FreeBSD - Samba Setup
Due to recent changes in Samba,
learn about the utility pdbedit
and why to use the tdbsam backend database
instead of the smbpasswd backend database.
See SAMBA documentation on
Account Information Databases
for useful background information.
Install the Samba Port
Install the samba package via portinstall -R net/samba3
or cd /usr/ports/net/samba3; make install clean.
Edit Samba Configuration File
Edit /usr/local/etc/smb.conf, which is installed with the Samba port.
- Set the workgroup setting to the name of the
workgroup to which your Windows machines belong
- Set the server string setting to some useful
description that you want to have show up on Network Neighborhood
in File Manager on the Windows clients
- Set the hosts allow setting to your private network
address range
- Set the netbios name if you want the name of the machine
as broadcast by Samba to be different from the machine's name
- Set the passdb backend to tdbsam
since the old smbpasswd backend is obsolete
- If you want to share a printer, ensure the printing
setting indicates the special printing system used, if necessary
- Add any other specific file and/or printer shares you need -
this includes setting:
- path to the absolute path
of the directory you want to share on your FreeBSD box
- public to no
since you only want authenticated users to access it
- writable to yes or no
if you want read-write or read-only access, respectively
- browsable to yes or no
if you want people to see the share when browsing regardless of authentication status,
or if you want to practice security by obscurity by hiding this share from browsers
- comment to whatever additional description you want to give to browsers
- users to the comma-separated list of SMB users to which you want to allow access
Run testparm to test the configuration you just created.
Edit /usr/local/etc/rc.d/samba file
Edit /usr/local/etc/rc.d/samba to enable samba.
This file was installed as part of the installation of the Samba port.
Uncomment the line samba_enable="YES".
You don't need to uncomment the line for winbindd_enable
if you do not have a Windows domain controller in your local network.
Editing /etc/rc.d
This seems to be already set up on my machine
when I upgraded to X.org 7.2 and ran the mergebase.sh script
as part of that upgrade; the script added a line to /etc/rc.d
so that it would run the rc.d system in /usr/local.
Run adduser and pw as needed
Run adduser to add any needed user accounts.
Run pw to add any groups and modify group memberships.
Update Firewall Configuration to Permit Samba Communications on Your Network
What you need to do varies depending on what firewall you are using.
For ipfilter, I used the following rules in my ipfilter rules file build script:
- pass out quick on $outif proto udp from any to $localnetwork/24 port = 137 keep state
- pass out quick on $outif proto udp from any to $localnetwork/24 port = 138 keep state
- pass in quick on $outif proto udp from any to $localnetwork/24 port = 137
- pass in quick on $outif proto udp from any to $localnetwork/24 port = 138
- pass in quick on $outif proto tcp from any to $localnetwork/24 port = 139
Start Samba
/usr/local/etc/rc.d/samba start
Run pdbedit to Set Up User Accounts for Samba
pdbedit -a username will ask you for the
password of the user you are adding.
Test Locally
Test the Samba configuration locally using the following command:
smbclient //yourMachineName/yourShareName -U validSambaUser
Back to FreeBSD main page