The Samba Software Package Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Samba is an open source software package that performs as a Windows server. Samba stands for Server Message Block after a long dispute. It can be run on a platform other than Microsoft Windows, for example, Linux, UNIX and Solaris and other operating systems.

Samba uses the TCP/IP protocol that is installed on the host server. It allows that host to connect with a Microsoft Windows client or server as if it is a Windows file and print server. Administrators use samba server to Share the files, directories from Windows Machine to Linux Machine or Linux Machine to Windows Machine. The main utilities of samba server are that it allows Linux box to share files and other resources, such as printers. The biggest advantage of Samba is its ability to be configured as a Windows NT style domain controller or server and it is allowed to be used as a central server for many Microsoft based workstations.

The Samba suite of software was created in 1992 by Andrew Tridgell, the head of samba development team from Australia. He derived its name from the underlying protocol that it supports, Server Message Block (SMB). A fileserver program was created by Andrew for his local network that supported an odd DEC protocol from Digital Path works. Even though he didn't know at that time, that protocol was later turned out to be SMB. After few years, he enlarged custom-made SMB server and he started distributing as a product on internet as smb server. Originally developed by IBM as a part of NetBIOS (Network Basic Input Output System) for sharing files, SMB was used by Microsoft for network communication in Windows, and extended to its current form, called the Common Internet File System (CIFS).

According to Chris Hertel in "Samba":

There are two key programs i.e. Smbd and nmbd. There duty is to implement the four basic modern day common internet file system services, which are:

· File & print services

· Service announcement

· Name resolution

· Authentication and Authorization

While all these features are available, perhaps the most common use of Samba is for its ability to provide network disk space for files.

Samba Server Roles:

Samba can be configured in different ways depending upon your network configuration and what role you want Samba to play within your network (i.e. Standalone Server, Primary Domain Controller, Secondary Domain Controller, etc). When the Yast Samba Server module is launched then the networks are scanned first with SLES for all the available Domains/Workgroups, then it will ask which type of network server you want to setup. When installing samba wizard we can configure workgroup name and server type, if we are creating a new Domain or Workgroup we can change the name as we like it to be. If we want to create a Backup Domain Controller, first we should ensure that we select the correct Domain and when we hit next it will give us a prompt to join the domain (it will create a computer account in the Domain).

If we not use Suse Linux Enterprise Server, we can add the following to our /etc/samba/smb.conf file to get the same configuration:

Standalone Server

Domain master = No

Domain logons = No

Security = user

Primary Domain Controller

Domain logons = Yes

Local master = Yes

Domain master = Yes

Preferred master = Yes

Os level = 65

Security = user

Secondary Domain Controller

Domain master = Yes

Domain logons = No

Security = user

Samba functions:

Samba has many functions, they are Samba server and samba client which are vital. Samba client is installed by default but not samba server.

We need packages smbclient, samba-common, nautilus-share, libsmbclient and samba for a fully functional work station which is used to share and receives all the resources on a small business work group. All are installed by default except package samba.

Functions of Samba

1. What security features does SAMBA support?

Security features:

According to Security perspective, SAMBA has very powerful and strong security features. When every time a file is created, a creation mask is created automatically but only the original user of that file can read or write. Suppose, if all the other users has given rights to share the file, but they will not be able to write on the original user's files. This helps the original user from the indiscriminate changes on his shared data which can be easily get out of control in a environment which is shared.

If there is any special requirement for a group of users (eg. members in a special project team) to update the shared files without controls, you can set the SAMBA system & "force" it to allow it to happen. However, we strongly recommend that you use this settings very cautiously.

Samba currently supports four security levels on its network: share, user, server, and domain.

Share-level security

In a work group each share is associated with one or more passwords. If any user knows valid passwords for that share then the user can access it.


The smb.conf parameter that set Share Level security is:

Security = share

User-level security

In a work group each share is configured to allow access from only some certain users with each initial tree connection, to allow the users to access to the shares the samba server verifies users and their passwords.


user level security is set is by the smb.conf parameter:

Security = user

Server-level security

The server-level security is same as user-level security, except that the Samba server uses another server to validate users and their passwords. Before granting the access to the share.


Using MS Windows NT as an Authentication Server

This involves the method of adding the following parameters in the smb.conf file:

encrypt passwords = Yes

Security = server

Password server = "NetBIOS_name_of_a_DC"

Domain-level security

When Samba is operating in security = domain mode, then the server will have a security domain trust account and causes all authentication requests to be passed through to the domain controllers. In other words, the Samba server is configured as a Domain Member server.


Samba as a Domain Member Server

This involves the method of adding the following parameters in the smb.conf file:

Security = domain

Workgroup = MIDEARTH

There are 3 levels of security principles to maintain a site at least moderately secure. They are the perimeter firewall, the configuration of the host server that is running samba.

The most easy and flexible approach to network security can be done by samba.

Samba may be secured from the connections that are originated from outside the local network. This may be done using host-based protection or it may be done be using interface-based exclusion. Another method by which Samba may be secured is by setting Access Control Entries (ACEs) in an Access Control List (ACL) on the shares themselves.

These are some of the protective measures:

Using Host-Based Protection

When a samba is installed, the threat comes from outside network .by default, samba will accept connections from any host, this means that if we run any insecure version of samba on a host which is directly connected to internet then it will be vulnerable easily.

This issue can be fixed easily by one of the ways is to use the host allow and host deny options in samba smb.conf file which can allow access to the server from a specific hosts.

User-Based Protection

If we want to restrict the valid users to the server then this method is used. In smb.conf [global] put

Valid users =@smbusers,sandeep

Then the user sandeep is restricted to access the server.

Using Interface Protection

Samba will accept any connections on any network by default. If we have a ISDN line or PPP connection to the internet then samba will accept connections on those links only.

We can change this by using this option

Interfaces =eth*lo

Bind interfaces only = yes

By using this samba will listen only for connections on interfaces with name starting with eth such as eth0,eth1 plus the loop Back interface called 1o.this depends on the name in which it is based on the OS we are using.

Using a Firewall

The fire wall is used to deny access to services which are we don't want to expose outside the network.

If we are setting up a firewall, we can know that UDP and TCP ports to allow and block.

2. How is it possible to implement an access control list on a SAMBA server?

ACL is very useful because they let the users to be very specific about who can and can't see their documents, which is most important in an enterprise. The purpose of samba support for ACL's is that we can use samba 3.0.010 on centos 4.3 which is equal to the Red Hat Enterprise Linux 4-RHEL4. Any how we can use Linux system for example Debian, SUSE for ACL testing.

We can enable and manage ACL's on Linux server directly. ACLS support ext3 but they are not enabled by default. Even though samba supports ACLS. We need to determine whether the ACL's are enabled or not. If not we need to enable it. Then the ACL is enabled then the ACL requires to reboot. Any how, this change is lost when the reboot is done. But to make the change permanent we need to edit the /etc/fstab config file. To permanently enable ACL add an ACL after default option. Now the /samba file system can support ACL's and continue to do after the next server reboot also.

After enabling ACLS on the file system, we can start doing work. For example we can modify the ACL's on Linux. But technically we can use ACL's through samba on Linux server with out knowing how to manage them directly .Linux ACL's extend the existing Unix permission. We can see by comparing the output from ls and getfacl. Where the command-line tool for retrieving files is getfacl or directories ACL information.

The samba with ACL support. As of Samba 3.0 ,support of ACL is enabled automatically .To enable an ACL support on samba we can use the "nt acl support=yes" option .if we want to re enable the NT,ACL support in share 1 but we can disable it on the file system. We can see the security tab ,but only owner and the group owner and every one group if we try to add another ACE for the accounting group then we will receive a error message because the traditional unix permission model is not used by samba to store an additional ACE.

3. What security auditing features does SAMBA support and is it possible to detect brute forcing attacks (such as NAT) against a SAMBA server?

The Auditing logs system security events are secure, reliable, finegrained, configurable. A variety of uses including post mortem analysis, intrusion detection and live system monitoring, debugging.

The most audit events fall into three classes. They are Access control, authentication, and security management.

Access control: The examples of access control are System calls checking for super access control checks, Login access control decisions

Authentication and account management: The examples of authentication, account management are password changing, successful authentication, failed authentication, user administration.

There are many auditing steps for samba server. Some of them are:

Physical security

Verify BIOS and boot loader configurations

Verify Samba version and check for published vulnerabilities

Verify Samba packages with rpm

Verify that all relevant patches have been applied to the system

Verify init levels and Samba start up scripts

Verify Samba password encryption

Verify file permissions on Samba password file (smbpasswd)

Verify Samba users configuration

Verify password complexity requirements in Linux

Verify Samba shares

Verify Samba share masks & permission

Verify logging of failed log in attempts

Verify network access from authorised address

Smb-nat: Windows/Samba SMB Session Brute Force

Smb-nat is the fastest way to attack using Brute-Force on SMB session. When the Back track2 is released, smb-nat was updated to work with windows xp and also server 2003.with out an optional user or password list when runs the smb-nat scans SMB server and it attempts to connect to the default shares such as ADMIN$,D$ etc.using a blank username and password. A list of usernames and passwords can be specified to use for a brute-force attempt. Smb-nat resides in the /pentest/enumeration/smb-enum/ directory and you cannot run it without providing that path.

Generally, to see all the brute force hacking attempts on Linux servers:

# lastb -i

And we'll see all the bad login attempts. We can find the lot of information it can be thousands of millions of records .Then Use the "awk" command in UNIX to grab all the IP addresses

And then by removing duplicates and sort them numerically by typing in this command,


# lastb -i | awk '{print $3}' | sort -n | uniq -u

But, most of the bad login attempts are all coming from the same 30 or 40 or so IP

Addresses which can be thus identified and filtered on the local firewall.


Upgrading Samba

When any security vulnerability is discovered then we can check on for updates and important is highly recommended to upgrade samba so that security can be increased.

References: Samba roles. [ONLINE] Available at: [Accessed 19 March 10]. R. 2002. Samba. [ONLINE] Available at: [Accessed 31 March 10]. 2003. Samba stuff. [ONLINE] Available at: [Accessed 27 March 10]. 2009. Samba server and ubuntu. [ONLINE] Available at: [Accessed 23 May 10]. 2001. Samba: An Alternative to Windows Servers. [ONLINE] Available at: [Accessed 20 March 10]. ACL. [ONLINE] Available at: [Accessed 06 April 10]. Samba security modes. [ONLINE] Available at: [Accessed 23 April 10]. Samba. [ONLINE] Available at: [Accessed 08 April 10]. Tridgell. 2003. Securing samba. [ONLINE] Available at: [Accessed 09 April 10]. Security audit features. [ONLINE] Available at: .[Accessed 02 April 10].