One of the primary reasons you might want to install Samba is to allow shares on your Network. Not only is Samba much faster than the typical Windows share but I have found a way to have it act as a Backup Domain Controller. What I mean by this is when the Primary Domain Controller is down, The Samba Server will authenticate your users. Your users will not get the error message that there are no controllers available, they will just get logged into the Domain. When it comes back up, The users will be able to use the Primary Domain Controller like they normally would.

Installing Samba

First lets install Samba:


# cd /usr/ports/net/samba44
# make config

Running make config will make the Options for Samba come up. Make sure the following boxes are checked:


LDAP
CUPS
WINBIND
UTMP

When that is done, Hit the TAB key and then hit ENTER on the keyboard. Now run the following:


# make install clean

This will take a little while for Samba to install. When it is done, The first thing we want to do is edit the the smb4.conf file located at /usr/local/etc. This will be a minimal configuration only allowing all users on your lan access to files on the server

Note, you need to change the IP of the local network (hosts allow) and the device identifier of the interface which connects the local network (interfaces). Don't let Samba operate on the WAN.

security = user
encrypt passwords = yes
max log size = 500
preferred master = yes
hosts allow = 192.168.1.
interfaces = em0
bind interfaces only = yes
socket options = TCP_NODELAY

[homes]
comment = User Home
browseable = no
writeable = yes
directory mask = 0700
create mask = 0700

[etc]
comment = Server Configuration
path = /etc
public = no
writeable = yes
write list = @admin
directory mask = 0770
create mask = 0770

[www]
comment = Web Root
path = /usr/local/www
public = no
writeable = yes
write list = @webadm
directory mask = 0775
create mask = 0775

Then you would configure the users using the Samba tool pdbedit(8). The following assumes that you already created the system user rich on your machine, and you would need to create groups for this user in order to have different access privileges for /etc and /usr/local/www. The latter might become tricky, because depending on the web service which is running you might need to maintain write access for the web server for some sub-directories, for example for uploads. The members of the suggested group webadm would be www and rich.

# pdbedit rich
Code:

new password: ********
retype new password: ********
Unix username: rich
NT username:
Account Flags: [U ]
User SID: S-1-5-21-1801956262-1824223230-718757168-1001
Primary Group SID: S-1-5-21-1801956262-1824223230-718757168-1001
Full Name: Richard
Home Directory: \\server\rich
HomeDir Drive:
Logon Script:
Profile Path: \\server\rich\profile
Domain: SERVER
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: So, 04 Dez 219250468 13:30:07 BRST
Kickoff time: So, 04 Dez 219250468 13:30:07 BRST
Password last set: Fr, 29 Aug 2014 09:14:10 BRT
Password can change: Fr, 29 Aug 2014 09:14:10 BRT
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

So now that we are done with the share, go ahead and save the changes. We will then want to add the enable_samba=”YES” to /etc/rc.conf as follows:


# echo 'samba_enable="YES"' >> /etc/rc.conf

Now we will want to start Samba:


# cd /usr/local/etc/rc.d
# ./samba start

You should get something like:


Starting SAMBA: removing stale tdbs :
/var/db/samba/connections.tdb
/var/db/samba/locking.tdb
/var/db/samba/messages.tdb
/var/db/samba/sessionid.tdb
/var/db/samba/unexpected.tdb
/var/db/samba/brlock.tdb
Starting nmbd.
Starting smbd.

Then we can confirm it is running by doing:


# ./samba status

You should get something like:


nmbd is running as pid [pid]
smbd is running as pid [pid]

Now if you go to your Network Neighborhood and browse for your FreeBSD Box, you should see it in the list. Woot! The first part of Samba is complete!

Anytime you make a change to Samba, it’s a good idea to restart the Samba Service:


# cd /usr/local/etc/rc.d
# ./samba restart

That’s it! Samba is installed!