Bromania Wiki

Scribblings of a Brit in Romania

User Tools

Site Tools


tech:unix:freebsd:samba

Installing and Configuring Samba (Windows Shares)

Environment

  • FreeBSD 13.x
  • Samba 4.x

Required Ports

  • ftp/curl
  • net/py-wsdd
  • net/samba413

Overview

If you have Windows clients on your network then you may want Windows users to be able to access the files in their home directory on your FreeBSD machine. You might also want to configure a shared area where users can share files with each other, and perhaps a public area that is only writeable for trusted users in the wheel group. This guide shows you how to do this.

Installation

Install ftp/curl, net/py-wsdd and net/samba413 either from packages or build them from the ports collection.

Configuration

Getting a Default smb4.conf

At the time of writing, the net/samba413 port does not include the default smb4.conf file necessary to get Samba up and running, so we will use curl to get a copy from the Samba git repository.

# curl -o /usr/local/etc/smb4.conf "https://git.samba.org/samba.git/?p=samba.git;a=blob_plain;f=examples/smb.conf.default" 

Next we create a directory where Samba can store its log files.

# mkdir /var/log/samba 

Configure [global] in /usr/local/etc/smb4.conf

In the following sub-sections we go through each option I use to get Samba working, with an explanation for each. These parameters are all under the [global] section of /usr/local/etc/smb4.conf which is the first part before the SMB shares are configured.

Setting the Workgroup

For some reason, the default Windows workgroup is set to MYGROUP when the default name for Windows clients is WORKGROUP. Unless you have a specific workgroup set up, change the following:

workgroup = WORKGROUP

Setting the Server Description

This is completely optional, but I like the server details to tell me which operating system and version it is running.

server string = FreeBSD %v (%h)

Set the Server Type

We don't want to join our machine to a Windows domain, nor do we want Samba to be a domain controller (or an Active Directory controller!)

server role = standalone server

Which Hosts Should we Allow?

For extra security, we tell Samba which hosts it should accept connections from. For example, if our local IP range is 192.168.0.* then we change the hosts allow parameter to the following:

hosts allow 192.168.0. 127.

The 127. is for localhost. You can add other ranges, or even specific IPs, to the end of the list, each separated by a space.

Log File Preferences

I like to have a separate log file for each of the computers that connect to my FreeBSD box so I adjust the log file path to reflect this. The log level parameter does not exist in the example config file and will need to be added. The default log level is 1 and this can be increased later if you need to troubleshoot.

 log file = /var/log/samba/%m.log
 log level = 1

Only Listen on Specific Interfaces

This may not be necessary, however I have experienced conflicts between different devices if I leave interfaces unset and allow Samba to listen on all interfaces (I have a tun device configured for OpenVPN).

Find Ethernet Device Name

First we need to get the ethernet device name our FreeBSD machine is using, if we do not already know it, by running ifconfig.

# ifconfig | more

Look for the ethernet interface in the list. Below is an example of what we are looking for on a Raspberry Pi 4, where we can see that genet0 is the ethernet device.

genet0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=68000b<RXCSUM,TXCSUM,VLAN_MTU,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        ether dc:a6:32:45:20:bb
        inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

And here is a second example for an RK3328 single board computer (such as the Orange Pi R1 Plus or the NanoPi NEO3) where we see dwc0 is the ethernet device.

dwc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8000b<RXCSUM,TXCSUM,VLAN_MTU,LINKSTATE>
        ether fe:e1:77:48:b3:60
        inet 192.168.0.2 netmask 0xffffff00 broadcast 192.168.0.255
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
Add Interface Names to Config

Now we have the name of the ethernet devices we want to bind, we add the bind interfaces only parameter, and adjust the interfaces parameter to include the loopback device, and our ethernet devices.

 bind interfaces only = yes
 interfaces = lo genet0
 

WINS

There should be at least one WINS server configured.

First Samba Server

Set this as the WINS server.

 wins support = yes
Additional Samba Servers

Point them to the first Samba server to get their WINS.

wins server = 192.168.0.1

Set Master Browser

In order to avoid warnings where Samba is trying to find master browsers on your network, set the following options:

local master = yes
preferred master = yes

Windows Shares

All of the below are optional, but to make Samba useful you must configure at least one share. These options go underneath the [global] settings.

The first thing I do is to comment out the default shares in the smb4.conf file by putting a ; character before each line.

[Personal]

This is a share I set up so that each user can access their home folder. It is an alternative to the default [homes] shares, which I dislike.

[Personal]
   comment = Home Folder
   browseable = yes
   writeable = yes
   valid users = %U
   create mode = 0644
   directory mode = 0755
   path = /home/%U
   guest ok = no

[Public]

A public folder where only root and members of the wheel group can write, but any authenticated user can read.

Create Directory
# mkdir /home/public
# chmod 775 /home/public
Add Share to Config
[Public]
   comment = Public Folder
   path = /home/public
   browseable = yes
   writeable = yes
   guest ok = no
   create mode = 0664
   directory mode = 0775
   valid users = %U

[Shared]

A shared folder where anyone can read and write.

Create Directory
# mkdir /home/shared
# chmod 777 /home/shared
Add Share to Config
[Shared] 
   comment = Shared Folder
   path = /home/shared
   browseable = yes
   writeable = yes
   guest ok = no
   create mode = 0666
   directory mode = 0777
   valid users = %U

Configure Samba Service

Now we add the samba_server service to /etc/rc.conf so it starts at boot time.

# service samba_server enable

And we are ready to start the service.

# service samba_server start

Configure Web Service Discovery

Finally we enable wsdd to make our Samba server visible to Windows clients on our network. First we tell it to run at system start up.

# service wsdd enable

And then we start wsdd.

# service wsdd start
tech/unix/freebsd/samba.txt · Last modified: 2023/05/21 11:55 by puisor