If you use FreeBSD/Illumos/Linux (or other UNIX/Unix-like system) there is big chance that you do not like – to say the least – the Windows world, but sometimes there is need to share some files with the Windows world. This is where Samba project comes handy. Today I would like to share minimalistic and simple Samba configuration and also a way to access SMB/CIFS shares from a FreeBSD machine.


On the naming side CIFS (Common Internet File System) is just particular version/dialect of the SMB (Server Message Block) protocol.

As usual I will use FreeBSD as a server. For the setup I used FreeBSD 12.0-RELEASE virtual machine image available from the project location:

There are several formats available – qcow2/raw/vhd/vmdk – but as I will be using VirtualBox I used the VMDK one.

The main FreeBSD configuration file on the server can be as small and simple as the one bellow.

# cat /etc/rc.conf

You of course do not need SSH to server SMB/CIFS shares with Samba.

Serve SMB/CIFS Share on FreeBSD with Samba

There are several versions of Samba available on FreeBSD, but if you do not have exact reason to use the older version then just go ahead with the latest one.

# pkg search samba
p5-Samba-LDAP-0.05_2           Manage a Samba PDC with an LDAP Backend
p5-Samba-SIDhelper-0.0.0_3     Create SIDs based on G/UIDs
samba-nsupdate-9.13.3_1        nsupdate utility with GSS-TSIG support
samba46-4.6.16_1               Free SMB/CIFS and AD/DC server and client for Unix
samba47-4.7.12                 Free SMB/CIFS and AD/DC server and client for Unix
samba48-4.8.7                  Free SMB/CIFS and AD/DC server and client for Unix

First You will need to add Samba package.

# pkg install samba48

Then we need to create configuration file for Samba. I will assume here that you would like to share two things as examples. The /data directory with write permissions only to my vermaden user and also my home directory /home/vermaden with read permissions for me and all people on my vermaden group. The so called public read is disabled entirely. Only after passing user and password the access will be possible to these shares. I also added several performance related options. Below is the /usr/local/etc/smb4.conf configuration file.

# cat /usr/local/etc/smb4.conf
workgroup          = workgroup
netbios name       = smb
server string      = samba
security           = user
max smbd processes = 3
encrypt passwords  = yes
aio read size      = 16384
aio write size     = 16384
strict locking     = no
strict sync        = no

load printers           = no
disable spoolss         = yes
show add printer wizard = no

  path       = /data
  public     = no
  writable   = yes
  browsable  = no
  write list = vermaden

  path       = /home/vermaden
  public     = no
  writable   = no
  browsable  = no
  write list = @vermaden

We will also need vermaden user, let’s create one with pw(8) command.

First the vermaden group with GID of 1000. The -N flag just shows what will be done instead of doing actual changes to the system. Let’s try that and then execute the command without the -N flag to actually add the group.

# pw groupadd -n vermaden -g 1000 -N
# pw groupadd -n vermaden -g 1000
# pw groupshow vermaden

As we have the group its time to create vermaden user with UID of 1000. Like with group let’s first try with -N flag to check what will be made.

# pw useradd -n vermaden -c '' -u 1000 -g 1000 -m -N
# pw useradd -n vermaden -c '' -u 1000 -g 1000 -m
# pw usershow vermaden

Let’s verify our vermaden user again.

# id vermaden
uid=1000(vermaden) gid=1000(vermaden) groups=1000(vermaden)
# su - vermaden
By pressing "Scroll Lock" you can use the arrow keys to scroll backward
through the console output.  Press "Scroll Lock" again to turn it off.
Don't have a "Scroll Lock" key? The "Pause / Break" key acts alike.

Now let’s create password for this new vermaden user.

# passwd vermaden
Changing local password for vermaden
New Password:
Retype New Password:

Now we need to add the vermaden user with pdbedit command from the Samba package.

# which pdbedit

# pkg which `which pdbedit`
/usr/local/bin/pdbedit was installed by package samba48-4.8.7

# pdbedit -a -u vermaden
new password:
retype new password:
Unix username:        vermaden
NT username:
Account Flags:        [U          ]
User SID:             S-1-5-21-1751207453-560213463-1759912891-1000
Primary Group SID:    S-1-5-21-1751207453-560213463-1759912891-513
Full Name:
Home Directory:       \\smb\vermaden
HomeDir Drive:
Logon Script:
Profile Path:         \\smb\vermaden\profile
Domain:               SMB
Account desc:
Munged dial:
Logon time:           0
Logoff time:          9223372036854775807 seconds since the Epoch
Kickoff time:         9223372036854775807 seconds since the Epoch
Password last set:    Fri, 21 Dec 2018 16:49:29 UTC
Password can change:  Fri, 21 Dec 2018 16:49:29 UTC
Password must change: never
Last bad password   : 0
Bad password count  : 0

To list all users with the pdbedit command use the -L argument.

# pdbedit -L

We now need to add Samba to the FreeBSD system services automatic startup.

# sysrc samba_server_enable=YES
samba_server_enable:  -> YES

# sysrc samba_server_enable
samba_server_enable: YES

# cat /etc/rc.conf

Now we can start the Samba service.

# service samba_server start
Performing sanity check on Samba configuration: OK
Starting nmbd.
Starting smbd.

Let’s check which Samba daemons listen on which ports.

# sockstat -l -4
root     smbd       599   33 tcp4   *:445                 *:*
root     smbd       599   34 tcp4   *:139                 *:*
root     nmbd       595   15 udp4   *:137                 *:*
root     nmbd       595   16 udp4   *:138                 *:*

Now let’s try to access the /data share from the Windows system.

Open explorer.exe on Windows machine and type //smb/data into location field and then type smb\vermaden as username.


You should be able to access the share now as shown below.


Let’s put some text into that test.txt file.


Let’s verify that it works on the FreeBSD side.

# cat /data/test.txt
Input from Windows.

So we are able to access/modify files from FreeBSD machine on the Windows world.

Access SMB/CIFS Share from FreeBSD

Let’s try the other way around.

By default there are several shares already served on Windows.

C:\>net share

Share name   Resource                        Remark

C$           C:\                             Default share
IPC$                                         Remote IPC
ADMIN$       C:\Windows                      Remote Admin
Users        C:\Users
The command completed successfully.


You can share a directory from Windows by using graphical interface as shown below.


… or by using CLI interface within cmd.exe interpreter with net commands.




The test share is now exported for vuser user with FULL access rights which means read/write in the Windows world.

Here are the same commands in text so you may copy/paste them as needed.

C:\Windows\system32>cd \

C:\>mkdir asd

C:\>net share test=C:\asd /grant:vuser,FULL
test was shared successfully.

C:\>net share

Share name   Resource                        Remark

C$           C:\                             Default share
IPC$                                         Remote IPC
ADMIN$       C:\Windows                      Remote Admin
test         C:\asd
Users        C:\Users
The command completed successfully.


Let’s try to mount it using the mount_smbfs command on FreeBSD system. The address is the IP of the Windows machine.

# mount_smbfs -I //vuser@vbox/test /mnt

# mount
/dev/gpt/rootfs on / (ufs, local, soft-updates)
devfs on /dev (devfs, local, multilabel)
//VUSER@VBOX/TEST on /mnt (smbfs)

It also works the other way.

After your job is done you may remove the test share also with net command as shown below.


… and also the same commands in text so you may copy/paste them as needed.

C:\>net share test /delete
test was deleted successfully.

C:\>net share

Share name   Resource                        Remark

C$           C:\                             Default share
IPC$                                         Remote IPC
ADMIN$       C:\Windows                      Remote Admin
Users        C:\Users
The command completed successfully.


This sentence concludes this article πŸ˜‰


The SMB/CIFS on FreeBSD article was featured in the BSD Now 279 – Future of ZFS episode.

Thanks for mentioning!




12 thoughts on “SMB/CIFS on FreeBSD

  1. Charlie

    It would be helpful in this article to discuss encryption and the various protocol versions.

    In general, if all clients are Windows 8 or higher, then use SMB3 and require encryption.

    Windows 7 does not implement SMB3, so if it must map shares then understand that SMB2 clear text transfers will take place.

    Under no circumstances should the SMB1/CIFS protocol be allowed, unless you have very specific reasons for it.


    1. vermaden Post author

      Thank you for comment.

      I wanted to focus on the β€˜implementation’ side as probably a lot of such articles that discuss β€˜encryption and the various protocol versions’ already exist.

      I will try how it will work with Windows 10 shares then to see how it will work with SMB3 protocol.



  2. jlforrest

    Minor typo:
    “with write permissions only to mine vermaden user” -> “with write permissions only to my vermaden user”

    Also a nit – it’s “let’s”, not “lets”. This is a contraction of “let us”.

    Another nit – instead of saying “to add vermaden user” say “to add the vermaden user”.


  3. ClaudioM

    Thanks for this post! I’ve set up Samba at work with much trial and error using FreeBSD 11.2 to replace an aging Windows Server 2003 box for obvious reasons. My instance was different because I needed to integrate the FreeBSD/Samba server with the Active Directory for our school district to allow for domain user authentication. It was definitely a learning experience, though mine was a little more involved since I don’t have admin access to the AD, so I had to make it work as best as I could without the necessary permissions. I got everything working while school was out during the summer (we techs work all year round) so no one was the wiser when they came back and needed to access their user shares, which was nice. I’m also using it for deploying MSI packages and hosting logon scripts.


      1. ClaudioM

        I may do that once I get back to work (currently out on paid winter break). Most of what I did is already covered on a lot of sites out there so I don’t want to reinvent the wheel, but I could likely link to those and just cover what I did for my situation. It was more a learning experience for me, but it was also something I wanted (and needed) to put into production.


  4. Harry

    Unfortunately mount_smbfs does only support the deprecated SMBv1 protocol. So there is currently no native way to mount a SMB2/SMB3 share on FreeBSD. The only way it can be accessed is through Samba’s smbclient or GVFS (e.g. GVFS-enabled file managers like Thunar or gvfs-mount, but the performance is very poor).

    Liked by 2 people

  5. Pingback: Future of ZFS | BSD Now 279 | Jupiter Broadcasting

  6. Pingback: In Other BSDs for 2019/01/05 – DragonFly BSD Digest

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s