SMB/CIFS protocol details

SMB/CIFS Protocol

After NetBIOS appeared, Microsoft implemented a network file/print service system using NetBIOS. This system sets a file sharing protocol based on NETBIOS, which Microsoft calls Server Message Block (SMB) protocol. This protocol is used by Microsoft in their LAN Manager and Windows NT Server systems, and Windows systems all include client software for this Protocol, thus this Protocol has a great impact on LAN systems.

With the popularity of the Internet, Microsoft hopes to extend this Protocol to the Internet, becoming a standard for computers on Inter Net to share data with each other. Therefore, it sorts out the existing SMB protocol with few technical documents, renames it CIFS (Common Internet File System), and intends to disassociate it from netbios, try to make it a standard protocol on the Internet.

Therefore, to integrate windows and Unix computers, the best way is to install software that supports SMB/CIFS in UNIX, so that Windows customers do not need to change the settings, you can use resources on UNIX computers just like using Windows NT servers.

Unlike other standard TCP/IP protocols, SMB is a complex protocol, because with the development of Windows computers, more and more functions are added to the Protocol, it is difficult to distinguish which concepts and functions should belong to the Windows operating system and which concepts should belong to the SMB protocol. Because other network protocols have protocols to implement related software, the structure is clear and concise, while SMB has been developed along with Microsoft's operating system, therefore, the Protocol contains a large number of windows concepts.

Browse

In the SMB protocol, to access network resources, computers need to know the list of resources on the network (for example, using network neighbors in Windows to view accessible computers ), this mechanism is called browsing ). Although the SMB protocol often uses the broadcast method, if you use the broadcast method every time to understand the current network resources (including the computers providing services and the service resources on each computer ), this requires a lot of network resources and a long time to search. Therefore, it is best to maintain a list of network resources in the network to facilitate searching for network resources. You can search for resources only when necessary, for example, using the search computer function in windows.

However, it is not necessary for each computer to maintain the entire resource list. The task of maintaining the current resource list in the network is completed by several special computers on the network. These computers are called browser, these browsers record broadcast data or query name servers to record various resources on the network.

Browser is not a computer specified in advance, but generated between normal computers through automatic recommendations. Different computers can set different weights for recommendations based on their ability to provide services. To ensure that the network browsing is still normal when a browser is down, there are often multiple browsers in the network, one for the master browser and the other for the backup browser.

Working groups and Domains

The concepts of working groups and domains are equally useful in browsing. They are used to differentiate and maintain multiple computers that browse data in the same group. In fact, their difference lies in the authentication method. Each computer in the Working Group is basically independent and authenticates the client access independently, and one or more domain controllers exist in the domain, stores authentication information that is valid for the entire domain, including user authentication information and authentication information of the member computers in the domain. When you browse data, you do not need to authenticate the information. Microsoft extends the workgroup to a domain to form a hierarchical directory structure that combines the original browsing and directory services, A strategy to expand the scope of Mircrosoft network services.

Both the workgroup and domain can span multiple subnets. Therefore, there are two types of browsers in the Network: domain master browser, which is used to maintain the browsing data of the entire workgroup or domain, the other is the local master browser, which is used to maintain the browsing data in the subnetwork. It communicates with the domain master browser to obtain all the browsing data. The division of the two browser types is mainly because the browsing data relies on gossip network broadcast to obtain the resource list. different subnets can exchange resource lists only through the communication capability between browsers.

However, to browse resources of multiple subnets, you must use the DNS resolution method of the NBNS name server. Without the help of NBNS, the computer cannot obtain the NetBIOS Name of a computer outside the subnet. The local master browser also needs to query the NetBIOS name server to obtain the domain master browser name to exchange network resource information.

Due to the special nature of the domain controller in the domain, the domain controller tends to be used as the browser, and the master Domain Controller should be used as the domain master browser. They set a large weight during the recommendation.

Authentication Method

In Windows 9x systems, shared-level authentication is used to share resources with each other, mainly because these windows systems cannot provide real multi-user capabilities. A shared-level authentication resource is associated with only one password without user data. This idea is suitable for a group of people sharing a small amount of file resources with each other. Once the resources to be shared increase, the restrictions to be imposed are complicated, therefore, it is no longer appropriate to set a password for each shared resource.

Therefore, for large networks, a user-level authentication method is more suitable to distinguish and authenticate each accessed user and share resources by assigning permissions to different users. For computers in the working group mode, the user is authenticated by the local machine, while the computers in the domain can be authenticated by the domain controller. When a Windows computer passes Domain Controller Authentication, it can execute the logon script of the corresponding user on the domain controller and the desktop environment description file according to the settings.

Shared resources

Each SMB server can provide external file or print services, and each shared resource needs to be assigned a sharing name, which will be displayed in the server's resource list. However, if the last letter of a resource name is $, the name is hidden and cannot be displayed directly in the browsing list, instead, you can only access this name directly.

In the SMB protocol, to obtain the list of resources provided by the server, you must use a hidden Resource Name IPC $ to access the server. Otherwise, you cannot obtain the list of system resources.