# Simple Samba LAN Filesharing Tutorial



## daBee (Aug 1, 2017)

Hi folks.

I need to set up samba.  I reviewed this page here https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server but it didn't get me far as I couldn't create a samba user.  I'm assuming the samba documentation is right, but there is no such thing as `useradd`.  

Is there a samba setup tutorial for Freebsd?  I'm running samba46 on FreeBSD 11.1 and I only see linux sharing to windows.  I'm on a Mac OS workstation. 

I would like to share the following locations for quick access to me (user rich) on this workstation, or another lan box.  

`## To share:
/usr/local/www
/home/rich
/etc/`

Any insight appreciated.  Cheers


----------



## obsigna (Aug 1, 2017)

You need to edit the file /usr/local/etc/smb4.conf. A basic configuration for the mentioned shares might be:

```
[global]
workgroup = WORKGROUP
server string = Server
security = user
encrypt passwords = yes
max log size = 500
preferred master = yes
hosts allow = 192.168.1.
interfaces = em0
bind interfaces only = yes
socket options = TCP_NODELAY

[homes]
comment = User Home
browseable = no
writeable = yes
directory mask = 0700
create mask = 0700

[etc]
comment = Server Configuration
path = /etc
public = no
writeable = yes
write list = @admin
directory mask = 0770
create mask = 0770

[www]
comment = Web Root
path = /usr/local/www
public = no
writeable = yes
write list = @webadm
directory mask = 0775
create mask = 0775
```
Note, you need to change the IP of the local network (hosts allow) and the device identifier of the interface which connects the local network (interfaces). Don't let Samba operate on the WAN.

Then you would configure the users using the Samba tool pdbedit(8). The following assumes that you already created the system user rich on your machine, and you would need to create groups for this user in order to have different access privileges for /etc and /usr/local/www. The latter might become tricky, because depending on the web service which is running you might need to maintain write access for the web server for some sub-directories, for example for uploads. The members of the suggested group webadm would be www and rich.

`# pdbedit rich`

```
new password: ********
retype new password: ********
Unix username:        rich
NT username: 
Account Flags:        [U          ]
User SID:             S-1-5-21-1801956262-1824223230-718757168-1001
Primary Group SID:    S-1-5-21-1801956262-1824223230-718757168-1001
Full Name:            Richard
Home Directory:       \\server\rich
HomeDir Drive:
Logon Script:
Profile Path:         \\server\rich\profile
Domain:               SERVER
Account desc:
Workstations:
Munged dial: 
Logon time:           0
Logoff time:          So, 04 Dez 219250468 13:30:07 BRST
Kickoff time:         So, 04 Dez 219250468 13:30:07 BRST
Password last set:    Fr, 29 Aug 2014 09:14:10 BRT
Password can change:  Fr, 29 Aug 2014 09:14:10 BRT
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
```
In my network I have running Mac and Windows clients. For the Macs I installed net/netatalk3, which is more lightweight and usually faster + imposing less load on the CPU's than Samba.

Principally for Mac clients accessing Samba shares the setting TCP_NODELAY is very important.


----------



## daBee (Aug 1, 2017)

Wow.  Perfect.  Thank you.  I had to go sudo for the `pdbedit -a -u rich`.  I've left all this quite simple as I don't want to mess with other services and permissions, as I've had plenty of those with `nginx` and `passenger`.  Still some odd things happening there on 11.1.  

All this is for real-time editing conf files and odd small stuff, so not much of a challenge on the server.  I then chase it up with `filewatcher` gem to auto-load files (`ruby`, `bash`) in the terminal.  Given AFP's timely demise, I thought I should stay away from it.


----------



## SirDice (Aug 1, 2017)

daBee said:


> Is there a samba setup tutorial for Freebsd?


You don't need to specifically look for tutorials on FreeBSD. Samba is configured exactly the same way on any OS (as are many others, like Apache, MySQL, etc). So you can use any Samba tutorial you might find.



> I'm assuming the samba documentation is right, but there is no such thing as `useradd`.


It's adduser(8) on FreeBSD and works a little different from Linux's `useradd`. The principle is the same though.


----------



## daBee (Aug 1, 2017)

I was hoping that was the case, but I ran into the non-existent useradd and was confused.


----------



## grzesyou (Nov 12, 2017)

Hi
I've recently came across setting Samba as file sharing service on my FreeBSD.
I found some FreeBSD related doc's confusing too. However the Samba official documentation, Linux tutorials with some books help should be ok
In my case I've found that my problems with Samba were connected with active directory or domain or network or authentication issues which are often host or site specific.
I had no Active Directory, ldap, nor DNS configured. I've used Samba 4.6 from package on RaspBSD 12 (which goes with 11 branch). My input is not ready solution, but I hope it may help somebody.

First - check yours hostname  and set the name hostname="hostname.domain.tld" (rather don't use .localhost or example.com)
I've set it in the /etc/rc.conf

```
hostname="rpi.aigo.go"
```
Confusion - domainname(1) - it is not Samba domain related - it's NIS/YellowPages UNIX service.

Second - set up /etc/hosts

```
::1                     rpi.aigo.go     localhost       rpi
127.0.0.1               rpi.aigo.go     localhost       rpi
192.168.1.5             rpi.aigo.go     rpi
```
A name next to the address is full name (FQDN), followed by aliases

Third - you need /usr/local/etc/smb4.conf. There is no share/example.
Let's take a look at `less /usr/local/share/doc/samba46/README.FreeBSD`. There is `samba-tool domain provision --interactive --use-xattrs=no --use-ntvfs`.
For me only --interactive worked, however we may learn that FreeBSD's Samba works on UFS2 ACL. So check `tunefs -p /dev/da0p1` whether you are using it. For me NFSv4 ACLs worked, it doesn't have to be POSIX.1e ACLs. Turn it on by `tunefs` (in single user mode as / must be detached if needed).

After `samba-tool domain provision --interactive` there will be generated a simple /usr/local/etc/smb4.conf. The tool will use your hostname to determine REALM, netbios name and workgroup (all must be uppercase). I've set dns to samba internal, without dns forwarding and copied `cp /var/db/samba4/private/krb5.conf /etc/krb5.conf`. But wait a sec - I've already set up a Active Directory backend 
	
	



```
passdb backend = samba_dsdb
```
  It is something I didn't want to, and I have little idea about it.

Confusion: Samba have BIND dns, FreeBSD comes with unbound.
You may also update  /etc/resolv.conf if this apply to your configuration - add nameserver 127.0.0.1 or search.

So we may take a look at https://www.freebsd.org/doc/handbook/network-samba.html
The backend used there is `passdb backend = tdbsam` I've read somewhere that it is depreciated and skiped it in first approach - no it works, smbpasswd backend is Samba 3 stuff and discouraged in Samba 4 as far as I know.
So we need to add an user `pdbedit -a username`
Confusion. My wife need a password... yeah: `pdbedit -a nobody`

I've read some examples on forum and web.
I found also useful smb.conf(5) and `testparm -v`
Finally my smb4.conf:

```
[global]
        netbios name = RPI
        realm = AIGO.GO
        workgroup = AIGO
        server string = Some text
        passdb backend = tdbsam
#security = user # its default - to allow guest
#have no printers disable spoolss = yes
        disable spoolss = yes
#want to use mount_smbfs with ntlm_v1 on
        ntlm auth = yes
        map to guest = Bad User
        guest account = nobody
#these two are netbios stuff
#local master = yes #default yes
#domain master = auto #default auto
        domain master = yes
#os level = 255 if your wins must win over windows machines
# win81 = 62 win10 = 100?
        os level = 255
        wins support = yes
#log 1 ,2 3, 5 10
        log level = 3
        max log size = 1000
#      smb ports = 139 445 # its default

#with password
[raspberry]
comment = "home::"
path = /usr/home/raspberry
#not valid users just users
users = raspberry
read only = no
create mask = 755
directory mask = 755

#with password
[cores]
comment = "Public"
path = /mnt/cores
read only = no
public = yes
create mask = 755
directory mask = 755
```
Of course user nobody have file rights. Ports 139 and 445 are opened.

Then - how to start Samba?
1 - /usr/local/sbin/smbd if you like - for more check help option.
2 - through /etc/inetd.conf - my choice for filesharing uncomment 2 lines referring samba 
	
	



```
netbios-ssn stream tcp nowait          root    /usr/local/sbin/smbd    smbd
netbios-ns dgram udp   wait            root    /usr/local/sbin/nmbd    nmbd
```
3 - you have an AD or ldap, you will use winbindd `service samba_server onestart` or by /etc/rc.conf

```
samba_server_enable="YES"
```

Confusion - if you choose more than one way I'm not sure if this will act correctly (or unless you have correctly set up domain). I had some problems with it.

Other useful command:
`smbcontrol all reload-config`
`smbstatus`
`smbtree`
`nmblookup -B client '*'`
`smbclient //192.168.1`
Then I could
`mount_smbfs -I 192.168.1.5 -U raspberry //a@a/raspberry /mnt/sth/`
I'm not able to credit all sources. However you may find useful
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server
http://www.oreilly.com/openbook/samba/book/
https://www.samba.org/samba/docs/using_samba/toc.html
https://wiki.archlinux.org/index.php/samba

As this is my first post I want to say thank you to the Forum Team, Timur (the port maintainer)  and FreeBSD crew.
Cheers
grzes


----------

