class=
"author"><h3 class=
"author"><span class=
"firstname">David
</span> <span class=
"surname">Lechnyr
</span></h3><div class=
"affiliation"><span class=
"orgname">Unofficial HOWTO
<br></span><div class=
"address"><p><tt class=
"email"><<a href=
"mailto:david@lechnyr.com">david@lechnyr.com
</a>></tt></p></div></div></div></div><div><p class=
"pubdate">April
14,
2003</p></div></div><div></div></div><div class=
"toc"><p><b>Table of Contents
</b></p><dl><dt><a href=
"IntroSMB.html#id2875896">Background
</a></dt><dt><a href=
"IntroSMB.html#id2875954">Terminology
</a></dt><dt><a href=
"IntroSMB.html#id2876091">Related Projects
</a></dt><dt><a href=
"IntroSMB.html#id2876169">SMB Methodology
</a></dt><dt><a href=
"IntroSMB.html#id2876258">Epilogue
</a></dt><dt><a href=
"IntroSMB.html#id2876344">Miscellaneous
</a></dt></dl></div><p>“<span class=
"quote">
2 "If you understand what you're doing, you're not learning anything."
5 Samba is a file and print server for Windows-based clients using TCP/IP as the underlying
6 transport protocol. In fact, it can support any SMB/CIFS-enabled client. One of Samba's big
7 strengths is that you can use it to blend your mix of Windows and Linux machines together
8 without requiring a separate Windows NT/
2000/
2003 Server. Samba is actively being developed
9 by a global team of about
30 active programmers and was originally developed by Andrew Tridgell.
10 </p><div class=
"sect1" lang=
"en"><div class=
"titlepage"><div><div><h2 class=
"title" style=
"clear: both"><a name=
"id2875896"></a>Background
</h2></div></div><div></div></div><p>
11 Once long ago, there was a buzzword referred to as DCE/RPC. This stood for Distributed
12 Computing Environment/Remote Procedure Calls and conceptually was a good idea. It was
13 originally developed by Apollo/HP as NCA
1.0 (Network Computing Architecture) and only
14 ran over UDP. When there was a need to run it over TCP so that it would be compatible
15 with DECnet
3.0, it was redesigned, submitted to The Open Group, and officially became
16 known as DCE/RPC. Microsoft came along and decided, rather than pay $
20 per seat to
17 license this technology, to reimplement DCE/RPC themselves as MSRPC. From this, the
18 concept continued in the form of SMB (Server Message Block, or the
"what") using the
19 NetBIOS (Network Basic Input/Output System, or the
"how") compatibility layer. You can
20 run SMB (i.e., transport) over several different protocols; many different implementations
21 arose as a result, including NBIPX (NetBIOS over IPX, NwLnkNb, or NWNBLink) and NBT
22 (NetBIOS over TCP/IP, or NetBT). As the years passed, NBT became the most common form
23 of implementation until the advance of
"Direct-Hosted TCP" -- the Microsoft marketing
24 term for eliminating NetBIOS entirely and running SMB by itself across TCP port
445
25 only. As of yet, direct-hosted TCP has yet to catch on.
27 Perhaps the best summary of the origins of SMB are voiced in the
1997 article titled, CIFS:
28 Common Insecurities Fail Scrutiny:
29 </p><p><span class=
"emphasis"><em>
30 Several megabytes of NT-security archives, random whitepapers, RFCs, the CIFS spec, the Samba
31 stuff, a few MS knowledge-base articles, strings extracted from binaries, and packet dumps have
32 been dutifully waded through during the information-gathering stages of this project, and there
33 are *still* many missing pieces... While often tedious, at least the way has been generously
34 littered with occurrences of clapping hand to forehead and muttering 'crikey, what are they
36 </em></span></p></div><div class=
"sect1" lang=
"en"><div class=
"titlepage"><div><div><h2 class=
"title" style=
"clear: both"><a name=
"id2875954"></a>Terminology
</h2></div></div><div></div></div><div class=
"itemizedlist"><ul type=
"disc"><li><p>
37 SMB: Acronym for
"Server Message Block". This is Microsoft's file and printer sharing protocol.
39 CIFS: Acronym for
"Common Internet File System". Around
1996, Microsoft apparently
40 decided that SMB needed the word
"Internet" in it, so they changed it to CIFS.
42 Direct-Hosted: A method of providing file/printer sharing services over port
445/tcp
43 only using DNS for name resolution instead of WINS.
45 IPC: Acronym for
"Inter-Process Communication". A method to communicate specific
46 information between programs.
48 Marshalling: - A method of serializing (i.e., sequential ordering of) variable data
49 suitable for transmission via a network connection or storing in a file. The source
50 data can be re-created using a similar process called unmarshalling.
52 NetBIOS: Acronym for
"Network Basic Input/Output System". This is not a protocol;
53 it is a method of communication across an existing protocol. This is a standard which
54 was originally developed for IBM by Sytek in
1983. To exaggerate the analogy a bit,
55 it can help to think of this in comparison your computer's BIOS -- it controls the
56 essential functions of your input/output hardware -- whereas NetBIOS controls the
57 essential functions of your input/output traffic via the network. Again, this is a bit
58 of an exaggeration but it should help that paradigm shift. What is important to realize
59 is that NetBIOS is a transport standard, not a protocol. Unfortunately, even technically
60 brilliant people tend to interchange NetBIOS with terms like NetBEUI without a second
61 thought; this will cause no end (and no doubt) of confusion.
63 NetBEUI: Acronym for the
"NetBIOS Extended User Interface". Unlike NetBIOS, NetBEUI
64 is a protocol, not a standard. It is also not routable, so traffic on one side of a
65 router will be unable to communicate with the other side. Understanding NetBEUI is
66 not essential to deciphering SMB; however it helps to point out that it is not the
67 same as NetBIOS and to improve your score in trivia at parties. NetBEUI was originally
68 referred to by Microsoft as
"NBF", or
"The Windows NT NetBEUI Frame protocol driver".
69 It is not often heard from these days.
71 NBT: Acronym for
"NetBIOS over TCP"; also known as
"NetBT". Allows the continued use
72 of NetBIOS traffic proxied over TCP/IP. As a result, NetBIOS names are made
73 to IP addresses and NetBIOS name types are conceptually equivalent to TCP/IP ports.
74 This is how file and printer sharing are accomplished in Windows
95/
98/ME. They
75 traditionally rely on three ports: NetBIOS Name Service (nbname) via UDP port
137,
76 NetBIOS Datagram Service (nbdatagram) via UDP port
138, and NetBIOS Session Service
77 (nbsession) via TCP port
139. All name resolution is done via WINS, NetBIOS broadcasts,
78 and DNS. NetBIOS over TCP is documented in RFC
1001 (Concepts and methods) and RFC
1002
79 (Detailed specifications).
81 W2K: Acronym for Windows
2000 Professional or Server
83 W3K: Acronym for Windows
2003 Server
84 </p></li></ul></div><p>If you plan on getting help, make sure to subscribe to the Samba Mailing List (available at
85 <ulink url=
"http://www.samba.org/">http://www.samba.org
</ulink>).
86 </p></div><div class=
"sect1" lang=
"en"><div class=
"titlepage"><div><div><h2 class=
"title" style=
"clear: both"><a name=
"id2876091"></a>Related Projects
</h2></div></div><div></div></div><p>
87 There are currently two network filesystem client projects for Linux that are directly
88 related to Samba: SMBFS and CIFS VFS. These are both available in the Linux kernel itself.
89 </p><div class=
"itemizedlist"><ul type=
"disc"><li><p>
90 SMBFS (Server Message Block File System) allows you to mount SMB shares (the protocol
91 that Microsoft Windows and OS/
2 Lan Manager use to share files and printers
92 over local networks) and access them just like any other Unix directory. This is useful
93 if you just want to mount such filesystems without being a SMBFS server.
95 CIFS VFS (Common Internet File System Virtual File System) is the successor to SMBFS, and
96 is being actively developed for the upcoming version of the Linux kernel. The intent of this module
97 is to provide advanced network file system functionality including support for dfs (hierarchical
98 name space), secure per-user session establishment, safe distributed caching (oplock),
99 optional packet signing, Unicode and other internationalization improvements, and optional
100 Winbind (nsswitch) integration.
101 </p></li></ul></div><p>
102 Again, it's important to note that these are implementations for client filesystems, and have
103 nothing to do with acting as a file and print server for SMB/CIFS clients.
105 There are other Open Source CIFS client implementations, such as the
106 <ulink url=
"http://jcifs.samba.org/">jCIFS project
</ulink>
107 which provides an SMB client toolkit written in Java.
108 </p></div><div class=
"sect1" lang=
"en"><div class=
"titlepage"><div><div><h2 class=
"title" style=
"clear: both"><a name=
"id2876169"></a>SMB Methodology
</h2></div></div><div></div></div><p>
109 Traditionally, SMB uses UDP port
137 (NetBIOS name service, or netbios-ns),
110 UDP port
138 (NetBIOS datagram service, or netbios-dgm), and TCP port
139 (NetBIOS
111 session service, or netbios-ssn). Anyone looking at their network with a good
112 packet sniffer will be amazed at the amount of traffic generated by just opening
113 up a single file. In general, SMB sessions are established in the following order:
114 </p><div class=
"itemizedlist"><ul type=
"disc"><li><p>
115 "TCP Connection" - establish
3-way handshake (connection) to port
139/tcp
118 "NetBIOS Session Request" - using the following
"Calling Names": The local
119 machine's NetBIOS name plus the
16th character
0x00; The server's NetBIOS
120 name plus the
16th character
0x20
122 "SMB Negotiate Protocol" - determine the protocol dialect to use, which will
123 be one of the following: PC Network Program
1.0 (Core) - share level security
124 mode only; Microsoft Networks
1.03 (Core Plus) - share level security
125 mode only; Lanman1.0 (LAN Manager
1.0) - uses Challenge/Response
126 Authentication; Lanman2.1 (LAN Manager
2.1) - uses Challenge/Response
127 Authentication; NT LM
0.12 (NT LM
0.12) - uses Challenge/Response
130 SMB Session Startup. Passwords are encrypted (or not) according to one of
131 the following methods: Null (no encryption); Cleartext (no encryption); LM
132 and NTLM; NTLM; NTLMv2
134 SMB Tree Connect: Connect to a share name (e.g., \\servername\share); Connect
135 to a service type (e.g., IPC$ named pipe)
136 </p></li></ul></div><p>
137 A good way to examine this process in depth is to try out
138 <ulink url=
"http://www.securityfriday.com/ToolDownload/SWB/swb_doc.html">SecurityFriday's SWB program
</ulink>.
139 It allows you to walk through the establishment of a SMB/CIFS session step by step.
140 </p></div><div class=
"sect1" lang=
"en"><div class=
"titlepage"><div><div><h2 class=
"title" style=
"clear: both"><a name=
"id2876258"></a>Epilogue
</h2></div></div><div></div></div><p>“<span class=
"quote">
141 What's fundamentally wrong is that nobody ever had any taste when they
142 did it. Microsoft has been very much into making the user interface look good,
143 but internally it's just a complete mess. And even people who program for Microsoft
144 and who have had years of experience, just don't know how it works internally.
145 Worse, nobody dares change it. Nobody dares to fix bugs because it's such a
146 mess that fixing one bug might just break a hundred programs that depend on
147 that bug. And Microsoft isn't interested in anyone fixing bugs -- they're interested
148 in making money. They don't have anybody who takes pride in Windows
95 as an
150 </span>”</p><p>“<span class=
"quote">
151 People inside Microsoft know it's a bad operating system and they still
152 continue obviously working on it because they want to get the next version out
153 because they want to have all these new features to sell more copies of the
155 </span>”</p><p>“<span class=
"quote">
156 The problem with that is that over time, when you have this kind of approach,
157 and because nobody understands it, because nobody REALLY fixes bugs (other than
158 when they're really obvious), the end result is really messy. You can't trust
159 it because under certain circumstances it just spontaneously reboots or just
160 halts in the middle of something that shouldn't be strange. Normally it works
161 fine and then once in a blue moon for some completely unknown reason, it's dead,
162 and nobody knows why. Not Microsoft, not the experienced user and certainly
163 not the completely clueless user who probably sits there shivering thinking
164 "What did I do wrong?" when they didn't do anything wrong at all.
165 </span>”</p><p>“<span class=
"quote">
166 That's what's really irritating to me.
"
167 </span>”</p><p>--
168 <ulink url="http://hr.uoregon.edu/davidrl/boot.txt
">Linus Torvalds, from an interview with BOOT Magazine, Sept 1998</ulink>
169 </p></div><div class="sect1
" lang="en
"><div class="titlepage
"><div><div><h2 class="title
" style="clear: both
"><a name="id2876344
"></a>Miscellaneous</h2></div></div><div></div></div><p>
170 This chapter is Copyright 2003 David Lechnyr (david at lechnyr dot com).
171 Permission is granted to copy, distribute and/or modify this document under the terms
172 of the GNU Free Documentation License, Version 1.2 or any later version published by the Free
173 Software Foundation. A copy of the license is available at http://www.gnu.org/licenses/fdl.txt.
174 </p></div></div><div class="navfooter
"><hr><table width="100%
" summary="Navigation footer
"><tr><td width="40%
" align="left
"><a accesskey="p
" href="introduction.html
">Prev</a> </td><td width="20%
" align="center
"><a accesskey="u
" href="introduction.html
">Up</a></td><td width="40%
" align="right
"> <a accesskey="n
" href="install.html
">Next</a></td></tr><tr><td width="40%
" align="left
" valign="top
">Part I. General Installation </td><td width="20%
" align="center
"><a accesskey="h
" href="index.html
">Home</a></td><td width="40%
" align="right
" valign="top
"> Chapter 2. How to Install and Test SAMBA</td></tr></table></div></body></html>