Server Message Block (SMB) is acommunication protocol[1] used to share files,printers,serial ports, and miscellaneous communications betweennodes on anetwork. OnWindows, the SMB implementation consists of two vaguely namedWindows services: "Server" (ID:LanmanServer) and "Workstation" (ID:LanmanWorkstation).[2] It usesNTLM orKerberos protocols for user authentication. It also provides an authenticatedinter-process communication (IPC) mechanism.
SMB was originally developed in 1983 by Barry A. Feigenbaum at IBM[3] toshare access tofiles andprinters across a network of systems runningIBM PC DOS. In 1987,Microsoft and3Com implemented SMB inLAN Manager forOS/2, at which time SMB used theNetBIOS service atop theNetBIOS Frames protocol as its underlying transport. Later, Microsoft implemented SMB inWindows NT 3.1 and has been updating it ever since, adapting it to work with newer underlying transports:TCP/IP andNetBT. SMB overQUIC was introduced inWindows Server 2022.
In 1996, Microsoft published a version of SMB 1.0[4] with minor modifications under theCommon Internet File System (CIFS/sɪfs/) moniker. CIFS was compatible with even the earliest incarnation of SMB, includingLAN Manager's.[4] It supports symbolic links, hard links, and larger file size, but none of the features of SMB 2.0 and later.[4][5] Microsoft's proposal, however, remained anInternet Draft and never achieved standard status.[6] Microsoft has since discontinued the CIFS moniker but continues developing SMB and publishing subsequent specifications.Samba is afree software reimplementation of the SMB protocol and the Microsoft extensions to it.
Server Message Block (SMB) enablesfile sharing,printer sharing, network browsing, andinter-process communication (throughnamed pipes) over acomputer network. SMB serves as the basis for Microsoft'sDistributed File System implementation.
SMB relies on theTCP andIP protocols for transport. This combination allows file sharing overcomplex, interconnected networks, including the public Internet. The SMBserver component usesTCPport 445. SMB originally operated onNetBIOS overIEEE 802.2 -NetBIOS Frames or NBF - and overIPX/SPX, and later onNetBIOS over TCP/IP (NetBT), but Microsoft has sincedeprecated these protocols. On NetBT, the server component uses three TCP orUDP ports: 137 (NETBIOS Name Service), 138 (NETBIOS Datagram Service), and 139 (NETBIOS Session Service).
In Microsoft Windows, twoWindows services implement SMB. The "Server" service (ID:LanmanServer) is in charge of servingshared resources. The "Workstation" service (ID:LanmanWorkstation) maintains the computer name and helps access shared resources on other computers.[2] SMB uses theKerberos protocol to authenticate users againstActive Directory onWindows domain networks. On simpler, peer-to-peer networks, SMB uses theNTLM protocol.
Windows NT 4.0 SP3 and later candigitally sign SMB messages to prevent someman-in-the-middle attacks.[7][8][9] SMB signing may be configured individually for incoming SMB connections (by the "LanmanServer" service) and outgoing SMB connections (by the "LanmanWorkstation" service). The default setting for Windowsdomain controllers runningWindows Server 2003 and later is to not allow unsigned incoming connections.[10] As such, earlier versions of Windows that do not support SMB signing from the get-go (includingWindows 9x) cannot connect to a Windows Server 2003 domain controller.[8]
SMB supports opportunistic locking (see below) on files in order to improve performance. Opportunistic locking support has changed with each Windows Server release.
In the SMB protocol, opportunistic locking is a mechanism designed to improve performance by controllingcaching of network files by the client.[11] Unlike traditionallocks, opportunistic lock (OpLocks) are not strictlyfile locking or used to provide mutual exclusion.
There are four types of opportunistic locks.
The use of the SMB protocol has often correlated with a significant increase inbroadcast traffic on a network. However the SMB itself does not use broadcasts—the broadcast problems commonly associated with SMB actually originate with theNetBIOS service location protocol.[clarification needed] By default, aMicrosoft Windows NT 4.0 server used NetBIOS to advertise and locate services. NetBIOS functions by broadcasting services available on a particular host at regular intervals. While this usually makes for an acceptable default in a network with a smaller number of hosts, increased broadcast traffic can cause problems as the number of hosts on the network increases. The implementation of name resolution infrastructure in the form ofWindows Internet Naming Service (WINS) orDomain Name System (DNS) resolves this problem. WINS was a proprietary implementation used with Windows NT 4.0 networks, but brought about its own issues and complexities in the design and maintenance of a Microsoft network.
Since the release of Windows 2000, the use of WINS for name resolution has been deprecated by Microsoft, with hierarchicalDynamic DNS now configured as the default name resolution protocol for all Windows operating systems. Resolution of (short) NetBIOS names by DNS requires that a DNS client expand short names, usually by appending a connection-specific DNS suffix to its DNS lookup queries. WINS can still be configured on clients as a secondary name resolution protocol for interoperability with legacy Windows environments and applications. Further, Microsoft DNS servers can forward name resolution requests to legacy WINS servers in order to support name resolution integration with legacy (pre-Windows 2000) environments that do not support DNS.
Network designers have found thatlatency has a significant impact on the performance of the SMB 1.0 protocol, that it performs more poorly than other protocols likeFTP. Monitoring reveals a high degree of "chattiness" and a disregard of network latency between hosts.[13] For example, aVPN connection over theInternet will often introduce network latency. Microsoft has explained that performance issues come about primarily because SMB 1.0 is a block-level rather than astreaming protocol, that was originally designed for smallLANs; it has a block size that is limited to 64K, SMB signing creates an additional overhead and theTCP window size is not optimized for WAN links.[14] Solutions to this problem include the updated SMB 2.0 protocol,[15]Offline Files,TCP window scaling andWAN optimization devices from various network vendors that cache and optimize SMB 1.0[16] and 2.0.[17]
Barry Feigenbaum originally designed SMB atIBM in early 1983 with the aim of turningDOSINT 21h local file access into a networked file system.[3]Microsoft made considerable modifications to the most commonly used version and included SMB support in theLAN Manager operating system it had started developing forOS/2 with3Com around 1990.[18][19][20] Microsoft continued to add features to the protocol inWindows for Workgroups (c. 1992) and in later versions of Windows. LAN Manager authentication was implemented based on the original legacy SMB specification's requirement to use IBM "LAN Manager" passwords, but implementedDES in aflawed manner that allowed passwords to be cracked.[21] Later,Kerberos authentication was also added. TheWindows domain logon protocols initially used40-bit encryption outside of theUnited States, because of export restrictions on stronger 128-bit encryption[22] (subsequently lifted in 1996 when PresidentBill Clinton signedExecutive Order 13026[23]).
SMB 1.0 (or SMB1) was originally designed to run onNetBIOS Frames (NetBIOS overIEEE 802.2). Since then, it has been adapted to NetBIOS overIPX/SPX (NBX), andNetBIOS over TCP/IP (NetBT). Also, sinceWindows 2000, SMB runs onTCP using TCP port 445, a feature known as "direct host SMB".[24] There is still a thin layer (similar to the Session Message packet of NetBT's Session Service) between SMB and TCP.[24] Windows Server 2003, and legacyNAS devices use SMB1 natively.
SMB1 is an extremely chatty protocol, which is not such an issue on alocal area network (LAN) with low latency. It becomes very slow onwide area networks (WAN) as the back and forth handshake of the protocol magnifies the inherent high latency of such a network. Later versions of the protocol reduced the high number of handshake exchanges. One approach to mitigating the inefficiencies in the protocol is to useWAN optimization products such as those provided byRiverbed,Silver Peak, orCisco. A better approach is to upgrade to a later version of SMB. This includes upgrading both NAS devices as well as Windows Server 2003. The most effective method to identify SMB1 traffic is with a network analyzer tool, such asWireshark. Microsoft also provides an auditing tool inWindows Server 2016 to track down devices that use SMB1.[25]
Microsoft marked SMB1 asdeprecated in June 2013.[26] Windows Server 2016 andWindows 10 version 1709 do not have SMB1 installed by default.[27]
In 1996, when Sun Microsystems announcedWebNFS,[28] Microsoft launched an initiative to rename SMB to Common Internet File System (CIFS)[3] and added more features, including support forsymbolic links,hard links, larger file sizes, and an initial attempt at supporting direct connections over TCP port 445 without requiringNetBIOS as a transport (a largely experimental effort that required further refinement). Microsoft submitted some partial specifications asInternet Drafts to theIETF.[6] These submissions have since expired.
Microsoft introduced a new version of the protocol (SMB 2.0 or SMB2) in 2006 withWindows Vista andWindows Server 2008.[29] Although the protocol is proprietary, its specification has been published to allow other systems to interoperate with Microsoft operating systems that use the new protocol.[30]
SMB2 reduces the 'chattiness' of the SMB 1.0 protocol by reducing the number of commands and subcommands from over a hundred to just nineteen.[13] It has mechanisms forpipelining, that is, sending additional requests before the response to a previous request arrives, thereby improving performance over high-latency links. It adds the ability to compound multiple actions into a single request, which significantly reduces the number ofround-trips the client needs to make to the server, improving performance as a result.[13] SMB1 also has a compounding mechanism—known as AndX—to compound multiple actions, but Microsoft clients rarely use AndX.[citation needed] It also introduces the notion of "durable file handles": these allow a connection to an SMB server to survive brief network outages, as are typical in a wireless network, without having to incur the overhead of re-negotiating a new session.
SMB2 includes support forsymbolic links. Other improvements include caching of file properties, improved message signing withHMACSHA-256 hashing algorithm and better scalability by increasing the number of users, shares and open files per server among others.[13] The SMB1 protocol uses 16-bit data sizes, which amongst other things, limits the maximum block size to 64K. SMB2 uses 32- or 64-bit wide storage fields, and 128 bits in the case offile-handles, thereby removing previous constraints on block sizes, which improves performance with large file transfers over fast networks.[13]
Windows Vista/Server 2008 and later operating systems use SMB2 when communicating with other machines also capable of using SMB2. SMB1 continues in use for connections with older versions of Windows, as well various vendors'NAS solutions. Samba 3.5 also includes experimental support for SMB2.[31] Samba 3.6 fully supports SMB2, except the modification of user quotas using the Windows quota management tools.[32]
When SMB2 was introduced it brought a number of benefits over SMB1 for third party implementers of SMB protocols. SMB1, originally designed byIBM, wasreverse engineered, and later became part of a wide variety of non-Windows operating systems such asXenix,OS/2 andVMS (Pathworks).X/Open standardized it partially; Microsoft had submitted Internet-Drafts describing SMB2 to theIETF, partly in response to formal IETF standardization of version 4 of theNetwork File System in December 2000 as IETF RFC 3010;[33] however, those SMB-related Internet-Drafts expired without achieving any IETF standards-track approval or any other IETF endorsement. (Seehttp://ubiqx.org/cifs/Intro.html for historical detail.) SMB2 is also a relatively clean break with the past. Microsoft's SMB1 code has to work with a large variety of SMB clients and servers. SMB1 features many versions of information for commands (selecting what structure to return for a particular request) because features such asUnicode support were retro-fitted at a later date. SMB2 involves significantly reduced compatibility-testing for implementers of the protocol. SMB2 code has considerably less complexity since far less variability exists (for example, non-Unicode code paths become redundant as SMB2 requires Unicode support).
Apple migrated to SMB2 (from their ownApple Filing Protocol, now legacy) starting withOS X 10.9 "Mavericks".[34] This transition was fraught with compatibility problems though.[35][36] Non-default support for SMB2 appeared in fact in OS X 10.7, when Apple abandoned Samba in favor of its own SMB implementation called SMBX[34] after Samba adoptedGPLv3.[37][38]
TheLinux kernel's CIFS client file system has SMB2 support since version 3.7.[39]
SMB 2.1, introduced with Windows 7 and Server 2008 R2, introduced minor performance enhancements with a new opportunistic locking mechanism.[40]
SMB 3.0 (previously named SMB 2.2)[41] was introduced withWindows 8[41] andWindows Server 2012.[41] It brought several significant changes that are intended to add functionality and improve SMB2 performance,[42] notably in virtualizeddata centers:
It also introduces several security enhancements, such asend-to-end encryption and a newAES based signing algorithm.[47][48]
SMB 3.0.2 (known as 3.02 at the time) was introduced with Windows 8.1 and Windows Server 2012 R2;[49][50] in those and later releases, the earlier SMB version 1 can be optionally disabled to increase security.[51][52]
SMB 3.1.1 was introduced withWindows 10 andWindows Server 2016.[53] This version supportsAES-128GCM encryption in addition to AES-128CCM encryption added in SMB3, and implements pre-authentication integrity check usingSHA-512 hash. SMB 3.1.1 also makes secure negotiation mandatory when connecting to clients using SMB versions that support it.[54]
The specifications for the SMB are proprietary and were initially closed, thereby forcing other vendors and projects to reverse-engineer the protocol to interoperate with it. The SMB 1.0 protocol was eventually published some time after it was reverse engineered, whereas the SMB 2.0 protocol was made available from Microsoft's Open Specifications Developer Center from the outset.[55]
 | This section needs to beupdated. Please help update this article to reflect recent events or newly available information.(April 2016) |
In 1991,Andrew Tridgell started the development of Samba, afree-software re-implementation (usingreverse engineering) of the SMB/CIFS networking protocol forUnix-like systems, initially to implement an SMB server to allow PC clients running theDECPathworks client to access files onSunOS machines.[3][56] Because of the importance of the SMB protocol in interacting with the widespreadMicrosoft Windows platform, Samba became a popularfree software implementation of a compatible SMB client and server to allow non-Windows operating systems, such asUnix-like operating systems, to interoperate with Windows.
As of version 3 (2003), Samba provides file and print services for Microsoft Windows clients and can integrate with aWindows NT 4.0 server domain, either as aPrimary Domain Controller (PDC) or as a domain member. Samba4 installations can act as anActive Directory domain controller or member server, at Windows 2008 domain andforest functional levels.[57]
Package managers in Linux distributions can search for thecifs-utils package. The package is from the Samba maintainers.
NSMB (Netsmb and SMBFS) is a family of in-kernel SMB client implementations in BSD operating systems. It was first contributed toFreeBSD 4.4 by Boris Popov, and is now found in a wide range of other BSD systems includingNetBSD andmacOS.[58] The implementations have diverged significantly ever since.[59]
The macOS version of NSMB is notable for its now-common scheme of representing symlinks. This "Minshall-French" format shows symlinks as textual files with a.symlink extension and aXsym\n magic number, always 1067 bytes long. This format is also used for storing symlinks on native SMB servers or unsupported filesystems. Samba supports this format with anmfsymlink option.[60] Docker on Windows also seems to use it.[citation needed]
NQ is a family of portable SMB client and server implementations developed byVisuality Systems, an Israel-based company established in 1998 by Sam Widerman, formerly the CEO ofSiemens Data Communications. The NQ family comprises an embedded SMB stack (written in C), a Pure Java SMB Client, and a storage SMB Server implementation. All solutions support the latest SMB 3.1.1 dialect.NQ for Linux,NQ for WinCE, iOS, Android, VxWorks and other real-time operating systems are all supported by the configurable NQ solution.
MoSMB is a user space SMB implementation for Linux. It supports SMB 2.x and SMB 3.x. Key features include Cloud-scale Active-Active Scale-out Clusters, SMB Direct (RDMA), SMB Multichannel, Transparent Failover and Continuous Availability. MoSMB also supportsAmazon S3 object storage as storage backend in addition to POSIX file systems such asext4,ZFS,Lustre,Ceph, etc.[61]
Fusion File Share by Tuxera is a proprietary SMB server implementation developed byTuxera that can be run either in kernel oruser space.[62] It supports SMB 3.1.1 and all previous versions, additionally advanced SMB features like continuous availability (persistent handles) scale-out,RDMA (SMB Direct), SMB multichannel, transparent compression,shadow copy.
Likewise developed a CIFS/SMB implementation (versions 1.0, 2.0, 2.1 and SMB 3.0) in 2009 that provided a multiprotocol, identity-aware platform for network access to files used inOEM storage products built on Linux/Unix based devices. The platform could be used for traditional NAS, Cloud Gateway, and Cloud Caching devices for providing secure access to files across a network. Likewise was purchased byEMC Isilon in 2012.
KSMBD is an open source in-kernel CIFS/SMB server implementation for the Linux kernel. Compared to user-space implementations, it provides better performance and makes it easier to implement some features such as SMB Direct. It supports SMB 3.1.1 and previous versions.
Over the years, there have been many security vulnerabilities in Microsoft's implementation of the protocol or components on which it directly relies.[63][64] Other vendors' security vulnerabilities lie primarily in a lack of support for newerauthentication protocols likeNTLMv2 andKerberos in favor of protocols like NTLMv1,LanMan, orplaintext passwords. Real-time attack tracking[65] shows that SMB is one of the primary attack vectors for intrusion attempts,[66] for example the2014 Sony Pictures attack,[67] and theWannaCry ransomware attack of 2017.[68] In 2020, two SMB high-severity vulnerabilities were disclosed and dubbed asSMBGhost (CVE-2020-0796) andSMBleed (CVE-2020-1206), which when chained together can provideRCE (Remote Code Execution) privilege to the attacker.[69]
This article addresses [...] Server Message Block (SMB) message signing.
This security mechanism in the SMB protocol helps avoid issues like tampering of packets and "man in the middle" attacks. [...] SMB signing is available in all currently supported versions of Windows, but it's only enabled by default on Domain Controllers. This is recommended for Domain Controllers because SMB is the protocol used by clients to download Group Policy information. SMB signing provides a way to ensure that the client is receiving genuine Group Policy.
By default, SMB signing is required for incoming SMB sessions on Windows Server 2003-based domain controllers.
nsmb.conf(5) – FreeBSD File FormatsManual.