File Sharing Mechanism in Netbios

Source: Internet
Author: User
Technorati tags: Samba, NETBIOS, file sharing, PDC, AD, Domain


IBM Netbios

In the early stages of PC and LAN development, Microsoft and IBM developed a NetBIOS protocol to implement network capabilities on PC, which is a set of call interfaces for network communication, the developer IBM believes that this protocol will become the most basic network access interface like the computer BIOS they designed, so the NetBIOS name is used. Microsoft uses the NetBIOS interface to develop network servers and corresponding customer software.

NetBIOS is actually a standard developed independently from TCP/IP. Although it can use TCP/IP as the transmission protocol, it is conceptually different, it does not use all the capabilities provided by TCP/IP, but uses its own method to accomplish similar work. The biggest difference lies in the name resolution method. NetBIOS has its own independent name resolution concepts and capabilities, therefore, the name resolution method is different from the standard DNS method in TCP/IP. After the NetBIOS name resolution is required to obtain an IP address, the NetBIOS session can be established on the basis of a common TCP connection. Therefore, in NETBIOS, name resolution is the biggest difference between NetBIOS Sessions and common TCP connections.


NetBIOS name resolution


NetBIOS name resolution Method

The biggest difference between NetBIOS name resolution and DNS name resolution is that NetBIOS is dynamic. A computer needs to register its own name before resolving the name. Although dynamic resolution brings great convenience, it is complicated and inefficient. Therefore, it can only be used on a small range of LAN.

Each NetBIOS name can contain up to 16 characters and 16th characters to identify the program type used for name input. When a NetBIOS computer communicates, it must be based on the NetBIOS name, rather than the IP address. A NetBIOS service program must first register its own NetBIOS name, while an application needs to query the required NetBIOS name. For example, each Windows computer uses the configured computer name to initialize the NetBIOS name after it is started.

There are several different ways to find the corresponding node address (IP address in TCP/IP protocol) from NetBIOS name.

  1. Local Broadcast
    Send a broadcast on the local network. broadcast the NetBIOS Name of a device to find the corresponding IP address. The broadcast method can also be used to register your own NetBIOS name. For example, a computer can broadcast the name of the Local Computer and tell other computers that it uses the NetBIOS name.
  2. Buffer
    Each computer that supports NetBIOS maintains a list of NetBIOS names and corresponding IP addresses. These names have a certain lifetime, so that they can be updated in a timely manner.
  3. NetBIOS Name Server
    A name server is used to provide a resolution task between the name and IP address. This NetBIOS name server is called NBNS (NetBIOS Name Server ), the name of the NBNS server implemented by miscrosoft is WINS (Windows Internet Name Service ). The NetBIOS computer first needs to register its NetBIOS name with NBN s to complete the registration process.
  4. LmHosts
    Microsoft Windows can identify the relationship between NetBIOS names and IP addresses on the network by searching the data stored in the local file lmhos ts. This method is not the standard for NetBIOS name recognition, but it is Microsoft's implementation method, so it is a factual standard.
  5. DNS and hosts file resolution
    The data stored in the DNS server and the local hosts file is used for the conversion between names and IP addresses in the standard TCP/IP protocol. However, when other methods are used to find the corresponding node address, in microsft windows, names and IP addresses can also be converted using the standard TCP/IP name resolution method. Similarly, this is not the NetBIOS standard, but the extension of micorsoft.

Based on these five NetBIOS recognition methods and different name registration methods, different combinations of methods constitute different name recognition policies. In the NetBIOS standard, the modes using different name recognition policies are called different NetBIOS node types.

  • B-node: registers and recognizes NetBIOS names through broadcast. For Net BIOS on the IP protocol, UDP-based broadcast is required. This method works well on small networks, but when the network increases, the vro divides the large network into several small networks. In general, the router does not forward broadcast data, and the broadcast package is only sent to the local network. Although you can configure a router for B-node broadcast forwarding, this will generate a large amount of useless network data for UDP broadcast, and the difficulty of name registration and resolution is also increased. Therefore, this method is not available for large networks.
  • P-node (peer-to-peer): a peer-to-peer method can provide a very effective method for name recognition. It uses the NetBIOS name server for name registration and name recognition. Therefore, the IP address of the same NBNS server must be specified for each NetBIOS computer. In this case, when the NBNS server is down or the settings (such as IP addresses) are changed, the name resolution cannot be completed and NetBIOS communication cannot be performed. Of course, the NetBIOS computer can be configured to use multiple NBNS servers, so that the backup server can be used in case of a problem.
  • M-node (mixed): To correctly parse NetBIOS names, it is best to use both broadcast and name server methods. Such name recognition is a compound process. M-node first identifies the name through B-node broadcast. When the broadcast method fails, p-node is used for query.
  • H-node (hybrid): the H-node mode is also a composite mode, which is different from the M-node mode in the search order. H-node first searches for the NBNS name server and then queries it in broadcast mode.

In Windows, the actual name recognition method is the extension of the standard H-node method. Windows series computers will first check the content in the cache, then view the WINS server, and then broadcast, then, The LmHosts file will be searched, and through hosts and DNS. NetBIOS recognition is a complex process, mainly because NetBIOS is a dynamic name resolution method, and each computer must register itself.

Legend: wins Setting dialog box for NetBIOS host (Windows XP)


NetBIOS Name Recognition Process

Unlike DNS, NetBIOS names are dynamically managed. DNS data is static. To add or delete a DNS name, the administrator needs to manually change the configuration file. However, NetBIOS requires the computer to automatically register its name on the network. The name occupied after the computer is stopped will be released, and no administrator intervention is required for this process. Because it requires additional network data to complete name registration and other processes, it is not suitable for large networks such as the Internet. NetBIOS Name Recognition requires three steps:

  • Name Registration: When NetBIOS is started, the computer declares to the entire network that it occupies a NetBIOS name. If another computer occupies the name, the computer will receive an error message. Registration is achieved by broadcasting information to the network or registering with the NetBIOS name server.
  • Name resolution: Resolve a NetBIOS name by broadcasting or querying the NetBIOS name server. You can also use the LmHosts file and DNS to parse the name.
  • Delete name: the NetBIOS name occupied by the system is deleted when the system is shut down or the provided workstation service ends.

By using NetBIOS Name and shared directory name, you can locate resources on a Windows computer. Microsoft uses u nc to determine the location of a network resource. a UNC starts with a double backslash and then provides the NetBIOS Name of the resource computer, the sharing name of the resources provided on the computer is followed by the following directory and file name. For example: // ntserver/share/files, the command to use a resource is:

C:/> net use f: //ntserver/shareC:/> f:F:/>

The net use command above maps the share resource on ntserver to F: disk.


Working principle of Name Server

Because B-node broadcast generates a large amount of information on the network, especially when the network is composed of multiple subnets, the router is used to isolate broadcast information, however, in order to resolve the name, we had to forward the B-node broadcast information package, which could not achieve the goal of reducing useless network traffic.

This problem can be avoided by parsing the name server. by querying the name server rather than broadcasting it, the information flow does not need to be transmitted to each subnet to reduce broadcast data, reduces the burden on the network, saves bandwidth, and effectively improves the speed and accuracy of name resolution.

In Windows, the name server is rarely used for name resolution, which makes the resolution of these network names very problematic. The network neighbor list of different computers is often different, the root cause is that the broadcast mode is not guaranteed. You must switch to the name server mode to resolve the name resolution problem.

Communication between a common NetBIOS computer and an NBNS server involves four different communication processes:

  • Name Registration: when each NetBIOS computer is started, it is registered on the name server. In this way, automatic database updates are maintained and dynamic updates are available. The name server returns the confirmation information and TTL of the name. If the name requested by the customer is already in use, the server queries whether the customer using the name is still on the network to determine whether the name can be used again. This occurs mainly in the process of re-registering after the Windows computer crashes, because the name registered on the name server still exists before the computer crashes, if the name server simply refuses to provide a name, the computer will not be able to obtain its own name again. The customer's name registration fails only when a conflict occurs.
  • Name update: because each name has a TTL for the lifetime, when the TTL is half the time, the customer will send an update request to the server to refresh the TTL settings on the server.
  • Name Release: the NetBIOS name occupied by the server will be released by the customer during the shutdown. The TTL name of the NetBIOS name will also cause the server to release the name.
  • Name recognition: the customer can send a name query request to the NBNS server for name resolution.

In some cases, the customer does not set a name server or the customer software used does not support Name Server Resolution. You can set a WINS proxy, it converts broadcast data to query name servers. It helps customers register and respond to broadcast queries.



Netbeui, that is, NetBIOS enhanced user interface, or NetBIOS enhanced user interface. It is an enhanced version of the NetBIOS protocol and has been used by many operating systems, such as Windows for workgroup, Windows 9x series, and Windows NT. Netbeui is a non-routing protocol developed for IBM for carrying NetBIOS communications.

The netbeui protocol is useful in many cases. It is the default protocol of the operating system before Windows 98. In short, the netbeui protocol is a short and concise broadcast protocol with high communication efficiency. It does not need to be set after installation. It is especially suitable for transmitting data in "Network neighbors. In addition to the TCP/IP protocol, it is recommended that netbeui be installed on LAN computers.

Netbeui lacks the routing and network-layer addressing functions, which is both its biggest advantage and its biggest disadvantage. Because it does not require additional network addresses and network-layer headers and tails, it is fast and effective and suitable for small workgroup environments that only individual networks or the entire environment are bridging.

Because routing is not supported, netbeui will never become the main protocol of the enterprise network. The only address in the netbeui frame is the data link layer Media Access Control (MAC) address, which identifies the network adapter but does not identify the network. The vro forwards the frame to the final destination based on the network address, but the netbeui frame does not have this information.

The bridge is responsible for forwarding and communication between networks according to the data link layer address, but there are many disadvantages. Because all broadcast communication must be forwarded to each network, the scalability of the bridge is poor. Netbeui includes the recording of Broadcast Communication and relies on it to resolve naming conflicts. Generally, the number of netbeui bridging hosts is less than 100.

In recent years, networks dependent on second-layer switches have become more common. The entire conversion environment reduces the network utilization, even though the broadcast is still forwarded to each host in the network. In fact, the combined use of 350-BASE-T Ethernet allows the conversion of the NetBIOS network to expand to hosts, in order to prevent Broadcast Communication from becoming a serious problem.


SMB/CIFS Protocol

After NetBIOS appeared, Microsoft implemented a network file/print service system using NetBIOS. This system sets a file sharing protocol based on NETBIOS, which Microsoft calls Server Message Block (SMB) protocol. This protocol is used by Microsoft in their LAN Manager and Windows NT Server systems, and Windows systems all include client software for this Protocol, thus this Protocol has a great impact on LAN systems.

With the popularity of the Internet, Microsoft wants to extend this Protocol to the Internet, which is a standard for computers on the Internet to share data with each other. Therefore, it sorts out the existing SMB protocol with few technical documents, renames it CIFS (Common Internet File System), and intends to disassociate it from netbios, try to make it a standard protocol on the Internet.

Therefore, to integrate windows and Unix computers, the best way is to install software that supports SMB/CIFS in UNIX, so that Windows customers do not need to change the settings, you can use resources on UNIX computers just like using Windows NT servers. (Kincorn Press: in fact, Microsoft has succeeded, and a samba suite Based on SMB/CIFS protocol has quickly appeared in the open-source community .)

Unlike other standard TCP/IP protocols, SMB is a complex protocol, because with the development of Windows computers, more and more functions are added to the Protocol, it is difficult to distinguish which concepts and functions should belong to the Windows operating system and which concepts should belong to the SMB protocol. Because other network protocols have protocols to implement related software, the structure is clear and concise, while SMB has been developed along with Microsoft's operating system, therefore, the Protocol contains a large number of windows concepts.

1. Browse

In the SMB protocol, to access network resources, computers need to know the list of resources on the network (for example, using network neighbors in Windows to view accessible computers ), this mechanism is called browsing ). Although the SMB protocol often uses the broadcast method, if you use the broadcast method every time to understand the current network resources (including the computers providing services and the service resources on each computer ), this requires a lot of network resources and a long time to search. Therefore, it is best to maintain a list of network resources in the network to facilitate searching for network resources. You can search for resources only when necessary, for example, using the search computer function in windows.

However, it is not necessary for each computer to maintain the entire resource list. The task of maintaining the current resource list in the network is completed by several special computers on the network. These computers are called browser, these browsers record broadcast data or query name servers to record various resources on the network.

Browser is not a computer specified in advance, but generated between normal computers through automatic recommendations. Different computers can set different weights for recommendations based on their ability to provide services. To ensure that the network browsing is still normal when a browser is down, there are often multiple browsers in the network, one for the master browser and the other for the backup browser.

2. Working Groups and Domains

The concepts of working groups and domains are equally useful in browsing. They are used to differentiate and maintain multiple computers that browse data in the same group. In fact, their difference lies in the authentication method. Each computer in the Working Group is basically independent and authenticates the client access independently, and one or more domain controllers exist in the domain, stores authentication information that is valid for the entire domain, including user authentication information and authentication information of the member computers in the domain. When you browse data, you do not need to authenticate the information. Microsoft extends the workgroup to a domain to form a hierarchical directory structure that combines the original browsing and directory services, A strategy to expand the scope of Mircrosoft network services.

Both the workgroup and domain can span multiple subnets. Therefore, there are two types of browsers in the Network: domain master browser, which is used to maintain the browsing data of the entire workgroup or domain, the other is the local master browser, which is used to maintain the browsing data in the subnetwork. It communicates with the domain master browser to obtain all the browsing data. The division of the two browser types is mainly because the browsing data relies on gossip network broadcast to obtain the resource list. different subnets can exchange resource lists only through the communication capability between browsers.

However, to browse resources of multiple subnets, you must use the DNS resolution method of the NBNS name server. Without the help of NBNS, the computer cannot obtain the NetBIOS Name of a computer outside the subnet. The local master browser also needs to query the NetBIOS name server to obtain the domain master browser name to exchange network resource information.

Due to the special nature of the domain controller in the domain, the domain controller tends to be used as the browser, and the master Domain Controller should be used as the domain master browser. They set a large weight during the recommendation.

3. Authentication Method

In Windows 9x systems, shared-level authentication is used to share resources with each other, mainly because these windows systems cannot provide real multi-user capabilities. A shared-level authentication resource is associated with only one password without user data. This idea is suitable for a group of people sharing a small amount of file resources with each other. Once the resources to be shared increase, the restrictions to be imposed are complicated, therefore, it is no longer appropriate to set a password for each shared resource.

Therefore, for large networks, a user-level authentication method is more suitable to distinguish and authenticate each accessed user and share resources by assigning permissions to different users. For computers in the working group mode, the user is authenticated by the local machine, while the computers in the domain can be authenticated by the domain controller. When a Windows computer passes Domain Controller Authentication, it can execute the logon script of the corresponding user on the domain controller and the desktop environment description file according to the settings.

4. Share resources

Each SMB server can provide external file or print services, and each shared resource needs to be assigned a sharing name, which will be displayed in the server's resource list. However, if the last letter of a resource name is $, the name is hidden and cannot be displayed directly in the browsing list, instead, you can only access this name directly.

In the SMB protocol, to obtain the list of resources provided by the server, you must use a hidden Resource Name IPC $ to access the server. Otherwise, you cannot obtain the list of system resources.


Samba-open-source SMB/CIFS

Samba is a free software that implements the SMB/CIFS protocol on Linux and UNIX systems. It consists of servers and client programs.

Samba is the implementation of many services and protocols, including NetBIOS (NBT), SMB, and CIFS (enhanced version of SMB) on TCP/IP) DCE/RPC or, more specifically, MSRPC (Network Neighbor protocol suite), a WINS Server (also known as NetBIOS Name Server (NBNS )) NT domain protocol suite (including NT domain logons, secure accounts manager (SAM) database, Local Security Authority (LSA) service, NT-style printing service (SPOOLSS), NTLM, and recent Active Directory logon services, including improved Kerberos protocol and improved Lightweight Directory Access Protocol (LDAP ). These services and protocols are often incorrectly classified as NetBIOS or SMB. Samba can also be used to share a printer.

Samba can create network sharing for the selected Linux/Unix directories (including all subdirectories. This feature allows Windows users to access these UNIX directories over the network as they access folders in normal windows.



This document is taken from the network and the reference list is as follows:

  • NetBIOS and SMB/CIFS protocol by Wang Bo
  • Baidu encyclopedia _ samba

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.