Implementing CIFS

Bombcar writes "Anyone who has used Microsoft products in the last ten years has used the SMB protocol (now known as CIFS). Some have become experts in the usage of Windows file sharing, Samba, and more. We know that there can be a 15 minute delay before new machines appear in 'Network Neighborhood'. We've read the Official Samba 3 book, and follow the Samba mailing list once in a while, perhaps even answering questions. But there is a limit to the knowledge given by these sources." Read on for Bombcar's review of Implementing CIFS from Prentice Hall. Implementing CIFS author Christopher R. Hertel pages 642 publisher Prentice Hall rating 8 of 10 reviewer Tom Dickson ISBN 013047116X summary In-depth (but not too deep) coverage of the CIFS/SMB protocol

It is one thing to be able to use Samba, Windows, and the Common Internet File System (CIFS) protocol. It is another thing entirely to understand CIFS with sufficient depth to begin coding using it. This is where Christopher Hertel's Implementing CIFS begins.

This thick book (over 600 pages) begins with a history of NetBIOS in the DOS era. It quickly progresses to NetBIOS over TCP/IP (which evolved into the current CIFS protocol). Hertel documents the beginnings of quirks that will last throughout the life of the protocol. There is an RFC that was proposed in 1987, but many vendors have added extensions to this. (It might surprise you to learn that Samba has added extensions, which are covered in Chapter 24).

After the basic overview, he quickly dives into real coding of an actual (though simple) implementation. This will be his style for the rest of the book (except for humorous asides now and then). An aspect of the protocol, such as Name Resolution, will be explained in some detail, and then expounded in actual code (and in a few cases pseudocode).

The detail is good but not overwhelming. Some people (with names like Jerry Carter or Andrew Tridgell) will want more depth than this book provides, but for with a protocol as varied as CIFS, choices have to be made. As the Samba website mentions, this book is written in "Geekish." The book covers aspects of older and newer SMB/CIFS implementations, including a description of the NTLM2 challenge/auth system.

One thing that should be noted is that the code examples work, but as the author points out, they usually have little or no error handling. This is common to many books, but it is something to remember.

Now, should you get this book? If you're just a user, you probably don't need it. But if you've ever wished you could understand the Samba technical mailing list, or wanted to know why it takes up to 15 minutes to see a new machine, then you'll enjoy this book. If you want to utilize CIFS in any manner (even if just implementing Samba for clients), I'd highly recommend reading this. It will help you to understand what is going on on your network, even if you're not writing the code yourself. And if you want to be a Samba coder, it is required reading.

What didn't I like? I first read the book in an airport, and found that it relies heavily on having access to a computer. I would have preferred more explanations of code fragments than was given. However, this is a minor issue; most people who are implementing CIFS will be using a computer! I was also left with a desire for more information, but the large Appendix D along with many sources recommended provide for further study.

As a bonus, Appendix A tells you how to make a good cup of Earl Grey tea! That alone to some would be worth the price of admission.

You can purchase Implementing CIFS from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

But who likes CIFS?

[bbsguru]

I know this is a difficult topic, but...Can't we just let CIFS to die, already?Alright, barring that, this really is a useful book. I wish I hadn't already learned it in the usual too-much-caffeine-for-rational-thought method.

Re:But who likes CIFS?

[smharr4]

It's all very well saying 'let it die', but just what would you replace it with?

Re:But who likes CIFS?

[El]

Can't we just let CIFS to die, already? As long as people are still running Windows and Windows is still using CIFS, it will be necessary to support CIFS for Windows interoperability. No argument from me that it is a horrible protocol for file sharing; but then NFS isn't much better.

Re:But who likes CIFS?

[azzy]

Easy, with the Posh Internet File System

Re:But who likes CIFS?

[smharr4]

Exactly the point I was trying to make above.

As much as the slashdot crowd would probably hate to admit that Microsoft got something right, SMB/CIFS is the 'killer app' for sharing files and printers over a LAN.

If there's another application that does the same job as SMB/CIFS and is:

• Free
• easy to use client
• easy to configure server
• multiplatform - Windows, OS X, varying strains of Unix, and linux

then bring it on. Until then, we're stuck with CIFS.

Re:But who likes CIFS?

[Kethinov]

Replace it with nfs unix file sharing maybe? Oh I forgot. We're talking about Windows here. God forbid Microsoft should support nfs. It's not as if it's better than smb or anything and it's not as if Mac and the rest of the Unix world already support it

Re:But who likes CIFS?

NFS is cool so long as you don't need passwords or authentication on your network resources. For other people that might be a little issue.

Re:But who likes CIFS?

[Laur]

Replace it with nfs unix file sharing maybe? Oh I forgot. We're talking about Windows here. God forbid Microsoft should support nfs.

Download Windows Services for UNIX for free from Microsoft, it contains a NFS client and server. I use this on my home network, no more Samba and its confusing config file (even with SWAT it is a nightmare). You can even choose to just install the nfs services and continue to use Cygwin for the rest of your Unix-on-Windows goodness.

Re:But who likes CIFS?

[cscx]

NFS is the caveman of network file systems. Sorry, we've moved a bit beyond that, it's not 1994 anymore.

Linus Torvalds himself said "Linux's NFS 'sucks rocks.'"

It's not as if it's better than smb or anything

Wow, you're right on the money!

Re:But who likes CIFS?

[MCZapf]

NFSv4 looks promising to me. Of coure, that's what I thought two years ago as well. In any case, the goal for NFSv4 seems to be to take the best of NFS and AFS (and probably some other systems) and combine them.

Re:But who likes CIFS?

[caluml]

I hate NFS. You have to have the same user ID on all boxes, and have the same group IDs on all the boxes. Pfffft. Far too much trouble. Samba - well, if you log in to Samba as foobar, then your smbd process runs as foobar, and hence has all the right IDs and group memberships that foobar has on the box running smbd. Samba has got tonnes of options. Bah. NFS? Do away with it, I say

Re:But who likes CIFS?

[strobert]

uh, actually Microsoft does support NFS, both client and server. see their services for unix. I think this is the correct URL:

http://www.microsoft.com/windows/sfu

It has sounded very promising. Still on the look into list (I am actually more going to be using the auth sharing features to have our unix boxes publish password changes to AD).

I will say I'm not the biggest NFS fan -- mainly becuase of portmap (for some of the reasons, see Steven TCP/IP Illustrated Vol I comments in the dicussion on NFS) -- but to say you can't get NFS support under windows is not accurate.

Samba in Linux vs Windows

[mauriatm]

Maybe a bit offtopic, but on my network I notice that Windows machines in the Network Neighborhood are slower to access than samba shares on linux machines. Go figure.

Re:Samba in Linux vs Windows

[pilgrim23]

In my mixed platform (PC Mac, and more) network with PCMacLAN loaded, and Appletalk turned on for the PCs, I have found accessing a share and copying files to be far faster using that ancient protocol, even from Windows to Windows.

O'Reilly Safari

[Erik_]

And best of all it's available on O'Reilly's Safari service.

Network Neighborhood

[frenetic3]

I've always wondered why on some machines it takes so damn long to browse the network on everything from 95 to XP -- most of the time I simply whimper and mumble incoherently waiting for it to eventually finish, but have never been able to diagnose the problem. Over the 'net it's even more agonizingly slow -- minute-long delays when pings are 30ms or less.

The post suggests that this book tells the answer, but do any enlightened here know some typical causes of the ridiculously poor performance?

-fren

Re:Network Neighborhood

[Bombcar]

The usual cause is badly synced browse lists.

If you add a samba server and tell it to run WINS (with wins=yes), and then tell EVERY windows machine that the wins server is at (IP address of Samba Server), things usually speed up considerably.

Also, there is (I believe), a C:\winnt\system32\drivers\etc\lmhosts file that works as a hosts file for WINS).

Re:Network Neighborhood

[Vlad_the_Inhaler]

Win2K only supports WINS in some 'compatability mode', don't know if XP supports it at all.

WINS is dying.

Re:Network Neighborhood

[droid_rage]

Not true. 2k and XP both fully support WINS. It's generally configured in the DHCP scope, but it can be explicitly defined on the client.
MS is trying to kill it off, but since 9x and NT boxes don't understand DNS for anything but internet name resolution, its demise is still a long way off.

Re:Network Neighborhood

Its hardly dying, in fact WINS is still very much alive and well in many Win2k networks. Those who don't use it get to enjoy wondering why nobody can see anything in network neighborhood and can lots of problems. That whole "WINS is dead" crap went out the window a few months after Windows 2000 came out.

With 2k/2003 MS took a HUGE step back in networking. In a technical sense AD in better in every single way. But in terms of ditching old things like WINS its a total failure. Back in the old days networking 98 to NT was moron proof. Try connecting a 98 to XP box some time.

Anyway based the fact that you didn't know that XP supports WINS I'll just assume your not an admin, but ask anyone who actually is a admin and works with Windows 2000 any they'll tell you WINS is far from dead.

Re:Network Neighborhood

[Bombcar]

In fact, that's why many times a Samba server added to the mix can help things. The samba server can act as an intermediary between the Win2k machines configured to speak DNS only, and the 98 machines that are howling for WINS information.

WINS is only really dead in an all Win2k enviroment, and then only if you turn it off.

Most implementations will be in written in C...

[tcopeland]

...but is there any reason why a CIFS client (or server) couldn't be written in a higher level language like Ruby?

Obviously there'd be a speed hit, but it seems like it'd be a lot faster to develop in, and time-critical bits could be written in C and accessed via Ruby/DL or whatever.

Ditto for Python, of course... same sort of advantages/issues.

Re:Most implementations will be in written in C...

[110010001000]

For what purpose? Ruby is an esoteric language that hardly anyone uses and less people will use as the years goes on. This means that the code base will be unmaintainable.

Now Java or C# is a real option. Microsofts next implementation will be written in C# as a matter of fact.

Re:Most implementations will be in written in C...

[110010001000]

Well my assertions are based in fact. Do a poll of every software developer or programmer you know and ask them if they have ever written or seen a program written in Ruby. Then ask them if they have seen or written one five years (or three years) ago.

The same principles apply to Eiffel, et al.

Re:Most implementations will be in written in C...

[Malc]

It seems to me that the bottleneck will be the network, not the application code. What's an extra fraction of a ms making a call in a high level language instead of C when the round trip time on the wire could one or two orders of magnitude longer?

Not Andrew Tridgell

This guy isn't Andrew Tridgell.

He put on a pretense of being some other authoritatian figure ("John Nagle") in some other article (and got modded into oblivion there)

http://slashdot.org/comments.pl?sid=91307&cid=7861 607

Knock him down.

My Take

[110010001000]

This book is simply the best reference available for CIFS. I only say that because I have spent $$$ getting everything on the subject I can. With the recent changes in Microsoft licensing every sensible IT professional should be exploring alternatives. A SAMBA server is a great alternative. This book is all you need to go from knowing next to nothing to knowing enough to impress your geeky Network Admin friends.

This book is well written, clear and expansive. I didn't read it cover to cover (not at first anyway) I found pieces I needed, applied it, digested it, reviewed it and then went on to the next morsel I needed. If I missed something it was easy to find. By the way, it works with Win2K and WinXP neither of which is well documented by anyone anywhere.

Book is open source as well

The full text of the book is available online as well; I don't want to slashdot the site, but google for "implementing cifs".

MacOSX Samba

[selderrr]

what never ceases to amaze me is that my 400Mhz iMac can pull files faster from my AMD 1800xp than my P4@3GHz can...

Both PCs run XP pro, the iMac runs panther. Go figure.

As far as those 15 minutes concern, I got one solution for ya : rende-vous/zeroconf. Since iTunes/win can find macs using this protocol, a win port is allready done, so we can only hope MS sees the light and uses it for network scanning one day.

Re:MacOSX Samba

[tupps]

Actually Apple gives away (BSD Style license) a code sample for implementing rendevous services. That should mean that anyone can/should implement rendevous if they need network discovery.

Code examples?

[gpinzone]

Could someone please explain what kind of code examples the book covers? I thought the whole point of modern OSes was to "abstract" everything for the user, including the method of networking.

Re:Code examples?

[Bombcar]

The examples are of internal CIFS functions. As I said, if you just want to use CIFS, you may not need this book. This is if you want to write code that directly plays on a network using the CIFS protocol.

jCIFS is one example, Samba is another.

One code example is getting a browse list from another networked machine.

overgeneralisation

[tverbeek]

Anyone who has used Microsoft products in the last ten years has used the SMB protocol (now known as CIFS)

Except for the people whose Windows boxes weren't hooked up to a network, or who instead used Netware for file/print sharing, or whose only loaded network components were TCP/IP and the adapter device. And even though it's installed by default, that doesn't mean everybody who failed to deinstall it actually used it.

This book is under an Open Source license

[Bruce+Perens]

Like all books in Bruce Perens Open Source Series, this book is under an Open Source license.

• Download the unencrypted PDF.
• Download the Docbook XML source for the book.
• Download the figures.

Thanks

Bruce

Re:This book is under an Open Source license

[110010001000]

Now here is a guy I can respect. One who believes in the Open Source spirit enough to actually make the content of a book available for free. Kudos to Bruce for not being a hypocrite like so many of the Open Source "community".

It would be interesting to hear about how well the books sell after being made freely available on the net. My guess is not very well, but I am a fervent anti-open source guy. Please let us know.

Thanks

Re:This book is under an Open Source license

[Bruce+Perens]

Thanks. There are 10 books in the series now, all treated the same as this one - online source and PDF, Open Source license. As far as I can tell, all have at least broken even, and most have made money.

But the fact is that technical book authors are generally writing for some other reason than to get direct income from the book. Most do it for the intangibles - promotion of their own careers or projects they support, etc.

What I like about this series is that the books need never die, since anyone can edit and print them. They don't get into that state where the publisher sells a few hundred copies a year on order and doesn't revert the rights to the author for years. Authors hate that.

But we are careful with timing. We make sure the "pipeline" between the publisher and bookstores is full before the electronic copy is available. So, clone publishers don't have much incentive, as the stores have already filled their orders.

I have to admit that this would not work as well if people liked to curl up with e-books. If that day ever comes, we'll change the strategy, but the end product will still be Open Source books.

If you are very anti-open-source, it's probably because you don't yet understand the ways that Open Source works well for business and business people. I have a paper on the economic basis of Open Source that I'm working on, that you will probably find of interest. It should be out in a week or two.

Thanks

Bruce

Re:This book is under an Open Source license

[110010001000]

I am interested in your paper on the economics of OS. I am personally convinced that the economics of Open Source are damaging to the software industry and to the software developer. Perhaps your paper will give me insight into this. I hope it will be available via your website.

Re:This book is under an Open Source license

[Bruce+Perens]

Yes, I will put it up on the web. I think I can show you that Open Source isn't damaging to individual software developers and is of benefit to business and the economy in general. But it is damaging to a Microsoft-style business. Home refrigerators were very damaging to the huge industry that harvested, stored, and transported ice.

Thanks

Bruce

Re:This book is under an Open Source license

[LetterJ]

Is there a timeline for the digital versions of "Rapid Application Development with Mozilla" and "C++ GUI Programming with Qt 3"? I noticed that neither has links for the digital downloads. Just curious if it's because those are new titles and it just hasn't happened yet. Not that it matters much, my copy of RAD with Mozilla should be delivered today and I can enjoy it on paper. I would just love to have a copy on my Zaurus instead of having to lug the paper copy around.

Re:This book is under an Open Source license

[Bruce+Perens]

Usually it's 90 days after they have shipped through to the bookstore shelves. It might be time for the Mozilla book, I'll ask my editor the next time we chat. It's not yet time for the Qt book.

Thanks

Bruce

Windows XP network problems: Underlying sloppiness

[Futurepower(R)]

MOD PARENT UP!

I notice that, too. Also, Windows XP machines newly added to a Windows 98 peer-to-peer network have trouble seeing the Win 98 machines. Posting to official Microsoft newsgroups provides no answers to this quirky behavior. Of course, that may be because Chang, Li, Wu, Zhang and others have been told not to discuss it.

I put some of the fixes for quirkiness together so that I could ask Microsoft if there was anything I am missing: Possible Solutions to Slow Network Browsing or Inability to Connect. Some of the problems mentioned are obviously not the fault of Windows XP directly, but the fact that they often occur seems sometimes to be the fault of underlying sloppiness in Windows OS code.

Acronis TrueImage is a Linux-based Windows XP backup utility that never has any problem seeing all machines on a Windows peer-to-peer network.

I've also never had problems with Linux itself.

M$ hides other half of knowledge

[superpulpsicle]

As good as Samba is... you know M$ is always hiding something about their network neighborhood protocol. It wouldn't surprise me if the code reads "If Samba wait 5 minutes"

Re:M$ hides other half of knowledge

[MacDaffy]

Don't be surprised; you're right! I was doing QA for a CIFS implementation when the engineer ran across a bug that he just couldn't corral. We checked the RFC. We checked the code. We checked installation. Couldn't pin anything down.

He finally put a sniffer on the network and analyzed the traffic between a Windows server, a Windows workstation and a workstation running our implementation. Turns out that the RFC instructs implementers to NEVER place anything other than zero into a certain location (LONGINT). However, that field was almost always non-zero when it was passed between the two Windows machines.

The engineer put the length of the data transfer in bytes into the field and it has worked ever since.

That incident cemented my negative attitude toward Microsoft. They don't try to win by looking good; they try to win by making everyone else look bad--even if that includes themselves. If you're uncertain about something that Microsoft is doing, use that premise as a reference point and you can't go wrong.

This is a great book for implementors

[dslamguy]

I read this book on Chris's web site even before it was published (yes, I have bought a copy) and it was an invaluable guide for me as I wrote a CIFS implementation. The book is fairly easy to read, even though it is highly technical. What it does cover, it covers extremely well.

However, I did need the sniffer method of reverse engineering for much of what the book did not cover. One complaint I had is that I needed more information on the higher level protocols such as LANMAN for handling printer queues and this information was either non-existent or schetchy in the book. Although the book is long, much of it is taken up by a CIFS document which you could download for free on the internet. So I do think that the description part of the book could be more extensive (Sorry Chris). Maybe in the next revision.

You might ask why I was implementing CIFS from scratch? Its a valid question, since Samba would/should be anyone's implementation of choice. I did it because we are developing a printer which is not GPL (and unfortunately not based on Linux). We are not using any GPL code in it, and so this was really the only choice besides buying it from someone (but where's the fun in that). I am planning on releasing this code under a BSD license, but it's not ready for prime time yet and I need to get back to it (in a couple of months).

So this was a really good book for CIFS implementors, but how many of those could there be?

Re:This is a great book for implementors

[110010001000]

Not a troll, but curiosity: why did you buy a copy of the book when it is freely available on the net? I personally did because I prefer to read from a book rather than a computer screen.

How come you have time to shill for your books...

... but don't have time to answer the Slashdot interview questions from last July?

Re:Windows XP network problems: Underlying sloppin

One thing that should be added to that document is that all the Win9x machines should have the ability to be a Master Browser disabled (so long as there's at least 1 NT machine on the net).

Otherwise, eventually one of the 9x machines with think it's won the browse election even when that should be impossible. This screws the network neighborhood. Very longstanding bug going back to WfW. You can check the state of your network using the "browstat" tool that comes with the resource kit.

(Also, yer correct that NetBIOS or IPX will be faster than NBT for whatever reason. Make sure to adjust the "binding order" so that these protocols come ahead of TCP/IP. Can't recall exactly how to do this, sorry.)

This might not be realistic for a home net, but install WINS/DHCP if possible and put the clients into p-mode. (no NetBIOS broadcasts)

Re:How come you have time to shill for your books.

[Bruce+Perens]

Oops. I thought I sent those off to roblimo. Are you sure?

Bruce

Re:Sure it has never been posted

[Bruce+Perens]

Oops. I'll ask roblimo.

Thanks

Bruce

Re:Why CIFS/Samba at all?

[MarcQuadra]

Alright, I can give a good reason. NFS does NOT authenticate, it blindly trusts UIDs.

So when I log into my friend's machine with his password, I'd be able to access my files on my machine as long as our UID is the same. Big trouble.

CIFS, on the other hand, has authentication, so I can put my SAMBA server on the wide-open internet and be somewhat sure that someone would need my password to get my files. Try that with NFS and you'd be owned (or fileless) in minutes.

Granted, there ARE ways to lock NFS down, and there are good arguments that maybe the modern file server SHOULDN'T authenticate, it should rely on another layer to handle that, but until it's easy as pie to get a Kerberos/PAM/NFS system working (no small task today), I'll stick to CIFS.

What about patching?

[emil]

There will be bugs in the M$ nfs server code. Will Windows Update patch them?

The patch against SQL Slammer had been out for six months before Slammer took down South Korea and invaded a nuclear power plant. I don't want to install anything that requires special patching procedures.

Samba is a snappy name but

[LenE]

I was hoping that 3.0 would have been renamed as CIFiliS.

I mean, it would give the right impression about the Windows native file sharing protocol, and would be great for PHB's.

PHB: "Did you get that Samba thingy working on the server?"

IT Guy: "No, the server has CIFiliS"

PHB: "Oh. I'm sorry. You should run one of those virus checker things."

-- Len

No, please don't do that!

[juan+large+moose]

One of the most common causes of network browsing problems is binding NetBIOS to multiple protocols. I have solved many, many such problems by going through all of the Windows workstations and servers and making sure that they are all configured to use the same single transport.

If you use NetBEUI, then use *only* NetBEUI.
If you use NWLINK, then use *only* NWLINK.
etc.

See the heading "Prolific Protocol Bindings" in Section 3.7.1 of the online version of the book.