Setting-Up-samba

This comprehensive guide covers the installation, configuration, and troubleshooting of a secure Samba file share on Kali Linux, with detailed solutions for common access issues.

---

PART 1: SAMBA CONFIGURATION

1. Installation and Basic Setup

1.1 Install Samba

Update your package list and install the required Samba packages:

sudo apt update
sudo apt install samba

1.2 Create the Share Directory

Create the directory that will be shared:

sudo mkdir -p /mnt/notes

---

2. Samba Configuration File

Edit the Samba configuration file:

sudo nano /etc/samba/smb.conf

Scroll to the end of the file and add your share configuration:

[notes]
  comment = Printer Drivers
  path = /mnt/notes
  browseable = yes
  read only = yes
  guest ok = no
  valid users = kabi

**Configuration Parameters Explained:**

• **guest ok = no**: Requires authentication (username/password). Set to 'yes' for null session access.

• **read only = yes**: Allows viewing and downloading files only, no modifications or deletions.

• **valid users = kabi**: Restricts access to specified user(s) only.

Save and exit the file (Ctrl+X, then Y, then Enter).

---

3. Resolving NT_STATUS_ACCESS_DENIED

The **NT_STATUS_ACCESS_DENIED** error typically indicates issues with Samba authentication or system file permissions.

3.1 Add User to Samba Database (Critical Step)

Samba maintains its own password database, separate from the Linux system password. Add the Linux user to Samba's password database:

sudo smbpasswd -a kabi

You will be prompted to enter and confirm a password. This password is used for Samba authentication and can differ from the Linux system password.

3.2 Set Linux File System Permissions

Ensure the Samba user has appropriate permissions on the shared directory:

# Set ownership
sudo chown -R kabi:kabi /mnt/notes

# Set permissions (Owner: rwx, Group/Others: rx)
sudo chmod -R 755 /mnt/notes

**Permission Breakdown:**

• **7 (rwx)**: Owner (kabi) can Read, Write, and Execute

• **5 (r-x)**: Group and Others can Read and Execute

3.3 Restart Samba Services

Apply all configuration changes by restarting the services:

sudo systemctl restart smbd nmbd

**Verify services are running:**

sudo systemctl status smbd nmbd

---

4. Testing the Connection

Use smbclient to verify the connection from your client machine:

smbclient //192.168.1.10/notes -U kabi

When prompted, enter the Samba password you set in Step 3.1.

**Successful connection will show:**

Enter WORKGROUP\kabi's password:
Try "help" to get a list of possible commands.
smb: \>

---

PART 2: RPCCLIENT ENUMERATION GUIDE

Overview

rpcclient is a powerful command-line tool from the Samba suite used for executing Remote Procedure Call (RPC) functions. It enables system administrators and security professionals to manage and gather information from remote SMB/CIFS servers.

**Key Information:**

Feature	Details
Purpose	Interact with and test MS-RPC functionality on remote servers
Primary Use	Remote user/group management, security policy querying, system enumeration
Security Context	Extensively used in Active Directory and Samba enumeration during penetration tests
Dependency	Requires target server to have RPC services (SAMR, LSARPC) accessible

---

Basic Connection Syntax

1. Authenticated Connection

The most common and effective connection method:

# Syntax:
rpcclient -U <username> <target_IP_or_hostname>

# Example:
rpcclient -U kabi 192.168.1.10

2. Null Session / Anonymous Connection

Used to check if the server permits anonymous RPC access:

# Syntax:
rpcclient -U "" -N <target_IP_or_hostname>

# Example:
rpcclient -U "" -N 192.168.1.10

**Note:** Null sessions are typically blocked on modern, secured systems.

---

Essential Enumeration Commands

Once connected (when you see the rpcclient> prompt), use these commands:

User Enumeration

Command	Description	Example Output
enumdomusers	Lists all user accounts with their RIDs	user:[Administrator] rid:[0x1f4] user:[Guest] rid:[0x1f5] user:[kabi] rid:[0x3e8]
queryuser [RID]	Retrieves detailed information about a specific user	Shows full name, home directory, last logon time, password set time, account flags
queryusergroups [RID]	Lists all groups a specific user belongs to	Group: [Users] Mem ID: 0x201
lookupnames [username]	Resolves a username to its Security Identifier (SID)	kabi S-1-5-21-XXX-XXX-500 (User)

**Example Usage:**

rpcclient> enumdomusers
rpcclient> queryuser 0x3e8
rpcclient> queryusergroups 0x3e8
rpcclient> lookupnames kabi

Group and Domain Information

Command	Description	Example Output
enumdomgroups	Lists all security groups in the domain/server	group:[Domain Admins] rid:[0x200]
querydominfo	Displays general domain information including Domain SID	Shows Domain Name, Domain SID, creation time
querygroupmem [RID]	Lists all members of a specific group	Shows RIDs of all group members
getdompwinfo	Retrieves Domain Password Policy	Minimum password length, complexity requirements, expiration policy

**Example Usage:**

rpcclient> enumdomgroups
rpcclient> querydominfo
rpcclient> querygroupmem 0x200
rpcclient> getdompwinfo

Server Information

Command	Description	Example Output
srvinfo	Provides general server information	NetBIOS name, OS version, server type
lsaquery	Queries Local Security Authority (LSA) information	Domain SID, LSA database information

Utility Commands

Command	Description
help or ?	Displays list of all available commands
quit or exit	Closes the rpcclient session
debuglevel [level]	Sets debugging level (0-10) for troubleshooting

---

Command Line Execution (Non-Interactive Mode)

Execute commands directly without entering the interactive prompt using the -c flag:

# Enumerate users and quit
rpcclient -U kabi 192.168.1.10 -c "enumdomusers; quit"

# Check password policy
rpcclient -U kabi 192.168.1.10 -c "getdompwinfo"

# Get server information
rpcclient -U kabi 192.168.1.10 -c "srvinfo"

# Chain multiple commands
rpcclient -U kabi 192.168.1.10 -c "enumdomusers; enumdomgroups; querydominfo"

---

Advanced Technique: RID Cycling

**RID Cycling** is a penetration testing technique used to discover valid usernames by sequentially querying RIDs, even when enumdomusers is restricted.

**Concept:**

• RIDs typically start at 500 (Administrator) and increment for each new user

• Loop through RID values and query each one using queryuser

• Valid users will return information, invalid RIDs will return an error

**Manual RID Cycling Example:**

rpcclient> queryuser 500
rpcclient> queryuser 501
rpcclient> queryuser 502
# Continue up to a reasonable limit (e.g., 2000)

**Automated RID Cycling Script:**

#!/bin/bash
for rid in {500..2000}; do
    echo "Testing RID: $rid"
    rpcclient -U kabi 192.168.1.10 -c "queryuser $rid" 2>/dev/null
done

**Security Implication:** This technique is valuable during security assessments when standard enumeration methods are blocked or filtered.

---

Troubleshooting Common Issues

**Issue 1: Connection Refused**

• Verify Samba services are running: sudo systemctl status smbd nmbd

• Check firewall rules allow SMB traffic (ports 139, 445)

**Issue 2: NT_STATUS_LOGON_FAILURE**

• Verify the Samba password was set correctly: sudo smbpasswd -a kabi

• Ensure the user exists in Linux: id kabi

**Issue 3: Empty enumdomusers Output**

• Server may restrict enumeration - try RID cycling instead

• Verify you have sufficient privileges

**Issue 4: Access Denied Errors**

• Check file system permissions: ls -la /mnt/notes

• Verify user in valid users list in smb.conf

• Restart Samba services after configuration changes

---

Security Best Practices

1. **Use Strong Passwords**: Set complex Samba passwords different from system passwords

2. **Restrict Access**: Use valid users parameter to limit access to specific accounts

3. **Disable Guest Access**: Keep guest ok = no unless specifically required

4. **Regular Updates**: Keep Samba packages updated to patch security vulnerabilities

5. **Monitor Logs**: Review /var/log/samba/ for suspicious activity

6. **Firewall Configuration**: Restrict SMB ports (139, 445) to trusted networks only

---

Quick Reference Summary

**Samba Setup Commands:**

sudo apt install samba
sudo mkdir -p /mnt/notes
sudo nano /etc/samba/smb.conf
sudo smbpasswd -a kabi
sudo chown -R kabi:kabi /mnt/notes
sudo chmod -R 755 /mnt/notes
sudo systemctl restart smbd nmbd

**RPCClient Essential Commands:**

# Connect
rpcclient -U kabi 192.168.1.10

# Enumerate
enumdomusers
enumdomgroups
querydominfo
getdompwinfo
srvinfo

# Query specific user
queryuser [RID]
queryusergroups [RID]

**Testing Connection:**

smbclient //192.168.1.10/notes -U kabi

---

Additional Resources

• Official Samba Documentation: https://www.samba.org/samba/docs/

• Samba Security Updates: https://www.samba.org/samba/security/

• RPC Protocol Reference: Microsoft MS-RPC documentation

---

**Document Version:** 1.0 **Last Updated:** November 2025 `Tested On: Kali Linux 2024.x