Category: Samba SMB/CIFS Server

Samba SMB/CIFS Server

Samba SMB/CIFS Server


Samba is an attempt to implement an Active Directory compatible Domain Controller.

In short, you can join a WinNT, Win2000, WinXP or Win2003 member server to a Samba4 domain, and it will behave much as it does in AD, including Kerberos domain logins where applicable.

N.B.: This document descries how to install and configure a standalone Samba 4.4 server with netbios disable for reduced network traffic.


Preparation for Installation

Start PuTTY on a Windows PC, Terminal on a Mac or similar terminal application on a Linux PC.

In this example Terminal on a Mac is used.

Open a remote SSH session to the server with:

Mac:~ user$ ssh user@ [enter]
N.B.: Replace user@ with User ID and IP Address on Your server!
[user@server ~]$

Enable superuser privileges with:

[user@server ~]$ sudo -s [enter]
Password: <-- passwd [enter]
[root@server /usr/home/user]#

N.B.: Enter user password, not the root password!


Search for samba in the remote package repositories with:

[root@server /usr/home/user]# pkg search samba [enter]
p5-Samba-LDAP-0.05_2           Manage a Samba PDC with an LDAP Backend
p5-Samba-SIDhelper-0.0.0_3     Create SIDs based on G/UIDs
samba-nsupdate-9.8.6_1         nsupdate utility with GSS-TSIG support
samba-virusfilter-0.1.3_1      On-access anti-virus filter for Samba
samba36-3.6.25_3               Free SMB and CIFS client and server for Unix
samba36-libsmbclient-3.6.25_2  Shared lib from the samba package
samba36-nmblookup-3.6.25       NetBIOS Name lookup tool
samba36-smbclient-3.6.25       Samba "ftp-like" client
samba42-4.2.14                 Free SMB/CIFS and AD/DC server and client for Unix
samba43-4.3.13_1               Free SMB/CIFS and AD/DC server and client for Unix
samba44-4.4.8_1                Free SMB/CIFS and AD/DC server and client for Unix
[root@server /usr/home/user]#

In this example samba46 will be installed as a standalone server.

Install port samba46 with;

[root@server /usr/home/user]# pkg install net/samba46 [enter]
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 35 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        samba46: 4.6.4_1
        libsunacl: 1.0
        gnutls: 3.5.13
        trousers: 0.3.14_1
        tpm-emulator: 0.7.4_2
        gmp: 6.1.2
        p11-kit: 0.23.7
        libtasn1: 4.12
        ca_root_nss: 3.31
        libffi: 3.2.1
        nettle: 3.3
        libidn2: 2.0.2
        libunistring: 0.9.7
        openldap-client: 2.4.45
        python27: 2.7.13_6
        readline: 7.0.3
        python2: 2_3
        py27-dnspython: 1.15.0
        py27-setuptools: 36.0.1
        tevent: 0.9.31
        talloc: 2.1.9
        py27-iso8601: 0.1.11
        popt: 1.16_2
        libinotify: 20160505
        gamin: 0.1.10_9
        glib: 2.50.2_2,1
        perl5: 5.24.1_1
        pcre: 8.40_1
        libiconv: 1.14_10
        tdb: 1.3.12,1
        ldb: 1.1.29_1
        libarchive: 3.3.1,1
        expat: 2.2.0_1
        lzo2: 2.10_1
        liblz4: 1.7.5,1

Number of packages to be installed: 35

The process will require 327 MiB more space.
61 MiB to be downloaded.

Proceed with this action? [y/N]: y [enter]
[1/35] Fetching samba46-4.6.4_1.txz: 100%   23 MiB   6.0MB/s    00:04
[2/35] Fetching libsunacl-1.0.txz: 100%    7 KiB   6.9kB/s    00:01
[3/35] Fetching gnutls-3.5.13.txz: 100%    2 MiB   2.2MB/s    00:01
[4/35] Fetching trousers-0.3.14_1.txz: 100%  463 KiB 474.0kB/s    00:01
[5/35] Fetching tpm-emulator-0.7.4_2.txz: 100%  112 KiB 114.5kB/s    00:01
[6/35] Fetching gmp-6.1.2.txz: 100%  463 KiB 474.1kB/s    00:01
[7/35] Fetching p11-kit-0.23.7.txz: 100%  391 KiB 400.6kB/s    00:01
[8/35] Fetching libtasn1-4.12.txz: 100%  603 KiB 617.3kB/s    00:01
[9/35] Fetching ca_root_nss-3.31.txz: 100%  331 KiB 338.8kB/s    00:01
[10/35] Fetching libffi-3.2.1.txz: 100%   34 KiB  35.2kB/s    00:01
[11/35] Fetching nettle-3.3.txz: 100%    1 MiB   1.1MB/s    00:01
[12/35] Fetching libidn2-2.0.2.txz: 100%   96 KiB  98.3kB/s    00:01
[13/35] Fetching libunistring-0.9.7.txz: 100%  602 KiB 616.8kB/s    00:01
[14/35] Fetching openldap-client-2.4.45.txz:   7%   72 KiB  73.7kB/s    00:13 ET[14/35] Fetching openldap-client-2.4.45.txz: 100%    1 MiB   1.0MB/s    00:01   
[15/35] Fetching python27-2.7.13_6.txz: 100%   10 MiB   3.6MB/s    00:03
[16/35] Fetching readline-7.0.3.txz: 100%  334 KiB 342.2kB/s    00:01
[17/35] Fetching python2-2_3.txz: 100%    1 KiB   1.1kB/s    00:01
[18/35] Fetching py27-dnspython-1.15.0.txz: 100%  170 KiB 174.1kB/s    00:01
[19/35] Fetching py27-setuptools-36.0.1.txz:  47%  208 KiB 213.0kB/s    00:01 ET[19/35] Fetching py27-setuptools-36.0.1.txz: 100%  439 KiB 450.0kB/s    00:01   
[20/35] Fetching tevent-0.9.31.txz: 100%   48 KiB  48.7kB/s    00:01
[21/35] Fetching talloc-2.1.9.txz: 100%   52 KiB  53.4kB/s    00:01
[22/35] Fetching py27-iso8601-0.1.11.txz: 100%   12 KiB  11.9kB/s    00:01
[23/35] Fetching popt-1.16_2.txz: 100%   60 KiB  61.9kB/s    00:01
[24/35] Fetching libinotify-20160505.txz: 100%   18 KiB  18.7kB/s    00:01
[25/35] Fetching gamin-0.1.10_9.txz: 100%   49 KiB  50.5kB/s    00:01
[26/35] Fetching glib-2.50.2_2,1.txz: 100%    3 MiB   2.9MB/s    00:01
[27/35] Fetching perl5-5.24.1_1.txz: 100%   13 MiB   3.5MB/s    00:04
[28/35] Fetching pcre-8.40_1.txz: 100%    1 MiB   1.1MB/s    00:01
[29/35] Fetching libiconv-1.14_10.txz: 100%  599 KiB 613.6kB/s    00:01
[30/35] Fetching tdb-1.3.12,1.txz: 100%   83 KiB  85.4kB/s    00:01
[31/35] Fetching ldb-1.1.29_1.txz: 100%  199 KiB 203.7kB/s    00:01
[32/35] Fetching libarchive-3.3.1,1.txz: 100%  694 KiB 710.3kB/s    00:01
[33/35] Fetching expat-2.2.0_1.txz: 100%  102 KiB 104.4kB/s    00:01
[34/35] Fetching lzo2-2.10_1.txz: 100%  113 KiB 115.3kB/s    00:01
[35/35] Fetching liblz4-1.7.5,1.txz: 100%   95 KiB  97.5kB/s    00:01
Checking integrity... done (0 conflicting)
[1/35] Installing libffi-3.2.1...
[1/35] Extracting libffi-3.2.1: 100%
[2/35] Installing readline-7.0.3...
[2/35] Extracting readline-7.0.3: 100%
[3/35] Installing python27-2.7.13_6...
[3/35] Extracting python27-2.7.13_6: 100%
[4/35] Installing gmp-6.1.2...
[4/35] Extracting gmp-6.1.2: 100%
[5/35] Installing python2-2_3...
[5/35] Extracting python2-2_3: 100%
[6/35] Installing tpm-emulator-0.7.4_2...
===> Creating groups.
Creating group '_tss' with gid '601'.
===> Creating users
Creating user '_tss' with uid '601'.
[6/35] Extracting tpm-emulator-0.7.4_2: 100%
[7/35] Installing libtasn1-4.12...
[7/35] Extracting libtasn1-4.12: 100%
[8/35] Installing ca_root_nss-3.31...
[8/35] Extracting ca_root_nss-3.31: 100%
[9/35] Installing libunistring-0.9.7...
[9/35] Extracting libunistring-0.9.7: 100%
[10/35] Installing talloc-2.1.9...
[10/35] Extracting talloc-2.1.9: 100%
[11/35] Installing perl5-5.24.1_1...
[11/35] Extracting perl5-5.24.1_1: 100%
[12/35] Installing pcre-8.40_1...
[12/35] Extracting pcre-8.40_1: 100%
[13/35] Installing libiconv-1.14_10...
[13/35] Extracting libiconv-1.14_10: 100%
[14/35] Installing trousers-0.3.14_1...
===> Creating groups.
Using existing group '_tss'.
===> Creating users
Using existing user '_tss'.
[14/35] Extracting trousers-0.3.14_1: 100%
[15/35] Installing p11-kit-0.23.7...
[15/35] Extracting p11-kit-0.23.7: 100%
[16/35] Installing nettle-3.3...
[16/35] Extracting nettle-3.3: 100%
[17/35] Installing libidn2-2.0.2...
[17/35] Extracting libidn2-2.0.2: 100%
[18/35] Installing openldap-client-2.4.45...
[18/35] Extracting openldap-client-2.4.45: 100%
[19/35] Installing py27-setuptools-36.0.1...
[19/35] Extracting py27-setuptools-36.0.1: 100%
[20/35] Installing tevent-0.9.31...
[20/35] Extracting tevent-0.9.31: 100%
[21/35] Installing popt-1.16_2...
[21/35] Extracting popt-1.16_2: 100%
[22/35] Installing glib-2.50.2_2,1...
[22/35] Extracting glib-2.50.2_2,1: 100%
No schema files found: doing nothing.
[23/35] Installing tdb-1.3.12,1...
[23/35] Extracting tdb-1.3.12,1: 100%
[24/35] Installing expat-2.2.0_1...
[24/35] Extracting expat-2.2.0_1: 100%
[25/35] Installing lzo2-2.10_1...
[25/35] Extracting lzo2-2.10_1: 100%
[26/35] Installing liblz4-1.7.5,1...
[26/35] Extracting liblz4-1.7.5,1: 100%
[27/35] Installing libsunacl-1.0...
[27/35] Extracting libsunacl-1.0: 100%
[28/35] Installing gnutls-3.5.13...
[28/35] Extracting gnutls-3.5.13: 100%
[29/35] Installing py27-dnspython-1.15.0...
[29/35] Extracting py27-dnspython-1.15.0: 100%
[30/35] Installing py27-iso8601-0.1.11...
[30/35] Extracting py27-iso8601-0.1.11: 100%
[31/35] Installing libinotify-20160505...
[31/35] Extracting libinotify-20160505: 100%
[32/35] Installing gamin-0.1.10_9...
[32/35] Extracting gamin-0.1.10_9: 100%
[33/35] Installing ldb-1.1.29_1...
[33/35] Extracting ldb-1.1.29_1: 100%
[34/35] Installing libarchive-3.3.1,1...
[34/35] Extracting libarchive-3.3.1,1: 100%
[35/35] Installing samba46-4.6.4_1...
Extracting samba46-4.6.4_1: 100%
Message from python27-2.7.13_6:

Note that some standard Python modules are provided as separate ports
as they require additional dependencies. They are available as:

bsddb           databases/py-bsddb
gdbm            databases/py-gdbm
sqlite3         databases/py-sqlite3
tkinter         x11-toolkits/py-tkinter

Message from ca_root_nss-3.31:
********************************* WARNING *********************************

FreeBSD does not, and can not warrant that the certification authorities
whose certificates are included in this package have in any way been
audited for trustworthiness or RFC 3647 compliance.

Assessment and verification of trust is the complete responsibility of the
system administrator.

*********************************** NOTE **********************************

This package installs symlinks to support root certificates discovery by
default for software that uses OpenSSL.

This enables SSL Certificate Verification by client software without manual

If you prefer to do this manually, replace the following symlinks with
either an empty file or your site-local certificate bundle.

  * /etc/ssl/cert.pem
  * /usr/local/etc/ssl/cert.pem
  * /usr/local/openssl/cert.pem

Message from perl5-5.24.1_1:
The /usr/bin/perl symlink has been removed starting with Perl 5.20.
For shebangs, you should either use:



#!/usr/bin/env perl

The first one will only work if you have a /usr/local/bin/perl,
the second will work as long as perl is in PATH.
Message from trousers-0.3.14_1:
To run tcsd automatically, add the following line to /etc/rc.conf:


You might want to edit /usr/local/etc/tcsd.conf to reflect your setup.

If you want to use tcsd with software TPM emulator, use the following
configuration in /etc/rc.conf:


To use TPM, add your_account to '_tss' group like following:

# pw groupmod _tss -m your_account
Message from openldap-client-2.4.45:

The OpenLDAP client package has been successfully installed.

to change the system-wide client defaults.

Try `man ldap.conf' and visit the OpenLDAP FAQ-O-Matic at
for more information.

Message from libinotify-20160505:

Libinotify functionality on FreeBSD is missing support for

  - detecting a file being moved into or out of a directory within the
    same filesystem
  - certain modifications to a symbolic link (rather than the
    file it points to.)

in addition to the known limitations on all platforms using kqueue(2)
where various open and close notifications are unimplemented.

This means the following regression tests will fail:

Directory notifications:

Open/close notifications:

Symbolic Link notifications:

Kernel patches to address the missing directory and symbolic link
notifications are available from:

You might want to consider increasing the kern.maxfiles tunable if you plan
to use this library for applications that need to monitor activity of a lot
of files.

If the default on your system is too low, add the following line to
/boot/loader.conf, then reboot the system:

Message from gamin-0.1.10_9:

Gamin will only provide realtime notification of changes for at most n files,
where n is the minimum value between (kern.maxfiles * 0.7) and
(kern.maxfilesperproc - 200). Beyond that limit, files will be polled.

If you often open several large folders with Nautilus, you might want to
increase the kern.maxfiles tunable (you do not need to set
kern.maxfilesperproc, since it is computed at boot time from kern.maxfiles).

For a typical desktop, add the following line to /boot/loader.conf, then
reboot the system:


The behavior of gamin can be controlled via the various gaminrc files.
See on how to create
these files.  In particular, if you find gam_server is taking up too much
CPU time polling for changes, something like the following may help
in one of the gaminrc files:

# reduce polling frequency to once per 10 seconds
# for UFS file systems in order to lower CPU load
fsset ufs poll 10


===>   NOTICE:

The gamin port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

More information about port maintainership is available at:
Message from samba46-4.6.4_1:

How to start:

* Your configuration is: /usr/local/etc/smb4.conf

* All the relevant databases are under: /var/db/samba4

* All the logs are under: /var/log/samba4

* Provisioning script is: /usr/local/bin/samba-tool

For additional documentation check:

Bug reports should go to the:



packet filter (pf)

Access to the Samba service must be enabled in the packet filter (pf) configuration file.

Start editing file /etc/pf.conf with:

[root@server /usr/home/user]# ee /etc/pf.conf [enter]

…and add port information to enable access to the Samba service from clients on the local network as in this example:

# Ports:
# 123 TCP       Network Time Protocol
# 445 TCP       Microsoft-DS SMB file sharing

tcp_pass="{ 123, 445 }"

Check /etc/pf.conf for errors, but do not load ruleset with:

[root@server /usr/home/user]# pfctl -vvnf /etc/pf.conf [enter]

…and then reload /etc/pf.conf with:

[root@server /usr/home/user]# service pf reload [enter]
Reloading pf rules.
[root@server /usr/home/user]#

Kernel Options

Edit kernel state defaults to handling of many files with:

[root@server /usr/home/user]# ee /etc/sysctl.conf [enter]

…and add text:

# $FreeBSD: releng/11.0/etc/sysctl.conf 112200 2003-03-13 18:43:50Z mux $
#  This file is read when going to multi-user and its contents piped thru
#  ``sysctl'' to adjust kernel values.  ``man 5 sysctl.conf'' for details.

# Uncomment this to prevent users from seeing information about processes that
# are being run under another UID.

N.B.: I/O module, aio is part of the FreeBSD-RELEASE-11.1 kernel and due to this theres is no need to load it via /etc/rc.conf.

Storage Config

List current ZFS pool information with:

[root@server /usr/home/user]# zpool list [enter]
zroot  1.36T  2.30G  1.36T     0%         -     0%  1.00x  ONLINE  -
[root@server /usr/home/user]#

In this example zroot pool was found.

Samba 4 expects a filesystem which respects POSIX acls, but ZFS uses the nfsv4acl model.

We can configure ZFS to operate in passthrough mode and then tell Samba to use nfsv4 acls.

In addition, we want to make the volume’s .zfs/snapshot directory visible. This will allow us to present snapshots as Volume Shadow Copies, which appear to Windows clients as Previous Versions of the volume.

Creates a dataset where the SMB file shares will be stored with:

[root@server /usr/home/user]# zfs create -o compression=lz4 -o mountpoint=/smb zroot/smb [enter]
[root@server /usr/home/user]#

Set the ACL Mode and Inheritance to passthrough with:

[root@server /usr/home/user]# zfs set aclmode=passthrough zroot/smb [enter]
[root@server /usr/home/user]# zfs set aclinherit=passthrough zroot/smb [enter]
[root@server /usr/home/user]#

Get ACL information with:

[root@server /usr/home/user]# getfacl /smb [enter]
# file: /smb
# owner: root
# group: wheel
[root@server /usr/home/user]#

Service start on boot

List installed Samba services with:

[root@server /usr/home/user]# service -r | grep /samba [enter]
[root@server /usr/home/user]#

Find the rcvar for /usr/local/etc/rc.d/samba_server with:

[root@server /usr/home/user]# /usr/local/etc/rc.d/samba_server rcvar [enter]
# samba_server
#   (default: "")

# nmbd
#   (default: "")

# smbd
#   (default: "")

# winbindd
#   (default: "")

[root@server /usr/home/user]#

NetBIOS generally refers to the NetBIOS over TCP/IP protocol, which is considered a legacy protocol. It offers name resolution, file and printer sharing with devices that do not have DNS capabilities. It used to be essential in a Windows network, but is no longer necessary unless prior to Windows 2000 versions of Windows Clients are involved.

To start Samba without NetBIOS on system boot, add information to /etc/rc.conf, with this commands:

[root@server /usr/home/user]# echo '' >> /etc/rc.conf; echo '# Samba SMB Server' >> /etc/rc.conf; echo 'samba_server_enable="YES"' >> /etc/rc.conf; echo 'nmbd_enable="NO"' >> /etc/rc.conf [enter]
[root@server /usr/home/user]#

Samba Config File

Display where the configuration file should be put with:

[root@server /usr/home/user]# grep smb4.conf /usr/local/etc/rc.d/samba_server [enter]
[root@server /usr/home/user]

Edit file /usr/local/etc/smb4.conf with:

[root@server /usr/home/user]# ee /usr/local/etc/smb4.conf [enter]

This is an Samba configuration example:

        interfaces = em0
        server string = FreeBSD Server - Samba %v
        workgroup = EXAMPLE
        log file = /var/log/samba4/%m.log
        max log size = 50
        load printers = No
        disable netbios = Yes
        map to guest = Bad User
        security = USER
        server role = standalone server
        deadtime = 15
        dns proxy = No
        idmap config * : backend = tdb
        delete veto files = Yes
        store dos attributes = Yes
        veto files = /Thumbs.db/.DS_Store/._.DS_Store/.apdisk/._*/
        strict locking = No
        directory name cache size = 0
        dos filemode = Yes
        acl allow execute always = Yes
        create mask = 0775
        directory mask = 0775
        invalid users = nobody root
        aio read size = 65536
        aio write behind = Yes
        aio write size = 65536
        max connections = 10
        write cache size = 65536

        comment = Files Samba Network Share
        path = /smb/files
        force group = staff
        inherit acls = Yes
        read only = No
        vfs objects = zfsacl
        nfs4: acedup = merge
        nfs4: mode = special

        comment = User Home Network Volume
        path = /usr/home/%U/docs
        force group = staff
        read only = No
        valid users = %U

        comment = Public Network Share
        path = /smb/pub
        create mask = 0777
        directory mask = 0777
        force group = nogroup
        force user = nobody
        guest ok = Yes
        inherit acls = Yes
        read only = No
        vfs objects = zfsacl
        nfs4: mode = special
        nfs4: acedup = merge

N.B.: The veto file statement will delete all files in the list including all hidden ._* files uploaded by a Macintosh user.

Now let’s test the file for typos and other errors:

[root@server /usr/home/user]# /usr/local/bin/testparm | more [enter]

If you don’t see any error messages, then it’s good to go.

Samba File Shares Setup

Private SMB Share Setup

Create directory /smb/files with:

[root@server /usr/home/user]# mkdir /smb/files [enter]
[root@server /usr/home/user]#

Change owner and group for /smb/files with:

[root@server /usr/home/user]# chown -vv user:staff /smb/files [enter]
/smb/install: 0:0 -> 1001:20
[root@server /usr/home/user]#

Change /smb/pub mod with:

[root@server /usr/home/user]# chmod -vv 0755 /smb/files [enter]
/smb/files: 040755 [drwxr-xr-x ] -> 040755 [drwxr-xr-x ]
[root@server /usr/home/user]#

Local FreeBSD Users SMB Share Setup

List FreeBSD Users with:

[root@server /usr/home/user]# cat /etc/passwd | grep :10 [enter]
user:*:1001:1001:Ed User:/home/user:/usr/local/bin/bash
[root@server /usr/home/user]#

In this example one user user was found.

To hide critical files from the user when accessing the server via an SMB client on a Windows PC, Macintosh or Linux computer a docs will be created in the FreeBSD users home directory.

Create directory /home/user/docs with:

[root@server /usr/home/user]# mkdir /home/user/docs [enter]
[root@server /usr/home/user]#

Change owner and group for /smb/files with:

[root@server /usr/home/user]# chown -vv user:user /home/user/docs [enter]
/smb/install: 0:0 -> 1001:20
[root@server /usr/home/user]#

Change /home/user/docs mod with:

[root@server /usr/home/user]# chmod -vv 0755 /home/user/docs [enter]
/home/user/docs: 040755 [drwxr-xr-x ] -> 040755 [drwxr-xr-x ]
[root@server /usr/home/user]#

Public SMB Share Setup

Create directory /smb/pub with:

[root@server /usr/home/user]# mkdir /smb/pub [enter]
[root@server /usr/home/user]#

Change owner and group for /smb/pub with:

[root@server /usr/home/user]# chown -vv user:nobody /smb/pub [enter]
/smb/pub: 0:0 -> 1001:65534
[root@server /usr/home/user]#

Change /smb/pub mod with:

[root@server /usr/home/user]# chmod -vv 0777 /smb/pub [enter]
/smb/pub: 040755 [drwxr-xr-x ] -> 040777 [drwxrwxrwx ]
[root@server /usr/home/user]#

Start Samba

Manually start Samba daemons with:

[root@server /usr/home/user]# service samba_server start [enter]
Performing sanity check on Samba configuration: OK
Starting smbd.
[root@server /usr/home/user]#

Display content of the smbd log file with:

[root@server /usr/home/user]# cat /var/log/samba4/smbd.log [enter]
[2016/11/09 19:11:15.043835,  0] ../lib/util/become_daemon.c:124(daemon_ready)
  STATUS=daemon 'smbd' finished starting up and ready to serve connections
[root@server /usr/home/user]#

Samba User

Add a User

N.B.: Users must have an FreeBSD user account created before the user can be added as an Samba user!

Add a new FreeBSD user with primary group setting nogroup, additional group memberships staff and login setting nologin with:

[root@server /usr/home/user]# pw adduser user -c "John Smith" -d /nonexistent -g nogroup -G staff -s /usr/sbin/nologin [enter]
[root@server /usr/home/user]#

Verify the entry of user ‘John Smith’ with:

[root@server /usr/home/user]# cat /etc/passwd | egrep 'John Smith' [enter]
user:*:1003:1003:John Smith:/nonexistent:/usr/sbin/nologin
[root@server /usr/home/user]#

…and verify:

[root@server /usr/home/user]# id -p user [enter]
uid	user
groups	nogroup staff
[root@server /usr/home/user]#

Add the user to a group staff with:

[root@server /usr/home/user]# pw groupmod staff -m user [enter]
[root@server /usr/home/user]#

Add User to Samba User Database

Add the FreeBSD user to the Samba SAM database (Database of Samba Users) with:

[root@server /usr/home/user]# smbpasswd -a user [enter]
New SMB password:
Retype new SMB password:
Added user user.
[root@server /usr/home/user]#

Verfy entry of user ‘John Smith’ in the Samba SAM database (Database of Samba Users) with:

[root@server /usr/home/user]# pdbedit -L | grep user [enter]
user:1003:John Smith
[root@server /usr/home/user]#

Delete a User

Delete an account from the Samba SAM database (Database of Samba Users) with:

[root@server /usr/home/user]# pdbedit -x -u user [enter]
[root@server /usr/home/user]#

Delete the FreeBSD user account and home directory for user ‘user’ with:

[root@server /usr/home/user]# pw userdel user -r [enter]
[root@server /usr/home/user]#

Testing Connectivity

First check that you have the right version of smbclient by running:

[root@server /usr/home/user]# /usr/local/bin/smbclient --version
Version 4.6.4
[root@server /usr/home/user]#

This should show you a version starting with “Version 4.6.x”.

Now run this command access a shares on your server:

[root@server /usr/home/user]# /usr/local/bin/smbclient -U user -I localhost //localhost/public [enter]
Enter EXAMPLE\user's password: <-- user password and [enter]
Domain=[EXAMPLE] OS=[] Server=[]
smb: \>

Enter help to display a list of command:

smb: \> help [enter]
?              allinfo        altname        archive        backup
blocksize      cancel         case_sensitive cd             chmod
chown          close          del            dir            du
echo           exit           get            getfacl        geteas
hardlink       help           history        iosize         lcd
link           lock           lowercase      ls             l
mask           md             mget           mkdir          more
mput           newer          notify         open           posix
posix_encrypt  posix_open     posix_mkdir    posix_rmdir    posix_unlink
posix_whoami   print          prompt         put            pwd
q              queue          quit           readlink       rd
recurse        reget          rename         reput          rm
rmdir          showacls       setea          setmode        scopy
stat           symlink        tar            tarmode        timeout
translate      unlock         volume         vuid           wdel
logon          listconnect    showconnect    tcon           tdis
tid            logoff         ..             !
smb: \>

…and exit to exit:

smb: \> exit [enter]
[root@server /usr/home/user]#