Samba (software)

From Infogalactic: the planetary knowledge core
(Redirected from Samba software)
Jump to: navigation, search

<templatestyles src="Module:Hatnote/styles.css"></templatestyles>

This article is about the standard Microsoft Windows interoperability suite of programs for Linux and Unix. For other uses, see Samba (disambiguation).
Samba
Samba Logo.png
Initial release 1992; 32 years ago (1992)[1]
Stable release 4.7.3 / November 21, 2017; 6 years ago (2017-11-21)[2]
Development status Active
Written in C, Perl, Python
Operating system Multiplatform
Type Network file system
License GPLv3
Website www.samba.org

Samba is a free software re-implementation of the SMB/CIFS networking protocol, and was originally developed by Andrew Tridgell. Samba provides file and print services for various Microsoft Windows clients and can integrate with a Microsoft Windows Server domain, either as a Domain Controller (DC) or as a domain member. As of version 4, it supports Active Directory and Microsoft Windows NT domains.

Samba runs on most Unix, OpenVMS and Unix-like systems, such as Linux, Solaris, AIX and the BSD variants, including Apple's OS X Server, and OS X client (version 10.2 and greater). Samba is standard on nearly all distributions of Linux and is commonly included as a basic system service on other Unix-based operating systems as well. Samba is released under the terms of the GNU General Public License. The name Samba comes from SMB (Server Message Block), the name of the standard protocol used by the Microsoft Windows network file system.

There is also a conference for users and developers of Samba called Samba XP that has been run every year since 2002 in Germany.

Early history

Andrew Tridgell developed the first version of Samba Unix in December 1991 and January 1992, as a PhD student at the Australian National University, using a packet sniffer to do network analysis of the protocol used by DEC Pathworks server software. At the time of the first releases, versions 0.1, 0.5 and 1.0, all from the first half of January 1992, it did not have a proper name, and Tridgell just called it "a Unix file server for Dos Pathworks". At the time of version 1.0, he realized that he "had in fact implemented the netbios protocol" and that "this software could be used with other PC clients".

With a focus on interoperability with Microsoft's LAN Manager, Tridgell released "netbios for unix", nbserver, version 1.5 in December 1993. This release was the first to include client-software as well as a server. Also, at this time GPL2 was chosen as license.

Midway through the 1.5-series, the name was changed to smbserver. However, Tridgell got a trademark notice from the company "Syntax", who sold a product named TotalNet Advanced Server and owned the trademark for "SMBserver". The name "Samba" was derived by running the Unix command grep through the system dictionary looking for words that contained the letters S, M, and B, in that order (i.e. grep -i '^s.*m.*b' /usr/share/dict/words).[3]

Versions 1.6, 1.7, 1.8, and 1.9 followed relatively quickly, with the latter being released in January 1995. Tridgell considers the adoption of CVS in May 1996 to mark the birth of the Samba Team, though there had been contributions from other people, especially Jeremy Allison, previously.[4]

Version 2.0.0 was released in January 1999, and version 2.2.0 in April 2001.

Version History

Version 3.0.0, released on 23 September 2003, was a major upgrade. Samba gained the ability to join Active Directory as a member, though not as a domain controller.[5] Subsequent point-releases to 3.0 have added minor new features. Currently, the latest release in this series is 3.0.37, released 1 October 2009, and shipped on a voluntary basis.[6] The 3.0.x series officially reached end-of-life on 5 August 2009.[6]

Version 3.1 was used only for development.

With version 3.2, the project decided to move to time-based releases. New major releases, such as 3.3, 3.4, etc. will appear every 6 months. New features will only be added when a major release is done, point-releases will be only for bug fixes.[7] Also, 3.2 marked a change of license from GPL2 to GPL3, with some parts released under LGPL3.[8] The main technical change in version 3.2 was to autogenerate much of the DCE/RPC-code that used to be handcrafted. Version 3.2.0 was released on 1 July 2008.[9] and its current release is 3.2.15 from 1 October 2009. The 3.2.x series officially reached end-of-life on 1 March 2010.[9]

Active Directory Domain Controller functionality was released with Samba 4.0 and has been steadily improved with each new release.

Date Version Description
23.09.2003 3.0.0 Major upgrade
01.07.2008 3.2.0 It will be updated on an as-needed basis for security issues only[10]
27.01.2009 3.3
03.07.2009 3.4 This was the first release to include both Samba 3 and Samba 4 source code.[11]
30.04.2012 3.4.17 It is the latest stable release of the Samba 3.4 series.[12]
01.03.2010 3.5 This was the first release to include experimental support for SMB2.[13]
09.08.2011 3.6 This was the first branch which includes full support for SMB2.[14]
11.12.2012 4.0 It was a major rewrite that enables Samba to be an Active Directory domain controller, participating fully in a Windows Active Directory Domain. Its first technical preview (4.0.0TP1) was released in January 2006 after 3 years of development. It also included a merged 3.x series file server (smbd) with improvements as well as the 'NTVFS' file server.[15][16]
10.10.2013 4.1 support for SMB3 and Directory database replication improvements (AD DC mode)
04.03.2015 4.2 Btrfs based file compression, snapshots and winbindd integration[17]
08.09.2015 4.3 New Logging features, SMB 3.1.1 support[18]
22.03.2016 4.4 Async Flush Support and AD Domain Controller improvements[19]
12.04.2016 4.4.2, 4.3.8, 4.2.11 Security releases for the Badlock bug[20][21][22]
07.06.2016 4.4.5, 4.3.11, 4.2.14 Security releases[23]
07.09.2016 4.5.0 KCC improvements, Virtual List View, DRS Replication for the AD DC and more[24]
07.03.2017 4.6.0 Multi-process netlogon support in the AD DC version as well as AD LDAP and replication performance improvements[25]
23.03.2017 4.6.1 Security fix to address CVE-2017-2619[26]
31.03.2017 4.6.2 Fixes a regression introduced in 4.6.1[27]
24.05.2017 4.6.4 A security release to address CVE-2017-7494 (Remote code execution from a writable share) [28]
06.06.2017 4.6.5 A bug-fix release [29]
12.07.2017 4.6.6 A security release to address CVE-2017-11103 (Man-in-the-middle attack when using embedded Heimdal) [30]
09.08.2017 4.6.7 A bug-fix release [31]
20.09.2017 4.6.8 A security release to address CVE-2017-12150, CVE-2017-12151 and CVE-2017-12163 [32]
20.09.2017 4.7.0 First stable release of 4.7 [33]
02.11.2017 4.7.1 A bug-fix release [34]
15.11.2017 4.7.2 A bug-fix release for possible data corruption issues[35]
11.11.2017 4.7.3 A security release to address CVE-2017-14746 and CVE-2017-15275[2]

Security

Some versions of Samba 3.6.3 and lower suffer serious security issues which can allow anonymous users to gain root access to a system from an anonymous connection, through the exploitation of an error in Samba's remote procedure call.[36]

Functionality

Samba provides two types of functionality:

  1. Active Directory Domain Controller functionality, and
  2. Windows File and Print Serving functionality.

It is recommended that you do not place both types on the same node in your network.

Samba as an Active Directory Domain Controller

Samba can function both as an Active Directory Domain Controller (DC) in a Samba-only domain as well as an additional DC in a Windows Active Directory forest.

A Samba-only Active Directory forest can have many DCs but only one domain currently.

Setting up an Active Directory Domain or joining an existing Active Directory Domain is simple and involves using the samba-tool command[37].

Samba as a Windows File and Print Server

Samba allows file and print sharing between computers running Microsoft Windows and computers running Unix. It is an implementation of dozens of services, protocols and functionality, including:

  • NetBIOS over TCP/IP (NBT)
  • SMB, CIFS (an enhanced version of SMB), SMB2 and SMB3 support.
  • DCE/RPC or more specifically, MSRPC
  • A WINS server also known as a NetBIOS Name Server (NBNS)
  • The NT Domain suite of protocols which includes NT Domain Logons (NTLM and NTLMv2)
  • Security Accounts Manager (SAM) database
  • Local Security Authority (LSA) service
  • NT-style printing service (SPOOLSS),
  • Active Directory Logon which involves a modified version of Kerberos
  • DFS server
  • Active directory integration support, including domain joining and winbindd with LDAP support for both MS-LDAP and OpenLDAP
  • A VFS layer[38] that allows Samba to run on different kernel-based file systems (Ext4, ZFS On Linux, etc) and user-space file systems (eg, Ceph, GlusterFS, etc)
  • Support for Windows NT Security Descriptors (ACLs) and for translating them to Posix ACLs or NFSv4 ACLs (using VFS modules in some cases)
  • Support for Alternate Data Streams using a VFS module

All these services and protocols are frequently incorrectly referred to as just NetBIOS or SMB. The NetBIOS and WINS protocols are deprecated on Windows.

Samba sets up network shares for chosen Unix directories (including all contained subdirectories) or user-space file systems. These appear to Microsoft Windows users as normal Windows folders accessible via the network. Unix users can either mount the shares directly as part of their file structure using the smbmount command or, alternatively, can use a utility, smbclient (libsmb) installed with Samba to read the shares with a similar interface to a standard command line FTP program. Each directory can have different access privileges overlaid on top of the normal Unix file protections. For example: home directories would have read/write access for all known users, allowing each to access their own files. However they would still not have access to the files of others unless that permission would normally exist. Note that the netlogon share, typically distributed as a read only share from /etc/samba/netlogon, is the logon directory for user logon scripts.

Samba services are implemented as three daemons:

  • smbd, which provides the file and printer sharing services, and
  • nmbd, which provides the NetBIOS-to-IP-address name service. NetBIOS over TCP/IP requires some method for mapping NetBIOS computer names to the IP addresses of a TCP/IP network. However, since WINS is deprecated there is little need to run nmbd any longer.
  • winbindd, which provides NTLM pass-through authentication services in an Active Directory network as well as enumeration of Active Directory users and groups.

Samba configuration is achieved by editing a single file (typically installed as /etc/smb.conf or /etc/samba/smb.conf). Samba can also provide user logon scripts and group policy implementation through poledit.

Samba is included in most Linux distributions and is started during the boot process. On Red Hat, for instance, the /etc/rc.d/init.d/smb (or on more modern versions, a Systemd) script runs at boot time, and starts the necessary daemons. Samba is not included in Solaris or Ilumnos, but a Solaris-compatible version can be built from the source code.

Samba Clustering

Samba uses CTDB for clustering Samba Servers[39][40]. CTDB is a cluster-aware version of TDB, the Trivial Data Base that Samba uses to store temporary information.

Operating Systems Supported

Samba supports most Unix-like OSes, however, active support tends to be limited to:

It has even been ported to OpenVMS[41] to replace Pathworks which brings the whole Samba story full circle.

Software libraries made available

The Samba team has developed a number of software libraries that have been made available for other open source software projects to use. These include:

Obsolete Features

Over time, some features have been removed from later versions of Samba, including:

  • SWAT, the Samba Web Administration Tool.[42][43][44]. SWAT was removed starting with version 4.1.[45]

Commercial Users of Samba

There are many companies that use Samba in their products or have used Samba in their products. The following is an incomplete list:

Competitors to Samba

The fact that Samba is distributed under the GPLv3 sometimes prevents commercial interests from using it on the basis that they might have to expose their secret sauce to the rest of the world.

There have been several closed-source competitors to Samba developed in the last 10 years or so, and offered under commercial terms, including:

  • Likewise (No longer available after EMC acquired Isilon.)
  • HvNAS (No longer available since NetApp acquired the eponymously named company.)
  • MoSMB.

See also

References

  1. Lua error in package.lua at line 80: module 'strict' not found.
  2. 2.0 2.1 Lua error in package.lua at line 80: module 'strict' not found.
  3. Lua error in package.lua at line 80: module 'strict' not found.
  4. Lua error in package.lua at line 80: module 'strict' not found.
  5. Lua error in package.lua at line 80: module 'strict' not found.
  6. 6.0 6.1 Lua error in package.lua at line 80: module 'strict' not found.
  7. Lua error in package.lua at line 80: module 'strict' not found.
  8. Lua error in package.lua at line 80: module 'strict' not found.
  9. 9.0 9.1 Lua error in package.lua at line 80: module 'strict' not found.
  10. Lua error in package.lua at line 80: module 'strict' not found.
  11. Lua error in package.lua at line 80: module 'strict' not found.
  12. Lua error in package.lua at line 80: module 'strict' not found.
  13. Lua error in package.lua at line 80: module 'strict' not found.
  14. Lua error in package.lua at line 80: module 'strict' not found.
  15. Lua error in package.lua at line 80: module 'strict' not found.
  16. Samba 4.0.0TP1 Available for Download
  17. Lua error in package.lua at line 80: module 'strict' not found.
  18. Lua error in package.lua at line 80: module 'strict' not found.
  19. Lua error in package.lua at line 80: module 'strict' not found.
  20. Lua error in package.lua at line 80: module 'strict' not found.
  21. Lua error in package.lua at line 80: module 'strict' not found.
  22. Lua error in package.lua at line 80: module 'strict' not found.
  23. Lua error in package.lua at line 80: module 'strict' not found.
  24. Lua error in package.lua at line 80: module 'strict' not found.
  25. Lua error in package.lua at line 80: module 'strict' not found.
  26. {cite web | url = https://www.samba.org/samba/history/samba-4.6.1.html | title = Samba 4.6.1 Available for Download | date = March 23, 2017 | accessdate = April 2, 2017}}
  27. Lua error in package.lua at line 80: module 'strict' not found.
  28. Lua error in package.lua at line 80: module 'strict' not found.
  29. Lua error in package.lua at line 80: module 'strict' not found.
  30. Lua error in package.lua at line 80: module 'strict' not found.
  31. Lua error in package.lua at line 80: module 'strict' not found.
  32. Lua error in package.lua at line 80: module 'strict' not found.
  33. Lua error in package.lua at line 80: module 'strict' not found.
  34. Lua error in package.lua at line 80: module 'strict' not found.
  35. Lua error in package.lua at line 80: module 'strict' not found.
  36. CVE-2012-1182 - A security announcement regarding a major issue with Samba 3.6.3 and lower.
  37. Lua error in package.lua at line 80: module 'strict' not found.
  38. Lua error in package.lua at line 80: module 'strict' not found.
  39. Lua error in package.lua at line 80: module 'strict' not found.
  40. Lua error in package.lua at line 80: module 'strict' not found.
  41. Lua error in package.lua at line 80: module 'strict' not found.
  42. Lua error in package.lua at line 80: module 'strict' not found.
  43. Lua error in package.lua at line 80: module 'strict' not found.
  44. Lua error in package.lua at line 80: module 'strict' not found.
  45. Lua error in package.lua at line 80: module 'strict' not found.

External links

Retrieved from "https://infogalactic.com/w/index.php?title=Samba_(software)&oldid=725399026"