Samba (software)

Last updated

Samba
Initial release1992;32 years ago (1992) [1]
Stable release
4.20.0 [2]   OOjs UI icon edit-ltr-progressive.svg / 27 March 2024
Repository
Written in C, Python
Operating system Multiplatform
Type Network file system
License 2008: GPL-3.0-or-later [lower-alpha 1]
1993: GPL-2.0-or-later [lower-alpha 2]
1992: Proprietary [lower-alpha 3]
Website www.samba.org

Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell. Samba provides file and print services for various Microsoft Windows clients [5] and can integrate with a Microsoft Windows Server domain, either as a Domain Controller (DC) or as a domain member. As of version 4, it supports Active Directory and Microsoft Windows NT domains.

Contents

Samba runs on most Unix-like systems, such as Linux, Solaris, AIX and the BSD variants, including Apple macOS (Mac OS X 10.2 and greater) and macOS Server. Samba also runs on a number of other operating systems such as OpenVMS and IBM i. Samba is standard on nearly all distributions of Linux and is commonly included as a basic system service on other Unix-based operating systems as well. Samba is released under the terms of the GNU General Public License. The name Samba comes from SMB (Server Message Block), the name of the proprietary protocol used by the Microsoft Windows network file system.

Early history

Andrew Tridgell developed the first version of Samba Unix in December 1991 and January 1992, as a PhD student at the Australian National University, using a packet sniffer to do network analysis of the protocol used by DEC Pathworks server software. It did not have a formal name at the time of the first releases, versions 0.1, 0.5, and 1.0, all from the first half of January 1992; Tridgell simply referred to it as "a Unix file server for Dos Pathworks." He understood that he had "in fact implemented the netbios protocol" at the time of version 1.0 and that "this software could be used with other PC clients."[ citation needed ]

With a focus on interoperability with Microsoft's LAN Manager, Tridgell released "netbios for unix", observer, version 1.5 in December 1993. This release was the first to include client-software as well as a server. Also, at this time GPL2 was chosen as license.[ citation needed ]

Midway through the 1.5-series, the name was changed to smbserver. However, Tridgell got a trademark notice from the company "Syntax", who sold a product named TotalNet Advanced Server and owned the trademark for "SMBserver". The name "Samba" was derived by running the Unix command grep through the system dictionary looking for words that contained the letters S, M, and B, in that order (i.e. grep-i'^s.*m.*b'/usr/share/dict/words). [6]

Versions 1.6, 1.7, 1.8, and 1.9 followed relatively quickly, with the latter being released in January 1995. Tridgell considers the adoption of CVS in May 1996 to mark the birth of the Samba Team, though there had been contributions from other people, especially Jeremy Allison, previously. [7]

Version 2.0.0 was released in January 1999, and version 2.2.0 in April 2001.

Version history

Version 3.0.0, released on 23 September 2003, was a major upgrade. Samba gained the ability to join Active Directory as a member, though not as a domain controller. [8] Subsequent point-releases to 3.0 have added minor new features. Currently, the latest release in this series is 3.0.37, released 1 October 2009, and shipped on a voluntary basis. [9] The 3.0.x series officially reached end-of-life on 5 August 2009. [9]

Version 3.1 was used only for development.

With version 3.2, the project decided to move to time-based releases. New major releases, such as 3.3, 3.4, etc. will appear every six months. New features will only be added when a major release is done, point-releases will be only for bug fixes. [10] Also, 3.2 marked a change of license from GPL2 to GPL3, with some parts released under LGPL3. [4] The main technical change in version 3.2 was to autogenerate much of the DCE/RPC-code that used to be handcrafted. Version 3.2.0 was released on 1 July 2008. [11] and its current release is 3.2.15 from 1 October 2009. The 3.2.x series officially reached end-of-life on 1 March 2010. [11]

DateVersionDescription
23 September 2003Old version, no longer maintained: 3.0Active Directory support [12]
1 July 2008Old version, no longer maintained: 3.2It will be updated on an as-needed basis for security issues only [13]
27 January 2009Old version, no longer maintained: 3.3
3 July 2009Old version, no longer maintained: 3.4This was the first release to include both Samba 3 and Samba 4 source code. [14]
1 March 2010Old version, no longer maintained: 3.5This was the first release to include experimental support for SMB2. [15]
9 August 2011Old version, no longer maintained: 3.6This is the first branch which includes full support for SMB2. [16]
11 December 2012Old version, no longer maintained: 4.0It is a major rewrite that enables Samba to be an Active Directory domain controller, participating fully in a Windows Active Directory Domain. Its first technical preview (4.0.0TP1) was released in January 2006 after 3 years of development. [17] [18]
10 October 2013Old version, no longer maintained: 4.1support for SMB3
4 March 2015Old version, no longer maintained: 4.2 Btrfs based file compression, snapshots and winbind integration [19]
8 September 2015Old version, no longer maintained: 4.3New Logging features, SMB 3.1.1 support [20]
22 March 2016Old version, no longer maintained: 4.4Asynchronous flush requests [21]
7 September 2016Old version, no longer maintained: 4.5NTLM v1 disabled by default, Virtual List View, Various performance improvements
7 March 2017Old version, no longer maintained: 4.6Multi-process Netlogon support
21 September 2017Old version, no longer maintained: 4.7Samba AD with MIT Kerberos
13 March 2018Old version, no longer maintained: 4.8Apple Time Machine Support. Setups using 'domain' or 'ads' security modes now require 'winbindd' to be running. [22]
13 September 2018Old version, no longer maintained: 4.9Many changes [23]
19 March 2019Old version, no longer maintained: 4.10
17 September 2019Old version, no longer maintained: 4.11SMB1 is disabled by default as a mitigation for the WannaCry vulnerability.
3 March 2020Old version, no longer maintained: 4.12
22 September 2020Old version, no longer maintained: 4.13Samba 4.13 raises the minimum version of Python to 3.6.
9 March 2021Old version, no longer maintained: 4.14Major overhaul of VFS subsystem and more. [24]
20 September 2021Old version, no longer maintained: 4.15Many changes. [25]
21 March 2022Old version, no longer maintained: 4.16Many changes. [26]
13 September 2022Older version, yet still maintained: 4.17Many changes. [27]
8 March 2023Older version, yet still maintained: 4.18Many changes. [28]
4 September 2023Current stable version:4.19Many changes. [29]
27 March 2024Current stable version:4.20Many changes. [30]

Security

Some versions of Samba 3.6.3 and lower suffer serious security issues which can allow anonymous users to gain root access to a system from an anonymous connection, through the exploitation of an error in Samba's remote procedure call. [31]

On 12 April 2016, Badlock, [32] a crucial security bug in Windows and Samba, was disclosed. Badlock for Samba is referenced by CVE|2016-2118 (SAMR and LSA man in the middle attacks possible). [33]

On 24 May 2017, it was announced that a remote code execution vulnerability had been found in Samba named EternalRed or SambaCry, affecting all versions since 3.5.0. [34] This vulnerability was assigned identifier CVE|2017-7494. [34] [35]

On 14 September 2020, a proof-of-concept exploit for the netlogon vulnerability called Zerologon (CVE|2020-1472) for which a patch exists since August was published. [36] Some federal agencies using the software have been ordered to install the patch. [37]

Features

Samba allows file and print sharing between computers running Microsoft Windows and computers running Unix. It is an implementation of dozens of services and a dozen protocols, including:

All these services and protocols are frequently incorrectly referred to as just NetBIOS or SMB. The NBT (NetBIOS over TCP/IP) and WINS protocols, and their underlying SMB version 1 protocol, are deprecated on Windows. Since Windows Vista the WS-Discovery protocol has been included along with SMB2 and its successors, which supersede these. (WS-Discovery is implemented on Unix-like platforms by third party daemons which allow Samba shares to be discovered when the deprecated protocols are disabled).

Samba sets up network shares for chosen Unix directories (including all contained subdirectories). These appear to Microsoft Windows users as normal Windows folders accessible via the network. Unix users can either mount the shares directly as part of their file structure using the mount.cifs command or, alternatively, can use a utility, smbclient (libsmb) installed with Samba to read the shares with a similar interface to a standard command line FTP program. Each directory can have different access privileges overlaid on top of the normal Unix file protections. For example: home directories would have read/write access for all known users, allowing each to access their own files. However they would still not have access to the files of others unless that permission would normally exist. Note that the netlogon share, typically distributed as a read only share from /etc/samba/netlogon, is the logon directory for user logon scripts.

Samba services are implemented as two daemons:

Samba configuration is achieved by editing a single file (typically installed as /etc/smb.conf or /etc/samba/smb.conf). Samba can also provide user logon scripts and group policy implementation through poledit.

Samba is included in most Linux distributions and is started during the boot process. On Red Hat, for instance, the /etc/rc.d/init.d/smb script runs at boot time, and starts both daemons. Samba is not included in Solaris 8, but a Solaris 8-compatible version is available from the Samba website. The OS/2-based ArcaOS includes Samba to replace the old IBM LAN Server software. [39]

Samba includes a web administration tool called Samba Web Administration Tool (SWAT). [40] [41] SWAT was removed starting with version 4.1. [42]

Samba TNG

Samba TNG (The Next Generation) was forked in late 1999, after disagreements between the Samba Team leaders and Luke Leighton about the directions of the Samba project. They failed to come to an agreement on a development transition path which allowed the research version of Samba he was developing (known at the time as Samba-NTDOM) to slowly be integrated into Samba. [43] Development has been minimal, due to a lack of developers. The Samba TNG team frequently directed potential users towards Samba because of its better support and development. [44]

A key goal of the Samba TNG project was to rewrite all of the NT Domains services as FreeDCE projects. [45] This was made difficult as the services were developed manually through network reverse-engineering, with limited or no reference to DCE/RPC documentation.[ citation needed ]

A key difference from Samba was in the implementation of the NT Domains suite of protocols and MSRPC services. Samba makes all the NT Domains services available from a single place, whereas Samba TNG separated each service into its own program.[ citation needed ]

ReactOS started using Samba TNG services for its SMB implementation. The developers of both projects were interested in seeing the Samba TNG design used to help get ReactOS talking to Windows networks. They worked together to adapt the network code and build system. The multi-layered and modular approach made it easy to port each service to ReactOS. [46]

See also

Notes

  1. GPL-3.0-or-later and LGPL-3.0-or-later since 2008-07-01, version 3.2.0. [3] [4]
  2. GPL-2.0-or-later from 1993, version 1.5, until 2009-10-01, version 3.0.37.
  3. Proprietary from 1992 until 1993.

Related Research Articles

Network File System (NFS) is a distributed file system protocol originally developed by Sun Microsystems (Sun) in 1984, allowing a user on a client computer to access files over a computer network much like local storage is accessed. NFS, like many other protocols, builds on the Open Network Computing Remote Procedure Call system. NFS is an open IETF standard defined in a Request for Comments (RFC), allowing anyone to implement the protocol.

Distributed Component Object Model (DCOM) is a proprietary Microsoft technology for communication between software components on networked computers. DCOM, which originally was called "Network OLE", extends Microsoft's COM, and provides the communication substrate under Microsoft's COM+ application server infrastructure.

In computing, a directory service or name service maps the names of network resources to their respective network addresses. It is a shared information infrastructure for locating, managing, administering and organizing everyday items and network resources, which can include volumes, folders, files, printers, users, groups, devices, telephone numbers and other objects. A directory service is a critical component of a network operating system. A directory server or name server is a server which provides such a service. Each resource on the network is considered an object by the directory server. Information about a particular resource is stored as a collection of attributes associated with that resource or object.

<span class="mw-page-title-main">Server Message Block</span> Network communication protocol for providing shared access to resources

Server Message Block (SMB) is a communication protocol used to share files, printers, serial ports, and miscellaneous communications between nodes on a network. On Microsoft Windows, the SMB implementation consists of two vaguely named Windows services: "Server" and "Workstation". It uses NTLM or Kerberos protocols for user authentication. It also provides an authenticated inter-process communication (IPC) mechanism.

The Apple Filing Protocol (AFP), formerly AppleTalk Filing Protocol, is a proprietary network protocol, and part of the Apple File Service (AFS), that offers file services for macOS, classic Mac OS, and Apple II computers. In OS X 10.8 Mountain Lion and earlier, AFP was the primary protocol for file services. Starting with OS X 10.9 Mavericks, Server Message Block (SMB) was made the primary file sharing protocol, with the ability to run an AFP server removed later in macOS 11 Big Sur. AFP supports Unicode file names, POSIX and access-control list permissions, resource forks, named extended attributes, and advanced file locking.

AppleShare is a discontinued product from Apple Computer which implements various network services. Its main purpose is to act as a file server, using the AFP protocol. Other network services implemented in later versions of AppleShare included a print server using the Printer Access Protocol (PAP), web server, electronic mail server, and SMB / CIFS server to support file sharing to Microsoft Windows clients.

In computing, a named pipe is an extension to the traditional pipe concept on Unix and Unix-like systems, and is one of the methods of inter-process communication (IPC). The concept is also found in OS/2 and Microsoft Windows, although the semantics differ substantially. A traditional pipe is "unnamed" and lasts only as long as the process. A named pipe, however, can last as long as the system is up, beyond the life of the process. It can be deleted if no longer used. Usually a named pipe appears as a file, and generally processes attach to it for IPC.

On Microsoft Servers, a domain controller (DC) is a server computer that responds to security authentication requests within a Windows domain. A domain is a concept introduced in Windows NT whereby a user may be granted access to a number of computer resources with the use of a single username and password combination.

<span class="mw-page-title-main">Windows NT 3.1</span> First major release of Windows NT, released in 1993

Windows NT 3.1 is the first major release of the Windows NT operating system developed by Microsoft, released on July 27, 1993.

A remote access service (RAS) is any combination of hardware and software to enable the remote access tools or information that typically reside on a network of IT devices.

LAN Manager is a discontinued network operating system (NOS) available from multiple vendors and developed by Microsoft in cooperation with 3Com Corporation. It was designed to succeed 3Com's 3+Share network server software which ran atop a heavily modified version of MS-DOS.

Distributed File System (DFS) is a set of client and server services that allow an organization using Microsoft Windows servers to organize many distributed SMB file shares into a distributed file system. DFS has two components to its service: Location transparency and Redundancy. Together, these components enable data availability in the case of failure or heavy load by allowing shares in multiple different locations to be logically grouped under one folder, the "DFS root".

Microsoft RPC is a modified version of DCE/RPC. Additions include partial support for UCS-2 strings, implicit handles, and complex calculations in the variable-length string and structure paradigms already present in DCE/RPC.

DCE/RPC, short for "Distributed Computing Environment / Remote Procedure Calls", is the remote procedure call system developed for the Distributed Computing Environment (DCE). This system allows programmers to write distributed software as if it were all working on the same computer, without having to worry about the underlying network code.

In a Windows network, NT LAN Manager (NTLM) is a suite of Microsoft security protocols intended to provide authentication, integrity, and confidentiality to users. NTLM is the successor to the authentication protocol in Microsoft LAN Manager (LANMAN), an older Microsoft product. The NTLM protocol suite is implemented in a Security Support Provider, which combines the LAN Manager authentication protocol, NTLMv1, NTLMv2 and NTLM2 Session protocols in a single package. Whether these protocols are used or can be used on a system which is governed by Group Policy settings, for which different versions of Windows have different default settings.

<span class="mw-page-title-main">BackupPC</span>

BackupPC is a free disk-to-disk backup software suite with a web-based frontend. The cross-platform server will run on any Linux, Solaris, or UNIX-based server. No client is necessary, as the server is itself a client for several protocols that are handled by other services native to the client OS. In 2007, BackupPC was mentioned as one of the three most well known open-source backup software, even though it is one of the tools that are "so amazing, but unfortunately, if no one ever talks about them, many folks never hear of them".

PATHWORKS was the trade name used by Digital Equipment Corporation of Maynard, Massachusetts for a series of programs that eased the interoperation of Digital's minicomputers and servers with personal computers. It was available for both PC and Mac systems, with support for MS-DOS, OS/2 and Microsoft Windows on the PC. Before it was named PATHWORKS, it was known as PCSA.

In computer security, pass the hash is a hacking technique that allows an attacker to authenticate to a remote server or service by using the underlying NTLM or LanMan hash of a user's password, instead of requiring the associated plaintext password as is normally the case. It replaces the need for stealing the plaintext password to gain access with stealing the hash.

<span class="mw-page-title-main">Badlock</span> Security bug

Badlock is a security bug disclosed on April 12, 2016 affecting the Security Account Manager (SAM) and Local Security Authority (LSAD) remote protocols supported by Windows and Samba servers.

References

  1. "Samba Latest News" . Retrieved 28 November 2017.
  2. "[Announce] Samba 4.20.0 Available for Download". 27 March 2024. Retrieved 27 March 2024.
  3. "Samba Copyright Policy".
  4. 1 2 "Samba Adopts GPLv3 for Future Releases" . Retrieved 21 September 2015.
  5. "Samba - opening windows to a wider world". www.samba.org. Retrieved 16 January 2024.
  6. Andrew Tridgell and the Samba Team (27 June 1997). "A bit of history and a bit of fun". Archived from the original on 15 August 2020. Retrieved 28 May 2009.
  7. "10 years of Samba!" . Retrieved 21 September 2015.
  8. "The first stable release of Samba 3.0 is available" . Retrieved 21 September 2015.
  9. 1 2 "Release Planning for Samba 3.0" . Retrieved 21 September 2015.
  10. "Monday, April 28 - Samba Mashup Report" . Retrieved 21 September 2015.
  11. 1 2 "Release Planning for Samba 3.2" . Retrieved 21 September 2015.
  12. "Samba Team announces the first official release of Samba 3.0" . Retrieved 24 September 2003.
  13. "[ANNOUNCE] Samba 3.2.0 Available for Download" . Retrieved 21 September 2015.
  14. "Samba - Release Notes Archive" . Retrieved 21 September 2015.
  15. "Samba - Release Notes Archive" . Retrieved 21 September 2015.
  16. "Samba - Release Notes Archive" . Retrieved 21 September 2015.
  17. "Samba - opening windows to a wider world" . Retrieved 21 September 2015.
  18. "Samba 4.0.0TP1 Available for Download". Archived from the original on 22 July 2006. Retrieved 11 January 2014.
  19. "Samba - Release Notes Archive" . Retrieved 21 September 2015.
  20. "Samba - Release Notes Archive" . Retrieved 8 September 2015.
  21. "Samba - Release Notes Archive" . Retrieved 22 March 2016.
  22. "Release Notes for Samba 4.8.0". 13 March 2018. Retrieved 19 March 2019.
  23. "Samba 4.9.0 - Release Notes".
  24. "Samba 4.14.0 - Release Notes".
  25. "Samba 4.15.0 - Release Notes".
  26. "Samba 4.16.0 - Release Notes".
  27. "Samba 4.17.0 - Release Notes".
  28. "Samba 4.18.0 - Release Notes".
  29. "Samba 4.19.0 - Release Notes".
  30. "Samba 4.20.0 - Release Notes".
  31. CVE-2012-1182 - A security announcement regarding a major issue with Samba 3.6.3 and lower.
  32. "Badlock". Archived from the original on 12 April 2016. Retrieved 12 April 2016.
  33. "Microsoft, Samba Patch "Badlock" Vulnerability" . Retrieved 13 April 2016.
  34. 1 2 "Samba 4.6.4 - Release Notes". 24 May 2017. Retrieved 24 May 2017.
  35. "SambaCry is coming". Securelist - Kaspersky Lab’s cyberthreat research and reports. Retrieved 19 March 2018.
  36. Cimpanu, Catalin. "Microsoft says it detected active attacks leveraging Zerologon vulnerability". ZDNet. Retrieved 9 October 2020.
  37. Constantin, Lucian (23 September 2020). "What is Zerologon? And why to patch this Windows Server flaw now". CSO Online. Retrieved 9 October 2020.
  38. "UNIX Extensions". SambaWiki.
  39. "ArcaMapper". arcanoae.com. Retrieved 11 September 2020.
  40. "Chapter 37. SWAT: The Samba Web Administration Tool" . Retrieved 21 September 2015.
  41. "SWAT your Samba problems". linux.com. 31 January 2008.
  42. "Samba 4.1 Features added/changed" . Retrieved 21 September 2015.
  43. "Project FAQ - What is the relationship between Samba and Samba TNG?" . Retrieved 19 February 2008.
  44. "Project FAQ - Which should I use - Samba or Samba TNG?" . Retrieved 19 February 2008.
  45. "Project FAQ - What's all this about FreeDCE?" . Retrieved 19 February 2008.
  46. Vincent, Brian. "Interview with Steven Edwards". Wine HQ. Retrieved 19 February 2008.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.