SMB-C

Resources

• Configuration & Setup
  • Build The server : https://phoenixnap.com/kb/ubuntu-samba
  • smbpasswd : https://www.samba.org/samba/docs/current/man-html/smbpasswd.8.html

Commands

• Tricks & Configs
  • Install the SMB service and run it .

    sudo apt install vsftpd
    whereis samba
    samba -V

  • add SMB user

    sudo useradd --no-create-home fady && sudo smbpasswd -a fady

  • Test Config file

    testparm

  • Add share

    [sharing]
    comment = This is bad share  
    path = /home/ubuntu/smb_share 
    read only = no 
    writable = yes 
    browseable = yes 
    guest ok = no 
    valid users = @fady

  • Permissions

    sudo setfacl -R -m "u:fady:rwx" /home/ubuntu/smb_share
    sudo chmod o+x /home/ubuntu

  • systemctl

    sudo systemctl restart smbd
    sudo systemctl stop smbd
    sudo systemctl status smbd

Notes

SMB Auth

• The Samba Authentication Gate (Proving Your Identity) When you try to connect from a Windows or Mac computer, you first arrive at the Samba gate.
  • Samba asks: “What is your username and password?”
  • It checks the name and password hash against its own private list: the smbpasswd file.
  • The password in your Linux /etc/shadow file is the wrong shape and key; it will not work at this gate.
  • If you pass this check, you are allowed through the first gate.
• The Linux Permissions Gate (What You’re Allowed to Do) Now that you are authenticated, Samba needs to know what you’re allowed to do on the actual server.:
  • Samba asks the Linux system: “I have a user here named ‘bob’. What can he do?”
  • The Linux system looks at the /etc/passwd file to confirm that ‘bob’ is a real user and to find his User ID (UID) and Group ID (GID).
  • From that point on, your ability to read, write, or delete files is determined entirely by standard Linux file permissions (owner, group, other).

WARNING

Even though you tried to log in with -U “fady%321”, the Samba server doesn’t have “fady” in its smbpasswd database. Because your share has ==guest ok = yes==, Samba’s rule is: “If I don’t know this user, but guests are allowed, I’ll let them in as a guest.”

INFO

• Config file : /etc/samba/smb.conf

• guest ok = yes ⇒ anonymous

• restrict anonymous = no ⇒ null session