smbclient Security for Windows Printing and File Transfer

Microsoft Windows is usually a presence in most computing environments, and UNIX administrators likely will be forced to use resources in Windows networks from time to time. Although many are familiar with the Samba server software, the matching smbclient utility often escapes notice.

The "map network drive" function of Windows relies upon the Server Message Block network protocol that has evolved chiefly within the descendents of NT. The smbclient utility presents an interface reminiscent of FTP that allows file transfer to and from disk directories and printers on an NT server over SMB where sharing is enabled.

In this article, I present connection examples for Windows services, then develop a general script for pushing content to Windows shares. I discuss when the SMB protocols should be used and, more important, when they should not.

Connection Examples

Samba for UNIX is well known for server software that interoperates with clients on Windows networks. However, it also includes the smbclient program that can manipulate any SMB server. The smbclient program will be immediately familiar to those experienced with command-line FTP.

The smbclient program can query SMB servers for a list of visible shares using the -L option:

$ smbclient -L -U nt_username -W nt_domain

Enter nt_username's password:

OS=[Windows Server 2008 R2 Standard 7601 Service Pack 1]
Server=[Windows Server 2008 R2 Standard 6.1]

     Sharename       Type      Comment
     ---------       ----      -------
     C$              Disk      Default share
     file_stash      Disk
     Fancy_laser     Printer   Really Expensive
     Cheap_laser     Printer   What a deal!

After cataloging the file and printer shares on a server, you can connect to a specific share and manipulate it. Below are examples of several types of transfers:

$ smbclient // -U nt_username -W nt_domain

Enter nt_username's password:

OS=[Windows Server 2008 R2 Standard 7601 Service Pack 1]
Server=[Windows Server 2008 R2 Standard 6.1]

smb: \> mkdir "smbclient test"
smb: \> cd "smbclient test
smb: \smbclient test\> prompt
smb: \smbclient test\> mput samba*
putting file samba.schema.oc.IBM-DS as
  \smbclient test\samba.schema.oc.IBM-DS
  (955.7 kb/s) (average 955.7 kb/s)
putting file as
  \smbclient test\
  (3590.1 kb/s) (average 2272.9 kb/s)
putting file samba.schema as
  \smbclient test\samba.schema
  (7454.2 kb/s) (average 4000.1 kb/s)
putting file samba.ldif as
  \smbclient test\samba.ldif
  (1615.9 kb/s) (average 2808.0 kb/s)
putting file samba-schema.IBMSecureWay as
  \smbclient test\samba-schema.IBMSecureWay
  (1023.7 kb/s) (average 2553.1 kb/s)
putting file samba-schema-netscapeds5.x.README as
  \smbclient test\samba-schema-netscapeds5.x.README
  (61.0 kb/s) (average 2336.4 kb/s)
putting file samba-schema-FDS.ldif as
  \smbclient test\samba-schema-FDS.ldif
  (5572.1 kb/s) (average 2709.8 kb/s)
putting file samba-nds.schema as
  \smbclient test\samba-nds.schema
  (247.3 kb/s) (average 862.9 kb/s)

smb: \smbclient test\> dir
  .                                   D        0  Fri Mar  3 13:31:24 2017
  ..                                  D        0  Fri Mar  3 13:31:24 2017
  samba-nds.schema                    A    19754  Fri Mar  3 13:31:24 2017
  samba-schema-FDS.ldif               A    17118  Fri Mar  3 13:31:24 2017
  samba-schema-netscapeds5.x.README      A      125  Fri Mar  3 13:31:24 2017
  samba-schema.IBMSecureWay           A     3145  Fri Mar  3 13:31:24 2017
  samba.ldif                          A    14892  Fri Mar  3 13:31:24 2017
  samba.schema                        A    22900  Fri Mar  3 13:31:24 2017              A    11029  Fri Mar  3 13:31:24 2017
  samba.schema.oc.IBM-DS              A     2936  Fri Mar  3 13:31:24 2017

              708626943 blocks of size 4096. 95072482 blocks available

smb: \smbclient test\> lcd /tmp
smb: \smbclient test\> get samba.schema.oc.IBM-DS
getting file \smbclient test\samba.schema.oc.IBM-DS of size 2936 as
  (409.6 KiloBytes/sec) (average 409.6 KiloBytes/sec)

smb: \> help
?              allinfo        altname        archive        backup
blocksize      cancel         case_sensitive cd             chmod
chown          close          del            dir            du
echo           exit           get            getfacl        geteas
hardlink       help           history        iosize         lcd
link           lock           lowercase      ls             l
mask           md             mget           mkdir          more
mput           newer          notify         open           posix
posix_encrypt  posix_open     posix_mkdir    posix_rmdir    posix_unlink
print          prompt         put            pwd            q
queue          quit           readlink       rd             recurse
reget          rename         reput          rm             rmdir
showacls       setea          setmode        scopy          stat
symlink        tar            tarmode        timeout        translate
unlock         volume         vuid           wdel           logon
listconnect    showconnect    tcon           tdis           tid
logoff         ..             !
smb: \> quit


Charles Fisher has an electrical engineering degree from the University of Iowa and works as a systems and database administrator for a Fortune 500 mining and manufacturing corporation.