The Samba Networking Tool Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Samba is a networking tool for the Windows and Unix systems in the network. The first Samba Unix was developed by the Andrew Tridgell. Samba is the one of the unique server application since 1992 and also, it is the one of the open source software. Samba is the most useful tool which can be connected across Unix systems on a network . even though it runs on a unix system it also allows to share files and printers on unix host and vice versa. Samba is reliable software that runs on reliable Unix operating systems, resulting in fewer problems and a low cost of maintenance. Samba is released under the GNU General Public License. The name Samba comes from SMB (Server Message Block), the name of the standard protocol used by the Microsoft Windows network file system.Samba is used in many fields' like banks, financial institutions, public sectors, military organizations, schools, art galleries, and also in families. Samba helps to overcome storage problems for the travelling professionals. The SMB protocol was followed by the both the operating systems (Microsoft Windows and the OS/2) that helps in the doing multiple tasks. Samba cannot perfume BDC for a Windows PDC and also, in controlling the Active Directory controller. There are three daemons (smbd, nmbd, and winbindd) and two servers (smb and windbind) which help in operation of the samba.The LDAP and Kerberos are helpful in joining the active directory domain in the samba. Samba designed by a Unicode. Samba users has a wide range choice in terms of setup, configuration , systems., etc. All these extraordinary features made success of the Samba in short time.

By this unique features and wide range of advantages many organizations like VA Linux Systems, IBM, Hewlett-Packard, and LinuxCare sponsored in developing the Samba.

Samba development team is lead by Andrew tridgell who has developed a protocol which is a part of pathworks . In the early stages the protocol was named as SMB and later expanded it to SMB server, however Andrew cannot keep the name as SMB server because it is already belonged to some other company. So he tried a number of naming approaches and finally kept the name as samba. Samba suite uses a pair of Unix daemons in order to access the shared resources among SMB clients on a network. The unix daemons are

The daemon which supports NetBIOS name service and WINS which assists with network browsing.

Samba can be explained clearly with the following example. Let us assume a network configuration for samba enabled system which will be assigned the name tooltec and the windows clients are maya and Aztec which are connected using LAN. In this network all computers share the same workgroup which is a collection of computers and resources on an SMB network. METRAN is the workgroup which is shared by all the terminals in the network.The graphic representation of samba server can be seen in the following figure.

Samba implements different security levels which are known as userlevel security and share level security. , Samba implements share-level security only one way, but has four ways of implementing user-level security. Collectively, we call the Samba implementations of the security levels security modes. They are known as share, user, domain, ADS, and servermodes.

User level security:

In user level security client session starts with a simple protocol negotiation. In order to start a session a client must send his username and password to the server. Samba authenticates by validating the given username and password with the authorized users in the configuration file and the passwords in the password database of the Samba server The server either accepts or rejects the client based on the username and name of the client. Once the server accepts the client connection then he can share all the resources based on teh initial setup.

Clients can also have multiple session setup requests. The server responds to the client by uid which acts as authentication tag for username and password. winDD acts as a good example for multiple session setup requests.

Example of userlevel security

smb.conf parameter which sets user level security is


Share level security:

Share level security as the name indicates the client has to authenticate itself in order to share by using password and tree connection. The client expects some kinds of passwords with each share. Security is maintained as long as unauthorized users do not discover the password for a share to which they shouldn't have access. You can set up share-level security with Windows 95/98 by first enabling share-level security using the Access Control tab of the Network Control Panel dialog.Samba has to work out with username which sent to the SMB server. Some commercial SMB servers such as NT actually associate passwords directly with shares in share-level security, but Samba always uses the UNIX authentication scheme where it is a username/password pair that is authenticated, not a share/password pair.

Several clients start a session setup request even if the server is in share level security. The clients send a username but no passwords . samba record all the usernames which can be added to the list and any users listed in the smb.conf file. Password is checked with the available usernames and if match is found then the user is recognized as a authenticated user.

Samba makes a UNIX system call in order to find user account which matches the one provided from standard account database. On a system that has no name service switch (NSS) facility, such lookups will be from the /etc/passwd database. On NSS enabled systems, the lookup will go to the libraries that have been specified in the nsswitch.conf file

Example Configuration

Smb.config sets share level security is

Security= share

Domain security Mode(user level security)

Domain security provides a mechanism for storing information regarding user and group accounts in shared, account repository. Servers that act as domain controllers provide authentication and validation services to all machines that participate in the security context for the domain. A primary domain controller (PDC) is a server that is responsible for maintaining the integrity of the security account database. Backup domain controllers (BDCs) provide only domain logon and authentication services.

When samba server operates in domain security trust account which causes all authentication requests to be passed through domain controllers.

Domain security machines must have a machine account in security database and the underlying architectures are user level security.

There are three possible domain member configurations:

Primary domain controller (PDC)

Backup domain controller (BDC)

Domain member server (DMS)

Example Configuration

Samba as a Domain Member Server

This method involves addition of the following parameters in the smb.conf file:

security = domain

workgroup = MIDEARTH

ADS SECURITY MODE (User-level security)

Sites that use Microsoft Windows active directory services (ADS) should be aware of the significance of the terms: native mode and mixed mode ADS operation. The term realm is used to describe a Kerberos-based security architecture (such as is used by Microsoft ADS).

Example Configuration

realm = your.kerberos.REALM

security = ADS

sever level security(user level security)

server security have been used since samba was not a member of domain member server. this kind of security has many drawbacks which suggests that not too use this feature. In server security mode client session is started with the help of username and password . if the password matches then session is started which makes samba server to use another password server. The security level is high as the client sends all the details of him in an encrypted form. When Samba is running in server security mode, it is essential that the parameter password server is set to the precise NetBIOS machine name of the target authentication server.

Figure 6.2

An example of server level security

Example Configuration

Using MS Windows NT as an Authentication Server

This method involves the additions of the following parameters in the smb.conf file:

encrypt passwords = Yes

security = server

password server = "NetBIOS_name_of_a_DC"

2.How is it possible to implement an access control list on a SAMBA server?,289483,sid39_gci1080966,00.html#conditions

Samba which is the free and open source (SMB/CIFS) for linux and unix system. The reason for huge usage is so simple because Systems administrators can use Samba to leverage Linux as a reliable, high-performance file server. Samba has a lot of really cool features, including support for Windows NT domains and Active Directory (AD). The ugo access control did not permit sufficiently fine grained control for unix administrator which has lead to the development of POSIX access control lists. There is no standard that has been used by UNIX ACL, the standard which is followed by samba is draft standard 1003.1e revision 17.

Samba can be just as a rich feature as windows based file server many systems administrators don't configure a crucial element: ACL support. ACLs are useful because they let users be very specific about who can and can't see their documents, which is important in an enterprise setting. Samba itself supports ACLs, it uses the underlying file system to implement this support. So, if ACL support isn't enabled on your file system, Samba can't support ACLs for your Windows users. You need to determine whether ACLs are enabled, and you need to know how to enable them if not. The easiest way to determine whether ACLs are enabled is to run the mount command-which is used to attach a file system to the server-then visually determine whether the acl option is enabled. To do so, enter


# mount -t ext3

Windows users are very familiar with ACLs. Unless you're using Simple File Sharing in Windows XP, you can view files' ACLs by going to a directory's or file's Properties section and selecting the Security tab.


Samba and ACLs

Samba ACL support relies heavily on the underlying file systems, and it should be enabled on both file system and even on sambaitself. ACL support is enabled in samba by enabling the option "nt acl support=yes" which can be shown as follows


   path = /samba/share1

   nt acl support = yes

   writeable = yes

 If you reenable NT ACL support in share1 but disable it on the file system, you'll see the Security tab, but only the owner, the group owner, and the Everyone group (which Samba maps to the "other" UNIX permission group) will be visible. If we try to add another ACE we get some error messages.

 To enable ACL support on the file system, enter

# mount -o remount,acl /samba

 To ensure that Samba supports ACLs, set the [share1] configuration in smb.conf to the following:


   path = /samba/share1

   nt acl support = yes

   writeable = yes


Having Special Permissions might be confusing to Windows users, so Samba 3.0.20 and later support an "acl map full control = yes" parameter that shows rwx as FULL CONTROL. Alternatively, if you click FULL CONTROL for an ACE in older versions (e.g., to apply FULL CONTROL to dpuryear), then Samba will make some adjustments to the access and default permissions so that a Windows user sees FULL CONTROL in the Security tab

3.What security auditing features does SAMBA support and is it possible to detect brute forcing attacks (such as NAT) against a SAMBA server?

Samba has a long list of configuration options that allow you to fine-tune security to exactly what you need. Some of the ways in which the samba server gets protected is by not allowing unauthorized persons into the network are.


Security always depends on passwords because the username and password are one of the best ways to authenticate a user.

Blank Password:

Samba lets you supports the user to select a password by allowing the administrator to prevent users with blank or blank passwords from connecting.

Minimize vulnerability to attackers using Samba exploits by using a nonvulnerable

version. Risk addressed; Server compromised through the Samba exploit gives attacker full control and Control activity Samba is updated to the latest security patches.The Samba Team working on the new version's to improve the security of the users.

Minimize vulnerability to attackers using Samba exploits by filtering connections

to the server.Samba is configured to allow the access for the legal and the connections with proper IP addresses. Unfortunately when Samba fail to patched-"Protecting an unpatched Samba server." Filter's all the connections by their network interface and IP address and terminates the other network connections without appropriate IP address/ network.

Samba files are protected by adequate file permissions- Misconfiguration leads to compromise of the system or data.They are maintained by set file permissions on Samba files.They check all file permissions for important files.Samba passwords saved in the-'smbpasswd' file. It won't allow unauthorised person to read or tampering.

High risk Samba configuration options are not used-It control Activity only to the authorized users to use the OS file permissions.Samba also, the deny access based on the account authenticated. And also,helps in understanding the OS file. Mostly helpful to the business persons in accessing their data only through the authorized way.

Samba has a long list of configuration options that allow you to fine-tune security to exactly what you need. Some of the ways in which the samba server gets protected is by not allowing unauthorized persons into the network are


Security always depends on passwords because the username and password are one of the best ways to authenticate a user.

Samba security audit feature are

Samba passwords transmitted over the network are encrypted.

Blank passwords are not used.

Minimize vulnerability to attackers using Samba exploits by using a no vulnerable


Minimize vulnerability to attackers using Samba exploits by filtering connections

to the server.

Samba files are protected by adequate file permissions.High risk Samba configuration options are not used.