new blog 2.0


0x00. [LPIC-302] Samba/CIFS - Terms glossary

If you want to dive deep into Samba world it would be good to understand the wording used in the following sections. If you spot any inconsistencies and/or have any suggestions, please let me know. This is one of those posts that are in constant development.

What is the difference between SMB and SAMBA ?
Many people confuse these terms and think they can use it interchangeably. It's not the case.
SMB - stands for Server Message Block, was originally invented by Barry Feigenbaum at IBM and it represents more the protocol rather than the actual implementation.
SAMBA - is the open source implementation of the SMB protocol, originally coded by Andrew Tridgell in 1991. Nowadays Samba distribution (version 3 standard) contains three daemons:

smbd - this is the most famous daemon from the Samba suite. Its task list comprises:
  • authentication
  • authorization
  • file+printer sharing
nmbd - NetBIOS Message Block Daemon, handles NetBIOS naming as per its name. It should be started as the first of all three samba daemons.

winbindd - this daemon talks to Windows domain controllers.

smbcontrol - knowing that we have three daemons at our disposal, it is good to be aware of a little program of smbcontrol, that can talk to the daemons on their run-time. smbcontrol is capable of sending commands to the daemons, e.g. reinforcement of a browser master election.

CIFS - Common Internet File System. This term was introduced first time by Microsoft in 1996. It is more extensive than the original SMB, but both names are used interchangeably.

NetBIOS - Network Basic I/O System. A network protocol originally designed by Sytec Inc. in 1983. It describes three kinds of service: name service (registration on the network and address resolution), session service (connection oriented, TCP based) and datagram distribution service (connectionless, UDP based).

smb.conf - Samba system-wide configuration file. It has an easily readable structure of a standard Windows INI file. The file tells samba which security mode should be used.

Samba Security Modes
  • User Level Security - The client first negotiates the protocol, then it sends a Session Setup request along with users credentials. If the server accepts the client, the latter expects to be able to connect to any share on the server with the original username and password combination and does not expect to be prompted for it again.

    A rejection of the clients request can be based on a wrong pair of username/password supplied or bad hostname.

    This level of security is set by the following directive in smb.conf:

    security = user

    Typically, this is the default Security Mode setting

  • Share Level Security - the client authenticates with each share separately. It sends the password along with each "tree connect" request, however, the username is never sent over, so Samba has to figure it out on its own. This way, a password is associated with a share rather than with a username. Sounds dodgy? It is, and will likely be removed from Samba in it's future releases. Share security mode is deprecated and the user is requested to avoid its usage as much as possible.

    security = share

  • Domain Security Mode - in this security mode Samba has to have a machine account on the domain controller, and passes all the authentication requests through it.

    security = domain
    workgroup = your-domain

    This security mode does not make Samba a domain controller. It means that Samba should be a member of a domain.

  • ADS Security Mode - this security mode uses "NT4 style RPC based security". In can go in sync with Active Directory.

    security = ADS
    password server = your.kerberos.server
secrets.tdb - It contains passwords for workstations, LDAP admin DN (Distinguished Name), and information about trust account.

secrets.tdb is just an example of a TDB file. TDB stands for "Trivial Database". It is one of the persistent TDB files, that do not change frequently. Persistent TDB files should be backed up regularily and moved over during upgrades and migrations. They live typically in /etc/samba/private directory, as opposed to non-persistent ("mundane") files, that typically live in /var/lib/samba. Note, that the default locations of both file types can be changed during compilation. In order to find out where the location is for compiled binaries, do the following:

# smbd -b | grep PRIVATE_DIR
- for persistent files

# smbd -b | grep LOCKDIR
- for non-persistent files

There is a number of commands that we should pay attention to in relation to TDB files:
  • pdbedit - manages the database of Samba Users
  • tdbbackup - you can backup and check the integrity of TDB files with this one
  • tdbdump - you can use this program for printing the contents of a TDB file
  • tdbtool - this is an interactive tool for modifying the contents of a TDB file.
  • smbpasswd - changes user's SMB password
SID - Security Identifier, is a string of the following format: S-a-b-c-d-[e-,f-,g-,...] , where:
  • S-a - denotes SID revision, e.g. S-1
  • b - number of authorities and subauthorities
  • c - top level authority
  • d and following are numbers of subauthorities, their total number is equal to b
SIDs uniquely identify a CIFS object, be it a domain, user, group or other things.

Foreign SID - an SID not belonging to the current domain.

man {pdbedit, tdbbackup, tdbdump, tdbtool, smbpasswd}

No comments: