ftp/curl
net/py-wsdd
net/samba413
If you have Windows clients on your network then you may want Windows users to be able to access the files in their home directory on your FreeBSD machine. You might also want to configure a shared area where users can share files with each other, and perhaps a public area that is only writeable for trusted users in the wheel group. This guide shows you how to do this.
Install ftp/curl
, net/py-wsdd
and net/samba413
either from packages or build them from the ports collection.
At the time of writing, the net/samba413
port does not include the default smb4.conf file necessary to get Samba up and running, so we will use curl to get a copy from the Samba git repository.
# curl -o /usr/local/etc/smb4.conf "https://git.samba.org/samba.git/?p=samba.git;a=blob_plain;f=examples/smb.conf.default"
Next we create a directory where Samba can store its log files.
# mkdir /var/log/samba
In the following sub-sections we go through each option I use to get Samba working, with an explanation for each. These parameters are all under the [global] section of /usr/local/etc/smb4.conf which is the first part before the SMB shares are configured.
For some reason, the default Windows workgroup is set to MYGROUP when the default name for Windows clients is WORKGROUP. Unless you have a specific workgroup set up, change the following:
workgroup = WORKGROUP
This is completely optional, but I like the server details to tell me which operating system and version it is running.
server string = FreeBSD %v (%h)
We don't want to join our machine to a Windows domain, nor do we want Samba to be a domain controller (or an Active Directory controller!)
server role = standalone server
For extra security, we tell Samba which hosts it should accept connections from. For example, if our local IP range is 192.168.0.* then we change the hosts allow parameter to the following:
hosts allow 192.168.0. 127.
The 127. is for localhost. You can add other ranges, or even specific IPs, to the end of the list, each separated by a space.
I like to have a separate log file for each of the computers that connect to my FreeBSD box so I adjust the log file path to reflect this. The log level parameter does not exist in the example config file and will need to be added. The default log level is 1 and this can be increased later if you need to troubleshoot.
log file = /var/log/samba/%m.log log level = 1
This may not be necessary, however I have experienced conflicts between different devices if I leave interfaces unset and allow Samba to listen on all interfaces (I have a tun device configured for OpenVPN).
First we need to get the ethernet device name our FreeBSD machine is using, if we do not already know it, by running ifconfig.
# ifconfig | more
Look for the ethernet interface in the list. Below is an example of what we are looking for on a Raspberry Pi 4, where we can see that genet0 is the ethernet device.
genet0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=68000b<RXCSUM,TXCSUM,VLAN_MTU,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6> ether dc:a6:32:45:20:bb inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255 media: Ethernet autoselect (1000baseT <full-duplex>) status: active nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
And here is a second example for an RK3328 single board computer (such as the Orange Pi R1 Plus or the NanoPi NEO3) where we see dwc0 is the ethernet device.
dwc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=8000b<RXCSUM,TXCSUM,VLAN_MTU,LINKSTATE> ether fe:e1:77:48:b3:60 inet 192.168.0.2 netmask 0xffffff00 broadcast 192.168.0.255 media: Ethernet autoselect (1000baseT <full-duplex>) status: active nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
Now we have the name of the ethernet devices we want to bind, we add the bind interfaces only parameter, and adjust the interfaces parameter to include the loopback device, and our ethernet devices.
bind interfaces only = yes interfaces = lo genet0
There should be at least one WINS server configured.
Set this as the WINS server.
wins support = yes
Point them to the first Samba server to get their WINS.
wins server = 192.168.0.1
In order to avoid warnings where Samba is trying to find master browsers on your network, set the following options:
local master = yes preferred master = yes
All of the below are optional, but to make Samba useful you must configure at least one share. These options go underneath the [global] settings.
The first thing I do is to comment out the default shares in the smb4.conf file by putting a ; character before each line.
This is a share I set up so that each user can access their home folder. It is an alternative to the default [homes] shares, which I dislike.
[Personal] comment = Home Folder browseable = yes writeable = yes valid users = %U create mode = 0644 directory mode = 0755 path = /home/%U guest ok = no
A public folder where only root and members of the wheel group can write, but any authenticated user can read.
# mkdir /home/public # chmod 775 /home/public
[Public] comment = Public Folder path = /home/public browseable = yes writeable = yes guest ok = no create mode = 0664 directory mode = 0775 valid users = %U
A shared folder where anyone can read and write.
# mkdir /home/shared # chmod 777 /home/shared
[Shared] comment = Shared Folder path = /home/shared browseable = yes writeable = yes guest ok = no create mode = 0666 directory mode = 0777 valid users = %U
Now we add the samba_server service to /etc/rc.conf so it starts at boot time.
# service samba_server enable
And we are ready to start the service.
# service samba_server start
Finally we enable wsdd to make our Samba server visible to Windows clients on our network. First we tell it to run at system start up.
# service wsdd enable
And then we start wsdd.
# service wsdd start