Thursday, August 2, 2012

SAMBA Interview Question & Answer



Q: - Which SELinux security context used for SAMBA ?
samba_share_t

Q: - On which ports SAMBA server works ?
- UDP port 137 for netbios-ns, the NETBIOS Name Service
- UDP port 138 for netbios-dgm, the NETBIOS Datagram Service
- TCP port 139 for netbios-ssn, the NETBIOS session service
- TCP port 445 for microsoft-ds, the Microsoft Domain Service

Q: - What are the Secrity or Authentication Mode for SAMBA server?
ADS
DOMAIN
SERVER
USER
SHARE

Q: - How to Manually Create Machine Trust Accounts ?
/usr/sbin/useradd -g machines -d /var/lib/nobody -c "machine nickname" -s /bin/false machine_name$
passwd -l machine_name$

Q: - What are the SAMBA server Types ?
- Primary Domain Controller (PDC)
- Backup Domain Controller (BDC)
- ADS Domain Controller

Q: - Which protocol SAMBA server uses ?
SMB, which stands for Server Message Block, is a protocol for sharing files, printers, serial ports, and communications abstractions such as named pipes and mail slots between computers.

Q: - How Does a Workstation find its Domain Controller?
There are two different mechanisms to locate a domain controller: one method is used when NetBIOS over TCP/IP is enabled and the other when it has been disabled in the TCP/IP network configuration. Where NetBIOS over TCP/IP is disabled, all name resolution involves the use of DNS, broadcast messaging over UDP, as well as Active Directory communication technologies.

Q: - Can Samba Be a Backup Domain Controller to an NT4 PDC?
No. The native NT4 SAM replication protocols have not yet been fully implemented.

Q: - How Do I Replicate the smbpasswd File?
Replication of the smbpasswd file is sensitive. It has to be done whenever changes to the SAM are made. Every user's password change is done in the smbpasswd file and has to be replicated to the BDC. So replicating the
smbpasswd file very often is necessary.As the smbpasswd file contains plaintext password equivalents, it must not be sent unencrypted over the wire. The best way to set up smbpasswd replication from the PDC to the BDC is to use the utility rsync. rsync can use ssh as a transport. ssh itself can be set up to accept only rsync transfer without requiring the user to type a password.As said a few times before, use of this method is broken and awed. Machine trust accounts will go out of sync, resulting in a broken domain. This method is not recommended. Try using LDAP instead.

Q: - Can Samba fully replace my Windows NT server that is not a Primary Domain Controller (PDC)?
Samba can completely serve files and printers to Windows, just as a Windows NT server would.

Q: - Can Samba replaces my Windows NT PDC?
 Not completely. Samba domain control capabilities for a Windows 9x client are  solid and complete, and so these clients would probably never know the difference. The domain control support for Windows NT/2000 clients is still being developed. Currently, enough has been implemented to allow a Windows NT client to join a Samba-controlled domain, but there is more to domain control than that. The most conspicuous absence is the lack of support for Windows NT trust relationships and the SAM replication protocol used between NT PDCs and Backup Domain Controllers (BDCs).

Q: - What TCP and UDP ports required for NetBIOS over TCP/IP use?
The NBT name service uses port 137/udp, the NBT session service uses port 139/tcp, and the NBT datagram service uses port 138/udp.

Q: - How SMB protocol works?
There will be three stages in creating an SMB connection between a client and a specific share on a server.
The first stage in connecting to an SMB share is to negotiate the SMB protocol dialect to use. In the request packet, the client sends a text listing of all the SMB dialects that it understands. The server selects the most advanced protocol that it knows and responds to the client, specifying the protocol number from the list. At this point, the client and server have agreed that SMB commands can be used for the remainder of the conversation.
The second stage is to create a session connection between the client and server. To do this, the client issues a session setup request, which includes a sername and some proof of validity, such as a password. The server attempts to validate requesting user. If successful, the server then returns a session UID to client. This UID is unique for each session and has no relation to the server internal representation of users.
The third stage before access to files on a remote share is allowed is for the client to make a successful tree connection to the shared resource. The client sends to the server a tree connect request, which includes the UID previously issued by the server. At this stage the server verifies that the authenticated user is authorized to access the requested resource. If the user has sufficient privileges to access the share, the client is issued a tree connection ID (TID). The TID is used in all requests to access files contained in the resource to which the TID refers.
In this way SMB protocol works.

Q: - How man sections samba configuration file (smb.conf) contains?

smb.conf file contains three sections.
1. [global] Contains settings that determine Samba overall behavior.
2. [homes] A default share for providing a home directory for all users.
3. [printers] A default share for exporting all printers on the host via CIFS.

Q: - If a netbios name is not defined in smb.conf, than what will be netbios name?
If a netbios name is not defined, Samba will use the IP hostname of the server by default.

Q: - I want to use User level security for my samba server than what i have to add in smb.conf file?
security = user

Q: - How you will verify that your smb.conf file doesn’t have any mistakes and misspellings?
"testparm " tool that verifies the syntax of a configuration file(smb.conf).
testparm -s smb.conf

Q: - What is the use of "smbclient" command?
"smbclient" is used to display the list of shares on your server. This verifies that smbd is running and functioning correctly. The -L option instructs smbclient to enumerate the shares on the server rather than actually connecting to one. The   -N switch instructs smbclient to use an anonymous login rather than the login name of the current user.
smbclient -L localhost -N
Antother use of "smbclient" command to connect the samba share.
smbclient /// -U

Q: - Explain "smbstatus" command?
The smbstatus utility displays information about connected users and currently locked files.

Q: - Is it possible for Samba to share file systems that have been mounted using NFS?
Yes. However, this can be problematic if the NFS server that provides the file system fails, causing the Samba server to hang. It is always safer to use Samba to share a local file system.

Q: - How many simultaneous connections can a Samba server support?
In theory, there is no limit. In practice, the limit is determined by the server’s hardware, specifically the total amount of available RAM and the CPU power. It might also depend on the amount of activity from the smbd processes.

Q: - Can Samba be a member of more than one workgroup at the same time?
No, Samba can be a member of only one workgroup.

Q: - What is SWAT?
SWAT is GUI Based administration tool for samba server.

Q: - I am trying to use SWAT, but I keep getting the message There was no response. The server could be down or not responding. What is the problem?
The most likely cause is that SWAT is not listening to connections, or you have used the wrong URL in trying to connect to SWAT. SWAT usually lives behind port 901, so the URL you should use is http://ID_ADDRESS_OF_SERVER:901/

Q: - Can i set empty password for samba user?
Yes, if you want to set the value to an empty password, you must change
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXX
to
NOPASSWORDXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XX
in your smbpasswd file.
Note: - if you have edited the smbpasswd file by hand, make sure that the LAN Manager and NT password fields contain exactly 32 characters, no more and no fewer. If these fields do not have exactly 32 characters, Samba will not be able to correctly read the entry.
or You can modify by "smbpasswd" command.
smbpasswd -n USER_NAME
Also you have to set the null passwords parameter to yes in the [global] section of smb.conf:
null passwords = yes

Q: - Can i set empty password for samba user?
Yes, If you want to set the value to an empty password, you must change
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXX
to
NOPASSWORDXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XX
in your smbpasswd file.
Note: - if you have edited the smbpasswd file by hand, make sure that the LAN Manager and NT password fields contain exactly 32 characters, no more and no fewer. If these fields do not have exactly 32 characters, Samba will not be able to correctly read the entry.
or You can modify by "smbpasswd" command.
smbpasswd -n USER_NAME
Also you have to set the null passwords parameter to yes in the [global] section of smb.conf: null passwords = yes

Q: - Does Samba support PAM?
Yes

Q: - What is role of "NTLM"?
The challenge / response  authentication protocol available to Windows clients and servers for validating connection requests.

Q: - Explain "force group" parameter used in smb.conf?
It will define the group id to be used for all file access in the place of the user’s primary group.

Q: - Explain "force user" parameter used in smb.conf?
It will define the user id to be used for all file access.

Q: - Explain "write list" parameter used in smb.conf?
A list of users and/or groups that should be given write access even if the read only parameter has been enabled.

No comments:

Post a Comment