If you use FreeBSD/Illumos/Linux (or other UNIX/Unix-like system) there is big chance that you do not like – to say the least – the Windows world, but sometimes there is need to share some files with the Windows world. This is where Samba project comes handy. Today I would like to share minimalistic and simple Samba configuration and also a way to access SMB/CIFS shares from a FreeBSD machine.
On the naming side CIFS (Common Internet File System) is just particular version/dialect of the SMB (Server Message Block) protocol.
As usual I will use FreeBSD as a server. For the setup I used FreeBSD 12.0-RELEASE virtual machine image available from the project location:
There are several formats available – qcow2/raw/vhd/vmdk – but as I will be using VirtualBox I used the VMDK one.
The main FreeBSD configuration file on the server can be as small and simple as the one bellow.
# cat /etc/rc.conf hostname="samba" ifconfig_em0="inet 10.0.10.40/24" defaultrouter="10.0.10.1" sshd_enable="YES"
You of course do not need SSH to server SMB/CIFS shares with Samba.
Serve SMB/CIFS Share on FreeBSD with Samba
There are several versions of Samba available on FreeBSD, but if you do not have exact reason to use the older version then just go ahead with the latest one.
# pkg search samba p5-Samba-LDAP-0.05_2 Manage a Samba PDC with an LDAP Backend p5-Samba-SIDhelper-0.0.0_3 Create SIDs based on G/UIDs samba-nsupdate-9.13.3_1 nsupdate utility with GSS-TSIG support samba46-4.6.16_1 Free SMB/CIFS and AD/DC server and client for Unix samba47-4.7.12 Free SMB/CIFS and AD/DC server and client for Unix samba48-4.8.7 Free SMB/CIFS and AD/DC server and client for Unix
First You will need to add Samba package.
# pkg install samba48
Then we need to create configuration file for Samba. I will assume here that you would like to share two things as examples. The /data directory with write permissions only to my vermaden user and also my home directory /home/vermaden with read permissions for me and all people on my vermaden group. The so called public read is disabled entirely. Only after passing user and password the access will be possible to these shares. I also added several performance related options. Below is the /usr/local/etc/smb4.conf configuration file.
# cat /usr/local/etc/smb4.conf [global] workgroup = workgroup netbios name = smb server string = samba security = user max smbd processes = 3 encrypt passwords = yes socket options = TCP_NODELAY IPTOS_LOWDELAY IPTOS_THROUGHPUT SO_KEEPALIVE SO_RCVBUF=65536 SO_SNDBUF=65536 aio read size = 16384 aio write size = 16384 strict locking = no strict sync = no # DISABLE PRINTING load printers = no disable spoolss = yes show add printer wizard = no [data] path = /data public = no writable = yes browsable = no write list = vermaden [vermaden] path = /home/vermaden public = no writable = no browsable = no write list = @vermaden
We will also need vermaden user, let’s create one with pw(8) command.
First the vermaden group with GID of 1000. The -N flag just shows what will be done instead of doing actual changes to the system. Let’s try that and then execute the command without the -N flag to actually add the group.
# pw groupadd -n vermaden -g 1000 -N vermaden:*:1000: # pw groupadd -n vermaden -g 1000 # pw groupshow vermaden vermaden:*:1000:
As we have the group its time to create vermaden user with UID of 1000. Like with group let’s first try with -N flag to check what will be made.
# pw useradd -n vermaden -c '' -u 1000 -g 1000 -m -N vermaden:*:1000:1000::0:0::/home/vermaden:/bin/sh # pw useradd -n vermaden -c '' -u 1000 -g 1000 -m # pw usershow vermaden vermaden:*:1000:1000::0:0::/home/vermaden:/bin/sh
Let’s verify our vermaden user again.
# id vermaden uid=1000(vermaden) gid=1000(vermaden) groups=1000(vermaden)
# su - vermaden By pressing "Scroll Lock" you can use the arrow keys to scroll backward through the console output. Press "Scroll Lock" again to turn it off. Don't have a "Scroll Lock" key? The "Pause / Break" key acts alike.
Now let’s create password for this new vermaden user.
# passwd vermaden Changing local password for vermaden New Password: Retype New Password:
Now we need to add the vermaden user with pdbedit command from the Samba package.
# which pdbedit /usr/local/bin/pdbedit # pkg which `which pdbedit` /usr/local/bin/pdbedit was installed by package samba48-4.8.7 # pdbedit -a -u vermaden new password: retype new password: Unix username: vermaden NT username: Account Flags: [U ] User SID: S-1-5-21-1751207453-560213463-1759912891-1000 Primary Group SID: S-1-5-21-1751207453-560213463-1759912891-513 Full Name: Home Directory: \\smb\vermaden HomeDir Drive: Logon Script: Profile Path: \\smb\vermaden\profile Domain: SMB Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: 9223372036854775807 seconds since the Epoch Kickoff time: 9223372036854775807 seconds since the Epoch Password last set: Fri, 21 Dec 2018 16:49:29 UTC Password can change: Fri, 21 Dec 2018 16:49:29 UTC Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
To list all users with the pdbedit command use the -L argument.
# pdbedit -L vermaden:1000:
We now need to add Samba to the FreeBSD system services automatic startup.
# sysrc samba_server_enable=YES samba_server_enable: -> YES # sysrc samba_server_enable samba_server_enable: YES # cat /etc/rc.conf hostname="samba" ifconfig_em0="inet 10.0.10.40/24" defaultrouter="10.0.10.1" sshd_enable="YES" samba_server_enable="YES"
Now we can start the Samba service.
# service samba_server start Performing sanity check on Samba configuration: OK Starting nmbd. Starting smbd.
Let’s check which Samba daemons listen on which ports.
# sockstat -l -4 USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS root smbd 599 33 tcp4 *:445 *:* root smbd 599 34 tcp4 *:139 *:* root nmbd 595 15 udp4 *:137 *:* root nmbd 595 16 udp4 *:138 *:* (...)
Now let’s try to access the /data share from the Windows system.
Open explorer.exe on Windows machine and type //smb/data into location field and then type smb\vermaden as username.
You should be able to access the share now as shown below.
Let’s put some text into that test.txt file.
Let’s verify that it works on the FreeBSD side.
# cat /data/test.txt Input from Windows.
So we are able to access/modify files from FreeBSD machine on the Windows world.
Access SMB/CIFS Share from FreeBSD
Let’s try the other way around.
By default there are several shares already served on Windows.
C:\>net share Share name Resource Remark ------------------------------------------------------------------------------- C$ C:\ Default share IPC$ Remote IPC ADMIN$ C:\Windows Remote Admin Users C:\Users The command completed successfully. C:\>
You can share a directory from Windows by using graphical interface as shown below.
… or by using CLI interface within cmd.exe interpreter with net commands.
The test share is now exported for vuser user with FULL access rights which means read/write in the Windows world.
Here are the same commands in text so you may copy/paste them as needed.
C:\Windows\system32>cd \ C:\>mkdir asd C:\>net share test=C:\asd /grant:vuser,FULL test was shared successfully. C:\>net share Share name Resource Remark ------------------------------------------------------------------------------- C$ C:\ Default share IPC$ Remote IPC ADMIN$ C:\Windows Remote Admin test C:\asd Users C:\Users The command completed successfully. C:\>
Let’s try to mount it using the mount_smbfs command on FreeBSD system. The 10.0.10.4 address is the IP of the Windows machine.
# mount_smbfs -I 10.0.10.4 //vuser@vbox/test /mnt Password: # # mount /dev/gpt/rootfs on / (ufs, local, soft-updates) devfs on /dev (devfs, local, multilabel) //VUSER@VBOX/TEST on /mnt (smbfs)
It also works the other way.
After your job is done you may remove the test share also with net command as shown below.
… and also the same commands in text so you may copy/paste them as needed.
C:\>net share test /delete test was deleted successfully. C:\>net share Share name Resource Remark ------------------------------------------------------------------------------- C$ C:\ Default share IPC$ Remote IPC ADMIN$ C:\Windows Remote Admin Users C:\Users The command completed successfully. C:\>
This sentence concludes this article 😉
The SMB/CIFS on FreeBSD article was featured in the BSD Now 279 – Future of ZFS episode.
Thanks for mentioning!
It would be helpful in this article to discuss encryption and the various protocol versions.
In general, if all clients are Windows 8 or higher, then use SMB3 and require encryption.
Windows 7 does not implement SMB3, so if it must map shares then understand that SMB2 clear text transfers will take place.
Under no circumstances should the SMB1/CIFS protocol be allowed, unless you have very specific reasons for it.
Thank you for comment.
I wanted to focus on the ‘implementation’ side as probably a lot of such articles that discuss ‘encryption and the various protocol versions’ already exist.
I will try how it will work with Windows 10 shares then to see how it will work with SMB3 protocol.
“with write permissions only to mine vermaden user” -> “with write permissions only to my vermaden user”
Also a nit – it’s “let’s”, not “lets”. This is a contraction of “let us”.
Another nit – instead of saying “to add vermaden user” say “to add the vermaden user”.
Thank You I will fix these 🙂
Thanks for this post! I’ve set up Samba at work with much trial and error using FreeBSD 11.2 to replace an aging Windows Server 2003 box for obvious reasons. My instance was different because I needed to integrate the FreeBSD/Samba server with the Active Directory for our school district to allow for domain user authentication. It was definitely a learning experience, though mine was a little more involved since I don’t have admin access to the AD, so I had to make it work as best as I could without the necessary permissions. I got everything working while school was out during the summer (we techs work all year round) so no one was the wiser when they came back and needed to access their user shares, which was nice. I’m also using it for deploying MSI packages and hosting logon scripts.
Thanks. IMHO You should describe your setup somewhere.
I may do that once I get back to work (currently out on paid winter break). Most of what I did is already covered on a lot of sites out there so I don’t want to reinvent the wheel, but I could likely link to those and just cover what I did for my situation. It was more a learning experience for me, but it was also something I wanted (and needed) to put into production.
At least share some links then 🙂
LikeLiked by 1 person
Unfortunately mount_smbfs does only support the deprecated SMBv1 protocol. So there is currently no native way to mount a SMB2/SMB3 share on FreeBSD. The only way it can be accessed is through Samba’s smbclient or GVFS (e.g. GVFS-enabled file managers like Thunar or gvfs-mount, but the performance is very poor).
LikeLiked by 2 people
Yes, that is pity unfortunately.
@Harry: Thanks. This article misleads unsuspecting folks to think you can mount a Windows share on FreeBSD. 1st part of article otherwise helpful.
It is possible with the version of Windows used in the article – Windows 7.
Pingback: Future of ZFS | BSD Now 279 | Jupiter Broadcasting
Pingback: In Other BSDs for 2019/01/05 – DragonFly BSD Digest
Couldn’t get anything to work, following this guide and everyone else (including desperately enabling smb1) however, turning on some smb logs for hints, it it started to work when I added “172.16.248.142 smb” to /etc/hosts, as freebsd was failing to resolve its own hostname. (That is my IP for the freebsd box, from Fusion’s DHCPd)
May I suggest adding directions to this post about how to set up a smb/cifs share in /etc/fstab, which gets mounted on every boot? I am planning to use this for my Plex server, where the mounted resource is a smb/cifs share on my NAS that contains media files. I remember struggling when I tried to tackle that problem.
This is where FreeBSD’s mount(8) gets handy with its -p flag 🙂
Take a look at below example for NFS (it will be the same for CIFS).
Listing mounts for NFS filesystems.
Listing mounts for NFS filesystems with -p option shows output that you can directly paste into the /etc/fstab file.
Hope that helps 🙂
LikeLiked by 1 person
Thank you for this amazing tip. Unix is like Haiku, the simpler it is, the better it gets, lol!