netbios over tcp/ip on samba
Christopher R. Hertel
crh at nts.umn.edu
Mon Jan 14 22:51:10 GMT 2002
> Pranay wrote:
> > Hi,
> > I think ur right. just tell me onething, what I'm thinking is in Linux u
> > can login through different terminals right...??? suppose say I logged in to
> > one Linux machine using my username...another person came & he logged in using
> > his user name. so at a time there r two terminals r opened rt...??? now lets
> > come to the point...if say person X wants to send message to me & he sends
> > message from Wondows machine using net send (its just a logic i'm thinking
> > about), then that message is supposed to reach @ my terminal rt...??? now
> > there's only one Linux machine sharing same NetBIOS name. if that message sent
> > successfully then it must get appeared on all opened terminals...is it
> > correct...??? & the person want to send that message to me only...!!!
> > Is there any solution for this...scenario...??? & if yes Please let me
> > know it.
> Samba does not advertise who is logged in on a box via netbios. As such
> you could not do a net send with a username. Samba uses whatever
> program you define in your smb.conf to inform you of an incoming
> message. If you don't set it up, I think it just drops it on the floor.
Right. *Samba* does not register names such as user names.
Keep the design of the NetBIOS system in mind as you think of this, however.
In TCP/IP, and address represents an interface and a port number
represents a communications endpoint: an application or service.
NetBIOS names are analogous to the combination of *both*.
So, here's the scenario that would work (please note that I am *not*
saying this is something we should do with Samba...It's just that this is
how it would work if we *did* try to support NetBIOS communications):
- The user would run a local application, under their own username, that
would talk to Samba (via a Unix Domain Socket or other IPC).
- The user application would register a NetBIOS name by sending the
name to Samba. The application would also specify whether it wanted
to send/receive datagrams or open a session (that is, port 138/UDP or
- Whenever the application wanted to send a message, it would pass that
message to Samba. Samba would add an NBT header and send the message.
Any messages arriving for the registered name would have their NBT
header stripped off and passed to the waiting application.
Thus: User-level NetBIOS Domain Sockets. :)
Of course, if such a thing were to be done we would probably introduce the
NBTD that I've ranted about (a long time ago, before all the other stuff
that has floated across the list lately).
I've thought about this a lot. Mostly because it the way things were
intended to work in the RFCs. There are a lot of good reasons to do
things in non-RFC ways... it's just that I've been studying the RFCs. :)
Some folks have pointed out that this has some security problems. Most
notably that it gives normal users access to privilaged ports (137/UDP,
138/UDP, and 139/TCP). That's true, but only partly. The NBT layer
itself limits what one can do with those ports and it would be best if the
NBTD were to do some triage. The design above really only provides access
to the virtual NetBIOS LAN.
That said, there are also other ways to do this. I suggested earlier
that Samba could offer a generic IPC service which could be configured by
the system administrator and would work something like an inetd.
I know that a lot of similar ideas have been floated recently. I have
been thinking about the stuff presented here for a long time and, once
again, I'm not planning on changing Samba to do this (not yet, and not
without a lot of discussion and buy-in). It's worth thinking about how
and why one might do these things. I *am* working (slowly) on separate
code to test these designs.
Christopher R. Hertel -)----- University of Minnesota
crh at nts.umn.edu Networking and Telecommunications Services
Ideals are like stars; you will not succeed in touching them
with your hands...you choose them as your guides, and following
them you will reach your destiny. --Carl Schultz
More information about the samba-technical