Samba (software)

From Wikipedia, the free encyclopedia
Jump to: navigation, search
This article is about the standard Windows interoperability suite of programs for Linux and Unix. For other uses, see Samba (disambiguation).
Samba
Samba Logo.png
Initial release 1992; 22 years ago (1992)[1]
Stable release 4.1.11 / 1 August 2014; 21 days ago (2014-08-01)[2]
Development status Active
Written in C / C++ / Python
Operating system Multiplatform
Type Network file system
License GNU General Public License version 3
Website www.samba.org

Samba is a free software re-implementation of the SMB/CIFS networking protocol, originally developed by Andrew Tridgell. As of version 3, Samba provides file and print services for various Microsoft Windows clients and can integrate with a Windows Server domain, either as a Primary Domain Controller (PDC) or as a domain member. It can also be part of an Active Directory domain.

Samba runs on most Unix and Unix-like systems, such as Linux, Solaris, AIX and the BSD variants, including Apple's Mac OS X Server and Mac OS X client (version 10.2 and greater). Samba is standard on nearly all distributions of Linux and is commonly included as a basic system service on other Unix-based operating systems as well. Samba is released under the terms of the GNU General Public License. The name Samba comes from SMB (Server Message Block), the name of the standard protocol used by the Microsoft Windows network file system.

Early history[edit]

Andrew Tridgell developed the first version of Samba Unix in December 1991 and January 1992, as a PhD student at the Australian National University, using a packet sniffer to do network analysis of the protocol used by DEC Pathworks server software. At the time of the first releases, versions 0.1, 0.5 and 1.0, all from the first half of January 1992, it did not have a proper name, and Tridgell just called it "a Unix file server for Dos Pathworks". At the time of version 1.0, he realized that he "had in fact implemented the netbios protocol" and that "this software could be used with other PC clients".

With a focus on interoperability with Microsoft's LAN Manager, Tridgell released "netbios for unix", nbserver, version 1.5 in December 1993. This release was the first to include client-software as well as a server. Also, at this time GPL2 was chosen as license.

Midway through the 1.5-series, the name was changed to smbserver. However, Tridgell got a trademark notice from the company "Syntax", who sold a product named TotalNet Advanced Server and owned the trademark for "SMBserver". The name "Samba" was derived by running the Unix command grep through the system dictionary looking for words that contained the letters S, M, and B, in that order (i.e. grep -i '^s.*m.*b' /usr/share/dict/words).[3]

Versions 1.6, 1.7, 1.8, and 1.9 followed relatively quickly, with the latter being released in January 1995. Tridgell considers the adoption of CVS in May 1996 to mark the birth of the Samba Team, though there had been contributions from other people, especially Jeremy Allison, previously.[4]

Version 2.0.0 was released in January 1999, and version 2.2.0 in April 2001.

Version History[edit]

Version 3.0.0, released on 23 September 2003, was a major upgrade. Samba gained the ability to join Active Directory as a member, though not as a domain controller.[5] Subsequent point-releases to 3.0 have added minor new features. Currently, the latest release in this series is 3.0.37, released 1 October 2009, and shipped on a voluntary basis.[6] The 3.0.x series officially reached end-of-life on 5 August 2009.[6]

Version 3.1 was used only for development.

With version 3.2, the project decided to move to time-based releases. New major releases, such as 3.3, 3.4, etc. will appear every 6 months. New features will only be added when a major release is done, point-releases will be only for bug fixes.[7] Also, 3.2 marked a change of license from GPL2 to GPL3, with some parts released under LGPL3.[8] The main technical change in version 3.2 was to autogenerate much of the DCE/RPC-code that used to be handcrafted. Version 3.2.0 was released on 1 July 2008.[9] It will be updated on an as-needed basis for security issues only[10] and its current release is 3.2.15 from 1 October 2009. The 3.2.x series officially reached end-of-life on 1 March 2010.[10]

Version 3.3 was released 27 January 2009 and is now at version 3.3.16 in this branch.[11]

Version 3.4 was released 3 July 2009. This was the first release to include both Samba 3 and Samba 4 source code.[12]

Version 3.4.17 was released 30 April 2012. It is the latest stable release of the Samba 3.4 series.[13]

Version 3.5 was released 1 March 2010. This was the first release to include experimental support for SMB2.[14]

Version 3.6 was released on 9 August 2011. This is the first branch which includes full support for SMB2.[15]

Version 4 was released on 11 December 2012.[16] It is a major rewrite that enables Samba to be an Active Directory domain controller, participating fully in a Windows Active Directory Domain. Its first technical preview (4.0.0TP1) was released in January 2006 after 3 years of development.[17]

Version 4.1 was released on 11 October 2013. It features support for SMB3.

Security[edit]

Versions of Samba 3.6.3 and lower suffer serious security issues which can allow anonymous users to gain root access to a system from an anonymous connection, through the exploitation of an error in Samba's remote procedure call.[18]

Features[edit]

Samba allows file and print sharing between computers running Windows and computers running Unix. It is an implementation of dozens of services and a dozen protocols, including:

  • NetBIOS over TCP/IP (NBT)
  • SMB
  • CIFS (an enhanced version of SMB)
  • DCE/RPC or more specifically, MSRPC, the Network Neighborhood suite of protocols
  • A WINS server also known as a NetBIOS Name Server (NBNS)
  • The NT Domain suite of protocols which includes NT Domain Logons
  • Security Accounts Manager (SAM) database
  • Local Security Authority (LSA) service
  • NT-style printing service (SPOOLSS), NTLM and more recently Active Directory Logon which involves a modified version of Kerberos and a modified version of LDAP.

All these services and protocols are frequently incorrectly referred to as just NetBIOS or SMB. The NetBIOS and WINS protocols are deprecated on Windows.

Samba sets up network shares for chosen Unix directories (including all contained subdirectories). These appear to Microsoft Windows users as normal Windows folders accessible via the network. Unix users can either mount the shares directly as part of their file structure using the smbmount command or, alternatively, can use a utility, smbclient (libsmb) installed with Samba to read the shares with a similar interface to a standard command line FTP program. Each directory can have different access privileges overlaid on top of the normal Unix file protections. For example: home directories would have read/write access for all known users, allowing each to access their own files. However they would still not have access to the files of others unless that permission would normally exist. Note that the netlogon share, typically distributed as a read only share from /etc/samba/netlogon, is the logon directory for user logon scripts.

Samba services are implemented as two daemons:

  • smbd, which provides the file and printer sharing services, and
  • nmbd, which provides the NetBIOS-to-IP-address name service. NetBIOS over TCP/IP requires some method for mapping NetBIOS computer names to the IP addresses of a TCP/IP network.

Samba configuration is achieved by editing a single file (typically installed as /etc/smb.conf or /etc/samba/smb.conf). Samba can also provide user logon scripts and group policy implementation through poledit.

Samba is included in most Linux distributions and is started during the boot process. On Red Hat, for instance, the /etc/rc.d/init.d/smb script runs at boot time, and starts both daemons. Samba is not included in Solaris 8, but a Solaris 8-compatible version is available from the Samba website.

Samba includes a web administration tool called Samba Web Administration Tool (SWAT).[19][20][21] SWAT was removed starting with version 4.1.[22]

Samba TNG[edit]

Samba TNG
Developer(s) Samba TNG team
Stable release 0.5-rc1 / 3 December 2009 (2009-12-03)
Development status Unmaintained
Operating system Cross-platform
Type Microsoft networking
License GNU General Public License
Website www.samba-tng.org

Samba TNG (The Next Generation) was forked in late 1999, after disagreements between the Samba Team leaders and Luke Leighton about the directions of the Samba project. They failed to come to an agreement on a development transition path which allowed the research version of Samba he was developing (known at the time as Samba-NTDOM) to slowly be integrated into Samba.[23]

Since the project started, development has been minimal, due to a lack of developers. As such the Samba TNG team frequently recommends to people who are unsure of which program to use to try Samba instead, as they have more developers and are able to support more platforms and situations.[24]

One of the key goals of the Samba TNG project is to rewrite all of the NT Domains services as FreeDCE projects.[25] Making this rewriting goal difficult is the fact that services were all developed manually through network reverse-engineering, with limited or no reference to DCE/RPC documentation.[citation needed]

The key differences between the two programs are in the implementation of the NT Domains suite of protocols and MSRPC services. Samba makes all the NT Domains services available from a single place, whereas Samba TNG has separated each service into its own program.[citation needed]

ReactOS has started using Samba TNG services for its SMB implementation. The developers of both projects were interested in seeing the Samba TNG design used to help get ReactOS talking to Windows networks. They have been working together to adapt the network code and build system. The multi-layered and modular approach made it easy to port each service to ReactOS.[26]

See also[edit]

References[edit]

External links[edit]

Official websites:

Other: