Q: - Which SELinux
security context used for SAMBA ?
samba_share_t
Q: - On which ports
SAMBA server works ?
- UDP port 137 for netbios-ns, the NETBIOS Name Service
- UDP port 138 for netbios-dgm, the NETBIOS Datagram Service
- TCP port 139 for netbios-ssn, the NETBIOS session service
- TCP port 445 for microsoft-ds, the Microsoft Domain
Service
Q: - What are the
Secrity or Authentication Mode for SAMBA server?
ADS
DOMAIN
SERVER
USER
SHARE
Q: - How to Manually
Create Machine Trust Accounts ?
/usr/sbin/useradd -g machines -d /var/lib/nobody -c
"machine nickname" -s /bin/false machine_name$
passwd -l machine_name$
Q: - What are the
SAMBA server Types ?
- Primary Domain Controller (PDC)
- Backup Domain Controller (BDC)
- ADS Domain Controller
Q: - Which protocol
SAMBA server uses ?
SMB, which stands for Server Message Block, is a protocol
for sharing files, printers, serial ports, and communications abstractions such
as named pipes and mail slots between computers.
Q: - How Does a Workstation
find its Domain Controller?
There are two different mechanisms to locate a domain
controller: one method is used when NetBIOS over TCP/IP is enabled and the
other when it has been disabled in the TCP/IP network configuration. Where
NetBIOS over TCP/IP is disabled, all name resolution involves the use of DNS,
broadcast messaging over UDP, as well as Active Directory communication
technologies.
Q: - Can Samba Be a
Backup Domain Controller to an NT4 PDC?
No. The native NT4 SAM replication protocols have not yet
been fully implemented.
Q: - How Do I
Replicate the smbpasswd File?
Replication of the smbpasswd file is sensitive. It has to be
done whenever changes to the SAM are made. Every user's password change is done
in the smbpasswd file and has to be replicated to the BDC. So replicating the
smbpasswd file very often is necessary.As the smbpasswd file
contains plaintext password equivalents, it must not be sent unencrypted over
the wire. The best way to set up smbpasswd replication from the PDC to the BDC
is to use the utility rsync. rsync can use ssh as a transport. ssh itself can
be set up to accept only rsync transfer without requiring the user to type a
password.As said a few times before, use of this method is broken and awed.
Machine trust accounts will go out of sync, resulting in a broken domain. This
method is not recommended. Try using LDAP instead.
Q: - Can Samba fully
replace my Windows NT server that is not a Primary Domain Controller (PDC)?
Samba can completely serve files and printers to Windows,
just as a Windows NT server would.
Q: - Can Samba
replaces my Windows NT PDC?
Not completely. Samba
domain control capabilities for a Windows 9x client are solid and complete, and so these clients
would probably never know the difference. The domain control support for
Windows NT/2000 clients is still being developed. Currently, enough has been
implemented to allow a Windows NT client to join a Samba-controlled domain, but
there is more to domain control than that. The most conspicuous absence is the
lack of support for Windows NT trust relationships and the SAM replication
protocol used between NT PDCs and Backup Domain Controllers (BDCs).
Q: - What TCP and UDP
ports required for NetBIOS over TCP/IP use?
The NBT name service uses port 137/udp, the NBT session
service uses port 139/tcp, and the NBT datagram service uses port 138/udp.
Q: - How SMB protocol
works?
There will be three stages in creating an SMB connection
between a client and a specific share on a server.
The first stage in connecting to an SMB share is to
negotiate the SMB protocol dialect to use. In the request packet, the client
sends a text listing of all the SMB dialects that it understands. The server
selects the most advanced protocol that it knows and responds to the client,
specifying the protocol number from the list. At this point, the client and
server have agreed that SMB commands can be used for the remainder of the
conversation.
The second stage is to create a session connection between
the client and server. To do this, the client issues a session setup request,
which includes a sername and some proof of validity, such as a password. The
server attempts to validate requesting user. If successful, the server then
returns a session UID to client. This UID is unique for each session and has no
relation to the server internal representation of users.
The third stage before access to files on a remote share is
allowed is for the client to make a successful tree connection to the shared
resource. The client sends to the server a tree connect request, which includes
the UID previously issued by the server. At this stage the server verifies that
the authenticated user is authorized to access the requested resource. If the
user has sufficient privileges to access the share, the client is issued a tree
connection ID (TID). The TID is used in all requests to access files contained
in the resource to which the TID refers.
In this way SMB protocol works.
Q: - How man sections
samba configuration file (smb.conf) contains?
smb.conf file contains three sections.
1. [global] Contains settings that determine Samba overall
behavior.
2. [homes] A default share for providing a home directory
for all users.
3. [printers] A default share for exporting all printers on
the host via CIFS.
Q: - If a netbios
name is not defined in smb.conf, than what will be netbios name?
If a netbios name is not defined, Samba will use the IP
hostname of the server by default.
Q: - I want to use
User level security for my samba server than what i have to add in smb.conf file?
security = user
Q: - How you will
verify that your smb.conf file doesn’t have any mistakes and misspellings?
"testparm " tool that verifies the syntax of a
configuration file(smb.conf).
testparm -s smb.conf
Q: - What is the use
of "smbclient" command?
"smbclient" is used to display the list of shares
on your server. This verifies that smbd is running and functioning correctly.
The -L option instructs smbclient to enumerate the shares on the server rather
than actually connecting to one. The -N
switch instructs smbclient to use an anonymous login rather than the login name
of the current user.
smbclient -L localhost -N
Antother use of "smbclient" command to connect the
samba share.
smbclient /// -U
Q: - Explain
"smbstatus" command?
The smbstatus utility displays information about connected
users and currently locked files.
Q: - Is it possible
for Samba to share file systems that have been mounted using NFS?
Yes. However, this can be problematic if the NFS server that
provides the file system fails, causing the Samba server to hang. It is always
safer to use Samba to share a local file system.
Q: - How many
simultaneous connections can a Samba server support?
In theory, there is no limit. In practice, the limit is
determined by the server’s hardware, specifically the total amount of available
RAM and the CPU power. It might also depend on the amount of activity from the
smbd processes.
Q: - Can Samba be a
member of more than one workgroup at the same time?
No, Samba can be a member of only one workgroup.
Q: - What is SWAT?
SWAT is GUI Based administration tool for samba server.
Q: - I am trying to
use SWAT, but I keep getting the message There was no response. The server
could be down or not responding. What is the problem?
The most likely cause is that SWAT is not listening to
connections, or you have used the wrong URL in trying to connect to SWAT. SWAT
usually lives behind port 901, so the URL you should use is http://ID_ADDRESS_OF_SERVER:901/
Q: - Can i set empty password
for samba user?
Yes, if you want to set the value
to an empty password, you must change
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXX
to
NOPASSWORDXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XX
in your smbpasswd file.
XX
in your smbpasswd file.
Note: - if you have edited the
smbpasswd file by hand, make sure that the LAN Manager and NT password fields
contain exactly 32 characters, no more and no fewer. If these fields do not
have exactly 32 characters, Samba will not be able to correctly read the entry.
or You can modify by
"smbpasswd" command.
smbpasswd -n USER_NAME
Also you have to set the null passwords parameter to yes in the [global] section of smb.conf:
null passwords = yes
smbpasswd -n USER_NAME
Also you have to set the null passwords parameter to yes in the [global] section of smb.conf:
null passwords = yes
Q: - Can i set empty password for samba user?
Yes, If you want to set the value
to an empty password, you must change
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXX
to
NOPASSWORDXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XX
in your smbpasswd file.
Note: - if you have edited the
smbpasswd file by hand, make sure that the LAN Manager and NT password fields
contain exactly 32 characters, no more and no fewer. If these fields do not
have exactly 32 characters, Samba will not be able to correctly read the entry.
or You can modify by
"smbpasswd" command.
smbpasswd -n USER_NAME
Also you have to set the null
passwords parameter to yes in the [global] section of smb.conf: null passwords
= yes
Q: - Does Samba
support PAM?
Yes
Q: - What is role of
"NTLM"?
The challenge / response authentication protocol available to Windows
clients and servers for validating connection requests.
Q: - Explain
"force group" parameter used in smb.conf?
It will define the group id to be used for all file access
in the place of the user’s primary group.
Q: - Explain
"force user" parameter used in smb.conf?
It will define the user id to be used for all file access.
Q: - Explain
"write list" parameter used in smb.conf?
A list of users and/or groups that should be given write
access even if the read only parameter has been enabled.
No comments:
Post a Comment