Samba: SmbClient

Hello friends!. We continue with the series about Samba and today we will see the package smbclient, which provides us with a series of tools to access shared resources on Microsoft Windows and Samba servers.

Always keep in mind that we give An Entry Point to the programs or services we write about. DO NOT We intend to replace the abundant documentation that many, but many times, we have at our fingertips in program repositories. That is why we always say that, for more information, man, or we recommend that you read the accompanying documentation, ALWAYS BEFORE searching the Internet. Too bad a lot of documentation available in the repositories is in English. We currently have an abundance of Free Software developed by thousands of enthusiasts. The least we can do is read and study a little about how to use it. I am sure that our part is the one that requires the least effort.

In advance, I apologize for any omissions or inadvertent errors. Writing about the Samba Suite is a very arduous task, even if only about a command from it.

Before continuing, we recommend reading:

In the article we will see:

  • SmbClient
  • Samba-Common-Bin
  • File settings / Etc / resolv.conf
  • Introduction to the archive /etc/samba/smb.conf
  • Using SmbClient
  • Your Order

The package smbclient We can install it through Synaptic or through the command line. As root we execute in a console:

aptitude show smbclient aptitude install smbclient

Notice that the packages are also installed samba-common y samba-common-bin. The Samba program as such is not installed, although SmbClient IF belongs to the Samba suite.

SmbClient

The package provides us with the following tools:

  • findsmb: Lists information about the computers that respond to an SMB name query on a subnet.
  • smbclient: Client similar to ftp to access shared resources on SMB / CIFS servers.
  • SMBG: Utility similar to wget to download files from SMB servers.
  • smbtar: Console script that works on the SmbClient which allows us to make backup copies of shared SMB / CIFS resources directly to a tape recorder on UNIX.
  • rpcclient: Tool to execute on the client side the MS-RPC functions or Microsoft Remote Procedure Call. More information in Windows help.
  • smbspool: Sends a file to an SMB printer.
  • smbtree: List or Browser SMB in text mode. Similar to the "Network Neighborhood" of Windows computers. Prints a tree with all known domains, the servers in each domain, and their shared resources.
  • smbcacls: Tool to manipulate the NT Access Control Lists in folders or shared files of SMB type.
  • smbcquotas: Utility to manage Quotas (Quotas) on SMB shares.

Samba-Common-Bin

Meanwhile samba-common-bin offers us the following programs:

  • NET: Utility conceived to work like the program «NET»Windows. It is a tool for managing Samba servers and remote CIFS servers.
  • nmblookup: NetBIOS over TCP / IP client used for NetBIOS name lookup.
  • smbpasswd: Command that allows us to change the SMB password of a user.
  • testparm: Utility that helps us to check the syntax of the main Samba configuration file smb.conf.

Of all the above commands, personally I have used mostly testparm, smbclient, smbtree, NET y smbpasswd. It would be an extremely long article, and also tedious, to encompass everyone involved.

To test SmbClient, we made a small LAN with the following equipment:

w2003: Main Domain Controller in Windows 2003 SP2, Enterprise Server, which also provides DNS and WINS services. The domain name is friends.cu. The users registered in the Domain are: elrond, Legolas, pipin y strides. :-). In this server we have the shared folder middle Earth, to which we have given read permissions to strides and read - write to pipin. The user elrond He is also a domain administrator.

miwheezy: Machine with Debian 7.0 "Wheezy", in which we will install the package smbclient.

need: Team with Ubuntu 12.04 Server LTS and Gnome-Shell, in which we will also have the SmbClient package installed. We join this team to the amigos.cu domain, so that users registered in the domain can start a local session. Therefore, you have a machine account on the domain controller. He how it is done to link a Debian or an Ubuntu to a Microsoft Active Directory, we will see in a future article.

smb-iii-01

File settings / Etc / resolv.conf

It is extremely important that we declare the DNS correctly, especially if we have a LAN with a Microsoft Domain Controller. In our example, the IP of the w2003.amigos.cu It is 10.10.10.30. Therefore, the file / Etc / resolv.conf will be with the following content:

search amigos.cu nameserver 10.10.10.30

In the event that we do not have the Network-Manager-GNOME installed, for example, on a server, it would not hurt to correctly declare the previous parameters in the file / etc / network / interfaces.

The DNS that are installed when we configure a Domain Controller in Microsoft, have a whole series of additional records, which integrate them strongly with the Active Directory functions.

Any precaution we take is valid so that Samba works correctly and we do not have to break our heads over configuration errors that we were able to avoid.

Introduction to the /etc/samba/smb.conf file

When we install the package smbclient, the main configuration file of the Samba Suite is created: smb.conf.

  • Always make a backup copy of the file BEFORE modifying any aspect.
  • Although the help is in English, we recommend that you READ it CAREFULLY before venturing to change any parameter.
  • If you don't know any English at all, please only change what is indicated in the different literature, including this article.

smb.conf Contains runtime configuration information for the Samba Suite programs. Its syntax is checked by the command testparm. As in later articles we will see more about this file, for now we will limit ourselves to indicating the minimum necessary changes that we must make in it, in the case of a machine with Debian or Ubuntu and that is not linked to any domain. Changes are highlighted in bold.

 [global] ## Browsing / Identification ### # Change this to the workgroup / NT-domain name your Samba server will part of workgroup = FRIENDS
# server string is the equivalent of the NT Description field server string =% h server # Windows Internet Name Serving Support Section: # WINS Support - Tells the NMBD component of Samba to enable its WINS Server # wins support = no # WINS Server - Tells the NMBD components of Samba to be a WINS Client # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both; wins server = wxyz
wins server = 10.10.10.30

### THE REST OF THE FILE REMAINS UNCHANGED

That is, the changes made will be in the parameters workgroup y wins server only. Some will wonder about the use of WINS. Samba strongly recommends the use of this service in SMB / CIFS networks, to have the IP of the NetBIOS names resolved correctly. Even when a Samba Domain Controller is installed, in the smb.conf configuration file the NMBD daemon is told to act as a WINS server, through the parameter wins support = yes, which is NOT necessary in our particular case.

We check the syntax of the smb.conf file:

xeon @ miwheezy: ~ $ testparm
Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[homes]" Processing section "[printers]" Processing section "[print $]" Loaded services file OK. Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions [global] workgroup = FRIENDS server string =% h server map to guest = Bad User obey pam restrictions = Yes pam password change = Yes passwd program = / usr / bin / passwd% u passwd chat = * Enter \ snew \ s * \ spassword: *% n \ n * Retype \ snew \ s * \ spassword: *% n \ n * password \ supdated \ ssuccessfully *. unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 dns proxy = No wins server = 10.10.10.30 usershare allow guests = Yes panic action = / usr / share / samba / panic-action% d idmap config *: backend = tdb [.....]

## If we do it in precise.amigos.cu, which was previously joined ## to the friends.cu domain, the output differs ## a bit

strides @ precise: ~ $ testparm
Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions [global] workgroup = AMIGOS realm = AMIGOS.CU security = ADS os level = 0 local master = No domain master = No template shell = / bin / bash winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes idmap config BCTUK: range = 10000000-19000000 idmap config BCTUK: backend = rid idmap config *: range = 11000-20000 idmap config *: backend = tdb

Once the changes have been made, it is not necessary to restart any service and we are ready to use the command smbclient.

Using SmbClient

SmbClient is basically a console command. Therefore we will make use of it.

En miwheezy.amigos.cu:

xeon @ miwheezy: ~ $ smbclient -L w2003
Enter xeon's password: session setup failed: NT_STATUS_LOGON_FAILURE

## Logical result, since xeon is not a registered user in the Domain

xeon @ miwheezy: ~ $ smbclient -L w2003 -U strides
Enter trancos's password: Domain = [FRIENDS] OS = [Windows Server 2003 3790 Service Pack 2] Server = [Windows Server 2003 5.2] Sharename Type Comment --------- ---- ------ - C $ Disk Default share IPC $ IPC Remote IPC ADMIN $ Disk Remote Admin SYSVOL Disk Logon server share 
    Middle Earth Disk      
    NETLOGON Disk Logon server share Domain = [FRIENDS] OS = [Windows Server 2003 3790 Service Pack 2] Server = [Windows Server 2003 5.2] Server Comment --------- ------- PRECISE Samba 3.6.3 .2003 W2003 Workgroup Master --------- ------- FRIENDS WXNUMX

## Look at the shared resource tierramedia

xeon @ miwheezy: ~ $ smbclient // w2003 / middle earth -U elrond
Enter elrond's password: Domain = [FRIENDS] OS = [Windows Server 2003 3790 Service Pack 2] Server = [Windows Server 2003 5.2] smb: \> dir NT_STATUS_ACCESS_DENIED listing \ * smb: \> exit

## Logical !!!. Although elrond is an administrator, he does not have permissions on the resource.

xeon @ miwheezy: ~ $ smbclient // w2003 / middle earth -U strides
Enter trancos's password: Domain = [FRIENDS] OS = [Windows Server 2003 3790 Service Pack 2] Server = [Windows Server 2003 5.2] smb: \> dir. D 0 Sat Jul 20 16:58:54 2013 .. D 0 Sat Jul 20 16:58:54 2013 Pipin's folder D 0 Sat Jul 13 13:01:46 2013 Hawaii.Five-0.2010.S01E01.HDTV.XviD. avi A 366793752 Tue Sep 21 22:51:12 2010 Hawaii.Five-0.2010.S01E01.HDTV.XviD.srt A 63362 Wed Sep 22 14:03:40 2010 40915 blocks of size 262144. 29215 blocks available smb: \> mkdir test NT_STATUS_ACCESS_DENIED making remote directory \ test smb: \> exit

## Remember that strides only have read permissions

xeon @ miwheezy: ~ $ smbclient // w2003 / middle earth -U pipin
Enter pipin's password: Domain = [FRIENDS] OS = [Windows Server 2003 3790 Service Pack 2] Server = [Windows Server 2003 5.2] smb: \> dir. D 0 Sat Jul 20 16:58:54 2013 .. D 0 Sat Jul 20 16:58:54 2013 Pipin's folder D 0 Sat Jul 13 13:01:46 2013 Hawaii.Five-0.2010.S01E01.HDTV.XviD. avi A 366793752 Tue Sep 21 22:51:12 2010 Hawaii.Five-0.2010.S01E01.HDTV.XviD.srt A 63362 Wed Sep 22 14:03:40 2010 40915 blocks of size 262144. 29215 blocks available smb: \> mkdir try smb: \> dir. D 0 Sun Jul 21 14:21:30 2013 .. D 0 Sun Jul 21 14:21:30 2013 Pipin's folder D 0 Sat Jul 13 13:01:46 2013 Hawaii.Five-0.2010.S01E01.HDTV.XviD. avi A 366793752 Tue Sep 21 22:51:12 2010 Hawaii.Five-0.2010.S01E01.HDTV.XviD.srt A 63362 Wed Sep 22 14:03:40 2010 test D 0 Sun Jul 21 14:21:30 2013 40915 blocks of size 262144. 29215 blocks available smb: \>? ? allinfo altname archive blocksize cancel case_sensitive cd chmod chown close del dir du echo exit get getfacl geteas hardlink help history iosize lcd link lock lowercase ls l mask md mget mkdir more mput newer open posix posix_encrypt posix_open posix_mkdir posix_rmdir q read prompt postix_unlink print it quit putwdir print prompt putwdir rd recurse reget rename reput rm rmdir showacls set setmode stat symlink tar tarmode translate unlock volume vuid wdel logon listconnect showconnect ..!             

## List of commands and below, help on a command ## Remember that smbclient is like an ftp client.

smb: \> help get HELP get: [local name] get a file smb: \> exit
xeon @ miwheezy: ~ $ ls -l
total 68 drwxr-xr-x 2 xeon xeon 4096 Jul 13 12:56 Desktop -rw-r - r-- 1 xeon xeon 63362 Jul 21 14:24 Hawaii.Five-0.2010.S01E01.HDTV.XviD.srt

## Indeed, the srt file was copied into the folder FROM WHICH WE INVOKED ## the smbclient.

xeon @ miwheezy: ~ $ man smb.conf> samba.man
xeon @ miwheezy: ~ $ ls -l
total 420 drwxr-xr-x 2 xeon xeon 4096 Jul 13 12:56 Desktop -rw-r - r-- 1 xeon xeon 63362 Jul 21 14:24 Hawaii.Five-0.2010.S01E01.HDTV.XviD.srt -rw -r - r-- 1 xeon xeon 359814 21 Jul 14 30:XNUMX samba.man
xeon @ miwheezy: ~ $ smbclient // w2003 / middle earth -U pipin
Enter pipin's password: Domain = [FRIENDS] OS = [Windows Server 2003 3790 Service Pack 2] Server = [Windows Server 2003 5.2] smb: \> put samba.man putting file samba.man as \ samba.man (10980,6 kb / s) (average 10980,7 kb / s) smb: \> dir. D 0 Sun Jul 21 14:31:36 2013 .. D 0 Sun Jul 21 14:31:36 2013 Pipin's folder D 0 Sat Jul 13 13:01:46 2013 Hawaii.Five-0.2010.S01E01.HDTV.XviD. avi A 366793752 Tue Sep 21 22:51:12 2010 Hawaii.Five-0.2010.S01E01.HDTV.XviD.srt A 63362 Wed Sep 22 14:03:40 2010 test D 0 Sun Jul 21 14:21:30 2013 samba. man A 359814 Sun Jul 21 14:31:36 2013 40915 blocks of size 262144. 29213 blocks available smb: \> exit

## Let's now try the smbtree command

xeon @ miwheezy: ~ $ smbtree
Enter xeon's password: FRIENDS \\ W2003 \\ PRECISE Samba 3.6.3 \\ PRECISE \ IPC $ IPC Service (Samba 3.6.3)
xeon @ miwheezy: ~ $ smbtree -U legolas
Enter legolas's password: AMIGOS \\ W2003 \\ W2003 \ NETLOGON Logon server share \\ W2003 \ tierramedia \\ W2003 \ SYSVOL Logon server share \\ W2003 \ ADMIN $ Remote Admin \\ W2003 \ IPC $ Remote IPC \\ W2003 \ C $ Default share \\ PRECISE Samba 3.6.3 \\ PRECISE \ IPC $ IPC Service (Samba 3.6.3)

## Observe the exit with registered and unregistered users

Your Order

  • It is always recommended to run the commands with the credentials of a user registered in the domain even if the client computer is not joined to the domain. Of course we must know the authentication credentials of that user or have our user account in the domain.
  • From the foregoing it follows that IT IS NOT OBLIGATORY TO HAVE THE CLIENT MACHINE UNITED TO A DOMAIN, unless we want to log in to the client computer as a domain user. In fact, my workstation is not joined to my company domain.
  • The commands get y put they work from the share to the local folder or the client machine from which the smbclient was invoked.
  • To know all the internal commands of smbclient, we must type the question mark ?.
  • If we carry out the same previous operations from a computer previously joined to the domain, the results will be the same. We check it in our precise.amigos.cu.
  • Using SmbClient goes far beyond what we have seen in the article. We will see it in future posts.
  • Although it is strong for many initiates, the Samba Suite requires personal study. Not all the answers are in articles in the WWW Village. And many of them are in the language of Shakespeare.
  • Don't be discouraged at the first mistake. If we learn how to use the Samba Suite, we will learn a lot about SMB / CIFS networks and in particular, about Microsoft networks.

Lastly, run in Nautilus or another file browser smb: // pipin @ w2003 / middle earth, to establish a connection to that resource. Try to open the file .avi with the VLC and then with the Totem. Get your own conclusions.

And that's it for today, friends. Until the next adventure !!!.

My LAN:

smb-iii-02


The content of the article adheres to our principles of editorial ethics. To report an error click here!.

24 comments, leave yours

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   Ericsson said

    I have a question, configure samba in Debian 7, but when entering the shared folder I need to always ask for the password, how do I do it?

    1.    Federico A. Valdés Toujague said

      Is the folder shared on Wheezy itself or on a remote computer? If it's shared on the team with Wheezy, you've been ahead of several articles. 🙂

      1.    Ericsson said

        Indeed the folder is shared in the Wheezy

  2.   Antonio Galloso said

    Very good post, I use smbpasswd to change the password in the Windows domain and access my outlook mail from the company through firefox, but I don't use winbugs at all.

    smbpasswd -r domain-here -U userID-here

    1.    Federico Antonio Valdés Toujague said

      Thanks for comment!!!

  3.   alunado said

    Good vibes Antonio !! There is a lot of info on the web regarding samba, but I mark this for bookmarking. Greetings from the south.

  4.   st0rmt4il said

    Quality material, something that is not seen every day and less in this way.

    Merely grateful 😀

    Regards!

  5.   eliotime3000 said

    The tutorial is very good, although I have a doubt if it will be compatible or not with the versions of Windows Server with kernel 6.X (Server 2008 and Server 2012, respectively).

    1.    Federico Antonio Valdés Toujague said

      Greetings @eliotime !!!. With trying nothing is lost. The best criterion of truth is practice. Now, if I am not mistaken, the 2003 version of the Lan Manager is 5.0. You know that Microsoft gives you a little security in exchange for darkness. I think that if Microsoft was seriously considering backward compatibility, it should work the same for 2008 and 2012 servers.

      Now I wonder if in these modern times of Linux, it is necessary to use Windows 2008 or 2012 Servers, to provide services in an Enterprise LAN ?. Note that I do NOT say for the WWW Village !!! 🙂

  6.   Mauricio said

    Great article friend, something like this is not seen in such detail every day.

    I liked this and I'm going to save it, to review it more calmly when I have time.

  7.   Federico A. Valdés Toujague said

    Thank you all for your comments!!!.

  8.   mario said

    Hello, the article and the entire samba series are very good!
    I'm having trouble trying to connect to shared folders and printers on win8, since samba 3.4.9.
    The issue is that it gives me a message (using -d 7 for debugging on the smbclient command line) that says:

    SPNEGO login failed: invalid parameter

    Well, I don't really understand what we should do
    to configure SPNEGO well.
    Could you shed some clarity on this?

  9.   Federico Antonio Valdés Toujague said

    Support for SPNEGO was included as of Samba version 3.6.0. In Debian 7 "Wheezy" the Samba version is 3.6.6-6, while in Ubuntu 12.04 "Precise" is 3.6.3-2ubuntu2. Both support SPNEGO.

    Simple and Protected GSS-API Negotiation (SPNEGO)

    The purpose of the SPNEGO protocol is to allow the client and the server to negotiate a security mechanism for authentication. The requirements that the protocol must meet are indicated in RFC2478, and use "tokens" as they are built according to the ASN.1 DER recommendation. DER refers to the «Distinguished Encoding Rules» or Distinguished Encoding Rules. They refer to a series of rules for creating binary encodings in a way that is independent of the platform used. Samba has support for SPNEGO.

    1.    mario said

      Thanks Federico,
      finish by modifying the smb.conf with the line:
      client use spnego = no

      and then the connections flowed normally between samba / cups and the
      shared printer in Windows8.

      As you tell me, spnego's full support is from samba 3.6
      and I am using samba 3.4.9 ... so I decided not to use spnego from the samba server
      (which acts as a client with the printer in win8).

      Resolved.

      1.    Jorghe said

        hi friend i have samba vesion 3.0.33-3.40.el5_10
        and it does not connect me to a machine with win8.1 🙁
        I tried to add the spnego line and it didn't work, can you help me thanks

  10.   elav said

    Excellent article..

    1.    fico said

      Thank you colleague

  11.   snock said

    Good article

  12.   otkmanz said

    Good!
    I wanted to ask you something if it is not a bother, I will tell you.
    In the first place the guides to learn samba little by little are really great, and although I have not understood everything (because you could say that I am a newbie in the subject of networks hahaha), I have learned a lot, so first I wanted to tell you that they are great!

    The question is the following, as I have told you about networks, I understand the basics, I know how to calculate networks in binary, subnets, the topic of gateways, etc. (Now I am practicing in class with the topic of Cisco Packet Tracer, in case you know it hahaha ), but I want to learn more, because I am really passionate about networking.
    Where would you advise me to start reading to learn more? I would like to understand better the subject of Samba!
    Greetings and thanks for your time!

    1.    federico said

      Thank you for reading my articles and for your evaluation! I think that you should first ask yourself if you will dedicate yourself to the Enterprise LANs or of another type, or to the WAN -Internet-, because they have their differences. In my case I know the least about Business Networks, and I focus my articles on them as you can see if you visit the rest of them in https://blog.desdelinux.net/author/fico, In the http://humanos.uci.cu/author/federico. If you decide on Enterprise LANs, a good starting point is the book by Joel Barrios Dueñas "Server Configuration with GNU / Linux" at http://www.alcancelibre.org.

      That is my recommendation and Regards.

      1.    otkmanz said

        Good!
        Thank you very much for responding to my comment!
        I have been thinking, and I think I would really like to dedicate myself to Enterprise LAN, although I have not made a firm decision yet, but I think I would like to start learning about it.
        On the other hand, I have been looking at the links you have given me, especially the last one, and I have downloaded the book on Server Configuration with GNU / Linux, it seems like an excellent recommendation to start with, I have looked at the index and I really believe that I could learn a lot even without knowing much about the subject, so I have already started reading it!
        Greetings and thank you very much for your advice / response !!

  13.   milton said

    i have a samba ubuntu 1504 as application server in foxproxw with samba. but when a user from the application commands to print, a cmd console appears and does not print anything.

  14.   clear said

    Friend I hope you can read my concern is that I have been trying for days to be able to share the squid3 file that is in var / log / squid3 to be able to configure sawmill in that direction that is to say in my proxy and to be able to analyze the traces and it has been impossible for me. I explain
    Mount a proxy in linux unbuntu 14.04 and install samba to share of course with the pertinent restrictions, access the file that is in var / log / squid3 and I will access the squid access.log since the sawmill asks me for a path on the network of the log that it will read and thus perform an analysis of the proxy log but it has become an odyssey and I don't know what to do since I'm in a windows domain and I don't know how to make that file can be shared
    I only got to see the shared resource in windows, it asks me for a pass and when I put the user who believes in samba it does not let me reach the el
    What to do my friend?
    I would appreciate it if you help me as soon as possible I do not know if I can return to this site so I leave my email to contact
    clear614@gmail.com

  15.   The blab said

    I mounted an Ubuntu 18 in a domain environment as "member server", I need Windows clients to be able to access a shared folder from Ubuntu, using their domain credentials.

    I can see the resource, but it gives "permission denied" even though I already gave access from the smb.conf file