Samba (software)

Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell. Samba provides file and print services for various Microsoft Windows clients and can integrate with a Microsoft Windows Server domain, either as a Domain Controller (DC) or as a domain member. As of version 4, it supports Active Directory and Microsoft Windows NT domains.

Samba runs on most Unix-like systems, such as Linux, Solaris, AIX and the BSD variants, including Apple's macOS Server, and macOS client ( Mac OS X 10.2 and greater). Samba also runs on a number of other operating systems such as OpenVMS and IBM i. Samba is standard on nearly all distributions of Linux and is commonly included as a basic system service on other Unix-based operating systems as well. Samba is released under the terms of the GNU General Public License. The name '' Samba'' comes from SMB (Server Message Block), the name of the proprietary protocol used by the Microsoft Windows network file system.

Early history

Andrew Tridgell developed the first version of Samba Unix in December 1991 and January 1992, as a PhD student at the Australian National University, using a packet sniffer to do network analysis of the protocol used by DEC Pathworks server software. At the time of the first releases, versions 0.1, 0.5 and 1.0, all from the first half of January 1992, it did not have a proper name, and Tridgell just called it "a Unix file server for Dos Pathworks". At the time of version 1.0, he realized that he "had in fact implemented the netbios protocol" and that "this software could be used with other PC clients".

With a focus on interoperability with Microsoft's LAN Manager, Tridgell released "netbios for unix", observer, version 1.5 in December 1993. This release was the first to include client-software as well as a server. Also, at this time GPL2 was chosen as license.

Midway through the 1.5-series, the name was changed to ''smbserver''. However, Tridgell got a trademark notice from the company "Syntax", who sold a product named ''TotalNet Advanced Server'' and owned the trademark for "SMBserver". The name "Samba" was derived by running the Unix command grep through the system dictionary looking for words that contained the letters S, M, and B, in that order (i.e. ).

Versions 1.6, 1.7, 1.8, and 1.9 followed relatively quickly, with the latter being released in January 1995. Tridgell considers the adoption of CVS in May 1996 to mark the birth of the Samba Team, though there had been contributions from other people, especially Jeremy Allison, previously.

Version 2.0.0 was released in January 1999, and version 2.2.0 in April 2001.

Version history

Version 3.0.0, released on 23 September 2003, was a major upgrade. Samba gained the ability to join Active Directory as a member, though not as a domain controller. Subsequent point-releases to 3.0 have added minor new features. Currently, the latest release in this series is 3.0.37, released 1 October 2009, and shipped on a voluntary basis. The 3.0.x series officially reached end-of-life on 5 August 2009.

Version 3.1 was used only for development.

With version 3.2, the project decided to move to time-based releases. New major releases, such as 3.3, 3.4, etc. will appear every six months. New features will only be added when a major release is done, point-releases will be only for bug fixes. Also, 3.2 marked a change of license from GPL2 to GPL3, with some parts released under LGPL3. The main technical change in version 3.2 was to autogenerate much of the DCE/RPC-code that used to be handcrafted. Version 3.2.0 was released on 1 July 2008. and its current release is 3.2.15 from 1 October 2009. The 3.2.x series officially reached end-of-life on 1 March 2010.

Security

Some versions of Samba 3.6.3 and lower suffer serious security issues which can allow anonymous users to gain root access to a system from an anonymous connection, through the exploitation of an error in Samba's remote procedure call.

On 12 April 2016, Badlock, a crucial security bug in Windows and Samba, was disclosed. Badlock for Samba is referenced by (SAMR and LSA man in the middle attacks possible).

On 24 May 2017, it was announced that a remote code execution vulnerability had been found in Samba named ''EternalRed'' or ''SambaCry'', affecting all versions since 3.5.0. This vulnerability was assigned identifier .

On 14 September 2020, a proof-of-concept exploit for the netlogon vulnerability called ''Zerologon'' () for which a patch exists since August was published. Some federal agencies using the software have been ordered to install the patch.

Features

Samba allows file and print sharing between computers running Microsoft Windows and computers running Unix. It is an implementation of dozens of services and a dozen protocols, including:
* NetBIOS over TCP/IP ( NBT)
* SMB (known as CIFS in some versions)
** Samba supports POSIX extensions for CIFS/SMB. The initial extension was CIFS VFS (CAP_UNIX) from 2004, which has been somewhat superseded by SMB3.
* DCE/RPC or more specifically, MSRPC, the Network Neighborhood suite of protocols
* A WINS server also known as a NetBIOS Name Server (NBNS)
* The NT Domain suite of protocols which includes NT Domain Logons
* Security Account Manager (SAM) database
* Local Security Authority (LSA) service
* NT-style printing service (SPOOLSS)
* NTLM
* Active Directory Logon using modified versions of Kerberos and LDAP
* DFS server

All these services and protocols are frequently incorrectly referred to as just NetBIOS or SMB. The NBT (NetBIOS over TCP/IP) and WINS protocols, and their underlying SMB version 1 protocol, are deprecated on Windows. Since Windows Vista the WS-Discovery protocol has been included along with SMB2 and its successors, which supersede these. (WS-Discovery is implemented on Unix-like platforms by third party daemons which allow Samba shares to be discovered when the deprecated protocols are disabled).

Samba sets up network shares for chosen Unix directories (including all contained subdirectories). These appear to Microsoft Windows users as normal Windows folders accessible via the network. Unix users can either mount the shares directly as part of their file structure using the mount.cifs command or, alternatively, can use a utility, smbclient (libsmb) installed with Samba to read the shares with a similar interface to a standard command line FTP program. Each directory can have different access privileges overlaid on top of the normal Unix file protections. For example: home directories would have read/write access for all known users, allowing each to access their own files. However they would still not have access to the files of others unless that permission would normally exist. Note that the netlogon share, typically distributed as a read only share from /etc/samba/netlogon, is the logon directory for user logon scripts.

Samba services are implemented as two daemons:
* smbd, which provides the file and printer sharing services, and
* nmbd, which provides the NetBIOS-to-IP-address name service. NetBIOS over TCP/IP requires some method for mapping NetBIOS computer names to the IP addresses of a TCP/IP network.

Samba configuration is achieved by editing a single file (typically installed as /etc/smb.conf or /etc/samba/smb.conf). Samba can also provide user logon scripts and group policy implementation through poledit.

Samba is included in most Linux distributions and is started during the boot process. On Red Hat, for instance, the /etc/rc.d/init.d/smb script runs at boot time, and starts both daemons. Samba is not included in Solaris 8, but a Solaris 8-compatible version is available from the Samba website. The OS/2-based ArcaOS includes Samba to replace the old IBM LAN Server software.

Samba includes a web administration tool called ''Samba Web Administration Tool'' (SWAT).
SWAT was removed starting with version 4.1.

Samba TNG

Samba TNG (The Next Generation) was forked in late 1999, after disagreements between the Samba Team leaders and Luke Leighton about the directions of the Samba project. They failed to come to an agreement on a development transition path which allowed the research version of Samba he was developing (known at the time as Samba-NTDOM) to slowly be integrated into Samba. Development has been minimal, due to a lack of developers. The Samba TNG team frequently directed potential users towards Samba because of its better support and development.

A key goal of the Samba TNG project was to rewrite all of the NT Domains services as FreeDCE projects. This was made difficult as the services were developed manually through network reverse-engineering, with limited or no reference to DCE/RPC documentation.

A key difference from Samba was in the implementation of the NT Domains suite of protocols and MSRPC services. Samba makes all the NT Domains services available from a single place, whereas Samba TNG separated each service into its own program.

ReactOS started using Samba TNG services for its SMB implementation. The developers of both projects were interested in seeing the Samba TNG design used to help get ReactOS talking to Windows networks. They worked together to adapt the network code and build system. The multi-layered and modular approach made it easy to port each service to ReactOS.

See also

* LM hash
* SSLBridge

Notes

References

External links

* {{Official website, https://www.samba.org/

Free file transfer software
Free software programmed in C
Software forks
Unix network-related software