Samba SMB/CIFS Server
Description
Samba is an attempt to implement an Active Directory compatible Domain Controller.
In short, you can join a WinNT, Win2000, WinXP or Win2003 member server to a Samba4 domain, and it will behave much as it does in AD, including Kerberos domain logins where applicable.
N.B.: This document descries how to install and configure a standalone Samba 4.4 server with netbios disable for reduced network traffic.
WWW: http://www.samba.org/.
Preparation for Installation
Start PuTTY on a Windows PC, Terminal on a Mac or similar terminal application on a Linux PC.
In this example Terminal on a Mac is used.
Open a remote SSH session to the server with:
Mac:~ user$ ssh user@192.168.1.4 [enter][user@server ~]$Enable superuser privileges with:
[user@server ~]$ sudo -s [enter]
Password: <-- passwd [enter]
[root@server /usr/home/user]#N.B.: Enter user password, not the root password!
Installation
Search for samba in the remote package repositories with:
[root@server /usr/home/user]# pkg search samba [enter]
p5-Samba-LDAP-0.05_2 Manage a Samba PDC with an LDAP Backend
p5-Samba-SIDhelper-0.0.0_3 Create SIDs based on G/UIDs
samba-nsupdate-9.8.6_1 nsupdate utility with GSS-TSIG support
samba-virusfilter-0.1.3_1 On-access anti-virus filter for Samba
samba36-3.6.25_3 Free SMB and CIFS client and server for Unix
samba36-libsmbclient-3.6.25_2 Shared lib from the samba package
samba36-nmblookup-3.6.25 NetBIOS Name lookup tool
samba36-smbclient-3.6.25 Samba "ftp-like" client
samba42-4.2.14 Free SMB/CIFS and AD/DC server and client for Unix
samba43-4.3.13_1 Free SMB/CIFS and AD/DC server and client for Unix
samba44-4.4.8_1 Free SMB/CIFS and AD/DC server and client for Unix
[root@server /usr/home/user]#In this example samba46 will be installed as a standalone server.
Install port samba46 with;
[root@server /usr/home/user]# pkg install net/samba46 [enter]
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 35 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
samba46: 4.6.4_1
libsunacl: 1.0
gnutls: 3.5.13
trousers: 0.3.14_1
tpm-emulator: 0.7.4_2
gmp: 6.1.2
p11-kit: 0.23.7
libtasn1: 4.12
ca_root_nss: 3.31
libffi: 3.2.1
nettle: 3.3
libidn2: 2.0.2
libunistring: 0.9.7
openldap-client: 2.4.45
python27: 2.7.13_6
readline: 7.0.3
python2: 2_3
py27-dnspython: 1.15.0
py27-setuptools: 36.0.1
tevent: 0.9.31
talloc: 2.1.9
py27-iso8601: 0.1.11
popt: 1.16_2
libinotify: 20160505
gamin: 0.1.10_9
glib: 2.50.2_2,1
perl5: 5.24.1_1
pcre: 8.40_1
libiconv: 1.14_10
tdb: 1.3.12,1
ldb: 1.1.29_1
libarchive: 3.3.1,1
expat: 2.2.0_1
lzo2: 2.10_1
liblz4: 1.7.5,1
Number of packages to be installed: 35
The process will require 327 MiB more space.
61 MiB to be downloaded.
Proceed with this action? [y/N]: y [enter]
[1/35] Fetching samba46-4.6.4_1.txz: 100% 23 MiB 6.0MB/s 00:04
[2/35] Fetching libsunacl-1.0.txz: 100% 7 KiB 6.9kB/s 00:01
[3/35] Fetching gnutls-3.5.13.txz: 100% 2 MiB 2.2MB/s 00:01
[4/35] Fetching trousers-0.3.14_1.txz: 100% 463 KiB 474.0kB/s 00:01
[5/35] Fetching tpm-emulator-0.7.4_2.txz: 100% 112 KiB 114.5kB/s 00:01
[6/35] Fetching gmp-6.1.2.txz: 100% 463 KiB 474.1kB/s 00:01
[7/35] Fetching p11-kit-0.23.7.txz: 100% 391 KiB 400.6kB/s 00:01
[8/35] Fetching libtasn1-4.12.txz: 100% 603 KiB 617.3kB/s 00:01
[9/35] Fetching ca_root_nss-3.31.txz: 100% 331 KiB 338.8kB/s 00:01
[10/35] Fetching libffi-3.2.1.txz: 100% 34 KiB 35.2kB/s 00:01
[11/35] Fetching nettle-3.3.txz: 100% 1 MiB 1.1MB/s 00:01
[12/35] Fetching libidn2-2.0.2.txz: 100% 96 KiB 98.3kB/s 00:01
[13/35] Fetching libunistring-0.9.7.txz: 100% 602 KiB 616.8kB/s 00:01
[14/35] Fetching openldap-client-2.4.45.txz: 7% 72 KiB 73.7kB/s 00:13 ET[14/35] Fetching openldap-client-2.4.45.txz: 100% 1 MiB 1.0MB/s 00:01
[15/35] Fetching python27-2.7.13_6.txz: 100% 10 MiB 3.6MB/s 00:03
[16/35] Fetching readline-7.0.3.txz: 100% 334 KiB 342.2kB/s 00:01
[17/35] Fetching python2-2_3.txz: 100% 1 KiB 1.1kB/s 00:01
[18/35] Fetching py27-dnspython-1.15.0.txz: 100% 170 KiB 174.1kB/s 00:01
[19/35] Fetching py27-setuptools-36.0.1.txz: 47% 208 KiB 213.0kB/s 00:01 ET[19/35] Fetching py27-setuptools-36.0.1.txz: 100% 439 KiB 450.0kB/s 00:01
[20/35] Fetching tevent-0.9.31.txz: 100% 48 KiB 48.7kB/s 00:01
[21/35] Fetching talloc-2.1.9.txz: 100% 52 KiB 53.4kB/s 00:01
[22/35] Fetching py27-iso8601-0.1.11.txz: 100% 12 KiB 11.9kB/s 00:01
[23/35] Fetching popt-1.16_2.txz: 100% 60 KiB 61.9kB/s 00:01
[24/35] Fetching libinotify-20160505.txz: 100% 18 KiB 18.7kB/s 00:01
[25/35] Fetching gamin-0.1.10_9.txz: 100% 49 KiB 50.5kB/s 00:01
[26/35] Fetching glib-2.50.2_2,1.txz: 100% 3 MiB 2.9MB/s 00:01
[27/35] Fetching perl5-5.24.1_1.txz: 100% 13 MiB 3.5MB/s 00:04
[28/35] Fetching pcre-8.40_1.txz: 100% 1 MiB 1.1MB/s 00:01
[29/35] Fetching libiconv-1.14_10.txz: 100% 599 KiB 613.6kB/s 00:01
[30/35] Fetching tdb-1.3.12,1.txz: 100% 83 KiB 85.4kB/s 00:01
[31/35] Fetching ldb-1.1.29_1.txz: 100% 199 KiB 203.7kB/s 00:01
[32/35] Fetching libarchive-3.3.1,1.txz: 100% 694 KiB 710.3kB/s 00:01
[33/35] Fetching expat-2.2.0_1.txz: 100% 102 KiB 104.4kB/s 00:01
[34/35] Fetching lzo2-2.10_1.txz: 100% 113 KiB 115.3kB/s 00:01
[35/35] Fetching liblz4-1.7.5,1.txz: 100% 95 KiB 97.5kB/s 00:01
Checking integrity... done (0 conflicting)
[1/35] Installing libffi-3.2.1...
[1/35] Extracting libffi-3.2.1: 100%
[2/35] Installing readline-7.0.3...
[2/35] Extracting readline-7.0.3: 100%
[3/35] Installing python27-2.7.13_6...
[3/35] Extracting python27-2.7.13_6: 100%
[4/35] Installing gmp-6.1.2...
[4/35] Extracting gmp-6.1.2: 100%
[5/35] Installing python2-2_3...
[5/35] Extracting python2-2_3: 100%
[6/35] Installing tpm-emulator-0.7.4_2...
===> Creating groups.
Creating group '_tss' with gid '601'.
===> Creating users
Creating user '_tss' with uid '601'.
[6/35] Extracting tpm-emulator-0.7.4_2: 100%
[7/35] Installing libtasn1-4.12...
[7/35] Extracting libtasn1-4.12: 100%
[8/35] Installing ca_root_nss-3.31...
[8/35] Extracting ca_root_nss-3.31: 100%
[9/35] Installing libunistring-0.9.7...
[9/35] Extracting libunistring-0.9.7: 100%
[10/35] Installing talloc-2.1.9...
[10/35] Extracting talloc-2.1.9: 100%
[11/35] Installing perl5-5.24.1_1...
[11/35] Extracting perl5-5.24.1_1: 100%
[12/35] Installing pcre-8.40_1...
[12/35] Extracting pcre-8.40_1: 100%
[13/35] Installing libiconv-1.14_10...
[13/35] Extracting libiconv-1.14_10: 100%
[14/35] Installing trousers-0.3.14_1...
===> Creating groups.
Using existing group '_tss'.
===> Creating users
Using existing user '_tss'.
[14/35] Extracting trousers-0.3.14_1: 100%
[15/35] Installing p11-kit-0.23.7...
[15/35] Extracting p11-kit-0.23.7: 100%
[16/35] Installing nettle-3.3...
[16/35] Extracting nettle-3.3: 100%
[17/35] Installing libidn2-2.0.2...
[17/35] Extracting libidn2-2.0.2: 100%
[18/35] Installing openldap-client-2.4.45...
[18/35] Extracting openldap-client-2.4.45: 100%
[19/35] Installing py27-setuptools-36.0.1...
[19/35] Extracting py27-setuptools-36.0.1: 100%
[20/35] Installing tevent-0.9.31...
[20/35] Extracting tevent-0.9.31: 100%
[21/35] Installing popt-1.16_2...
[21/35] Extracting popt-1.16_2: 100%
[22/35] Installing glib-2.50.2_2,1...
[22/35] Extracting glib-2.50.2_2,1: 100%
No schema files found: doing nothing.
[23/35] Installing tdb-1.3.12,1...
[23/35] Extracting tdb-1.3.12,1: 100%
[24/35] Installing expat-2.2.0_1...
[24/35] Extracting expat-2.2.0_1: 100%
[25/35] Installing lzo2-2.10_1...
[25/35] Extracting lzo2-2.10_1: 100%
[26/35] Installing liblz4-1.7.5,1...
[26/35] Extracting liblz4-1.7.5,1: 100%
[27/35] Installing libsunacl-1.0...
[27/35] Extracting libsunacl-1.0: 100%
[28/35] Installing gnutls-3.5.13...
[28/35] Extracting gnutls-3.5.13: 100%
[29/35] Installing py27-dnspython-1.15.0...
[29/35] Extracting py27-dnspython-1.15.0: 100%
[30/35] Installing py27-iso8601-0.1.11...
[30/35] Extracting py27-iso8601-0.1.11: 100%
[31/35] Installing libinotify-20160505...
[31/35] Extracting libinotify-20160505: 100%
[32/35] Installing gamin-0.1.10_9...
[32/35] Extracting gamin-0.1.10_9: 100%
[33/35] Installing ldb-1.1.29_1...
[33/35] Extracting ldb-1.1.29_1: 100%
[34/35] Installing libarchive-3.3.1,1...
[34/35] Extracting libarchive-3.3.1,1: 100%
[35/35] Installing samba46-4.6.4_1...
Extracting samba46-4.6.4_1: 100%
Message from python27-2.7.13_6:
===========================================================================
Note that some standard Python modules are provided as separate ports
as they require additional dependencies. They are available as:
bsddb databases/py-bsddb
gdbm databases/py-gdbm
sqlite3 databases/py-sqlite3
tkinter x11-toolkits/py-tkinter
===========================================================================
Message from ca_root_nss-3.31:
********************************* WARNING *********************************
FreeBSD does not, and can not warrant that the certification authorities
whose certificates are included in this package have in any way been
audited for trustworthiness or RFC 3647 compliance.
Assessment and verification of trust is the complete responsibility of the
system administrator.
*********************************** NOTE **********************************
This package installs symlinks to support root certificates discovery by
default for software that uses OpenSSL.
This enables SSL Certificate Verification by client software without manual
intervention.
If you prefer to do this manually, replace the following symlinks with
either an empty file or your site-local certificate bundle.
* /etc/ssl/cert.pem
* /usr/local/etc/ssl/cert.pem
* /usr/local/openssl/cert.pem
***************************************************************************
Message from perl5-5.24.1_1:
The /usr/bin/perl symlink has been removed starting with Perl 5.20.
For shebangs, you should either use:
#!/usr/local/bin/perl
or
#!/usr/bin/env perl
The first one will only work if you have a /usr/local/bin/perl,
the second will work as long as perl is in PATH.
Message from trousers-0.3.14_1:
To run tcsd automatically, add the following line to /etc/rc.conf:
tcsd_enable="YES"
You might want to edit /usr/local/etc/tcsd.conf to reflect your setup.
If you want to use tcsd with software TPM emulator, use the following
configuration in /etc/rc.conf:
tcsd_enable="YES"
tcsd_mode="emulator"
tpmd_enable="YES"
To use TPM, add your_account to '_tss' group like following:
# pw groupmod _tss -m your_account
Message from openldap-client-2.4.45:
************************************************************
The OpenLDAP client package has been successfully installed.
Edit
/usr/local/etc/openldap/ldap.conf
to change the system-wide client defaults.
Try `man ldap.conf' and visit the OpenLDAP FAQ-O-Matic at
http://www.OpenLDAP.org/faq/index.cgi?file=3
for more information.
************************************************************
Message from libinotify-20160505:
============================================================================
Libinotify functionality on FreeBSD is missing support for
- detecting a file being moved into or out of a directory within the
same filesystem
- certain modifications to a symbolic link (rather than the
file it points to.)
in addition to the known limitations on all platforms using kqueue(2)
where various open and close notifications are unimplemented.
This means the following regression tests will fail:
Directory notifications:
IN_MOVED_FROM
IN_MOVED_TO
Open/close notifications:
IN_OPEN
IN_CLOSE_NOWRITE
IN_CLOSE_WRITE
Symbolic Link notifications:
IN_DONT_FOLLOW
IN_ATTRIB
IN_MOVE_SELF
IN_DELETE_SELF
Kernel patches to address the missing directory and symbolic link
notifications are available from:
https://github.com/libinotify-kqueue/libinotify-kqueue/tree/master/patches
=============================================================================
You might want to consider increasing the kern.maxfiles tunable if you plan
to use this library for applications that need to monitor activity of a lot
of files.
If the default on your system is too low, add the following line to
/boot/loader.conf, then reboot the system:
kern.maxfiles="25000"
=============================================================================
Message from gamin-0.1.10_9:
===============================================================================
Gamin will only provide realtime notification of changes for at most n files,
where n is the minimum value between (kern.maxfiles * 0.7) and
(kern.maxfilesperproc - 200). Beyond that limit, files will be polled.
If you often open several large folders with Nautilus, you might want to
increase the kern.maxfiles tunable (you do not need to set
kern.maxfilesperproc, since it is computed at boot time from kern.maxfiles).
For a typical desktop, add the following line to /boot/loader.conf, then
reboot the system:
kern.maxfiles="25000"
The behavior of gamin can be controlled via the various gaminrc files.
See http://www.gnome.org/~veillard/gamin/config.html on how to create
these files. In particular, if you find gam_server is taking up too much
CPU time polling for changes, something like the following may help
in one of the gaminrc files:
# reduce polling frequency to once per 10 seconds
# for UFS file systems in order to lower CPU load
fsset ufs poll 10
===============================================================================
===> NOTICE:
The gamin port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:
https://bugs.freebsd.org/bugzilla
More information about port maintainership is available at:
https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
Message from samba46-4.6.4_1:
===============================================================================
How to start: http://wiki.samba.org/index.php/Samba4/HOWTO
* Your configuration is: /usr/local/etc/smb4.conf
* All the relevant databases are under: /var/db/samba4
* All the logs are under: /var/log/samba4
* Provisioning script is: /usr/local/bin/samba-tool
For additional documentation check: http://wiki.samba.org/index.php/Samba4
Bug reports should go to the: https://bugzilla.samba.org/
===============================================================================Configuration
packet filter (pf)
Access to the Samba service must be enabled in the packet filter (pf) configuration file.
Start editing file /etc/pf.conf with:
[root@server /usr/home/user]# ee /etc/pf.conf [enter]…and add port information to enable access to the Samba service from clients on the local network as in this example:
.
# Ports:
# 123 TCP Network Time Protocol
# 445 TCP Microsoft-DS SMB file sharing
tcp_pass="{ 123, 445 }"
.Check /etc/pf.conf for errors, but do not load ruleset with:
[root@server /usr/home/user]# pfctl -vvnf /etc/pf.conf [enter]…and then reload /etc/pf.conf with:
[root@server /usr/home/user]# service pf reload [enter]
Reloading pf rules.
[root@server /usr/home/user]#Kernel Options
Edit kernel state defaults to handling of many files with:
[root@server /usr/home/user]# ee /etc/sysctl.conf [enter]…and add text:
# $FreeBSD: releng/11.0/etc/sysctl.conf 112200 2003-03-13 18:43:50Z mux $
#
# This file is read when going to multi-user and its contents piped thru
# ``sysctl'' to adjust kernel values. ``man 5 sysctl.conf'' for details.
#
# Uncomment this to prevent users from seeing information about processes that
# are being run under another UID.
#security.bsd.see_other_uids=0
kern.maxfiles=25600
kern.maxfilesperproc=16384
net.inet.tcp.sendspace=65536
net.inet.tcp.recvspace=65536N.B.: I/O module, aio is part of the FreeBSD-RELEASE-11.1 kernel and due to this theres is no need to load it via /etc/rc.conf.
Storage Config
List current ZFS pool information with:
[root@server /usr/home/user]# zpool list [enter]
NAME SIZE ALLOC FREE FRAG EXPANDSZ CAP DEDUP HEALTH ALTROOT
zroot 1.36T 2.30G 1.36T 0% - 0% 1.00x ONLINE -
[root@server /usr/home/user]#In this example zroot pool was found.
Samba 4 expects a filesystem which respects POSIX acls, but ZFS uses the nfsv4acl model.
We can configure ZFS to operate in passthrough mode and then tell Samba to use nfsv4 acls.
In addition, we want to make the volume’s .zfs/snapshot directory visible. This will allow us to present snapshots as Volume Shadow Copies, which appear to Windows clients as Previous Versions of the volume.
Creates a dataset where the SMB file shares will be stored with:
[root@server /usr/home/user]# zfs create -o compression=lz4 -o mountpoint=/smb zroot/smb [enter]
[root@server /usr/home/user]#Set the ACL Mode and Inheritance to passthrough with:
[root@server /usr/home/user]# zfs set aclmode=passthrough zroot/smb [enter]
[root@server /usr/home/user]# zfs set aclinherit=passthrough zroot/smb [enter]
[root@server /usr/home/user]#Get ACL information with:
[root@server /usr/home/user]# getfacl /smb [enter]
# file: /smb
# owner: root
# group: wheel
owner@:rwxp--aARWcCos:------:allow
group@:r-x---a-R-c--s:------:allow
everyone@:r-x---a-R-c--s:------:allow
[root@server /usr/home/user]#Service start on boot
List installed Samba services with:
[root@server /usr/home/user]# service -r | grep /samba [enter]
/usr/local/etc/rc.d/samba_server
[root@server /usr/home/user]#Find the rcvar for /usr/local/etc/rc.d/samba_server with:
[root@server /usr/home/user]# /usr/local/etc/rc.d/samba_server rcvar [enter]
# samba_server
#
samba_server_enable="NO"
# (default: "")
# nmbd
#
nmbd_enable="NO"
# (default: "")
# smbd
#
smbd_enable="NO"
# (default: "")
# winbindd
#
winbindd_enable="NO"
# (default: "")
[root@server /usr/home/user]#NetBIOS generally refers to the NetBIOS over TCP/IP protocol, which is considered a legacy protocol. It offers name resolution, file and printer sharing with devices that do not have DNS capabilities. It used to be essential in a Windows network, but is no longer necessary unless prior to Windows 2000 versions of Windows Clients are involved.
To start Samba without NetBIOS on system boot, add information to /etc/rc.conf, with this commands:
[root@server /usr/home/user]# echo '' >> /etc/rc.conf; echo '# Samba SMB Server' >> /etc/rc.conf; echo 'samba_server_enable="YES"' >> /etc/rc.conf; echo 'nmbd_enable="NO"' >> /etc/rc.conf [enter]
[root@server /usr/home/user]#Samba Config File
Display where the configuration file should be put with:
[root@server /usr/home/user]# grep smb4.conf /usr/local/etc/rc.d/samba_server [enter]
#samba_server_config="/usr/local/etc/smb4.conf"
samba_server_config_default="/usr/local/etc/smb4.conf"
[root@server /usr/home/user]Edit file /usr/local/etc/smb4.conf with:
[root@server /usr/home/user]# ee /usr/local/etc/smb4.conf [enter]This is an Samba configuration example:
[global]
interfaces = em0
server string = FreeBSD Server - Samba %v
workgroup = EXAMPLE
log file = /var/log/samba4/%m.log
max log size = 50
load printers = No
disable netbios = Yes
map to guest = Bad User
security = USER
server role = standalone server
deadtime = 15
dns proxy = No
idmap config * : backend = tdb
delete veto files = Yes
store dos attributes = Yes
veto files = /Thumbs.db/.DS_Store/._.DS_Store/.apdisk/._*/
strict locking = No
directory name cache size = 0
dos filemode = Yes
acl allow execute always = Yes
create mask = 0775
directory mask = 0775
invalid users = nobody root
aio read size = 65536
aio write behind = Yes
aio write size = 65536
max connections = 10
write cache size = 65536
[files]
comment = Files Samba Network Share
path = /smb/files
force group = staff
inherit acls = Yes
read only = No
vfs objects = zfsacl
nfs4: acedup = merge
nfs4: mode = special
[homes]
comment = User Home Network Volume
path = /usr/home/%U/docs
force group = staff
read only = No
valid users = %U
[public]
comment = Public Network Share
path = /smb/pub
create mask = 0777
directory mask = 0777
force group = nogroup
force user = nobody
guest ok = Yes
inherit acls = Yes
read only = No
vfs objects = zfsacl
nfs4: mode = special
nfs4: acedup = mergeN.B.: The veto file statement will delete all files in the list including all hidden ._* files uploaded by a Macintosh user.
Now let’s test the file for typos and other errors:
[root@server /usr/home/user]# /usr/local/bin/testparm | more [enter]If you don’t see any error messages, then it’s good to go.
Samba File Shares Setup
Private SMB Share Setup
Create directory /smb/files with:
[root@server /usr/home/user]# mkdir /smb/files [enter]
[root@server /usr/home/user]#Change owner and group for /smb/files with:
[root@server /usr/home/user]# chown -vv user:staff /smb/files [enter]
/smb/install: 0:0 -> 1001:20
[root@server /usr/home/user]#Change /smb/pub mod with:
[root@server /usr/home/user]# chmod -vv 0755 /smb/files [enter]
/smb/files: 040755 [drwxr-xr-x ] -> 040755 [drwxr-xr-x ]
[root@server /usr/home/user]#Local FreeBSD Users SMB Share Setup
List FreeBSD Users with:
[root@server /usr/home/user]# cat /etc/passwd | grep :10 [enter]
user:*:1001:1001:Ed User:/home/user:/usr/local/bin/bash
[root@server /usr/home/user]#In this example one user user was found.
To hide critical files from the user when accessing the server via an SMB client on a Windows PC, Macintosh or Linux computer a docs will be created in the FreeBSD users home directory.
Create directory /home/user/docs with:
[root@server /usr/home/user]# mkdir /home/user/docs [enter]
[root@server /usr/home/user]#Change owner and group for /smb/files with:
[root@server /usr/home/user]# chown -vv user:user /home/user/docs [enter]
/smb/install: 0:0 -> 1001:20
[root@server /usr/home/user]#Change /home/user/docs mod with:
[root@server /usr/home/user]# chmod -vv 0755 /home/user/docs [enter]
/home/user/docs: 040755 [drwxr-xr-x ] -> 040755 [drwxr-xr-x ]
[root@server /usr/home/user]#Public SMB Share Setup
Create directory /smb/pub with:
[root@server /usr/home/user]# mkdir /smb/pub [enter]
[root@server /usr/home/user]#Change owner and group for /smb/pub with:
[root@server /usr/home/user]# chown -vv user:nobody /smb/pub [enter]
/smb/pub: 0:0 -> 1001:65534
[root@server /usr/home/user]#Change /smb/pub mod with:
[root@server /usr/home/user]# chmod -vv 0777 /smb/pub [enter]
/smb/pub: 040755 [drwxr-xr-x ] -> 040777 [drwxrwxrwx ]
[root@server /usr/home/user]#Start Samba
Manually start Samba daemons with:
[root@server /usr/home/user]# service samba_server start [enter]
Performing sanity check on Samba configuration: OK
Starting smbd.
[root@server /usr/home/user]#Display content of the smbd log file with:
[root@server /usr/home/user]# cat /var/log/samba4/smbd.log [enter]
[2016/11/09 19:11:15.043835, 0] ../lib/util/become_daemon.c:124(daemon_ready)
STATUS=daemon 'smbd' finished starting up and ready to serve connections
[root@server /usr/home/user]#Samba User
Add a User
N.B.: Users must have an FreeBSD user account created before the user can be added as an Samba user!
Add a new FreeBSD user with primary group setting nogroup, additional group memberships staff and login setting nologin with:
[root@server /usr/home/user]# pw adduser user -c "John Smith" -d /nonexistent -g nogroup -G staff -s /usr/sbin/nologin [enter]
[root@server /usr/home/user]#Verify the entry of user ‘John Smith’ with:
[root@server /usr/home/user]# cat /etc/passwd | egrep 'John Smith' [enter]
user:*:1003:1003:John Smith:/nonexistent:/usr/sbin/nologin
[root@server /usr/home/user]#…and verify:
[root@server /usr/home/user]# id -p user [enter]
uid user
groups nogroup staff
[root@server /usr/home/user]#Add the user to a group staff with:
[root@server /usr/home/user]# pw groupmod staff -m user [enter]
[root@server /usr/home/user]#Add User to Samba User Database
Add the FreeBSD user to the Samba SAM database (Database of Samba Users) with:
[root@server /usr/home/user]# smbpasswd -a user [enter]
New SMB password:
Retype new SMB password:
Added user user.
[root@server /usr/home/user]#Verfy entry of user ‘John Smith’ in the Samba SAM database (Database of Samba Users) with:
[root@server /usr/home/user]# pdbedit -L | grep user [enter]
user:1003:John Smith
[root@server /usr/home/user]#Delete a User
Delete an account from the Samba SAM database (Database of Samba Users) with:
[root@server /usr/home/user]# pdbedit -x -u user [enter]
[root@server /usr/home/user]#Delete the FreeBSD user account and home directory for user ‘user’ with:
[root@server /usr/home/user]# pw userdel user -r [enter]
[root@server /usr/home/user]#Testing Connectivity
First check that you have the right version of smbclient by running:
[root@server /usr/home/user]# /usr/local/bin/smbclient --version
Version 4.6.4
[root@server /usr/home/user]#This should show you a version starting with “Version 4.6.x”.
Now run this command access a shares on your server:
[root@server /usr/home/user]# /usr/local/bin/smbclient -U user -I localhost //localhost/public [enter]
Enter EXAMPLE\user's password: <-- user password and [enter]
Domain=[EXAMPLE] OS=[] Server=[]
smb: \>Enter help to display a list of command:
smb: \> help [enter]
? allinfo altname archive backup
blocksize cancel case_sensitive cd chmod
chown close del dir du
echo exit get getfacl geteas
hardlink help history iosize lcd
link lock lowercase ls l
mask md mget mkdir more
mput newer notify open posix
posix_encrypt posix_open posix_mkdir posix_rmdir posix_unlink
posix_whoami print prompt put pwd
q queue quit readlink rd
recurse reget rename reput rm
rmdir showacls setea setmode scopy
stat symlink tar tarmode timeout
translate unlock volume vuid wdel
logon listconnect showconnect tcon tdis
tid logoff .. !
smb: \>…and exit to exit:
smb: \> exit [enter]
[root@server /usr/home/user]#