Exploring Samba's new registry-based configuration
net (rpc) registry
Samba's swiss army knife net basically has built-in command line versions of regedit: net registry to access the local registry and net rpc registry to access a remote registry over RPC. Although these tools are almost as clumsy as regedit, they do allow the administrator to produce more convenient custom tools with Unix shell scripts. Table 2 shows the available subcommands of net registry, and Listing 3 demonstrates an example of configuration tasks. The use of net rpc registry is completely analogous – you just call it as net -Uuser rpc registry … or even net -Uuser%password rpc registry … when it is too inconvenient to type the password at the prompt for each call.
Example net registry Session
01 # net registry 02 enumerate HKLM/software/samba/smbconf 03 Keyname = share1 04 Modtime = Thu, 01 Jan 1970 01:00:00 CET 05 06 Keyname = global 07 Modtime = Thu, 01 Jan 1970 01:00:00 CET 08 09 # net registry enumerate HKLM/software/samba/smbconf/global 10 Valuename = netbios name 11 Type = REG_SZ 12 Value = "nirvana" 13 14 Valuename = workgroup 15 Type = REG_SZ 16 Value = "samba" 17 18 Valuename = security 19 Type = REG_SZ 20 Value = "user" 21 22 # net registry setvalue HKLM/software/samba/smbconf/global "passdb backend" SZ tdbsam 23 # net registry enumerate HKLM/software/samba/smbconf/global 24 Valuename = netbios name 25 Type = REG_SZ 26 Value = "nirvana" 27 28 Valuename = workgroup 29 Type = REG_SZ 30 Value = "samba" 31 32 Valuename = security 33 Type = REG_SZ 34 Value = "user" 35 36 Valuename = passdb backend 37 Type = REG_SZ 38 Value = "tdbsam" 39 40 # net registry deletevalue HKLM/software/samba/smbconf/global security 41 # net registry enumerate HKLM/software/samba/smbconf/global 42 Valuename = netbios name 43 Type = REG_SZ 44 Value = "nirvana" 45 46 Valuename = workgroup 47 Type = REG_SZ 48 Value = "samba" 49 50 Valuename = passdb backend 51 Type = REG_SZ 52 Value = "tdbsam"
net registry is pretty chatty and clumsy for day-to-day administration tasks, so net now comes with a dedicated registry configuration interface offered by the new net conf command. Table 3 provides a summary of net conf options.
The net conf list command outputs the complete configuration in smb.conf format, whereas net conf import imports a smb.conf text file into the registry, dropping all previous data. This way, one can easily switch back and forth between registry- and text-based configuration if necessary (Listing 4).
Example net conf Session
01 # net conf list 02 # cat smb.conf.input 03 [global] 04 netbios name = nirvana 05 workgroup = samba 06 passdb backend = tdbsam 07 security = user 08 09 [share1] 10 path = /data/samba/shares/share1 11 read only = no 12 vfs objects = recycle 13 14 # net conf import smb.conf.input 15 # net conf list 16 [global] 17 netbios name = nirvana 18 workgroup = samba 19 passdb backend = tdbsam 20 security = user 21 22 [share1] 23 path = /data/samba/shares/share1 24 read only = no 25 vfs objects = recycle 26 27 # net conf setparm global "log level" 10 28 # net conf delparm global security 29 # net conf setincludes global /etc/samba/smb.conf.%I 30 # net conf setparm share2 path /data/samba/shares/share2 31 # net conf list 32 [global] 33 netbios name = nirvana 34 workgroup = samba 35 passdb backend = tdbsam 36 log level = 10 37 include = /etc/samba/smb.conf.%I 38 39 [share1] 40 path = /data/samba/shares/share1 41 read only = no 42 vfs objects = recycle 43 44 [share2] 45 path = /data/samba/shares/share2 46 47 # net conf drop 48 # net conf list 49 #
An abstraction layer called libsmbconf presents all necessary methods to access Samba's registry configuration from C code. net conf and the server use libsmbconf to access the registry. The Samba project site has more details on the API . libsmbconf is not published as a shared library because of linking dependencies to a lot of Samba internal code that is not yet properly chopped into shared libraries. Eventually the idea is to release libsmbconf so that it's easy to write third-party applications to configure Samba. A first example application called netdomjoin-gui is available with the Samba code. netdomjoin-gui is a Gtk program that joins your Samba into an active directory domain, modifying the registry configuration accordingly. It is modeled on the native Windows join dialog. The code is under lib/netapi/examples/netdomjoin-gui in Samba's source tree.
To compile the application, use make -C lib/netapi/examples; afterwards, you will find the binary in lib/netapi/examples/bin/netdomjoin-gui. Starting with a smb.conf file that contains config backend = registry and an empty registry configuration, the administrator calls netdomjoin-gui (Figure 3). Listing 5 shows the registry configuration after the process is finished.
Registry Configuration after the Join
01 [global] 02 workgroup = ADSVMW 03 security = ads 04 realm = ads.vmware.private
HP's annual Cyber Risk report offers a bleak look at the state of IT.
But what do the big numbers really mean?
.NET Core execution engine is the basis for cross-platform .NET implementations.
The Xnote trojan hides itself on the target system and will launch a variety of attacks on command.
Spammers go low-volume, and 90% of IE browsers are unpatched.
Adobe scrambles to release patches for vulnerable Flash Player.
Four-inch-long computer on a stick lets you boot a full Linux system from any HDMI display device.
New statute would require companies to report break-ins to consumers.
Weird data transfer technique avoids all standard security measures.
FIDO alliance declares the beginning of the end for old-style login authentication.