{{keywords>freebsd,unix,samba,windows,file,share}} ====== Installing and Configuring Samba (Windows Shares) ====== ===== Environment ===== * FreeBSD 13.x * Samba 4.x ===== Required Ports ===== * ''ftp/curl'' * ''net/py-wsdd'' * ''net/samba413'' ===== Overview ===== If you have Windows clients on your network then you may want Windows users to be able to access the files in their home directory on your FreeBSD machine. You might also want to configure a shared area where users can share files with each other, and perhaps a public area that is only writeable for trusted users in the **wheel** group. This guide shows you how to do this. ===== Installation ===== Install ''ftp/curl'', ''net/py-wsdd'' and ''net/samba413'' either from [[https://docs.freebsd.org/en/books/handbook/ports/#pkgng-intro|packages]] or build them from the [[https://docs.freebsd.org/en/books/handbook/ports/#ports-using|ports]] collection. ===== Configuration ===== ==== Getting a Default smb4.conf ==== At the time of writing, the ''net/samba413'' port does not include the default **smb4.conf** file necessary to get Samba up and running, so we will use **curl** to get a copy from the Samba git repository. # curl -o /usr/local/etc/smb4.conf "https://git.samba.org/samba.git/?p=samba.git;a=blob_plain;f=examples/smb.conf.default" Next we create a directory where Samba can store its log files. # mkdir /var/log/samba ==== Configure [global] in /usr/local/etc/smb4.conf ==== In the following sub-sections we go through each option I use to get Samba working, with an explanation for each. These parameters are all under the **[global]** section of **/usr/local/etc/smb4.conf** which is the first part before the SMB shares are configured. === Setting the Workgroup === For some reason, the default Windows workgroup is set to MYGROUP when the default name for Windows clients is WORKGROUP. Unless you have a specific workgroup set up, change the following: workgroup = WORKGROUP === Setting the Server Description === This is completely optional, but I like the server details to tell me which operating system and version it is running. server string = FreeBSD %v (%h) === Set the Server Type === We don't want to join our machine to a Windows domain, nor do we want Samba to be a domain controller (or an Active Directory controller!) server role = standalone server === Which Hosts Should we Allow? === For extra security, we tell Samba which hosts it should accept connections from. For example, if our local IP range is **192.168.0.*** then we change the **hosts allow** parameter to the following: hosts allow 192.168.0. 127. The **127.** is for localhost. You can add other ranges, or even specific IPs, to the end of the list, each separated by a space. === Log File Preferences === I like to have a separate log file for each of the computers that connect to my FreeBSD box so I adjust the **log file** path to reflect this. The **log level** parameter does not exist in the example config file and will need to be added. The default **log level** is **1** and this can be increased later if you need to troubleshoot. log file = /var/log/samba/%m.log log level = 1 === Only Listen on Specific Interfaces === This may not be necessary, however I have experienced conflicts between different devices if I leave **interfaces** unset and allow Samba to listen on all interfaces (I have a **tun** device configured for OpenVPN). == Find Ethernet Device Name == First we need to get the ethernet device name our FreeBSD machine is using, if we do not already know it, by running **ifconfig**. # ifconfig | more Look for the ethernet interface in the list. Below is an example of what we are looking for on a Raspberry Pi 4, where we can see that **genet0** is the ethernet device. genet0: flags=8843 metric 0 mtu 1500 options=68000b ether dc:a6:32:45:20:bb inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255 media: Ethernet autoselect (1000baseT ) status: active nd6 options=29 And here is a second example for an RK3328 single board computer (such as the [[http://www.orangepi.org/Orange%20Pi%20R1%20Plus/|Orange Pi R1 Plus]] or the [[https://wiki.friendlyarm.com/wiki/index.php/NanoPi_NEO3|NanoPi NEO3]]) where we see **dwc0** is the ethernet device. dwc0: flags=8843 metric 0 mtu 1500 options=8000b ether fe:e1:77:48:b3:60 inet 192.168.0.2 netmask 0xffffff00 broadcast 192.168.0.255 media: Ethernet autoselect (1000baseT ) status: active nd6 options=29 == Add Interface Names to Config == Now we have the name of the ethernet devices we want to bind, we add the **bind interfaces only** parameter, and adjust the **interfaces** parameter to include the loopback device, and our ethernet devices. bind interfaces only = yes interfaces = lo genet0 === WINS === There should be at least one WINS server configured. == First Samba Server == Set this as the WINS server. wins support = yes == Additional Samba Servers == Point them to the first Samba server to get their WINS. wins server = 192.168.0.1 === Set Master Browser === In order to avoid warnings where Samba is trying to find master browsers on your network, set the following options: local master = yes preferred master = yes ==== Windows Shares ==== All of the below are optional, but to make Samba useful you must configure at least one share. These options go **underneath** the **[global]** settings. The first thing I do is to comment out the default shares in the **smb4.conf** file by putting a **;** character before each line. === [Personal] === This is a share I set up so that each user can access their home folder. It is an alternative to the default **[homes]** shares, which I dislike. [Personal] comment = Home Folder browseable = yes writeable = yes valid users = %U create mode = 0644 directory mode = 0755 path = /home/%U guest ok = no === [Public] === A public folder where only **root** and members of the **wheel** group can write, but any authenticated user can read. == Create Directory == # mkdir /home/public # chmod 775 /home/public == Add Share to Config == [Public] comment = Public Folder path = /home/public browseable = yes writeable = yes guest ok = no create mode = 0664 directory mode = 0775 valid users = %U === [Shared] === A shared folder where anyone can read and write. == Create Directory == # mkdir /home/shared # chmod 777 /home/shared == Add Share to Config == [Shared] comment = Shared Folder path = /home/shared browseable = yes writeable = yes guest ok = no create mode = 0666 directory mode = 0777 valid users = %U ==== Configure Samba Service ==== Now we add the **samba_server** service to **/etc/rc.conf** so it starts at boot time. # service samba_server enable And we are ready to start the service. # service samba_server start ==== Configure Web Service Discovery ==== Finally we enable **wsdd** to make our Samba server visible to Windows clients on our network. First we tell it to run at system start up. # service wsdd enable And then we start **wsdd**. # service wsdd start