Q. what is samba?
“Samba is an Open Source/Free Software suite
that provides seamless file and print services to SMB/CIFS clients." Samba
is freely available, unlike other SMB/CIFS implementations, and allows for
interoperability between Linux/Unix servers and Windows-based clients.
Q. What is CIFS?
The Common Internet File System (CIFS), also
known as Server Message Block (SMB), is a network protocol whose most common
use is sharing files on a Local Area Network (LAN). The protocol allows a client to manipulate
files just as if they were on the local computer. Operations such as read, write, create,
delete, and rename are all supported – the only difference being that the files
are not on the local computer and are actually on a remote server.
Q. configuration file for samba?
/etc/samba/smb.conf
Q:
- Which SELinux security context used for SAMBA ?
samba_share_t
Q:
- On which ports SAMBA server works ?
- UDP port 137 for netbios-ns, the NETBIOS Name Service
- UDP port 138 for netbios-dgm, the NETBIOS Datagram Service
- TCP port 139 for netbios-ssn, the NETBIOS session service
- TCP port 445 for microsoft-ds, the Microsoft Domain Service
- UDP port 137 for netbios-ns, the NETBIOS Name Service
- UDP port 138 for netbios-dgm, the NETBIOS Datagram Service
- TCP port 139 for netbios-ssn, the NETBIOS session service
- TCP port 445 for microsoft-ds, the Microsoft Domain Service
Q:
- What are the Secrity or Authentication Mode for SAMBA server?
ADS
DOMAIN
SERVER
USER
SHARE
ADS
DOMAIN
SERVER
USER
SHARE
Q:
- How to Manually Create Machine Trust Accounts ?
/usr/sbin/useradd -g machines -d /var/lib/nobody -c "machine nickname" -s /bin/false machine_name$
/usr/sbin/useradd -g machines -d /var/lib/nobody -c "machine nickname" -s /bin/false machine_name$
passwd
-l machine_name$
Q:
- What are the SAMBA server Types ?
- Primary Domain Controller (PDC)
- Backup Domain Controller (BDC)
- ADS Domain Controller
- Primary Domain Controller (PDC)
- Backup Domain Controller (BDC)
- ADS Domain Controller
Q:
- Which protocol SAMBA server uses ?
SMB, which stands for Server Message Block, is a protocol for sharing files, printers, serial ports, and communications abstractions such as named pipes and mail slots between computers.
SMB, which stands for Server Message Block, is a protocol for sharing files, printers, serial ports, and communications abstractions such as named pipes and mail slots between computers.
Q:
- How Does a Workstation find its Domain Controller?
There are two different mechanisms to locate a domain controller: one
method is used when NetBIOS over TCP/IP is enabled and the other when
it has been disabled in the TCP/IP network configuration. Where NetBIOS over TCP/IP is disabled, all name resolution involves the use of DNS, broadcast messaging over UDP, as well as Active Directory communication technologies.
There are two different mechanisms to locate a domain controller: one
method is used when NetBIOS over TCP/IP is enabled and the other when
it has been disabled in the TCP/IP network configuration. Where NetBIOS over TCP/IP is disabled, all name resolution involves the use of DNS, broadcast messaging over UDP, as well as Active Directory communication technologies.
Q:
- Can Samba Be a Backup Domain Controller to an NT4 PDC?
No. The native NT4 SAM replication protocols have not yet been fully implemented.
No. The native NT4 SAM replication protocols have not yet been fully implemented.
Q:
- How Do I Replicate the smbpasswd File?
Replication of the smbpasswd file is sensitive. It has to be done whenever
changes to the SAM are made. Every user's password change is done in
the smbpasswd file and has to be replicated to the BDC. So replicating the
smbpasswd file very often is necessary.As the smbpasswd file contains plaintext password equivalents, it must not be sent unencrypted over the wire. The best way to set up smbpasswd replication from the PDC to the BDC is to use the utility rsync. rsync can use ssh as a transport. ssh itself can be set up to accept only rsync transfer without requiring the user to type a password.As said a few times before, use of this method is broken and awed. Machine trust accounts will go out of sync, resulting in a broken domain. This method is not recommended. Try using LDAP instead.
Replication of the smbpasswd file is sensitive. It has to be done whenever
changes to the SAM are made. Every user's password change is done in
the smbpasswd file and has to be replicated to the BDC. So replicating the
smbpasswd file very often is necessary.As the smbpasswd file contains plaintext password equivalents, it must not be sent unencrypted over the wire. The best way to set up smbpasswd replication from the PDC to the BDC is to use the utility rsync. rsync can use ssh as a transport. ssh itself can be set up to accept only rsync transfer without requiring the user to type a password.As said a few times before, use of this method is broken and awed. Machine trust accounts will go out of sync, resulting in a broken domain. This method is not recommended. Try using LDAP instead.
Q:
- Can Samba fully replace my Windows NT server that is not a
Primary Domain Controller (PDC)?
Samba
can completely serve files and printers to Windows, just as a Windows NT server
would.
Q2
Can Samba replaces my Windows NT PDC?
Not
completely. Samba domain control capabilities for a Windows 9x client are
solid and complete, and so these clients would probably never know the difference. The domain control support for Windows NT/2000 clients is still being developed. Currently, enough has been implemented to allow a Windows NT client to join a Samba-controlled domain, but there is more to domain control than that. The most conspicuous absence is the lack of support for Windows NT trust relationships and the SAM replication protocol used between NT PDCs and Backup Domain Controllers (BDCs).
solid and complete, and so these clients would probably never know the difference. The domain control support for Windows NT/2000 clients is still being developed. Currently, enough has been implemented to allow a Windows NT client to join a Samba-controlled domain, but there is more to domain control than that. The most conspicuous absence is the lack of support for Windows NT trust relationships and the SAM replication protocol used between NT PDCs and Backup Domain Controllers (BDCs).
Q3
What TCP and UDP ports required for NetBIOS over TCP/IP use?
The
NBT name service uses port 137/udp, the NBT session service uses port
139/tcp, and the NBT datagram service uses port 138/udp.
139/tcp, and the NBT datagram service uses port 138/udp.
Q:
- How SMB protocol works?
There
will be three stages in creating an SMB connection between a client and a
specific share on a server.
The
first stage in connecting to an SMB share is to negotiate the SMB protocol
dialect to use. In the request packet, the client sends a text listing of all
the SMB dialects that it understands. The server selects the most advanced
protocol that it knows and responds to the client, specifying the protocol
number from the list. At this point, the client and server have agreed that SMB
commands can be used for the remainder of the conversation.
The
second stage is to create a session connection between the client and server.
To do this, the client issues a session setup request, which includes a sername
and some proof of validity, such as a password. The server attempts to validate
requesting user. If successful, the server then returns a session UID to
client. This UID is unique for each session and has no relation to the server
internal representation of users.
The
third stage before access to files on a remote share is allowed is for the
client to make a successful tree connection to the shared resource. The client
sends to the server a tree connect request, which includes the UID previously
issued by the server. At this stage the server verifies that the authenticated
user is authorized to access the requested resource. If the user has sufficient
privileges to access the share, the client is issued a tree connection ID
(TID). The TID is used in all requests to access files contained in the
resource to which the TID refers.
In this way SMB protocol works.
In this way SMB protocol works.
Q:
- How man sections samba configuration file (smb.conf) contains?
smb.conf
file contains three sections.
1.
[global] Contains settings that determine Samba overall behavior.
2. [homes] A default share for providing a home directory for all users.
3. [printers] A default share for exporting all printers on the host via CIFS.
2. [homes] A default share for providing a home directory for all users.
3. [printers] A default share for exporting all printers on the host via CIFS.
Q:
- If a netbios name is not defined in smb.conf, than what will be netbios name?
If
a netbios name is not defined, Samba will use the IP hostname of the server by
default.
Q:
- I want to use User level security for my samba server than what i have
to add in smb.conf file?
security
= user
Q:
- How you will verify that your smb.conf file doesn’t have any mistakes
and misspellings?
"testparm
" tool that verifies the syntax of a configuration file(smb.conf).
testparm
-s smb.conf
Q:
- What is the use of "smbclient" command?
"smbclient"
is used to display the list of shares on your server. This verifies that smbd
is running and functioning correctly. The -L option instructs smbclient to
enumerate the shares on the server rather than actually connecting to one.
The -N switch instructs smbclient to use an anonymous login rather
than the login name of the current user.
smbclient
-L localhost -N
Antother
use of "smbclient" command to connect the samba share.
smbclient
//<server>/<share> -U <username>
Q:
- Explain "smbstatus" command?
The
smbstatus utility displays information about connected users and currently
locked files.
Q:
- Is it possible for Samba to share file systems that have been mounted using
NFS?
Yes.
However, this can be problematic if the NFS server that provides the file
system fails, causing the Samba server to hang. It is always safer to use Samba
to share a local file system.
Q:
- How many simultaneous connections can a Samba server support?
In
theory, there is no limit. In practice, the limit is determined by the server’s
hardware, specifically the total amount of available RAM and the CPU power. It
might also depend on the amount of activity from the smbd processes.
Q:
- Can Samba be a member of more than one workgroup at the same time?
No,
Samba can be a member of only one workgroup.
Q:
- What is SWAT?
SWAT
is GUI Based administration tool for samba server.
Q:
- I am trying to use SWAT, but I keep getting the message There was no
response. The server could be down or not responding. What is the problem?
The
most likely cause is that SWAT is not listening to connections, or you have
used the wrong URL in trying to connect to SWAT. SWAT usually lives behind port
901, so the URL you should use is http://ID_ADDRESS_OF_SERVER:901/
:
- Can i set empty password for samba user?
yes,
If you want to set the value to an empty password, you must change
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
to
NOPASSWORDXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
in your smbpasswd file.
in your smbpasswd file.
Note:
- if you have edited the smbpasswd file by hand, make sure that the LAN Manager
and NT password fields contain exactly 32 characters, no more and no fewer. If these
fields do not have exactly 32 characters, Samba will not be able to correctly
read the entry.
or
You can modify by "smbpasswd" command.
smbpasswd
-n USER_NAME
Also
you have to set the null passwords parameter to yes in the [global] section of
smb.conf:
null
passwords = yes
Q:
- Does Samba support PAM?
Yes
Q:
- What is role of "NTLM"?
The
challenge/response authentication protocol available to Windows clients and
servers for validating connection requests.
Q:
- Explain "force group" parameter used in smb.conf?
It
will define the group id to be used for all file access in the place of the
user’s primary group.
Q:
- Explain "force user" parameter used in smb.conf?
It
will define the user id to be used for all file access.
Q:
- Explain "write list" parameter used in smb.conf?
A
list of users and/or groups that should be given write access even if the read
only parameter has been enabled.
Q:
- My clients are getting the error message that the Disk is Full when trying to
print to my Samba server, but there is plenty of space. What is the problem?
If
smbd is unable to write the spooled file to the directory defined by the path
parameter for a printer if the write permission were denied, for example it
would respond to the client with the message, Disk is Full. Samba will also
return this error message if the amount of free disk space in the spool
directory has fallen below the value specified by the min print space parameter.
Q:
- When I click on my Samba server in the network neighborhood, I am continually
prompted for a password to the IPC$ share no matter what I enter.
The
Windows client is attempting to use encrypted passwords. However, the Samba
server is configured to support only clear-text passwords. You should either
enable encrypted passwords on the server or enable clear-text passwords on the
Windows client.
Q:
- Why is security = domain better than security = server?
There
are three reasons why security = domain is better. The first is because this
method enables the Samba server to participate in domain trust relationships.
This is impossible with server-level security. The second reason is that, under
server-level security, each smbd process must keep an open connection with the
authentication server. This can drain a Windows NT PDC quickly. Under
domain-level security, this connection is maintained only long enough to
perform the validation, thus conserving valuable resources. The final reason is
that, as a domain member, the Samba server has access to much more information
about user accounts, which can be used to automate the creation and deletion of
user accounts upon demand.
Q:
- what is nmbd daemon?
This
daemon handles all name registration and resolution requests. It is the primary
vehicle involved in network browsing. It handles all UDP-based protocols. The
nmbd daemon should be the first command started as part of the Samba startup
process.
Q:
- What is smdb daemon?
This
daemon handles all TCP/IP-based connection services for file- and print-based
operations. It also manages local authentication. It should be started
immediately following the startup of nmbd.
Q:
- What is winbindd daemon?
This
daemon should be started when Samba is a member of a Windows NT4 or ADS domain.
It is also needed when Samba has trust relationships with another domain. The
winbindd daemon will check the smb.conf file for the presence of the idmap uid
and idmap gid parameters. If they are found, winbindd will use the values
specified for UID and GID allocation. If these parameters are not specified,
winbindd will start but it will not be able to allocate UIDs or GIDs.
Q:
- Explain the parameter "wins support = Yes" used in smb.conf?
If
the Samba server was configured to provide WINS support ("wins support =
Yes"), then the WINS server is able to provide name resolution for all of
the hosts that are not listed in the /etc/hosts file or within the DNS. Making
this adjustment in the Name Service Switch configuration file (/etc/nsswitch.conf)
allows the Linux system to query the WINS server for local name resolution.
This saves manual adjustments to host files.
Q:
- How to automate SMB share mounting during system startup?
Add
smb share entry in /etc/fstab file.
//IP_ADDRESS_OF_SERVER/Shared
/shared smbfs noauto,defaults 0
0
Q:
- how to start and stop samba server?
/etc/init.d/smb
restart
Or
Service
smb restart
No comments:
Post a Comment