If you use FreeBSD/Illumos/linux (or other UNIX/Unix-like system) there is big chance that you do not like to say the least the windows world, but sometimes there is need to share some files with the Windows world. This is where Samba project comes handy. Today I would like to share minimalistic and simple Samba configuration and also a way to access SMB/CIFS shares from a FreeBSD machine.
On the naming side CIFS ( Common Internet File System ) is just particular version/dialect of the SMB ( Server Message Block ) protocol.
As usual I will use FreeBSD as a server. For the setup I used FreeBSD 12.0-RELEASE virtual machine image available from the project location:
https://download.freebsd.org/ftp/releases/VM-IMAGES/12.0-RELEASE/There are several formats available qcow2 / raw / vhd / vmdk but as I will be using VirtualBox I used the VMDK one.
The main FreeBSD configuration file on the server can be as small and simple as the one bellow.
# <strong>cat /etc/rc.conf</strong> hostname="samba" ifconfig_em0="inet 10.0.10.40/24" defaultrouter="10.0.10.1" sshd_enable="YES"You of course do not need SSH to server SMB/CIFS shares with Samba.
Serve SMB/CIFS Share on FreeBSD with SambaThere are several versions of Samba available on FreeBSD, but if you do not have exact reason to use the older version then just go ahead with the latest one.
# <strong>pkg search samba</strong> p5-Samba-LDAP-0.05_2 Manage a Samba PDC with an LDAP Backend p5-Samba-SIDhelper-0.0.0_3 Create SIDs based on G/UIDs samba-nsupdate-9.13.3_1 nsupdate utility with GSS-TSIG support samba46-4.6.16_1 Free SMB/CIFS and AD/DC server and client for Unix samba47-4.7.12 Free SMB/CIFS and AD/DC server and client for Unix samba48-4.8.7 Free SMB/CIFS and AD/DC server and client for UnixFirst You will need to add Samba package.
# <strong>pkg install samba48 </strong>Then we need to create configuretion file for Samba. I will assume here that you would like to share two things as examples. The /data directory with write permissions only to mine vermaden user and also my home directory /home/vermaden with read permissions for me and all people on my vermaden group. The so called public read is disabled intirely. Only after passing user and password the access will be possible to these shares. I also added several performance related options. Below is the /usr/local/etc/smb4.conf configuration file.
# <strong>cat /usr/local/etc/smb4.conf</strong> [global] workgroup = workgroup netbios name = smb server string = samba security = user max smbd processes = 3 encrypt passwords = yes socket options = TCP_NODELAY IPTOS_LOWDELAY IPTOS_THROUGHPUT SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 aio read size = 16384 aio write size = 16384 strict locking = no strict sync = no # DISABLE PRINTING load printers = no disable spoolss = yes show add printer wizard = no [data] path = /data public = no writable = yes browsable = no write list = vermaden [vermaden] path = /home/vermaden public = no writable = no browsable = no write list = @vermadenWe will also need vermaden user, lets create one with pw(8) command.
First the vermaden group with GID of 1000. The -N flag just shows what will be done instead of doing actual changes to the system. Lets try that and then execute the command without the -N flag to actually add the group.
# <strong>pw groupadd -n vermaden -g 1000 -N</strong> vermaden:*:1000: # <strong>pw groupadd -n vermaden -g 1000</strong> # <strong>pw groupshow vermaden</strong> vermaden:*:1000:As we have the group its time to create vermaden user with UID of 1000. Like with group lets first try with -N flag to check what will be made.
# <strong>pw useradd -n vermaden -c '' -u 1000 -g 1000 -m -N</strong> vermaden:*:1000:1000::0:0::/home/vermaden:/bin/sh # <strong>pw useradd -n vermaden -c '' -u 1000 -g 1000 -m</strong> # <strong>pw usershow vermaden</strong> vermaden:*:1000:1000::0:0::/home/vermaden:/bin/shLets verify our vermaden user again.
# <strong>id vermaden</strong> uid=1000(vermaden) gid=1000(vermaden) groups=1000(vermaden) # <strong>su - vermaden</strong> By pressing "Scroll Lock" you can use the arrow keys to scroll backward through the console output. Press "Scroll Lock" again to turn it off. Don't have a "Scroll Lock" key? The "Pause / Break" key acts alike.Now lets create password for this new vermaden user.
# <strong>passwd vermaden</strong> Changing local password for vermaden New Password: Retype New Password:Now we need to add vermaden user with pdbedit command from the Samba package.
# <strong>which pdbedit</strong> /usr/local/bin/pdbedit # <strong>pkg which `which pdbedit`</strong> /usr/local/bin/pdbedit was installed by package samba48-4.8.7 # <strong>pdbedit -a -u vermaden</strong> new password: retype new password: Unix username: vermaden NT username: Account Flags: [U ] User SID: S-1-5-21-1751207453-560213463-1759912891-1000 Primary Group SID: S-1-5-21-1751207453-560213463-1759912891-513 Full Name: Home Directory: \\smb\vermaden HomeDir Drive: Logon Script: Profile Path: \\smb\vermaden\profile Domain: SMB Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: 9223372036854775807 seconds since the Epoch Kickoff time: 9223372036854775807 seconds since the Epoch Password last set: Fri, 21 Dec 2018 16:49:29 UTC Password can change: Fri, 21 Dec 2018 16:49:29 UTC Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFTo list all users with the pdbedit command use the -L argument.
# <strong>pdbedit -L</strong> vermaden:1000:We now need to add Samba to the FreeBSD system services automatic startup.
# <strong>sysrc samba_server_enable=YES</strong> samba_server_enable: -> YES # <strong>sysrc samba_server_enable</strong> samba_server_enable: YES # <strong>cat /etc/rc.conf</strong> hostname="samba" ifconfig_em0="inet 10.0.10.40/24" defaultrouter="10.0.10.1" sshd_enable="YES" samba_server_enable="YES"Now we can start the Samba service.
# <strong>service samba_server start</strong> Performing sanity check on Samba configuration: OK Starting nmbd. Starting smbd.Lets check which Samba daemons listen on which ports.
# <strong>sockstat -l -4</strong> USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS root smbd 599 33 tcp4 *:445 *:* root smbd 599 34 tcp4 *:139 *:* root nmbd 595 15 udp4 *:137 *:* root nmbd 595 16 udp4 *:138 *:* (...)Now lets try to access the /data share from the Windows system.
Open explorer.exe on Windows machine and type //smb/data into location field and then type smb\vermaden as username.
You should be able to access the share now as shown below.
Lets put some text into that test.txt file.
Lets verify that it works on the FreeBSD side.
# <strong>cat /data/test.txt</strong> Input from Windows.So we are able to access/modify files from FreeBSD machine on the Windows world.
Access SMB/CIFS Share from FreeBSDLets try the other way around.
By default there are several shares already served on Windows.
C:\><strong>net share</strong> Share name Resource Remark ------------------------------------------------------------------------------- C$ C:\ Default share IPC$ Remote IPC ADMIN$ C:\Windows Remote Admin Users C:\Users The command completed successfully. C:\>You can share a directory from Windows by using graphical interface as shown below.
… or by using CLI interface within cmd.exe interpreter with net commands.
The test share is now exported for vuser user with FULL access rights which means read/write in the Windows world.
Here are the same commands in text so you may copy/paste them as needed.
C:\Windows\system32>cd \ C:\>mkdir asd C:\>net share test=C:\asd /grant:vuser,FULL test was shared successfully. C:\>net share Share name Resource Remark ------------------------------------------------------------------------------- C$ C:\ Default share IPC$ Remote IPC ADMIN$ C:\Windows Remote Admin test C:\asd Users C:\Users The command completed successfully. C:\>Lets try to mount it using the mount_smbfs command on FreeBSD system. The 10.0.10.4 address is the IP of the Windows machine.
# <strong>mount_smbfs -I 10.0.10.4 //vuser@vbox/test /mnt</strong> Password: # # <strong>mount</strong> /dev/gpt/rootfs on / (ufs, local, soft-updates) devfs on /dev (devfs, local, multilabel) //VUSER@VBOX/TEST on /mnt (smbfs)It also works the other way.
After your job is done you may remove the test share also with net command as shown below.
… and also the same commands in text so you may copy/paste them as needed.
C:\><strong>net share test /delete</strong> test was deleted successfully. C:\><strong>net share</strong> Share name Resource Remark ------------------------------------------------------------------------------- C$ C:\ Default share IPC$ Remote IPC ADMIN$ C:\Windows Remote Admin Users C:\Users The command completed successfully. C:\>This sentence concludes this article :wink:
EOF