# How to access SMB/CIFS Share of my Windows 11 bhyve VM from FreeBSD



## ziomario (Apr 20, 2022)

Hello.

I'm trying to access the SMB/CIFS share of my Windows 11 bhyve VM from FreeBSD (13R-p8) ; I've configured everything from scratch following these two good tutorials :






						Samba fileserver on FreeBSD (Update FreeBSD 12) - davd.io
					

While building my new NAS, I came across the question how to install a fileserver based on Samba on FreeBSD. Here's how...



					www.davd.io
				











						SMB/CIFS on FreeBSD
					

If you use FreeBSD/Illumos/Linux (or other UNIX/Unix-like system) there is big chance that you do not like – to say the least – the Windows world, but sometimes there is need to share s…




					vermaden.wordpress.com
				




as follows below. It almost works on both sides. Only a "little" problem persists for me,I'm not able to connect using the password that I have configured in Windows 11,but it works without it. But,for sure I can't share my resources without protecting them using a password.


```
/etc/sysctl.conf


kern.maxfiles=25600

kern.maxfilesperproc=16384

net.inet.tcp.sendspace=65536

net.inet.tcp.recvspace=65536


/boot/loader.conf:


aio_load="YES"


nano /etc/rc.conf


hostname="marietto"

ifconfig_em0="DHCP"

samba_server_enable="YES"


# pkg install samba412


gedit /usr/local/etc/smb4.conf


[global]

workgroup          = workgroup

netbios name       = marietto

server string      = samba

security           = user

max smbd processes = 3

encrypt passwords  = yes

socket options     = TCP_NODELAY IPTOS_LOWDELAY IPTOS_THROUGHPUT SO_KEEPALIVE SO_RCVBUF=65536 SO_SNDBUF=65536

aio read size      = 16384

aio write size     = 16384

strict locking     = no

strict sync        = no


# DISABLE PRINTING

load printers           = no

disable spoolss         = yes

show add printer wizard = no


[marietto mnt folder]

  path       = /mnt

  public     = yes

  writable   = yes

  browsable  = yes

  write list = marietto


[marietto home folder]

  path       = /home/marietto

  public     = yes

  writable   = yes

  browsable  = yes

  write list = @marietto


# id marietto

uid=1001(marietto) gid=1001(marietto) groups=1001(marietto),0(wheel),5(operator),44(video),145(webcamd),920(vboxusers),602(_pkcs11)


# which pdbedit

/usr/local/bin/pdbedit


# pkg which `which pdbedit`

/usr/local/bin/pdbedit was installed by package samba412-4.12.15_4


# pdbedit -a -u marietto


Unix username:        marietto

NT username:       

Account Flags:        [U          ]

User SID:             S-1-5-21-4245300636-4074870798-1088442022-1000

Primary Group SID:    S-1-5-21-4245300636-4074870798-1088442022-513

Full Name:            marietto

Home Directory:       \\marietto\marietto

HomeDir Drive:     

Logon Script:       

Profile Path:         \\marietto\marietto\profile

Domain:               MARIETTO

Account desc:       

Workstations:       

Munged dial:       

Logon time:           0

Logoff time:          9223372036854775807 seconds since the Epoch

Kickoff time:         9223372036854775807 seconds since the Epoch

Password last set:    Wed, 20 Apr 2022 15:00:20 CEST

Password can change:  Wed, 20 Apr 2022 15:00:20 CEST

Password must change: never

Last bad password   : 0

Bad password count  : 0

Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF


# pdbedit -L

marietto:1001:marietto
```

on FreeBSD :


```
# mount_smbfs -I 192.168.1.6 //Marietto-window/c /mnt/windows-drive-c

# mount_smbfs -I 192.168.1.6 //Marietto-window/g /mnt/windows-drive-g

# mount_smbfs -I 192.168.1.6 //Marietto-window/h /mnt/windows-drive-h


mount_smbfs: unable to open connection: syserr = Authentication error
```

I tried with the current marietto/admin password and with the password configured on :


```
Control Panel /

All Control Panel Items /

Credential Manager /

Windows Credentials /

marietto
```

I can access the Windows shared drive from FreeBSD if I disable the password on :


```
Control Panel /

All Control Panel Items /

Network and Sharing Center /

Advanced sharing settings /

Password protected sharing /

Turn off password protected sharing
```

I'm not sure if the problem is in some bad FreeBSD or Windows setting.


----------



## SirDice (Apr 20, 2022)

mount_smbfs(8) only supports SMBv1. That's been switched off on Windows. And I do not recommend turning it back on.


```
mount_smbfs offers	support	for SMB/CIFS/SMB1.  It does not	support	newer
     versions of the protocol like SMB2	and SMB3.  SMB2	and SMB3 are supported
     by	software available in the ports(7) collection.
```









						SMBv1 is not installed by default in Windows 10 version 1709, Windows Server version 1709 and later versions
					

Discusses the behavior of the SMBv1 protocol in Windows 10 Fall Creators Update and Windows Server, version 1709 and later versions.



					docs.microsoft.com


----------



## ziomario (Apr 20, 2022)

I have activated SMBv1 as a test and it still can't accept the password :


----------



## ziomario (Apr 20, 2022)

It is activated,so the password should be accepted by samba on FreeBSD. Right ?


```
# Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol

FeatureName      : SMB1Protocol
DisplayName      : SMB 1.0/CIFS File Sharing Support
Description      : Support for the SMB 1.0/CIFS file sharing protocol, and the Computer Browser protocol.
RestartRequired  : Possible
State            : Enabled
CustomProperties :
                   ServerComponent\Description : Support for the SMB 1.0/CIFS file sharing protocol, and the Computer
                   Browser protocol.
                   ServerComponent\DisplayName : SMB 1.0/CIFS File Sharing Support
                   ServerComponent\Id : 487
                   ServerComponent\Type : Feature
                   ServerComponent\UniqueName : FS-SMB1
                   ServerComponent\Deploys\Update\Name : SMB1Protocol
```


----------



## Sub4sub (Apr 20, 2022)

On FreeBSD:

`mount_smbfs -N -I 10.1.1.1//computer@dysk/src /usr/home/username/samba`

or

`mount_smbfs -N -I 10.1.1.1//computer@dysk/src /home/username/samba`

`10.1.1.1`- Adres IP of Host.
`computer`- Probably name of host
@
`@dysk`- I dont remember. Perhabs it is Server String or Netbios Name,
`/src` - name of shared folder from smb4.conf.




```
[global]
workgroup = WORKGROUP
server string = Dysk
netbios name = Dysk
interfaces = ue0 10.1.1.0/24
hosts allow = 10.1.1.0/24
map to guest = Bad User
#wins support = Yes
#security = user
#passdb backend = tdbsam

[src]
path = /pathtoshared/folder
writable  = yes
browsable = yes
read only = no
guest ok = yes
public = yes
create mask = 777
directory mask = 777
```

Samba is a potential attack threat from the local network.


----------



## ziomario (Apr 20, 2022)

No,man,I'm trying to do the opposite way :

*mount_smbfs -I 192.168.1.6 //Marietto-window/h /mnt/windows-drive-h*

where :

192.168.1.6 : ip of guest os (windows 11 bhyve)
//Marietto-window/h : is the path of the remote shared disk on the guest
/mnt/windows-drive-h : is the folder where the remote shared disk should be mounted.

everything is correct here because I'm able to connect from freebsd to the remote / windows 11 / bhyve shared disk,but only if I disable the password on :



```
Control Panel /

All Control Panel Items /

Network and Sharing Center /

Advanced sharing settings /

Password protected sharing /

Turn off password protected sharing
```

and now I have even ascertained that on Windows is activated the right samba protocol : SMB1Protocol. So,ok,I'm groping in the dark.


----------



## ziomario (Apr 20, 2022)

Do you mean,while I'm on Windows and I try to access the drives that I have shared on FreeBSD ? it works :


----------



## Sub4sub (Apr 20, 2022)

You want to flip files between FreeBSD and Windows11 using SAMBA? And both systems are on one physical computer?


----------



## ziomario (Apr 20, 2022)

In bhyve I have mounted two drives formatted with NTFS using Windows 11 as OS,because it is safe. I can't do this directly on FreeBSD,because its driver is not working well,so the data could be corrupted. So,I want to access the data that are mounted on those disks inside Windows 11 directly on FreeBSD,using SAMBA,yes. I find it very comfortable to do this way. Yes,FreeBSD and Windows are on the same computer and LAN. Windows has IP = *192.168.1.6* and FreeBSD *192.168.1.3*.


----------



## Sub4sub (Apr 20, 2022)

What if, make, FreeBSD/bhyve as the router that will assign the local address for Windows?


----------



## astyle (Apr 20, 2022)

In that case, I'd think you might want to look at how win11 'shares' its folders. I vaguely recall that it's got some weird permissions system that doesn't play very nice with everyone else. As in, even if you share a folder from win11, that doesn't mean that other hosts can 'see' it.


----------



## ziomario (Apr 21, 2022)

I did more experimentation. I've disabled samba on FreeBSD and I've used two bhyve vms,on the first one there is installed Ubuntu and on the second one,Windows 11. I haven't modified anything on the latter. On the Ubuntu VM I have installed the following packages :

*apt-get install cifs-utils samba-common samba winbind smbclient*

I've discovered what are the right parameters on LINUX to be able to mount the same shared Windows resource that yesterday didn't mount because the password was rejected on FreeBSD:



```
# sudo mount -t cifs //192.168.1.4/g /mnt/windows-drive-g -o user=marietto,vers=1.0 --verbose


Password for marietto@//192.168.1.4/g:


mount.cifs kernel mount options: ip=192.168.1.4,unc=\\192.168.1.4\g,vers=1.0,user=marietto,pass=********
```

So,I presume that on FreeBSD my password is rejected because I don't use the parameter *cifs* in conjunction with *mount_smbfs -I 192.168.1.6 //Marietto-window/g /mnt/windows-drive-g 

but is this possible ? Or,maybe,I should use another tool "cifs" compatible. Or,maybe //Marietto-window/g becomes g. Let's see.*


----------



## astyle (Apr 21, 2022)

ziomario said:


> I did more experimentation. I've used two bhyve vms,on the first one there is installed Ubuntu and on the second one,Windows 11. I haven't modified anything on the latter. On the Ubuntu VM I have installed the following packages :
> 
> *apt-get install cifs-utils samba-common samba winbind smbclient*
> 
> ...


I imagine that your results should be a hint to study the manpage for the FreeBSD version of mount_smbfs(8)... and find similar options there.


----------



## SirDice (Apr 21, 2022)

CIFS is just a dialect of the SMB protocol. It's used pretty much interchangeably nowadays, so CIFS and SMB are the same thing. You're not going to find an equivalent `vers=` parameter because mount_smbfs(8) only supports SMBv1 (in other words, `vers=1.0`). 

And for goodness sake turn off SMBv1 on your Windows machine. There's a LOT of ransomware that abuses the bugs that are inherent to SMBv1 (that's also the reason why Microsoft turned this off completely).









						Stop using SMB1
					

First published on TECHNET on Sep 16, 2016   Hi folks, Ned here again and today’s topic is short and sweet: Stop using SMB1. Stop using SMB1 . STOP USING SMB1!   In September of 2016, MS16-114 , a security update that prevents denial of service and remote code execution. If you need this...



					techcommunity.microsoft.com


----------



## ziomario (Apr 21, 2022)

ok. this works :

*# mount_smbfs -I 192.168.1.4 -U marietto //Marietto-window/h /mnt/windows-drive-h*

now I can try to secure this v.1 samba connection. If I will find troubles by doing this, I will start another thread. This has been solved.


----------



## ct85711 (Apr 22, 2022)

Just add a small side note in regards to smb1; it seems MS is in the process of totally removing (instead of just disabling, fully ripping all the dlls/files completely out for smb1) in the near relative future.  So even if you want, to use smb1; you have a limited time before you are forced to move on.

SMB1 now disabled by default for Windows 11 Home Insiders builds


----------



## ziomario (Apr 23, 2022)

ct85711 said:


> Just add a small side note in regards to smb1; it seems MS is in the process of totally removing (instead of just disabling, fully ripping all the dlls/files completely out for smb1) in the near relative future.  So even if you want, to use smb1; you have a limited time before you are forced to move on.
> 
> SMB1 now disabled by default for Windows 11 Home Insiders builds



what's the alternative if *mount_smbfs supports only samba 1 ? and anyway,I'm trying to secure it,can u give a look at this thread ? thanks.









						Mounting a Windows shared disk inside a Windows 11 bhyve VM on FreeBSD as host OS over SSH.
					

Hello. I'm again here to learn how to make a secure samba v.1 connection.  Goal : to be able to mount a Windows share (configured inside a Windows 11 bhyve-VM) on a single remote host OS (FreeBSD) over SSH.  Take in consideration that mount_smbfs(8) on FreeBSD only supports SMBv1.mount_smbfs(8)...




					forums.freebsd.org
				



*


----------



## ziomario (Apr 23, 2022)

Here he said that smb 3 works on Freebsd 12. So,did it stop working on 13 ? I'm reading well ?









						Samba v3.x availability
					

I'm probably on to a bit of a loser here, but I figured I'd ask anyway.  Is there still any sensible means of getting Samba v3.x for FreeBSD?  I know it's ancient but I've periodically tried to get Samba v4.x working over the past couple of years or so and never succeeded.  Now I'm in the...




					forums.FreeBSD.org


----------



## ziomario (Apr 23, 2022)

VladiBG : it seems that *FreeBSD 12.0 and samba48 supports SMBv3 and AES-128-CMAC*. On FreeBSD 13 I have installed samba 412,that should be a version newer than 48,so,what ? A newer version of samba works worst than the older ? I don't understand what's the real situation because I see two contradictory information.


----------



## VladiBG (Apr 23, 2022)

ziomario said:


> A newer version of samba works worst than the older ?


Why do you think so?

You can easy check the changelog of the Samba to see what's new.


----------



## ziomario (Apr 25, 2022)

I don't understand well where samba server has been installed on this scenario. I can tell you that if it is installed on Windows 11 and on FreeBSD 13 has been installed samba412,it will not work if it is used mount_smbfs(8) like this :

`#  mount_smbfs -I 192.168.1.4 -U marietto //Marietto-window/h /mnt/windows-drive-h`


----------



## SirDice (Apr 25, 2022)

mount_smbfs(8) is part of the base OS, not Samba. Installing Samba isn't magically going to make mount_smbfs(8) support anything other than SMBv1.


----------



## ziomario (Apr 25, 2022)

This does not change anything if it is true that *FreeBSD 12.0 and samba48 supports SMBv3 and AES-128-CMAC* and* FreeBSD 13.0 and samba412* does not. If it is true,it is a regression. I mean that with a previous version of FreeBSD it worked better than with a newer one. Does it sound good for you ?


----------



## SirDice (Apr 25, 2022)

ziomario said:


> This does not change anything if it is true that *FreeBSD 12.0 and samba48 supports SMBv3 and AES-128-CMAC* and FreeBSD 13.0 and samba412 does not.


You're totally misunderstanding the issue. Samba supports SMBv2 and SMBv3, and has done so for quite some time. FreeBSD has nothing to do with it. In any case, even on FreeBSD 12.0 mount_smbfs(8) only supports SMBv1. Again, mount_smbfs(8) has NOTHING to do with Samba.


----------



## ziomario (Apr 25, 2022)

No sorry. I don't understand where is the broken part,if in samba and-or in freebsd 13. In any case,it seems to me that the two situations can be compared,according with the VladiBG statement :

*This is the absolute minimum howto install samba 48 to work with Windows 10 SMBv3 and AES-128-CMAC on FreeBSD 12.0*

this sound to me as : with freebsd 12 and samba 48 I can use SMBv3 and AES-128-CMAC. I assume that he assumed that he wanted to install the samba server on Windows and he wanted to use the executable *mount_smbfs* on FreeBSD. This is what I'm trying also to do,but with FreeBSD 13. But at this point Im not sure that we wanted to do the same as me.


----------



## SirDice (Apr 25, 2022)

ziomario said:


> with freebsd 12 and samba 48 I can use SMBv3 and AES-128-CMAC.


The Samba shares (defined in smb4.conf) can be authenticated with SMBv2 or SMBv3. This has nothing to do with using FreeBSD as a SMB/CIFS _client_.


----------



## VladiBG (Apr 25, 2022)

ziomario said:


> I assume that he assumed that he wanted to install the samba server on Windows


Sorry I don't understand that.


----------



## ziomario (Apr 26, 2022)

VladiBG said:


> Sorry I don't understand that.



Sorry,I don't understand what you didn't understand.


----------



## VladiBG (Apr 26, 2022)

Great so we have consensus of not understanding each other


----------



## ziomario (Apr 26, 2022)

yes,sometimes this is an important goal that has been reached.


----------



## VladiBG (Apr 26, 2022)

can you explain in details what is not working in your samba server? What step you did so i can try and reproduce it?
What is your smb4.conf and what error message you get when you try to open the shared folder from your windows machine?


----------



## ziomario (Apr 26, 2022)

Sure. I've been able to reach different goals with samba,but none of them satisfied me. What I want to do is to start a samba server on WIndows 11 and I want to share some disks and then I want to mount them on FreeBSD. And I also want disable samba vers. 1 on Windows. So :

1) I started samba server version 1 on Windows and I've mounted the shared disks like this :


```
#  mount_smbfs -I 192.168.1.4 -U marietto //Marietto-window/h /mnt/windows-drive-h
```

but version 1 is not secure. So this is not a good solution.

2) I also used the samba client on FreeBSD like this :


```
smbclient \\\\192.168.1.4\h
WARNING: The "encrypt passwords" option is deprecated
Enter WORKGROUP\marietto's password:
Try "help" to get a list of possible commands.
file1 file2 file3
smb: > exit
```

but I want to show the content of the disk using thunar,so this solution is not good for me.

3) I tried to use fusefs-smbnetfs. I have modified the file : */root/.smb/smbnetfs.conf* like so : (now the IP of Windows is 192.168.1.5) ;



```
auth 192.168.1.5/h "marietto" "pass"
host 192.168.1.5 visible=true
smb_query_browsers      "false"
show_hidden_hosts       "true"
```

and then I did :


```
smbnetfs /mnt/windows-drive-h
cd /mnt/windows-drive-h/192.168.1.5 #
```

BUT it gave this error :


```
ls: .: Operation not permitted
```

4) I tried to mount on FreeBSD a disk shared in Windows 11 over SSH. You can read the whole thread going here :









						r/freebsd - Mounting a Windows shared disk inside a Windows 11 bhyve VM on FreeBSD as host OS over SSH.
					

12 votes and 8 comments so far on Reddit




					www.reddit.com
				




but it didn't work.


----------



## rootbert (Apr 26, 2022)

why don't you install sshd on Windows and use sshfs on FreeBSD?


----------



## VladiBG (Apr 27, 2022)

Change the file permission of /root/.smb/smbnetfs.conf using
`chmod 600 /root/.smb/smbnetfs.conf`

In /root/.smb/smbnetfs.conf change the auth line


> auth "marietto" "pass"



Load the fusefs
`kldload fusefs`

start smbnetfs
`smbnetfs ~/mountpouint/`

navigate to the shared folder using
`cd ~/mountpoint/192.168.1.5`

You didn't post the smb4.conf but it should contain only the following:


> [global]
> security = domain


----------



## ziomario (Apr 27, 2022)

It works ! very thanks. The instructions were not clear at all and I didn't find in any place the working configuration that you gave to me :


```
# ls /mnt/windows-drive-h/192.168.1.5
C       G       H       Users

/mnt/windows-drive-h/192.168.1.5/H # rm -r found.000
rm: found.000: Permission denied
```

do u know how to give also the write permissions to the windows shared disks ?


----------



## ziomario (Apr 27, 2022)

caja stopped showing the content of the shared drives,giving this error :

*Caja-Share-Message: Called "net usershare info" but it failed: 'net usershare' returned error 255: net usershare: usershares are currently disabled

but I still continue to see the content of the disks using the terminal.*


----------



## ziomario (Apr 27, 2022)

UPDATE : I don't know what happened,but the previous error came back :

# ls /mnt/windows-drives/G
ls: /mnt/windows-drives/G: Input/output error

the same error happens with drive C and H.


----------



## jardows (Apr 27, 2022)

Thank you for this thread.  I have been able to get a basic read-only mount to my workplace's SMB shared folders.  I too am running into the Input/output error when trying to write to any of the drives, so I will be watching this thread.


----------



## ziomario (Apr 28, 2022)

jardows said:


> Thank you for this thread.  I have been able to get a basic read-only mount to my workplace's SMB shared folders.  I too am running into the Input/output error when trying to write to any of the drives, so I will be watching this thread.



Actually I'm using another method. On Windows 11 :


```
λ start-nfs


WinNFSd.exe -pathFile C:\Users\virtu\Downloads\cmder\NFS\Server\drives.txt

=====================================================

WinNFSd 2.4.0 [5f7f224]

Network File System server for Windows

Copyright (C) 2005 Ming-Yang Kao

Edited in 2011 by ZeWaren

Edited in 2013 by Alexander Schneider (Jankowfsky AG)

Edited in 2014 2015 by Yann Schepens

Edited in 2016 by Peter Philipp (Cando Image GmbH), Marc Harding

=====================================================

Path #1 is: C:\, path alias is: /share-c

Path #2 is: G:\, path alias is: /share-g

Path #3 is: H:\, path alias is: /share-h

Portmap daemon started

NFS daemon started

Mount daemon started

Listening on 0.0.0.0

Type 'help' to see help
```

On FreeBSD :


```
192.168.1.5.sh :


#!/usr/local/bin/bash
sudo -u root umount /mnt/winnfsd/drive-g
sudo -u root umount /mnt/winnfsd/drive-h
sudo -u root mount -o vers=3 192.168.1.5:/share-g /mnt/winnfsd/drive-g
sudo -u root mount -o vers=3 192.168.1.5:/share-h /mnt/winnfsd/drive-h
gksu -u root "caja /mnt/winnfsd"
```

it seems that it works almost good,right now. I say "almost" because yesterday I've removed a file while I was inside the Windows VM and the tool stopped working. It totally crashed when I was accessing the files using caja on FreeBSD,maybe because it was expecting to find the file that I had previously deleted on Windows but it was unable to find it. Samba is giving me a lot of troubles at the moment. I think that it could work better if I wanted to start the server on FreeBSD and the client on Windows. But the problem is that I'm running Windows in a 1440x900 window and it is uncomfortable to show the files in this little window,compared to the screen that I can have when I use FreeBSD,because FreeBSD runs on a 1920x1080 screen. So,I'm obliged to run the samba server on Windows and samba "client" on FreeBSD ; anyway,I'm thinking to stop using samba. Maybe it is a better idea if I start using sshfs,instead.


----------



## grahamperrin@ (May 3, 2022)

Thunar​


ziomario said:


> … I want to show the content of the disk using thunar, …



Thunar uses the GNOME virtual file system, devel/gvfs, which has the potential to simplify things in your case (I assume that you, alone, will write to the file server).

Try, for example:

Control-L (prepare to enter the location, the path)
`smb://marietto@192.168.1.5/share-g`
<https://www.freshports.org/x11-fm/thunar/#dependencies>


----------

