Samba (software)

This articlerelies excessively onreferencestoprimary sources.Please improve this article by addingsecondary or tertiary sources. Find sources:"Samba" software–news·newspapers·books·scholar·JSTOR(February 2011)(Learn how and when to remove this message)

Samba

Initial release	1992;32 years ago(1992)[1]
Stable release	4.21.0[2] / 2 September 2024
Repository	git.samba.org
Written in	C,Python
Operating system	Multiplatform
Type	Network file system
License	2008:GPL-3.0-or-later[a] 1993:GPL-2.0-or-later[b] 1992: Proprietary[c]
Website	www.samba.org

Sambais afree softwarere-implementation of theSMBnetworkingprotocol,and was originally developed byAndrew Tridgell.Samba providesfileandprintservicesfor variousMicrosoft Windowsclients^[5]and can integrate with a MicrosoftWindows Server domain,either as aDomain Controller(DC) or as a domain member. As of version 4, it supportsActive Directoryand MicrosoftWindows NTdomains.

Samba runs on mostUnix-likesystems, such asLinux,Solaris,AIXand theBSDvariants, including ApplemacOS(Mac OS X 10.2and greater) andmacOS Server.Samba also runs on a number of other operating systems such asOpenVMSandIBM i.Samba is standard on nearly all distributions of Linux and is commonly included as a basicsystem serviceon other Unix-based operating systems as well. Samba is released under the terms of theGNU General Public License.The nameSambacomes from SMB (Server Message Block), the name of the proprietary protocol used by the Microsoft Windows network file system.

Andrew Tridgelldeveloped the first version of Samba Unix in December 1991 and January 1992, as a PhD student at theAustralian National University,using apacket snifferto donetwork analysisof the protocol used byDECPathworksserver software. It did not have a formal name at the time of the first releases, versions 0.1, 0.5, and 1.0, all from the first half of January 1992; Tridgell simply referred to it as "a Unix file server for Dos Pathworks." He understood that he had "in fact implemented the netbios protocol" at the time of version 1.0 and that "this software could be used with other PC clients."^{[citation needed]}

With a focus oninteroperabilitywith Microsoft'sLAN Manager,Tridgell released "netbios for unix", observer, version 1.5 in December 1993. This release was the first to include client-software as well as a server. Also, at this time GPL2 was chosen as license.^{[citation needed]}

Midway through the 1.5-series, the name was changed tosmbserver.However, Tridgell got atrademarknotice from the company "Syntax", who sold a product namedTotalNet Advanced Serverand owned the trademark for "SMBserver". The name "Samba" was derived by running the Unix commandgrepthrough thesystem dictionarylooking for words that contained the letters S, M, and B, in that order (i.e.grep-i'^s.*m.*b'/usr/share/dict/words).^[6]

Versions 1.6, 1.7, 1.8, and 1.9 followed relatively quickly, with the latter being released in January 1995. Tridgell considers the adoption ofCVSin May 1996 to mark the birth of the Samba Team, though there had been contributions from other people, especiallyJeremy Allison,previously.^[7]

Version 2.0.0 was released in January 1999, and version 2.2.0 in April 2001.

Version 2.0.0, major release, support for authentication from Windows NT Primary Domain Controller, 64 bit filesystem support for very large files, and exposure of OPLOCKS to unix systems.^[8]

Version 3.0.0, released on 23 September 2003, was a major upgrade. Samba gained the ability to join Active Directory as a member, though not as a domain controller. The 3.0.x series officially reached end-of-life on 5 August 2009.^[9]

With version 3.2, the project decided to move to time-based releases. New major releases, such as 3.3, 3.4, etc. will appear every six months. New features will only be added when a major release is done, point-releases will be only for bug fixes.^[10]Also, 3.2 marked a change of license from GPL2 to GPL3, with some parts released under LGPL3.^[4]The main technical change in version 3.2 was to autogenerate much of theDCE/RPC-code that used to be handcrafted. Version 3.2.0 was released on 1 July 2008.^[11]and its current release is 3.2.15 from 1 October 2009. The 3.2.x series officially reached end-of-life on 1 March 2010.^[11]

Some versions of Samba 3.6.3 and lower suffer serious security issues which can allow anonymous users to gainrootaccess to a system from an anonymous connection, through the exploitation of an error in Samba'sremote procedure call.^[31]

On 12 April 2016, Badlock,^[32]a crucial security bug in Windows and Samba, was disclosed. Badlock for Samba is referenced by CVE|2016-2118 (SAMR and LSA man in the middle attacks possible).^[33]

On 24 May 2017, it was announced that a remote code execution vulnerability had been found in Samba namedEternalRedorSambaCry,affecting all versions since 3.5.0.^[34]This vulnerability was assigned identifier CVE|2017-7494.^[34][35]

On 14 September 2020, a proof-of-conceptexploitfor the netlogonvulnerabilitycalledZerologon(CVE|2020-1472) for which apatchexists since August was published.^[36]Some federal agencies using the software have been ordered to install the patch.^[37]

Samba allows file and print sharing between computers running Microsoft Windows and computers running Unix. It is an implementation of dozens ofservicesand a dozen protocols, including:

• NetBIOSoverTCP/IP(NBT)
• SMB(known as CIFS in some versions)
  • Samba supports POSIX extensions for CIFS/SMB. The initial extension was CIFS VFS (CAP_UNIX) from 2004, which has been somewhat superseded by SMB3.^[38]
• DCE/RPCor more specifically,MSRPC,the Network Neighborhood suite of protocols
• AWINSserver also known as a NetBIOS Name Server (NBNS)
• The NT Domain suite of protocols which includes NT Domain Logons
• Security Account Manager(SAM) database
• Local Security Authority(LSA) service
• NT-style printing service (SPOOLSS)
• NTLM
• Active Directory Logon using modified versions ofKerberosandLDAP
• DFSserver

All these services and protocols are frequently incorrectly referred to as just NetBIOS or SMB. The NBT (NetBIOS over TCP/IP) and WINS protocols, and their underlying SMB version 1 protocol, are deprecated on Windows. SinceWindows VistatheWS-Discoveryprotocol has been included along with SMB2 and its successors, which supersede these. (WS-Discovery is implemented onUnix-likeplatforms by third partydaemonswhich allow Samba shares to be discovered when the deprecated protocols are disabled).

Samba sets upnetwork sharesfor chosen Unixdirectories(including all contained subdirectories). These appear to Microsoft Windows users as normal Windows folders accessible via the network. Unix users can eithermountthe shares directly as part of their file structure using the mount.cifs command or, alternatively, can use a utility, smbclient (libsmb) installed with Samba to read the shares with a similar interface to a standard command lineFTPprogram. Each directory can have different access privileges overlaid on top of the normal Unix file protections. For example: home directories would have read/write access for all known users, allowing each to access their own files. However they would still not have access to the files of others unless thatpermissionwould normally exist. Note that the netlogon share, typically distributed as a read only share from/etc/samba/netlogon,is the logon directory for user logon scripts.

Samba services are implemented as twodaemons:

• smbd, which provides the file and printer sharing services, and
• nmbd, which provides the NetBIOS-to-IP-address name service. NetBIOS over TCP/IP requires some method for mapping NetBIOS computer names to the IP addresses of a TCP/IP network.

Samba configuration is achieved by editing a single file (typically installed as/etc/smb.confor/etc/samba/smb.conf). Samba can also provideuser logon scriptsand group policy implementation throughpoledit.

Samba is included in most Linux distributions and is started during the boot process. On Red Hat, for instance, the/etc/rc.d/init.d/smbscript runs at boot time, and starts both daemons. Samba is not included in Solaris 8, but a Solaris 8-compatible version is available from the Samba website. TheOS/2-basedArcaOSincludes Samba to replace the oldIBM LAN Serversoftware.^[39]

Samba includes a web administration tool calledSamba Web Administration Tool(SWAT).^[40][41] SWAT was removed starting with version 4.1.^[42]

This section needs to beupdated.Please help update this article to reflect recent events or newly available information.(January 2016)

Samba TNG (The Next Generation) wasforkedin late 1999, after disagreements between the Samba Team leaders and Luke Leighton about the directions of the Samba project. They failed to come to an agreement on a development transition path which allowed the research version of Samba he was developing (known at the time as Samba-NTDOM) to slowly be integrated into Samba.^[43]Development has been minimal, due to a lack of developers. The Samba TNG team frequently directed potential users towards Samba because of its better support and development.^[44]

A key goal of the Samba TNG project was to rewrite all of the NT Domains services asFreeDCEprojects.^[45]This was made difficult as the services were developed manually through network reverse-engineering, with limited or no reference to DCE/RPC documentation.^{[citation needed]}

A key difference from Samba was in the implementation of the NT Domains suite of protocols andMSRPCservices. Samba makes all the NT Domains services available from a single place, whereas Samba TNG separated each service into its own program.^{[citation needed]}

ReactOSstarted using Samba TNG services for its SMB implementation. The developers of both projects were interested in seeing the Samba TNG design used to help get ReactOS talking to Windows networks. They worked together to adapt the network code and build system. The multi-layered and modular approach made it easy to port each service to ReactOS.^[46]

• LM hash
• SSLBridge

Wikibooks has a book on the topic of:Samba

• Official website