Exploring Samba's new registry-based configuration
net (rpc) registry
Samba's swiss army knife net basically has built-in command line versions of regedit: net registry to access the local registry and net rpc registry to access a remote registry over RPC. Although these tools are almost as clumsy as regedit, they do allow the administrator to produce more convenient custom tools with Unix shell scripts. Table 2 shows the available subcommands of net registry, and Listing 3 demonstrates an example of configuration tasks. The use of net rpc registry is completely analogous – you just call it as net -Uuser rpc registry … or even net -Uuser%password rpc registry … when it is too inconvenient to type the password at the prompt for each call.
Example net registry Session
01 # net registry 02 enumerate HKLM/software/samba/smbconf 03 Keyname = share1 04 Modtime = Thu, 01 Jan 1970 01:00:00 CET 05 06 Keyname = global 07 Modtime = Thu, 01 Jan 1970 01:00:00 CET 08 09 # net registry enumerate HKLM/software/samba/smbconf/global 10 Valuename = netbios name 11 Type = REG_SZ 12 Value = "nirvana" 13 14 Valuename = workgroup 15 Type = REG_SZ 16 Value = "samba" 17 18 Valuename = security 19 Type = REG_SZ 20 Value = "user" 21 22 # net registry setvalue HKLM/software/samba/smbconf/global "passdb backend" SZ tdbsam 23 # net registry enumerate HKLM/software/samba/smbconf/global 24 Valuename = netbios name 25 Type = REG_SZ 26 Value = "nirvana" 27 28 Valuename = workgroup 29 Type = REG_SZ 30 Value = "samba" 31 32 Valuename = security 33 Type = REG_SZ 34 Value = "user" 35 36 Valuename = passdb backend 37 Type = REG_SZ 38 Value = "tdbsam" 39 40 # net registry deletevalue HKLM/software/samba/smbconf/global security 41 # net registry enumerate HKLM/software/samba/smbconf/global 42 Valuename = netbios name 43 Type = REG_SZ 44 Value = "nirvana" 45 46 Valuename = workgroup 47 Type = REG_SZ 48 Value = "samba" 49 50 Valuename = passdb backend 51 Type = REG_SZ 52 Value = "tdbsam"
net registry is pretty chatty and clumsy for day-to-day administration tasks, so net now comes with a dedicated registry configuration interface offered by the new net conf command. Table 3 provides a summary of net conf options.
The net conf list command outputs the complete configuration in smb.conf format, whereas net conf import imports a smb.conf text file into the registry, dropping all previous data. This way, one can easily switch back and forth between registry- and text-based configuration if necessary (Listing 4).
Example net conf Session
01 # net conf list 02 # cat smb.conf.input 03 [global] 04 netbios name = nirvana 05 workgroup = samba 06 passdb backend = tdbsam 07 security = user 08 09 [share1] 10 path = /data/samba/shares/share1 11 read only = no 12 vfs objects = recycle 13 14 # net conf import smb.conf.input 15 # net conf list 16 [global] 17 netbios name = nirvana 18 workgroup = samba 19 passdb backend = tdbsam 20 security = user 21 22 [share1] 23 path = /data/samba/shares/share1 24 read only = no 25 vfs objects = recycle 26 27 # net conf setparm global "log level" 10 28 # net conf delparm global security 29 # net conf setincludes global /etc/samba/smb.conf.%I 30 # net conf setparm share2 path /data/samba/shares/share2 31 # net conf list 32 [global] 33 netbios name = nirvana 34 workgroup = samba 35 passdb backend = tdbsam 36 log level = 10 37 include = /etc/samba/smb.conf.%I 38 39 [share1] 40 path = /data/samba/shares/share1 41 read only = no 42 vfs objects = recycle 43 44 [share2] 45 path = /data/samba/shares/share2 46 47 # net conf drop 48 # net conf list 49 #
An abstraction layer called libsmbconf presents all necessary methods to access Samba's registry configuration from C code. net conf and the server use libsmbconf to access the registry. The Samba project site has more details on the API . libsmbconf is not published as a shared library because of linking dependencies to a lot of Samba internal code that is not yet properly chopped into shared libraries. Eventually the idea is to release libsmbconf so that it's easy to write third-party applications to configure Samba. A first example application called netdomjoin-gui is available with the Samba code. netdomjoin-gui is a Gtk program that joins your Samba into an active directory domain, modifying the registry configuration accordingly. It is modeled on the native Windows join dialog. The code is under lib/netapi/examples/netdomjoin-gui in Samba's source tree.
To compile the application, use make -C lib/netapi/examples; afterwards, you will find the binary in lib/netapi/examples/bin/netdomjoin-gui. Starting with a smb.conf file that contains config backend = registry and an empty registry configuration, the administrator calls netdomjoin-gui (Figure 3). Listing 5 shows the registry configuration after the process is finished.
Registry Configuration after the Join
01 [global] 02 workgroup = ADSVMW 03 security = ads 04 realm = ads.vmware.private
Read full article as PDF:
A new class of problems lets a malicious app pre-configure an invisible privilege update.
New Hack language adds static typing and other conveniences.
New crypto policy system will offer easier configuration and more uniform security.
Ubuntu founder denounces insecurity in proprietary, close-source software blobs.
Vulnerability affects many Linux web servers
Donors will get to vote on new features for the free video editor.
Debian project puts init out to pasture and says no to Ubuntu's Upstart.