Hello friends!. We continue with the series about Samba and today we will see the package smbclient, which provides us with a series of tools to access shared resources on Microsoft Windows and Samba servers.
Always keep in mind that we give An Entry Point to the programs or services we write about. DO NOT We intend to replace the abundant documentation that many, but many times, we have at our fingertips in program repositories. That is why we always say that, for more information, man, or we recommend that you read the accompanying documentation, ALWAYS BEFORE searching the Internet. Too bad a lot of documentation available in the repositories is in English. We currently have an abundance of Free Software developed by thousands of enthusiasts. The least we can do is read and study a little about how to use it. I am sure that our part is the one that requires the least effort.
In advance, I apologize for any omissions or inadvertent errors. Writing about the Samba Suite is a very arduous task, even if only about a command from it.
Before continuing, we recommend reading:
In the article we will see:
- File settings / Etc / resolv.conf
- Introduction to the archive /etc/samba/smb.conf
- Using SmbClient
- Your Order
The package smbclient We can install it through Synaptic or through the command line. As root we execute in a console:
aptitude show smbclient aptitude install smbclient
Notice that the packages are also installed samba-common y samba-common-bin. The Samba program as such is not installed, although SmbClient IF belongs to the Samba suite.
Table of Contents
The package provides us with the following tools:
- findsmb: Lists information about the computers that respond to an SMB name query on a subnet.
- smbclient: Client similar to ftp to access shared resources on SMB / CIFS servers.
- SMBG: Utility similar to wget to download files from SMB servers.
- smbtar: Console script that works on the SmbClient which allows us to make backup copies of shared SMB / CIFS resources directly to a tape recorder on UNIX.
- rpcclient: Tool to execute on the client side the MS-RPC functions or Microsoft Remote Procedure Call. More information in Windows help.
- smbspool: Sends a file to an SMB printer.
- smbtree: List or Browser SMB in text mode. Similar to the "Network Neighborhood" of Windows computers. Prints a tree with all known domains, the servers in each domain, and their shared resources.
- smbcacls: Tool to manipulate the NT Access Control Lists in folders or shared files of SMB type.
- smbcquotas: Utility to manage Quotas (Quotas) on SMB shares.
Meanwhile samba-common-bin offers us the following programs:
- NET: Utility conceived to work like the program «NET»Windows. It is a tool for managing Samba servers and remote CIFS servers.
- nmblookup: NetBIOS over TCP / IP client used for NetBIOS name lookup.
- smbpasswd: Command that allows us to change the SMB password of a user.
- testparm: Utility that helps us to check the syntax of the main Samba configuration file smb.conf.
Of all the above commands, personally I have used mostly testparm, smbclient, smbtree, NET y smbpasswd. It would be an extremely long article, and also tedious, to encompass everyone involved.
To test SmbClient, we made a small LAN with the following equipment:
w2003: Main Domain Controller in Windows 2003 SP2, Enterprise Server, which also provides DNS and WINS services. The domain name is friends.cu. The users registered in the Domain are: elrond, Legolas, pipin y strides. :-). In this server we have the shared folder middle Earth, to which we have given read permissions to strides and read - write to pipin. The user elrond He is also a domain administrator.
miwheezy: Machine with Debian 7.0 "Wheezy", in which we will install the package smbclient.
need: Team with Ubuntu 12.04 Server LTS and Gnome-Shell, in which we will also have the SmbClient package installed. We join this team to the amigos.cu domain, so that users registered in the domain can start a local session. Therefore, you have a machine account on the domain controller. He how it is done to link a Debian or an Ubuntu to a Microsoft Active Directory, we will see in a future article.
File settings / Etc / resolv.conf
It is extremely important that we declare the DNS correctly, especially if we have a LAN with a Microsoft Domain Controller. In our example, the IP of the w2003.amigos.cu It is 10.10.10.30. Therefore, the file / Etc / resolv.conf will be with the following content:
search amigos.cu nameserver 10.10.10.30
In the event that we do not have the Network-Manager-GNOME installed, for example, on a server, it would not hurt to correctly declare the previous parameters in the file / etc / network / interfaces.
The DNS that are installed when we configure a Domain Controller in Microsoft, have a whole series of additional records, which integrate them strongly with the Active Directory functions.
Any precaution we take is valid so that Samba works correctly and we do not have to break our heads over configuration errors that we were able to avoid.
Introduction to the /etc/samba/smb.conf file
When we install the package smbclient, the main configuration file of the Samba Suite is created: smb.conf.
- Always make a backup copy of the file BEFORE modifying any aspect.
- Although the help is in English, we recommend that you READ it CAREFULLY before venturing to change any parameter.
- If you don't know any English at all, please only change what is indicated in the different literature, including this article.
smb.conf Contains runtime configuration information for the Samba Suite programs. Its syntax is checked by the command testparm. As in later articles we will see more about this file, for now we will limit ourselves to indicating the minimum necessary changes that we must make in it, in the case of a machine with Debian or Ubuntu and that is not linked to any domain. Changes are highlighted in bold.
[global] ## Browsing / Identification ### # Change this to the workgroup / NT-domain name your Samba server will part of workgroup = FRIENDS # server string is the equivalent of the NT Description field server string =% h server # Windows Internet Name Serving Support Section: # WINS Support - Tells the NMBD component of Samba to enable its WINS Server # wins support = no # WINS Server - Tells the NMBD components of Samba to be a WINS Client # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both; wins server = wxyz wins server = 10.10.10.30 ### THE REST OF THE FILE REMAINS UNCHANGED
That is, the changes made will be in the parameters workgroup y wins server only. Some will wonder about the use of WINS. Samba strongly recommends the use of this service in SMB / CIFS networks, to have the IP of the NetBIOS names resolved correctly. Even when a Samba Domain Controller is installed, in the smb.conf configuration file the NMBD daemon is told to act as a WINS server, through the parameter wins support = yes, which is NOT necessary in our particular case.
We check the syntax of the smb.conf file:
xeon @ miwheezy: ~ $ testparm Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[homes]" Processing section "[printers]" Processing section "[print $]" Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions [global] workgroup = FRIENDS server string =% h server map to guest = Bad User obey pam restrictions = Yes pam password change = Yes passwd program = / usr / bin / passwd% u passwd chat = * Enter \ snew \ s * \ spassword: *% n \ n * Retype \ snew \ s * \ spassword: *% n \ n * password \ supdated \ ssuccessfully *. unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 dns proxy = No wins server = 10.10.10.30 usershare allow guests = Yes panic action = / usr / share / samba / panic-action% d idmap config *: backend = tdb [.....] ## If we do it in precise.amigos.cu, which was previously joined ## to the friends.cu domain, the output differs ## a bit strides @ precise: ~ $ testparm Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] workgroup = AMIGOS realm = AMIGOS.CU security = ADS os level = 0 local master = No domain master = No template shell = / bin / bash winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes idmap config BCTUK: range = 10000000-19000000 idmap config BCTUK: backend = rid idmap config *: range = 11000-20000 idmap config *: backend = tdb
Once the changes have been made, it is not necessary to restart any service and we are ready to use the command smbclient.
SmbClient is basically a console command. Therefore we will make use of it.
xeon @ miwheezy: ~ $ smbclient -L w2003 Enter xeon's password: session setup failed: NT_STATUS_LOGON_FAILURE ## Logical result, since xeon is not a registered user in the Domain xeon @ miwheezy: ~ $ smbclient -L w2003 -U strides Enter trancos's password: Domain = [FRIENDS] OS = [Windows Server 2003 3790 Service Pack 2] Server = [Windows Server 2003 5.2] Sharename Type Comment --------- ---- ------ - C $ Disk Default share IPC $ IPC Remote IPC ADMIN $ Disk Remote Admin SYSVOL Disk Logon server share Middle Earth Disk NETLOGON Disk Logon server share Domain = [FRIENDS] OS = [Windows Server 2003 3790 Service Pack 2] Server = [Windows Server 2003 5.2] Server Comment --------- ------- PRECISE Samba 3.6.3 .2003 W2003 Workgroup Master --------- ------- FRIENDS WXNUMX ## Look at the shared resource tierramedia xeon @ miwheezy: ~ $ smbclient // w2003 / middle earth -U elrond Enter elrond's password: Domain = [FRIENDS] OS = [Windows Server 2003 3790 Service Pack 2] Server = [Windows Server 2003 5.2] smb: \> dir NT_STATUS_ACCESS_DENIED listing \ * smb: \> exit ## Logical !!!. Although elrond is an administrator, he does not have permissions on the resource. xeon @ miwheezy: ~ $ smbclient // w2003 / middle earth -U strides Enter trancos's password: Domain = [FRIENDS] OS = [Windows Server 2003 3790 Service Pack 2] Server = [Windows Server 2003 5.2] smb: \> dir. D 0 Sat Jul 20 16:58:54 2013 .. D 0 Sat Jul 20 16:58:54 2013 Pipin's folder D 0 Sat Jul 13 13:01:46 2013 Hawaii.Five-0.2010.S01E01.HDTV.XviD. avi A 366793752 Tue Sep 21 22:51:12 2010 Hawaii.Five-0.2010.S01E01.HDTV.XviD.srt A 63362 Wed Sep 22 14:03:40 2010 40915 blocks of size 262144. 29215 blocks available smb: \> mkdir test NT_STATUS_ACCESS_DENIED making remote directory \ test smb: \> exit ## Remember that strides only have read permissions xeon @ miwheezy: ~ $ smbclient // w2003 / middle earth -U pipin Enter pipin's password: Domain = [FRIENDS] OS = [Windows Server 2003 3790 Service Pack 2] Server = [Windows Server 2003 5.2] smb: \> dir. D 0 Sat Jul 20 16:58:54 2013 .. D 0 Sat Jul 20 16:58:54 2013 Pipin's folder D 0 Sat Jul 13 13:01:46 2013 Hawaii.Five-0.2010.S01E01.HDTV.XviD. avi A 366793752 Tue Sep 21 22:51:12 2010 Hawaii.Five-0.2010.S01E01.HDTV.XviD.srt A 63362 Wed Sep 22 14:03:40 2010 40915 blocks of size 262144. 29215 blocks available smb: \> mkdir try smb: \> dir. D 0 Sun Jul 21 14:21:30 2013 .. D 0 Sun Jul 21 14:21:30 2013 Pipin's folder D 0 Sat Jul 13 13:01:46 2013 Hawaii.Five-0.2010.S01E01.HDTV.XviD. avi A 366793752 Tue Sep 21 22:51:12 2010 Hawaii.Five-0.2010.S01E01.HDTV.XviD.srt A 63362 Wed Sep 22 14:03:40 2010 test D 0 Sun Jul 21 14:21:30 2013 40915 blocks of size 262144. 29215 blocks available smb: \>? ? allinfo altname archive blocksize cancel case_sensitive cd chmod chown close del dir du echo exit get getfacl geteas hardlink help history iosize lcd link lock lowercase ls l mask md mget mkdir more mput newer open posix posix_encrypt posix_open posix_mkdir posix_rmdir q read prompt postix_unlink print it quit putwdir print prompt putwdir rd recurse reget rename reput rm rmdir showacls set setmode stat symlink tar tarmode translate unlock volume vuid wdel logon listconnect showconnect ..! ## List of commands and below, help on a command ## Remember that smbclient is like an ftp client. smb: \> help get HELP get: [local name] get a file smb: \> exit xeon @ miwheezy: ~ $ ls -l total 68 drwxr-xr-x 2 xeon xeon 4096 Jul 13 12:56 Desktop -rw-r - r-- 1 xeon xeon 63362 Jul 21 14:24 Hawaii.Five-0.2010.S01E01.HDTV.XviD.srt ## Indeed, the srt file was copied into the folder FROM WHICH WE INVOKED ## the smbclient. xeon @ miwheezy: ~ $ man smb.conf> samba.man xeon @ miwheezy: ~ $ ls -l total 420 drwxr-xr-x 2 xeon xeon 4096 Jul 13 12:56 Desktop -rw-r - r-- 1 xeon xeon 63362 Jul 21 14:24 Hawaii.Five-0.2010.S01E01.HDTV.XviD.srt -rw -r - r-- 1 xeon xeon 359814 21 Jul 14 30:XNUMX samba.man xeon @ miwheezy: ~ $ smbclient // w2003 / middle earth -U pipin Enter pipin's password: Domain = [FRIENDS] OS = [Windows Server 2003 3790 Service Pack 2] Server = [Windows Server 2003 5.2] smb: \> put samba.man putting file samba.man as \ samba.man (10980,6 kb / s) (average 10980,7 kb / s) smb: \> dir. D 0 Sun Jul 21 14:31:36 2013 .. D 0 Sun Jul 21 14:31:36 2013 Pipin's folder D 0 Sat Jul 13 13:01:46 2013 Hawaii.Five-0.2010.S01E01.HDTV.XviD. avi A 366793752 Tue Sep 21 22:51:12 2010 Hawaii.Five-0.2010.S01E01.HDTV.XviD.srt A 63362 Wed Sep 22 14:03:40 2010 test D 0 Sun Jul 21 14:21:30 2013 samba. man A 359814 Sun Jul 21 14:31:36 2013 40915 blocks of size 262144. 29213 blocks available smb: \> exit ## Let's now try the smbtree command xeon @ miwheezy: ~ $ smbtree Enter xeon's password: FRIENDS \\ W2003 \\ PRECISE Samba 3.6.3 \\ PRECISE \ IPC $ IPC Service (Samba 3.6.3) xeon @ miwheezy: ~ $ smbtree -U legolas Enter legolas's password: AMIGOS \\ W2003 \\ W2003 \ NETLOGON Logon server share \\ W2003 \ tierramedia \\ W2003 \ SYSVOL Logon server share \\ W2003 \ ADMIN $ Remote Admin \\ W2003 \ IPC $ Remote IPC \\ W2003 \ C $ Default share \\ PRECISE Samba 3.6.3 \\ PRECISE \ IPC $ IPC Service (Samba 3.6.3) ## Observe the exit with registered and unregistered users
- It is always recommended to run the commands with the credentials of a user registered in the domain even if the client computer is not joined to the domain. Of course we must know the authentication credentials of that user or have our user account in the domain.
- From the foregoing it follows that IT IS NOT OBLIGATORY TO HAVE THE CLIENT MACHINE UNITED TO A DOMAIN, unless we want to log in to the client computer as a domain user. In fact, my workstation is not joined to my company domain.
- The commands get y put they work from the share to the local folder or the client machine from which the smbclient was invoked.
- To know all the internal commands of smbclient, we must type the question mark ?.
- If we carry out the same previous operations from a computer previously joined to the domain, the results will be the same. We check it in our precise.amigos.cu.
- Using SmbClient goes far beyond what we have seen in the article. We will see it in future posts.
- Although it is strong for many initiates, the Samba Suite requires personal study. Not all the answers are in articles in the WWW Village. And many of them are in the language of Shakespeare.
- Don't be discouraged at the first mistake. If we learn how to use the Samba Suite, we will learn a lot about SMB / CIFS networks and in particular, about Microsoft networks.
Lastly, run in Nautilus or another file browser smb: // pipin @ w2003 / middle earth, to establish a connection to that resource. Try to open the file .avi with the VLC and then with the Totem. Get your own conclusions.
And that's it for today, friends. Until the next adventure !!!.