If you use FreeBSD/Illumos/Linux (or other UNIX/Unix-like system) there is big chance that you do not like – to say the least – the Windows world, but sometimes there is need to share some files with the Windows world. This is where Samba project comes handy. Today I would like to share minimalistic and simple Samba configuration and also a way to access SMB/CIFS shares from a FreeBSD machine.
On the naming side CIFS (Common Internet File System) is just particular version/dialect of the SMB (Server Message Block) protocol.
As usual I will use FreeBSD as a server. For the setup I used FreeBSD 12.0-RELEASE virtual machine image available from the project location:
There are several formats available – qcow2/raw/vhd/vmdk – but as I will be using VirtualBox I used the VMDK one.
The main FreeBSD configuration file on the server can be as small and simple as the one bellow.
# cat /etc/rc.conf hostname="samba" ifconfig_em0="inet 10.0.10.40/24" defaultrouter="10.0.10.1" sshd_enable="YES"
You of course do not need SSH to server SMB/CIFS shares with Samba.
Serve SMB/CIFS Share on FreeBSD with Samba
There are several versions of Samba available on FreeBSD, but if you do not have exact reason to use the older version then just go ahead with the latest one.
# pkg search samba p5-Samba-LDAP-0.05_2 Manage a Samba PDC with an LDAP Backend p5-Samba-SIDhelper-0.0.0_3 Create SIDs based on G/UIDs samba-nsupdate-9.13.3_1 nsupdate utility with GSS-TSIG support samba46-4.6.16_1 Free SMB/CIFS and AD/DC server and client for Unix samba47-4.7.12 Free SMB/CIFS and AD/DC server and client for Unix samba48-4.8.7 Free SMB/CIFS and AD/DC server and client for Unix
First You will need to add Samba package.
# pkg install samba48
Then we need to create configuration file for Samba. I will assume here that you would like to share two things as examples. The /data directory with write permissions only to my vermaden user and also my home directory /home/vermaden with read permissions for me and all people on my vermaden group. The so called public read is disabled entirely. Only after passing user and password the access will be possible to these shares. I also added several performance related options. Below is the /usr/local/etc/smb4.conf configuration file.
# cat /usr/local/etc/smb4.conf [global] workgroup = workgroup netbios name = smb server string = samba security = user max smbd processes = 3 encrypt passwords = yes socket options = TCP_NODELAY IPTOS_LOWDELAY IPTOS_THROUGHPUT SO_KEEPALIVE SO_RCVBUF=65536 SO_SNDBUF=65536 aio read size = 16384 aio write size = 16384 strict locking = no strict sync = no # DISABLE PRINTING load printers = no disable spoolss = yes show add printer wizard = no [data] path = /data public = no writable = yes browsable = no write list = vermaden [vermaden] path = /home/vermaden public = no writable = no browsable = no write list = @vermaden
We will also need vermaden user, let’s create one with pw(8) command.
First the vermaden group with GID of 1000. The -N flag just shows what will be done instead of doing actual changes to the system. Let’s try that and then execute the command without the -N flag to actually add the group.
# pw groupadd -n vermaden -g 1000 -N vermaden:*:1000: # pw groupadd -n vermaden -g 1000 # pw groupshow vermaden vermaden:*:1000:
As we have the group its time to create vermaden user with UID of 1000. Like with group let’s first try with -N flag to check what will be made.
# pw useradd -n vermaden -c '' -u 1000 -g 1000 -m -N vermaden:*:1000:1000::0:0::/home/vermaden:/bin/sh # pw useradd -n vermaden -c '' -u 1000 -g 1000 -m # pw usershow vermaden vermaden:*:1000:1000::0:0::/home/vermaden:/bin/sh
Let’s verify our vermaden user again.
# id vermaden uid=1000(vermaden) gid=1000(vermaden) groups=1000(vermaden)
# su - vermaden By pressing "Scroll Lock" you can use the arrow keys to scroll backward through the console output. Press "Scroll Lock" again to turn it off. Don't have a "Scroll Lock" key? The "Pause / Break" key acts alike.
Now let’s create password for this new vermaden user.
# passwd vermaden Changing local password for vermaden New Password: Retype New Password:
Now we need to add the vermaden user with pdbedit command from the Samba package.
# which pdbedit /usr/local/bin/pdbedit # pkg which `which pdbedit` /usr/local/bin/pdbedit was installed by package samba48-4.8.7 # pdbedit -a -u vermaden new password: retype new password: Unix username: vermaden NT username: Account Flags: [U ] User SID: S-1-5-21-1751207453-560213463-1759912891-1000 Primary Group SID: S-1-5-21-1751207453-560213463-1759912891-513 Full Name: Home Directory: \\smb\vermaden HomeDir Drive: Logon Script: Profile Path: \\smb\vermaden\profile Domain: SMB Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: 9223372036854775807 seconds since the Epoch Kickoff time: 9223372036854775807 seconds since the Epoch Password last set: Fri, 21 Dec 2018 16:49:29 UTC Password can change: Fri, 21 Dec 2018 16:49:29 UTC Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
To list all users with the pdbedit command use the -L argument.
# pdbedit -L vermaden:1000:
We now need to add Samba to the FreeBSD system services automatic startup.
# sysrc samba_server_enable=YES samba_server_enable: -> YES # sysrc samba_server_enable samba_server_enable: YES # cat /etc/rc.conf hostname="samba" ifconfig_em0="inet 10.0.10.40/24" defaultrouter="10.0.10.1" sshd_enable="YES" samba_server_enable="YES"
Now we can start the Samba service.
# service samba_server start Performing sanity check on Samba configuration: OK Starting nmbd. Starting smbd.
Let’s check which Samba daemons listen on which ports.
# sockstat -l -4 USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS root smbd 599 33 tcp4 *:445 *:* root smbd 599 34 tcp4 *:139 *:* root nmbd 595 15 udp4 *:137 *:* root nmbd 595 16 udp4 *:138 *:* (...)
Now let’s try to access the /data share from the Windows system.
Open explorer.exe on Windows machine and type //smb/data into location field and then type smb\vermaden as username.
You should be able to access the share now as shown below.
Let’s put some text into that test.txt file.
Let’s verify that it works on the FreeBSD side.
# cat /data/test.txt Input from Windows.
So we are able to access/modify files from FreeBSD machine on the Windows world.
Access SMB/CIFS Share from FreeBSD
Let’s try the other way around.
By default there are several shares already served on Windows.
C:\>net share Share name Resource Remark ------------------------------------------------------------------------------- C$ C:\ Default share IPC$ Remote IPC ADMIN$ C:\Windows Remote Admin Users C:\Users The command completed successfully. C:\>
You can share a directory from Windows by using graphical interface as shown below.
… or by using CLI interface within cmd.exe interpreter with net commands.
The test share is now exported for vuser user with FULL access rights which means read/write in the Windows world.
Here are the same commands in text so you may copy/paste them as needed.
C:\Windows\system32>cd \ C:\>mkdir asd C:\>net share test=C:\asd /grant:vuser,FULL test was shared successfully. C:\>net share Share name Resource Remark ------------------------------------------------------------------------------- C$ C:\ Default share IPC$ Remote IPC ADMIN$ C:\Windows Remote Admin test C:\asd Users C:\Users The command completed successfully. C:\>
Let’s try to mount it using the mount_smbfs command on FreeBSD system. The 10.0.10.4 address is the IP of the Windows machine.
# mount_smbfs -I 10.0.10.4 //vuser@vbox/test /mnt Password: # # mount /dev/gpt/rootfs on / (ufs, local, soft-updates) devfs on /dev (devfs, local, multilabel) //VUSER@VBOX/TEST on /mnt (smbfs)
It also works the other way.
After your job is done you may remove the test share also with net command as shown below.
… and also the same commands in text so you may copy/paste them as needed.
C:\>net share test /delete test was deleted successfully. C:\>net share Share name Resource Remark ------------------------------------------------------------------------------- C$ C:\ Default share IPC$ Remote IPC ADMIN$ C:\Windows Remote Admin Users C:\Users The command completed successfully. C:\>
This sentence concludes this article 😉
Thanks for mentioning!