samba (software)

Andrew Tridgell developed the first version of Samba Unix in December 1991 and January 1992, as a PhD student at the Australian National University, using a packet sniffer to do network analysis of the protocol used by DEC Pathworks server software. It did not have a formal name at the time of the first releases, versions 0.1, 0.5, and 1.0, all from the first half of January 1992; Tridgell simply referred to it as "a Unix file server for Dos Pathworks." He understood that he had "in fact implemented the netbios protocol" at the time of version 1.0 and that "this software could be used with other PC clients."{{fact|date=April 2023}}

With a focus on interoperability with Microsoft's LAN Manager, Tridgell released "netbios for unix", observer, version 1.5 in December 1993. This release was the first to include client-software as well as a server. Also, at this time GPL2 was chosen as license.{{fact|date=April 2023}}

Midway through the 1.5-series, the name was changed to smbserver. However, Tridgell got a trademark notice from the company "Syntax", who sold a product named TotalNet Advanced Server and owned the trademark for "SMBserver". The name "Samba" was derived by running the Unix command grep through the system dictionary looking for words that contained the letters S, M, and B, in that order (i.e. {{code|2=bash|grep -i '^s.*m.*b' /usr/share/dict/words}}).{{cite web |url=http://www.rxn.com/services/faq/smb/samba.history.txt |title=A bit of history and a bit of fun |access-date=28 May 2009 |date=27 June 1997 | author=Andrew Tridgell and the Samba Team | url-status=dead | archive-url=https://web.archive.org/web/20200815183730/http://www.rxn.com/services/faq/smb/samba.history.txt | archivedate=15 August 2020}}

Versions 1.6, 1.7, 1.8, and 1.9 followed relatively quickly, with the latter being released in January 1995. Tridgell considers the adoption of CVS in May 1996 to mark the birth of the Samba Team, though there had been contributions from other people, especially Jeremy Allison, previously.{{cite web|url=https://samba.org/samba/docs/10years.html|title=10 years of Samba!|access-date=21 September 2015}}

Version 2.0.0, released in January 1999, was a major release, support for authentication from Windows NT Primary Domain Controller, 64 bit filesystem support for very large files, and exposure of OPLOCKS to unix systems.{{Citation needed|date=October 2024}} Version 2.2.0 released in April 2001.{{Citation needed|date=October 2024}}

{{Version|l|show=111111}}

Some versions of Samba 3.6.3 and lower suffer serious security issues which can allow anonymous users to gain root access to a system from an anonymous connection, through the exploitation of an error in Samba's remote procedure call.[https://www.samba.org/samba/security/CVE-2012-1182 CVE-2012-1182] - A security announcement regarding a major issue with Samba 3.6.3 and lower.

On 12 April 2016, Badlock,{{cite web |title=Badlock |url=http://badlock.org/ |url-status=dead |archive-url=https://web.archive.org/web/20160412215511/http://badlock.org/ |archive-date=12 April 2016 |access-date=12 April 2016}} a crucial security bug in Windows and Samba, was disclosed. Badlock for Samba is referenced by CVE|2016-2118 (SAMR and LSA man in the middle attacks possible).{{cite news|url=http://www.listythings.com/microsoft-samba-patch-badlock-vulnerability/|title=Microsoft, Samba Patch "Badlock" Vulnerability|access-date=13 April 2016}}

On 24 May 2017, it was announced that a remote code execution vulnerability had been found in Samba named EternalRed or SambaCry, affecting all versions since 3.5.0.{{cite web|url=https://www.samba.org/samba/history/samba-4.6.4.html|title=Samba 4.6.4 - Release Notes|date=24 May 2017|access-date=24 May 2017}} This vulnerability was assigned identifier CVE|2017-7494.{{cite news|url=https://securelist.com/sambacry-is-coming/78674/|title=SambaCry is coming|work=Securelist - Kaspersky Lab’s cyberthreat research and reports|access-date=2018-03-19|language=en-us}}

On 14 September 2020, a proof-of-concept exploit for the netlogon vulnerability called Zerologon (CVE|2020-1472) for which a patch exists since August was published.{{cite news |last1=Cimpanu |first1=Catalin |title=Microsoft says it detected active attacks leveraging Zerologon vulnerability |url=https://www.zdnet.com/article/microsoft-says-it-detected-active-attacks-leveraging-zerologon-vulnerability/ |access-date=9 October 2020 |work=ZDNet |language=en}} Some federal agencies using the software have been ordered to install the patch.{{cite web |last1=Constantin |first1=Lucian |title=What is Zerologon? And why to patch this Windows Server flaw now |url=https://www.csoonline.com/article/3576193/what-is-zerologon-why-you-should-patch-this-critical-windows-server-flaw-now.html |website=CSO Online |access-date=9 October 2020 |language=en |date=23 September 2020}}

Samba allows file and print sharing between computers running Microsoft Windows and computers running Unix. It is an implementation of dozens of services and a dozen protocols, including:

• NetBIOS over TCP/IP (NBT)
• SMB (known as CIFS in some versions)
• Samba supports POSIX extensions for CIFS/SMB. The initial extension was CIFS VFS (CAP_UNIX) from 2004, which has been somewhat superseded by SMB3.{{cite web |title=UNIX Extensions |url=https://wiki.samba.org/index.php/UNIX_Extensions |website=SambaWiki}}
• DCE/RPC or more specifically, MSRPC, the Network Neighborhood suite of protocols
• A WINS server also known as a NetBIOS Name Server (NBNS)
• The NT Domain suite of protocols which includes NT Domain Logons
• Security Account Manager (SAM) database
• Local Security Authority (LSA) service
• NT-style printing service (SPOOLSS)
• NTLM
• Active Directory Logon using modified versions of Kerberos and LDAP
• DFS server

All these services and protocols are frequently incorrectly referred to as just NetBIOS or SMB. The NBT (NetBIOS over TCP/IP) and WINS protocols, and their underlying SMB version 1 protocol, are deprecated on Windows. Since Windows Vista the WS-Discovery protocol has been included along with SMB2 and its successors, which supersede these. (WS-Discovery is implemented on Unix-like platforms by third party daemons which allow Samba shares to be discovered when the deprecated protocols are disabled).

Samba sets up network shares for chosen Unix directories (including all contained subdirectories). These appear to Microsoft Windows users as normal Windows folders accessible via the network. Unix users can either mount the shares directly as part of their file structure using the mount.cifs command or, alternatively, can use a utility, smbclient (libsmb) installed with Samba to read the shares with a similar interface to a standard command line FTP program. Each directory can have different access privileges overlaid on top of the normal Unix file protections. For example: home directories would have read/write access for all known users, allowing each to access their own files. However they would still not have access to the files of others unless that permission would normally exist. Note that the netlogon share, typically distributed as a read only share from /etc/samba/netlogon, is the logon directory for user logon scripts.

Samba services are implemented as two daemons:

• smbd, which provides the file and printer sharing services, and
• nmbd, which provides the NetBIOS-to-IP-address name service. NetBIOS over TCP/IP requires some method for mapping NetBIOS computer names to the IP addresses of a TCP/IP network.

Samba configuration is achieved by editing a single file (typically installed as /etc/smb.conf or /etc/samba/smb.conf). Samba can also provide user logon scripts and group policy implementation through poledit.

Samba is included in most Linux distributions and is started during the boot process. On Red Hat, for instance, the /etc/rc.d/init.d/smb script runs at boot time, and starts both daemons. Samba is not included in Solaris 8, but a Solaris 8-compatible version is available from the Samba website. The OS/2-based ArcaOS includes Samba to replace the old IBM LAN Server software.{{cite web|access-date=2020-09-11|website=arcanoae.com|url=https://www.arcanoae.com/wiki/arcamapper/|title=ArcaMapper}}

Samba includes a web administration tool called Samba Web Administration Tool (SWAT).{{cite web|url=http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/SWAT.html|title=Chapter 37. SWAT: The Samba Web Administration Tool|access-date=21 September 2015}}{{cite web|url=https://www.linux.com/news/swat-your-samba-problems/|title=SWAT your Samba problems|date=31 January 2008|publisher=linux.com}}

SWAT was removed starting with version 4.1.{{cite web|url=https://wiki.samba.org/index.php/Samba_4.1_Features_added/changed|title=Samba 4.1 Features added/changed|access-date=21 September 2015}}

{{update section|date=January 2016}}

Samba TNG (The Next Generation) was forked in late 1999, after disagreements between the Samba Team leaders and Luke Leighton about the directions of the Samba project. They failed to come to an agreement on a development transition path which allowed the research version of Samba he was developing (known at the time as Samba-NTDOM) to slowly be integrated into Samba.{{cite web

| title = Project FAQ - What is the relationship between Samba and Samba TNG?

| url = https://wiki.samba-tng.org/doku.php/pages/faq#what_is_the_relationship_between_samba_and_samba-tng

| access-date = 19 February 2008}} Development has been minimal, due to a lack of developers. The Samba TNG team frequently directed potential users towards Samba because of its better support and development.{{cite web

| title = Project FAQ - Which should I use - Samba or Samba TNG?

| url = https://wiki.samba-tng.org/doku.php/pages/faq#which_should_i_use_-_samba_or_samba-tng

| access-date = 19 February 2008}}

A key goal of the Samba TNG project was to rewrite all of the NT Domains services as FreeDCE projects.{{cite web

| title = Project FAQ - What's all this about FreeDCE?

| url = https://wiki.samba-tng.org/doku.php/pages/faq#what_s_all_this_about_freedce

| access-date = 19 February 2008}} This was made difficult as the services were developed manually through network reverse-engineering, with limited or no reference to DCE/RPC documentation.{{citation needed|date=February 2008}}

A key difference from Samba was in the implementation of the NT Domains suite of protocols and MSRPC services. Samba makes all the NT Domains services available from a single place, whereas Samba TNG separated each service into its own program.{{citation needed|date=February 2008}}

ReactOS started using Samba TNG services for its SMB implementation. The developers of both projects were interested in seeing the Samba TNG design used to help get ReactOS talking to Windows networks. They worked together to adapt the network code and build system. The multi-layered and modular approach made it easy to port each service to ReactOS.{{cite web

| title = Interview with Steven Edwards

| url = http://www.winehq.org/?interview=14

| access-date = 19 February 2008

| publisher = Wine HQ

| last = Vincent

| first = Brian}}

{{Portal|Free and open-source software}}

• LM hash
• SSLBridge

{{Notelist}}

{{Reflist}}

{{Wikibooks|Samba}}

• {{Official website|https://www.samba.org/}}

Category:Free file transfer software

Category:Free software programmed in C

Category:Software forks

Category:Unix network-related software