One of the primary reasons you might want to install Samba is to allow shares on your Network. Not only is Samba much faster than the typical Windows share but I have found a way to have it act as a Backup Domain Controller. What I mean by this is when the Primary Domain Controller is down, The Samba Server will authenticate your users. Your users will not get the error message that there are no controllers available, they will just get logged into the Domain. When it comes back up, The users will be able to use the Primary Domain Controller like they normally would.

Installing Samba

First lets install Samba:


# cd /usr/ports/net/samba44
# make config

Running make config will make the Options for Samba come up. Make sure the following boxes are checked:


LDAP
CUPS
WINBIND
UTMP

When that is done, Hit the TAB key and then hit ENTER on the keyboard. Now run the following:


# make install clean

This will take a little while for Samba to install. When it is done, The first thing we want to do is run the the smb.conf file. I will give you the first part of my [GLOBAL] config:


[global]
netbios name = Hostname
workgroup = Workgroup
security = USER
local master = yes
os level = 65
domain master = yes
preferred master = yes
null passwords = no
hide unreadable = yes
hide dot files = yes

The Netbios name is the name you will use when people access your shares. I name mine FreeBSD . The workgroup name will want to be the same name as your domain workgroup so enter that here. Security will be user as we will get into that in a minute. The other settings I would suggest leaving. You can do a man smb.conf to find out what the other settings do.

Now lets get into sharing. I am going to create a share called Data on the /stuff/nelson drive and am going to force the user to be nelson and the group to be nelson.


[data]
comment = Data Drive
path = /stuff/nelson
force user = nelson
force group = nelson
read only = No
guest ok = Yes

The [data] is the actual share name. To connect to this, we would either go to Network Neighborhood and locate the share or type in the UNC name which would be \\FreeBSD\data. Makes sense, right? The comment is any comment for that share. The path is the quite simply the path on the FreeBSD box. The user and group can be a bit tricky. On this one I gave the user and group the same name. What I do when creating a user (below) is I put them in the nelson group. This way that user can/read write to that share. Read only = No means that the user or the group can make changes to the share.

So now that we are done with the share, go ahead and save the changes. We will then want to add the enable_samba=”YES” to /etc/rc.conf as follows:


# echo 'samba_enable="YES"' >> /etc/rc.conf

Now we will want to start Samba:


# cd /usr/local/etc/rc.d
# ./samba start

You should get something like:


Starting SAMBA: removing stale tdbs :
/var/db/samba/connections.tdb
/var/db/samba/locking.tdb
/var/db/samba/messages.tdb
/var/db/samba/sessionid.tdb
/var/db/samba/unexpected.tdb
/var/db/samba/brlock.tdb
Starting nmbd.
Starting smbd.

Then we can confirm it is running by doing:


# ./samba status

You should get something like:


nmbd is running as pid [pid]
smbd is running as pid [pid]

Now if you go to your Network Neighborhood and browse for your FreeBSD Box, you should see it in the list. Woot! The first part of Samba is complete!

The second part of Samba will require you to add all the Domain users on your Windows Server to the FreeBSD server. So lets say we have a user on your Windows Server called nelson. We will want to create a new user on your FreeBSD box called nelson as well.


# adduser
username: nelson

When you get prompted for the Name and UID, just hit Enter.

The group name is the most important. If you have 2 shares in Samba and they’re both different groups, you can add the user to the group manually to /etc/groups if you don’t add the groups to the username when you create them. So lets say for instance we want to add user nelson to the group nobody:


# vi /etc/group

Find the nobody group:


nobody:*:[id]:

The ID will vary. Now to add user nelson to that group, do it like so


nobody:*:[id]:nelson

If you want to add more users to group nobody, separate them by commas like so


nobody:*:[id]:nelson,wolson,ed

So at this time if you just want to add all your users to one group, just type in that group name here. It will be created when the user is created.

When it asks you Invite temp into other groups? Just hit Enter. Hit Enter when it asks for Class as well.

I would suggest to make sure the user cannot login via ssh so I would change their shell to nologin. This will only allow them to access the Samba share from within Windows.

The next four questions just hit Enter on:


Home directory [/home/temp]:
Use password-based authentication? [yes]:
Use an empty password? (yes/no) [no]:
Use a random password? (yes/no) [no]:

When you type in the password, This will be the same password that the user uses when they Login to the Windows Server. This can get tricky as if the users passwords change, they will need to be changed within Samba on the FreeBSD system. I don’t know how to get this type of information exported to BSD from a Windows box. If the passwords on your Network don’t change, you’re good to go.


Lock out the account after creation? [no]:

Hit ENTER here and then it will then give a summary of all the settings. Just hit Y and then hit Enter. When it asks to add another user, hit N and then hit Enter again. We are done adding the user to your BSD box.

The last thing we need to do is add the user to Samba. If we don’t do this, the user will get prompted to enter a username and password everytime they try to go to the Samba share and we don’t want that to happen. Do the following to add the user to the Samba authentication:


# smbpasswd –a user

It will then ask for the password. This will be the same password that the user uses when they Login to the Windows Server. This can get tricky as if the users passwords change, they will need to be reset using smbpasswd user.

Anytime you make a change to Samba, it’s a good idea to restart the Samba Service:


# cd /usr/local/etc/rc.d
# ./samba restart

That’s it! Samba is installed!