The Unofficial Samba HOWTO

1. Introduction

1.1 Historical Overview

Once long ago, there was a buzzword referred to as DCE/RPC. This stood for Distributed Computing Environment/Remote Procedure Calls and conceptually was a good idea. It was originally developed by Apollo/HP as NCA 1.0 (Network Computing Architecture) and only ran over UDP. When there was a need to run it over TCP so that it would be compatible with DECnet 3.0, it was redesigned, submitted to The Open Group, and officially became known as DCE/RPC. Microsoft came along and decided, rather than pay $20 per seat to license this technology, to reimplement DCE/RPC themselves as MS RPC. From this, the concept continued in the form of SMB (Server Message Block, or the "what") using the NetBIOS (Network Basic Input/Output System, or the "how") compatibility layer. You can run SMB (i.e., transport) over several different protocols; many different implementations arose as a result, including NBIPX (NetBIOS over IPX, NwLnkNb, or NWNBLink) and NBT (NetBIOS over TCP/IP, or NetBT). As the years passed, NBT became the most common form of implementation. Perhaps the best summary of the origins of SMB are voiced in this 1997 article:

"Several megabytes of NT-security archives, random whitepapers, RFCs, the CIFS spec, the Samba stuff, a few MSknowledge-base articles, strings extracted from binaries, and packet dumps have been dutifully waded through during the information-gathering stages of this project, and there are *still* many missing pieces... While often tedious, at least the way has been generously littered with occurrences of clapping hand to forehead and muttering "crikey, what are they thinking?" -- Hobbit, CIFS: Common Insecurities Fail Scrutiny

Samba is essentially a TCP/IP file and print server for Microsoft Windows clients. In fact, it can support any SMB/CIFS-enabled client. One of Samba's big strengths is that you can use it to blend your mix of Windows and Linux machines together without requiring a separate Windows server. Samba 3.0.2a includes many new features including Active Directory support, unicode support, new authentication and filename mangling systems, better printing support, trust relationships, LDAP integration and loadable RPC modules.

1.2 Important Definitions

SMB (Server Message Block)

This is an older, generic protocol for sharing files, printers, serial ports and communications abstractions such as named pipes and mail slots between computers. Microsoft implements their own form of the SMB Protocol, to provide file and printer sharing in all versions of Windows.

CIFS (Common Internet File System)

This is the new name for SMB. Around 1996, Microsoft apparently decided that SMB needed the word "Internet" in it, so they changed it to CIFS. CIFS provides better interoperability with newer servers including Windows Server 2003 and CIFS-based NAS appliances, is optimized for the current versions of the SMB/CIFS protocol and has better POSIX file I/O semantics. CIFS is built in to the Linux 2.6 kernel and is available currently as a patch for the 2.4 kernel.


This means to take variable data, serialize (i.e., place in order) it, and send it in transmittable form across a network or to a file. Unmarshalling is the reverse process. In DCE/RPC terminology, marshaling and unmarshalling refers to the flattening and unpacking of a data stream between a client and server. These two terms show up a lot when debugging with the Samba logfile.

NetBIOS (Network Basic Input/Output System)

This is standard, not a protocol. It can help to think of this in comparison your computer's BIOS -- it controls the essential functions of your input/output hardware -- whereas NetBIOS controls the essential functions of your input/output traffic via the network.Again, this is a bit of an exaggeration but it should help that paradigm shift. What is important to realize is that NetBIOS is a transport standard, not a protocol. Unfortunately, even technically brilliant people tend to interchange NetBIOS with terms like NetBEUI without a second thought; this will cause no end (and no doubt) of confusion.

NetBEUI (NetBIOS Extended User Interface)

This is a protocol, not a standard. It is also not routable, so traffic on one side of a router will be unable to communicate with the other side.Understanding NetBEUI is not essential to deciphering SMB; however it helps to point out that it is not the same as NetBIOS and to improve your score in trivia at parties. NetBEUI was originally referred to by Microsoft as "NBF", or "The Windows NT NetBEUI Frame protocol driver". It is not often heard from these days and, contrary to popular belief, is not required for using TCP/IP.

NBT (NetBIOS over TCP)

This allows the continued use of NetBIOS traffic over TCP/IP. As a result, NetBIOS names are made to IP addresses and NetBIOS name types are conceptually equivalent to TCP/IP ports. This is how file and printer sharing are accomplished in Windows 95/98/ME. They traditionally rely on three ports: NetBIOS Name Service (nbname) via UDP port 137, NetBIOS Datagram Service (nbdatagram) via UDP port 138, and NetBIOS Session Service (nbsession) via TCP port 139. All name resolution is done via WINS, NetBIOS broadcasts, and DNS. NetBIOS over TCP is documented in RFC 1001 (Concepts and methods) and RFC 1002 (Detailed specifications).

1.3 Additional Resources

1.4 Copyright

Copyright 2004 David Lechnyr
This document is distributed in the hope it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation. A copy of the license is available at
Prev Home Next
Table of Contents   Installing Samba