Installing Samba - University of Scranton

Download Report

Transcript Installing Samba - University of Scranton 

Installing Samba
Vicki Insixiengmay
Jonathan Krieger
Samba
 "Samba is an Open Source/Free Software suite that provides seamless file and
print services to SMB/CIFS clients." Source: www.samba.org
 Installed on any other platform than Microsoft Windows
 Make use of TCP/IP protocol installed on Host server
 Allows Host to interact with Windows Client/Server
Four Samba Elements
 File and Print Services
 Authentication and Authorization
 Name Resolution
 Service Announcement (Browsing)
Model Samba Network
Source: “Using Samba” by
Robert Eckstein, David Collier-Brown, Peter Kelly
What Samba Does
 Samba runs on Unix platforms. It speaks to
Windows clients.
 It allows a Unix system to move into a
Windows “Network Neighborhood”.
 Windows users can access file and print
services.
SMBD
 File and print services are provided by smbd, the
SMB Daemon.
 Handles "share mode" and "user mode"
authentication and authorization. You can protect
shared file and print services by requiring
passwords.
 Each user has their own username and password
and the System Administrator can grant or deny
access.
NMBD
 The other two CIFS (Common Internet File
System) pieces, name resolution and browsing, are
handled by nmbd.
 These two services basically involve the
management and distribution of lists of NetBIOS
(Network Basic Input Output System) names.
NetBIOS is software loaded into memory.
 Provides an interface between programs and the
network hardware.
Name Resolution
 Name resolution takes two forms: broadcast
and point-to-point.
 Client shouts out the name of the service it is
looking for and waits for the machine with
that name to answer with an IP address.
 It is restricted to the local LAN so it doesn't
cause too much trouble.
Name Resolution
 Point-to-point includes use of an NBNS (NetBIOS
Name Service) server
 The clients send their NetBIOS names & IP
addresses to the NBNS server, which keeps the
information in a database.
 When a client wants to talk to another client, it
sends the other client's name to the NBNS server. If
the name is on the list, the NBNS hands back an IP
address.
Service Announcement
(Browsing)
 Ability to examine the servers and shares available
on the network
 A browse list keeps a list of current, active servers.
This is stored on one machine in a network.
 A local master browser updates the information in
the browse list as computers sign on and off. This
can be any server on the network.
smb.conf file
 [global]
 [home]
 [printers]
 Each section describes the accessibility for
users
SWAT




SWAT  Samba Web Administration Tool
Locates parameters supported by Samba
Always up to date as Samba parameters change
Provides context-sensitive help for each
configuration parameter
 Stores only parameters settings other than defaults
 Port 901  Uses ISS RealSecure
Installing Samba
 Downloaded latest version from samba.org
 Configured /etc/xinted.conf


Enable SWAT service
SWAT  http://localhost:901
 Configured smb.conf


Add IP addresses of Windows machines
Password server – lab2.research.cs.uofs.edu
Problems
 Windows machine recognizes Samba server,
but does not allow access.
 Solution: Different encryption/decryption
systems for Windows and Unix.

Find enableplaintextpassword and disenable
Windows encryption.
Adding Samba Users
 Each user must be added

adduser –g 100 plishka
 Create passwords for user

passwd plishka
 Create Samba domain login passwords

In /usr/bin smbpasswd –a plishka
References
 www.samba.org
 http://www.mcsr.olemiss.edu/bookshelf/articl
es/Samba.html
 http://www.linuxhomenetworking.com/linuxhn/samba.htm#_Toc91165136
 http://www.oreilly.com/catalog/samba/chapte
r/book/
Browsing Elections
 A computer becomes a local master browser by holding
a browsing election.
 Samba can rig a browsing election for a variety of
outcomes,including always becoming the local master
browser of the subnet or never becoming it.
 In smb.conf,
[global]
#Browsing election options
os level = 34
local master = yes
Browsing Elections
 Each machine in the election broadcasts
information.
 Version of election protocol
 Operating system
 Amount of time client has been signed on
 Host name of client
Browsing Elections
 How elections are decided




Operating system is assigned a binary value according to
version
Each computer is assigned a value according to its role
The machine with the highest election protocol version wins
OR The machine with the highest operating system values
In case of tie,



machine with setting of preferred master browser wins
OR client signed on the longest wins
OR client name that comes first alphabetically wins
ISS RealSecure
 RealSecure provides an intrusion detection
system that monitors suspicious behavior, making
changes to the system in real time, such as
terminating sessions or changing the firewall
 The current versions of RealSecure Network
Sensor include the ability to decode SAMBA/CIFS
protocols for Windows networking.
 Comprised of Network Sensor, OS Sensor, and
Console
ISS RealSecure
 Network Sensors work by comparing the traffic on the network
against a set of rules defined in a number of policies.
 OS Sensors runs as a process on the server that is being
monitored. Every time a new log-file entry is generated by the
operating system, OS Sensor reads it, and compares it against
the signatures currently in force. If a match is found, it initiates the
appropriate response. OS Sensor is able to detect local attacks
and abuses that would normally be missed by the Network
Sensor.
 Console and the Sensors communicate with each other. The
console defines the policy for each sensor. Includes:



Network Sensor security events
connection events,
OS Sensor security events
Synchronization of Usernames
and Passwords
 The Unix password sync global option allows
Samba to update Unix password file when
user changes his/her password. The password
is stored on a Samba server in the smbpasswd
file, located in /usr/local/samba/private by default.
 [global] unix password sync = yes
 Samba changes the encrypted password and
attempts to change the standard Unix
password by passing the username and new
password to the program specified by the
passwd program option.
Synchronization of Usernames
and Passwords
 Samba does not necessarily have access to
the plaintext password for the user, so the
password changing program must be invoked
as root.