Initial release | 1992[1] |
---|---|
Stable release | |
Repository | |
Written in | C, Python |
Operating system | Multiplatform |
Type | Network file system |
License | 2008: GPL-3.0-or-later [lower-alpha 1] 1993: GPL-2.0-or-later [lower-alpha 2] 1992: Proprietary [lower-alpha 3] |
Website | www |
Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell. Samba provides file and print services for various Microsoft Windows clients [5] and can integrate with a Microsoft Windows Server domain, either as a Domain Controller (DC) or as a domain member. As of version 4, it supports Active Directory and Microsoft Windows NT domains.
Samba runs on most Unix-like systems, such as Linux, Solaris, AIX and the BSD variants, including Apple macOS (Mac OS X 10.2 and greater) and macOS Server. Samba also runs on a number of other operating systems such as OpenVMS and IBM i. Samba is standard on nearly all distributions of Linux and is commonly included as a basic system service on other Unix-based operating systems as well. Samba is released under the terms of the GNU General Public License. The name Samba comes from SMB (Server Message Block), the name of the proprietary protocol used by the Microsoft Windows network file system.
Andrew Tridgell developed the first version of Samba Unix in December 1991 and January 1992, as a PhD student at the Australian National University, using a packet sniffer to do network analysis of the protocol used by DEC Pathworks server software. It did not have a formal name at the time of the first releases, versions 0.1, 0.5, and 1.0, all from the first half of January 1992; Tridgell simply referred to it as "a Unix file server for Dos Pathworks." He understood that he had "in fact implemented the netbios protocol" at the time of version 1.0 and that "this software could be used with other PC clients."[ citation needed ]
With a focus on interoperability with Microsoft's LAN Manager, Tridgell released "netbios for unix", observer, version 1.5 in December 1993. This release was the first to include client-software as well as a server. Also, at this time GPL2 was chosen as license.[ citation needed ]
Midway through the 1.5-series, the name was changed to smbserver. However, Tridgell got a trademark notice from the company "Syntax", who sold a product named TotalNet Advanced Server and owned the trademark for "SMBserver". The name "Samba" was derived by running the Unix command grep through the system dictionary looking for words that contained the letters S, M, and B, in that order (i.e. grep-i'^s.*m.*b'/usr/share/dict/words
). [6]
Versions 1.6, 1.7, 1.8, and 1.9 followed relatively quickly, with the latter being released in January 1995. Tridgell considers the adoption of CVS in May 1996 to mark the birth of the Samba Team, though there had been contributions from other people, especially Jeremy Allison, previously. [7]
Version 2.0.0, released in January 1999, was a major release, support for authentication from Windows NT Primary Domain Controller, 64 bit filesystem support for very large files, and exposure of OPLOCKS to unix systems.[ citation needed ] Version 2.2.0 released in April 2001.[ citation needed ]
Date | Version | Description |
---|---|---|
23 September 2003 | 3.0 | Active Directory support. [8] The 3.0.x series officially reached end-of-life on 5 August 2009. [9] |
1 July 2008 [10] | 3.2 | It will be updated on an as-needed basis for security issues only. [11] [12] There was a change of license from GPL2 to GPL3, with some parts released under LGPL3. [4] The 3.2.x series officially reached EOL 1 March 2010. [10] |
27 January 2009 | 3.3 | |
3 July 2009 | 3.4 | This was the first release to include both Samba 3 and Samba 4 source code. [13] |
1 March 2010 | 3.5 | This was the first release to include experimental support for SMB2. [14] |
9 August 2011 | 3.6 | This is the first branch which includes full support for SMB2. [15] |
11 December 2012 | 4.0 | It is a major rewrite that enables Samba to be an Active Directory domain controller, participating fully in a Windows Active Directory Domain. Its first technical preview (4.0.0TP1) was released in January 2006 after 3 years of development. [16] [17] |
10 October 2013 | 4.1 | support for SMB3 |
4 March 2015 | 4.2 | Btrfs based file compression, snapshots and winbind integration [18] |
8 September 2015 | 4.3 | New Logging features, SMB 3.1.1 support [19] |
22 March 2016 | 4.4 | Asynchronous flush requests [20] |
7 September 2016 | 4.5 | NTLM v1 disabled by default, Virtual List View, Various performance improvements |
7 March 2017 | 4.6 | Multi-process Netlogon support |
21 September 2017 | 4.7 | Samba AD with MIT Kerberos |
13 March 2018 | 4.8 | Apple Time Machine Support. Setups using 'domain' or 'ads' security modes now require 'winbindd' to be running. [21] |
13 September 2018 | 4.9 | Many changes [22] |
19 March 2019 | 4.10 | |
17 September 2019 | 4.11 | SMB1 is disabled by default as a mitigation for the WannaCry vulnerability. |
3 March 2020 | 4.12 | |
22 September 2020 | 4.13 | Samba 4.13 raises the minimum version of Python to 3.6. |
9 March 2021 | 4.14 | Major overhaul of VFS subsystem and more. [23] |
20 September 2021 | 4.15 | Many changes. [24] |
21 March 2022 | 4.16 | Many changes. [25] |
13 September 2022 | 4.17 | Many changes. [26] |
8 March 2023 | 4.18 | Many changes. [27] |
4 September 2023 | 4.19 | Many changes. [28] |
27 March 2024 | 4.20 | Many changes. [29] |
Some versions of Samba 3.6.3 and lower suffer serious security issues which can allow anonymous users to gain root access to a system from an anonymous connection, through the exploitation of an error in Samba's remote procedure call. [30]
On 12 April 2016, Badlock, [31] a crucial security bug in Windows and Samba, was disclosed. Badlock for Samba is referenced by CVE|2016-2118 (SAMR and LSA man in the middle attacks possible). [32]
On 24 May 2017, it was announced that a remote code execution vulnerability had been found in Samba named EternalRed or SambaCry, affecting all versions since 3.5.0. [33] This vulnerability was assigned identifier CVE|2017-7494. [33] [34]
On 14 September 2020, a proof-of-concept exploit for the netlogon vulnerability called Zerologon (CVE|2020-1472) for which a patch exists since August was published. [35] Some federal agencies using the software have been ordered to install the patch. [36]
Samba allows file and print sharing between computers running Microsoft Windows and computers running Unix. It is an implementation of dozens of services and a dozen protocols, including:
All these services and protocols are frequently incorrectly referred to as just NetBIOS or SMB. The NBT (NetBIOS over TCP/IP) and WINS protocols, and their underlying SMB version 1 protocol, are deprecated on Windows. Since Windows Vista the WS-Discovery protocol has been included along with SMB2 and its successors, which supersede these. (WS-Discovery is implemented on Unix-like platforms by third party daemons which allow Samba shares to be discovered when the deprecated protocols are disabled).
Samba sets up network shares for chosen Unix directories (including all contained subdirectories). These appear to Microsoft Windows users as normal Windows folders accessible via the network. Unix users can either mount the shares directly as part of their file structure using the mount.cifs command or, alternatively, can use a utility, smbclient (libsmb) installed with Samba to read the shares with a similar interface to a standard command line FTP program. Each directory can have different access privileges overlaid on top of the normal Unix file protections. For example: home directories would have read/write access for all known users, allowing each to access their own files. However they would still not have access to the files of others unless that permission would normally exist. Note that the netlogon share, typically distributed as a read only share from /etc/samba/netlogon
, is the logon directory for user logon scripts.
Samba services are implemented as two daemons:
Samba configuration is achieved by editing a single file (typically installed as /etc/smb.conf
or /etc/samba/smb.conf
). Samba can also provide user logon scripts and group policy implementation through poledit
.
Samba is included in most Linux distributions and is started during the boot process. On Red Hat, for instance, the /etc/rc.d/init.d/smb
script runs at boot time, and starts both daemons. Samba is not included in Solaris 8, but a Solaris 8-compatible version is available from the Samba website. The OS/2-based ArcaOS includes Samba to replace the old IBM LAN Server software. [38]
Samba includes a web administration tool called Samba Web Administration Tool (SWAT). [39] [40] SWAT was removed starting with version 4.1. [41]
This section needs to be updated.(January 2016) |
Samba TNG (The Next Generation) was forked in late 1999, after disagreements between the Samba Team leaders and Luke Leighton about the directions of the Samba project. They failed to come to an agreement on a development transition path which allowed the research version of Samba he was developing (known at the time as Samba-NTDOM) to slowly be integrated into Samba. [42] Development has been minimal, due to a lack of developers. The Samba TNG team frequently directed potential users towards Samba because of its better support and development. [43]
A key goal of the Samba TNG project was to rewrite all of the NT Domains services as FreeDCE projects. [44] This was made difficult as the services were developed manually through network reverse-engineering, with limited or no reference to DCE/RPC documentation.[ citation needed ]
A key difference from Samba was in the implementation of the NT Domains suite of protocols and MSRPC services. Samba makes all the NT Domains services available from a single place, whereas Samba TNG separated each service into its own program.[ citation needed ]
ReactOS started using Samba TNG services for its SMB implementation. The developers of both projects were interested in seeing the Samba TNG design used to help get ReactOS talking to Windows networks. They worked together to adapt the network code and build system. The multi-layered and modular approach made it easy to port each service to ReactOS. [45]
Network File System (NFS) is a distributed file system protocol originally developed by Sun Microsystems (Sun) in 1984, allowing a user on a client computer to access files over a computer network much like local storage is accessed. NFS, like many other protocols, builds on the Open Network Computing Remote Procedure Call system. NFS is an open IETF standard defined in a Request for Comments (RFC), allowing anyone to implement the protocol.
Distributed Component Object Model (DCOM) is a proprietary Microsoft technology for communication between software components on networked computers. DCOM, which originally was called "Network OLE", extends Microsoft's COM, and provides the communication substrate under Microsoft's COM+ application server infrastructure.
In computing, a directory service or name service maps the names of network resources to their respective network addresses. It is a shared information infrastructure for locating, managing, administering and organizing everyday items and network resources, which can include volumes, folders, files, printers, users, groups, devices, telephone numbers and other objects. A directory service is a critical component of a network operating system. A directory server or name server is a server which provides such a service. Each resource on the network is considered an object by the directory server. Information about a particular resource is stored as a collection of attributes associated with that resource or object.
Server Message Block (SMB) is a communication protocol used to share files, printers, serial ports, and miscellaneous communications between nodes on a network. On Microsoft Windows, the SMB implementation consists of two vaguely named Windows services: "Server" and "Workstation". It uses NTLM or Kerberos protocols for user authentication. It also provides an authenticated inter-process communication (IPC) mechanism.
IPX/SPX stands for Internetwork Packet Exchange/Sequenced Packet Exchange. IPX and SPX are networking protocols used initially on networks using the Novell NetWare operating systems. They also became widely used on networks deploying Microsoft Windows LANs, as they replaced NetWare LANs, but are no longer widely used. IPX/SPX was also widely used prior to and up to Windows XP, which supported the protocols, while later Windows versions do not, and TCP/IP took over for networking.
The Apple Filing Protocol (AFP), formerly AppleTalk Filing Protocol, is a proprietary network protocol, and part of the Apple File Service (AFS), that offers file services for macOS, classic Mac OS, and Apple II computers. In OS X 10.8 Mountain Lion and earlier, AFP was the primary protocol for file services. Starting with OS X 10.9 Mavericks, Server Message Block (SMB) was made the primary file sharing protocol, with the ability to run an AFP server removed later in macOS 11 Big Sur. AFP supports Unicode file names, POSIX and access-control list permissions, resource forks, named extended attributes, and advanced file locking.
Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft Corporation which provides a user with a graphical interface to connect to another computer over a network connection. The user employs RDP client software for this purpose, while the other computer must run RDP server software.
AppleShare is a discontinued product from Apple Computer which implements various network services. Its main purpose is to act as a file server, using the AFP protocol. Other network services implemented in later versions of AppleShare included a print server using the Printer Access Protocol (PAP), web server, electronic mail server, and SMB / CIFS server to support file sharing to Microsoft Windows clients.
In computing, a named pipe is an extension to the traditional pipe concept on Unix and Unix-like systems, and is one of the methods of inter-process communication (IPC). The concept is also found in OS/2 and Microsoft Windows, although the semantics differ substantially. A traditional pipe is "unnamed" and lasts only as long as the process. A named pipe, however, can last as long as the system is up, beyond the life of the process. It can be deleted if no longer used. Usually a named pipe appears as a file, and generally processes attach to it for IPC.
Netatalk is a free, open-source implementation of the Apple Filing Protocol (AFP). It allows Unix-like operating systems to serve as file servers for Macintosh computers running macOS or Classic Mac OS.
A remote access service (RAS) is any combination of hardware and software to enable the remote access tools or information that typically reside on a network of IT devices.
LAN Manager is a discontinued network operating system (NOS) available from multiple vendors and developed by Microsoft in cooperation with 3Com Corporation. It was designed to succeed 3Com's 3+Share network server software which ran atop a heavily modified version of MS-DOS.
Distributed File System (DFS) is a set of client and server services that allow an organization using Microsoft Windows servers to organize many distributed SMB file shares into a distributed file system. DFS has two components to its service: Location transparency and Redundancy. Together, these components enable data availability in the case of failure or heavy load by allowing shares in multiple different locations to be logically grouped under one folder, the "DFS root".
Microsoft RPC is a modified version of DCE/RPC. Additions include partial support for UCS-2 strings, implicit handles, and complex calculations in the variable-length string and structure paradigms already present in DCE/RPC.
DCE/RPC, short for "Distributed Computing Environment / Remote Procedure Calls", is the remote procedure call system developed for the Distributed Computing Environment (DCE). This system allows programmers to write distributed software as if it were all working on the same computer, without having to worry about the underlying network code.
In a Windows network, NT LAN Manager (NTLM) is a suite of Microsoft security protocols intended to provide authentication, integrity, and confidentiality to users. NTLM is the successor to the authentication protocol in Microsoft LAN Manager (LANMAN), an older Microsoft product. The NTLM protocol suite is implemented in a Security Support Provider, which combines the LAN Manager authentication protocol, NTLMv1, NTLMv2 and NTLM2 Session protocols in a single package. Whether these protocols are used or can be used on a system, which is governed by Group Policy settings, for which different versions of Windows have different default settings.
BackupPC is a free disk-to-disk backup software suite with a web-based frontend. The cross-platform server will run on any Linux, Solaris, or UNIX-based server. No client is necessary, as the server is itself a client for several protocols that are handled by other services native to the client OS. In 2007, BackupPC was mentioned as one of the three most well known open-source backup software, even though it is one of the tools that are "so amazing, but unfortunately, if no one ever talks about them, many folks never hear of them".
PATHWORKS was the trade name used by Digital Equipment Corporation of Maynard, Massachusetts for a series of programs that eased the interoperation of Digital's minicomputers and servers with personal computers. It was available for both PC and Mac systems, with support for MS-DOS, OS/2 and Microsoft Windows on the PC. Before it was named PATHWORKS, it was known as PCSA.
Badlock is a security bug disclosed on April 12, 2016 affecting the Security Account Manager (SAM) and Local Security Authority (LSAD) remote protocols supported by Windows and Samba servers.