Server Message Block

From Wikipedia, the free encyclopedia
In computer networking, Server Message Block (SMB), one version of which was als
o known as Common Internet File System (CIFS, /'s?fs/),[1][2] operates as an app
lication-layer network protocol[3] mainly used for providing shared access to fi
les, printers, and serial ports and miscellaneous communications between nodes o
n a network. It also provides an authenticated inter-process communication mecha
nism. Most usage of SMB involves computers running Microsoft Windows, where it w
as known as "Microsoft Windows Network" before the subsequent introduction of Ac
tive Directory. Corresponding Windows services are LAN Manager Server (for the s
erver component) and LAN Manager Workstation (for the client component).[4]
Contents [hide]
1 Features
2 History
2.1 SMB 2.0
2.2 SMB 2.1
2.3 SMB 3.0
2.4 SMB 3.0.2
2.5 SMB 3.1.1
3 Implementation
3.1 Client-server approach
3.2 Samba
3.3 NQ
3.4 MoSMB
3.5 Tuxera SMB
3.6 Performance issues
3.7 Microsoft's modifications
4 Security
5 Specifications
6 See also
7 References
8 External links
SMB can run on top of the Session (and lower) network layers in several ways:
Directly over TCP, port 445;[5]
Via the NetBIOS API, which in turn can run on several transports:[6]
On UDP ports 137, 138 & TCP ports 137, 139 (NetBIOS over TCP/IP);
On several legacy protocols such as NBF, IPX/SPX.
The SMB "Inter-Process Communication" (IPC) system provides named pipes and was
one of the first inter-process mechanisms commonly available to programmers that
provides a means for services to inherit the authentication carried out when a
client[clarification needed] first connected to an SMB server.[citation needed]
Some services that operate over named pipes, such as those which use Microsoft's
own implementation of DCE/RPC over SMB, known as MSRPC over SMB, also allow MSR
PC client programs to perform authentication, which overrides the authorization
provided by the SMB server, but only in the context of the MSRPC client program
that successfully makes the additional authentication.
SMB signing: Windows NT 4.0 Service Pack 3 and upwards have the capability to us
e cryptography to digitally sign SMB connections. The most common official term
is "SMB signing". Other terms that have been used officially are "[SMB] Security
Signatures", "SMB sequence numbers"[7] and "SMB Message Signing".[8] SMB signin
g may be configured individually for incoming SMB connections (handled by the "L
anManServer" service) and outgoing SMB connections (handled by the "LanManWorkst
ation" service). The default setting from Windows 98 and upwards is to opportuni
stically sign outgoing connections whenever the server also supports this. And t
o fall back to unsigned SMB if both partners allow this. The default setting for

with subsequent major revisions 2.0.[9] The feature can also be turned on for an y server running Windows NT 4. The Samba project originated with the aim of reverse engineering the SMB protoco l and implementing an SMB server to allow PC clients running the DEC Pathworks c lient to access files on SunOS machines. The soluti . Microsoft introduced SMB2 with Windows Vista in 2006.1. SMB was originally designed to run on top of the NetBIOS/NetBEUI API (typically implemented with NBF. hard links.[5] In 1996 when Sun Microsystems announced WebNFS.1. NetBIOS over IPX/SPX. NQETM is an Embedded implementat ion runs on various embedded devices such as routers. using TCP port 445 rather than TCP port 139 a fea ture known as "direct host SMB".. similar to the Session Message packet of NBT's Session Service.[10] The design of Server Message Block version 2 (SMB2) aims[citation needed] to mit igate this performance limitation by coalescing SMB signals into single packets. and Cloud Cachi ng devices for providing secure access to files across a network.0.[11] Microsoft h as made considerable modifications to the most commonly used version. 2.[11] and added more fea tures. Vx Works. Likewise was p urchased by EMC Isilon in 2012. Visuality Systems released the NQTM Storage a scalable SMB solution targeted to storage systems. Cloud Gateway. 3.0 Service Pack 3 or later.1 and NFS 3.?1992) and in later versions of Windows. and later improved on it i n Windows 7.0. and continued to add features to the protoc ol in Windows for Workgroups (c. This protects from man- in-the-middle attacks against the Clients retrieving their policies from domain controllers at login. and Android.2. etc. Microsoft submitted some partial specifications as Internet-Dra fts to the IETF. Sa mba became a popular free software implementation of a compatible SMB client and server to allow non-Windows operating systems. SMB serves as the basis for Microsoft's Distributed File System implementation.1.[12] Microsoft launched an initia tive to rename SMB to Common Internet File System (CIFS). The platform could be used for traditional NAS. Integrity to iOS. History[edit] Barry Feigenbaum originally designed SMB at IBM with the aim of turning DOS "Int errupt 33" (21h) local file access into a networked file system. Visuality Systems offers portable SMB[16] client and server implementations avai lable for embedded devices and Storage systems. and an initial attempt at supporting direct connections over TCP port 445 without re quiring NetBIOS as a transport (a largely experimental effort that required furt her refinement).0. Microsoft merged the SMB protocol with the LAN Manager product which it had started develo ping for OS/2 with 3Com around 1990.0 ) back in 2009 that provided a multiprotocol. 3. Windows domain controllers from Windows Server 2003 and upwards is to not allow fall back for incoming connections. printers to smar tphones. SMB run s. such as Unix-like operating syst ems. In March 2016.[15] Likewise developed a CIFS/SMB implementation (versions 1. identity-aware platform for networ k access to files used in OEM storage products built on Linux/Unix based devices . scanners. including support for symbolic links. 2. to interoperate with Windows. with a thin layer. SMB supports opportunistic locking a special type of locking-mechanism on files in o rder to improve performance. larger file sizes.[11][14] Because of the importance of th e SMB protocol in interacting with the widespread Microsoft Windows platform. on top of TCP. or NBT). by default. applied on any non-Windows platform from Linux. and 3. Since Windows 2000. set-top boxes.[13] though these submissions have expired.

originally designed by IBM. SMB2 uses 32 or 64-bit wi de storage fields. as a re typical in a wireless network. and later became part of a wide variety of non-Windows operating sys tems such as Xenix. SMB1 features many versions of information for commands (selecting what str ucture to return for a particular request) because features such as Unicode supp ort were retro-fitted at a later date. shares and open files pe r server among others.on meets market demands of any storage systems from a stand-alone server through a NAS up to a high-end cluster system. improved message signing with HMAC SHA-256 hashing algorithm an d better scalability by increasing the number of users. SMB2 code has considerably le ss complexity since far less variability exists (for example. SMB2 includes support for symbolic links.[18] Although the protocol is proprietary. html for historical detail. It adds the ability to compound multiple actions into a single request.[20] Windows Vista/Server 2008 and later operating systems use SMB2 when communicatin g with other machines also capable of using SMB2. as well various vendors' NAS solutions.[citation needed] It also introduces the notion of "durable file handles": these allow a connection to an SMB server to survive brief network outages. sending additional requests before the response to a previous request arrives.0[edit] Microsoft introduced a new version of the protocol (SMB 2.[23] This transition was fraught with compatibility problems t hough. thereby improving performance over high latency lin ks.0 protocol by reducing the number of commands and subcommands from over a hundred to just nineteen.[23] Ap . Microsoft's SMB1 code has to work with a large variety of SMB clients and serv ers. SMB1. thereby removing pr evious constraints on block sizes.5 also includes experimental support for SMB2.x introduced by Microsoft. without having to incur the overhead of re-neg otiating a new session. non-Unicode code p aths become redundant as SMB2 requires Unicode support). SMB 2. (See http://ubiqx. whic h significantly reduces the number of round-trips the client needs to make to th e server.[22] When SMB2 was introduced it brought a number of benefits over SMB1 for third par ty implementers of SMB protocols.9. it also had draft IETF standards which lapsed. limits the maximum block size to 64K. Ryussi Technologies has developed a highly scalable SMB3[17] stack (proprietary) called MoSMB on Linux targeted for advanced NAS solutions incorporating all the a dvanced features of SMB 3. X/Open standardized it partially. now legac y) with OS X 10. OS/2 and VMS (Pathworks). when Apple abandoned Samba in favor of its own SMB implementation called SMBX. SMB1 continues in use for conn ections with older versions of Windows.7.0 or SMB2) with Window s Vista in 2006.) SMB2 is also a relatively clean break with the past .6 fully suppo rts SMB2. except the modification of user quotas using the Windows quota managem ent Other improvements include caching of file properties.[24][25] Non-default support for SMB2 appeared in fact in OS X 10.[20] The SMB1 protocol uses 16-bit data sizes. that is.[19] SMB2 reduces the 'chattiness' of the SMB 1. improving performance as a result. was reverse engineered.[20] It has mechan isms for pipelining.[21] Samba 3. which among st other things. Apple is also migrating to SMB2 (from their own Apple Filing Protocol. but Microsoft clients rarely use AndX. which improves performance with large file tr ansfers over fast networks. and 128 bits in the case of file-handles. Samba 3. its specification has been published to allow other systems to interoperate with Microsoft operating systems that use the new protocol.[20] SMB1 also has a compounding mec hanism known as AndX to compound multiple actions. SMB2 involves significantly reduced compa tibility-testing for implementers of the protocol.

However. introduced minor performa nce enhancements with a new opportunistic locking mechanism. the SMB file-server aspect would count for litt le without the NT domains suite of protocols.0[edit] SMB 3.[2 8] SMB 2.1[edit] SMB 2. such as end-to-end encryption and a new AES based signing algorithm.2[edit] SMB 3.1.0 (previously named SMB 2.0. Samba[edit] Main article: Samba (software) Ambox current red. SMB servers make their file systems and other resources available to clients on the network.1 was introduced with Windows 10 and Windows Server 2016.[40][15] SMB 3. ofte n to exchange data between computers that have been authenticated. SM B 3. such that clients may make requests to a file server. where a client makes specific reques ts and the server responds accordingly.2 the earlier SMB version 1 can be optional ly disabled to increase security.1. One section of the SMB protocol specific ally deals with access to filesystems.1.[32][33] SMB Transparent Failover[34][35] It also introduces several security enhancements.1[edit] SMB 3. and implements pre-authentication integrity check using SHA-512 hash.2 (known as 3. and in this primary functionality SMB has become best-known and most heavily used.1 and W indows Server 2012 R2[38][39] In 3.svg .2)[30] was introduced with Windows 8[30] and Win dows Server 2012. This virtual share is used to facilitate communication between processes and computers over SMB. Implementation[edit] Client-server approach[edit] SMB works through a client-server approach.[36] [37] SMB 3.[41] This versi on supports AES 128 GCM encryption in addition to AES 128 CCM encryption added i n SMB3. Developers have optimized the SMB protocol for local subnet usage. Almost all implementations of SMB servers us e NT Domain authentication to validate user-access to resources. but some other sections of the SMB protocol specialize in inter-pro cess communication (IPC). introduced with Windows 7 and Server 2008 R2. is a network share on computers running Microsoft Windows.ple switched to its own SMBX implementation after Samba adopted GPLv3.1. which provide NT-style domain-base d authentication at the very least.[29] SMB 3. Client computers may want access to the shared file systems and pri nters on the server.7.x and higher.0.[31] notably in virtualized dat a centers: the SMB Direct Protocol (SMB over remote direct memory access (RDMA)) SMB Multichannel (multiple connections per SMB session).[30] It brought several significant changes that are intended t o add functionality and improve SMB2 performance. The Inter-Process Communication (IPC) share.02 at the time) has been introduced with Windows 8.0. or ipc$. but users hav e also put SMB to work to access different subnets across the Internet exploits in volving file-sharing or print-sharing in MS Windows environments usually focus o n such usage.1 also makes secure negotiation mandatory when connecting to clients using SMB 2.[26][27] The Linux kernel's CIFS client file system has SMB2 support since version 3.

Please update this article to reflect recent e vents or newly available information.[43] NQ[edit] NQ is portable SMB client and server implemen .0 server domain. (April 2016) Andrew Tridgell started the development of Samba. either as a Primary Domain Controller (PDC) or as a domain member.[42] Note in relation to Samba the use of the Linux cifs-utils package.This section needs to be updated. at Windows 2008 domain an d forest functional levels. in 1991. As of ve rsion 3 (2003). Samba4 installations can act as a n Active Directory domain controller or member server. a free-software re-implementat ion of the SMB/CIFS networking protocol for Unix-like systems. Samba provides file and print services for Microsoft Windows cli ents and can integrate with a Windows NT 4.