SLIDE 1
Samba Server
Installation, Configuration, and Security Stephen Hilt shilt@cs.siu.edu
Samba Server Installation, Configuration, and Security Stephen Hilt - - PowerPoint PPT Presentation
Samba Server Installation, Configuration, and Security Stephen Hilt - - PowerPoint PPT Presentation
Samba Server Installation, Configuration, and Security Stephen Hilt shilt@cs.siu.edu History SMB Server Message Block IBM First definition of NetBIOS - Sep, 1984 CIFS Common Internet File System CIFS is an enhanced
SLIDE 2
SLIDE 3
CIFS
CIFS Provides five basic Services
– File Sharing – Network Printing – Authentication and authorization – Name Resolution – Service announcement (file server and printer
“browsing”
SLIDE 4
Samba
Samba not only serves Linux files though
CIFS, but it can also perform all basic functions of a Windows NT 4.0
– Domain Logins – Roaming Windows user profiles – CIFS print Spooling
All figured out though reverse-engineering
– New features from Microsoft take a while to show
up in Samba
SLIDE 5
Instillation
Most major Distributions include Samba www.samba.org
– ./configure, make, make install
Step by Step instructions on Samba’s
Website
SLIDE 6
Configuration
GUI from the distribution Smb.conf
– /etc/samba/smb.conf – or /etc/smb.conf
SLIDE 7
Configuration
Example
[global] # workgroup = NT- Domain-Name or Workgroup-Name Workgroup = SAMPLE
SLIDE 8
Configuration / security
Samba allows control over security
– Only works if you use it
Two basic levels
– Hosts allow, who can access the samba
resources
# List the hosts that may access Samba-shared objects # Here, only hosts on two class C nets are allowed Hosts allow = 192.168.1. 131.230.
SLIDE 9
Configuration / security
– Block access from the internet to the CIFS TCP
port with a packet-filtering firewall.
Port 137 through port 139
SLIDE 10
Configuration
For your printers
# Automatically load your printer list from a file Printcap name = /etc/printcap load printers = yes Make a log file for each machine, and limit its
size
# log file and size limit log file = /var/log/samba/log.%m Max log size = 500
SLIDE 11
Configuration
Set the security mode
– Most people will want user-level security
security_level.txt in Samba Documentation
security = user – share, user, server are the three levels for
security mode.
SLIDE 12
Configuration
Share home Directories
[homes] comment = Home Directories browseable = no writeable = yes
SLIDE 13
Configuration
Printers
# share all printers [printers] comment = All Printers path = /var/spool/samba browseable = no writeable = no printable = yes
SLIDE 14
Configuration
Share a directory
# share a specific directory [myshare] comment = Shared Directory path = /usr/share public = no writeable = yes printable = no create mask = 0775
SLIDE 15
Passwords
Samba does not use /etc/passwd and
/etc/shadow for authentication
Uses smbpasswd
– /etc/samba – Contains username and two hashed passwords
First password LANMAN has Second NT password hash – based on MD4
SLIDE 16
Passwords
Encrypt the passwords
– ENCRYPTION.txt, Win95.txt, and WinNT.txt encrypt passwords = yes smb passwd file = /etc/smbpasswd
SLIDE 17
Passwords
You cannot decrypt the hashes
– However, all you need is a user’s has to
impersonate that computer
– Run the following commands # chmod 700 /etc/samba # chmod 600 /etc/samba/smbpasswd
SLIDE 18
Passwords
Use a different password for your Samba
access and Linux access, and change the Samba password often.
– /etc/samba > smbpasswd
Old SMB password : <password> New SMB password: <new password> Retype new SMB password < new password> password changed.
SLIDE 19
Samba Vs NFS
Unlike NFS Samba requires no kernel
modifications, and runs entire as a user process
Two Processes
– smbd – file and print services – nmbd – other CIFS components
Name resolution, and service aaouncement
/etc/rc.d/init.d/smb start, stop, restart
SLIDE 20