Site Navigation
Using Samba to share files with Win32 clients
In my home network I have one Windows XP machine that I use for gaming, and a bunch of FreeBSD hosts. I have one FreeBSD host with a SCSI RAID array in it which I use as a file server. When I first set up the box I only had NFS sharing set up, which worked great for all of my other BSD boxes. It was always a pain, however, using WinSCP to copy files back and forth from the XP machine. This led me to install Samba on the file server, and this article basically covers the steps I went through to enable file sharing between the file server and the XP machine.
The File Server
The file server is nothing special, it really could be any *NIX machine with drive space to share. In my case it is an old Gateway Pentium 3 motherboard in an Antec case with 8 3.5" drive bays. I have an LSI Ultra 160 RAID controller in the machine, and two RAID arrays. The first array is a mirror of two 9GB drives, and the other array is six 9GB drives in a RAID 5 array, for a total of about 45 GB. I know it's not much storage today, but when the array was originally built it was a pretty decent setup. In the future I would like to replace the 9GB drives in the RAID 5 array with some larger drives. If anyone has any 68 pin U160 drives sitting around that they would like to donate please let me know :)
Installing Samba
I chose to install Samba 3, the newest version available in the ports tree.
# cd /usr/ports/net/samba3 # make install clean
This presents you with a lot of options.
Options for samba 3.0.21b,1 [X] LDAP With LDAP support [ ] ADS With Active Directory support [ ] CUPS With CUPS printing support [X] WINBIND With WinBIND support [ ] ACL_SUPPORT With ACL support [ ] AIO_SUPPORT With experimental AIO support [ ] SYSLOG With Syslog support [ ] QUOTAS With Quota support [X] UTMP With UTMP support [ ] MSDFS With MSDFS support [ ] SAM_XML With XML smbpasswd backend [ ] SAM_MYSQL With MYSQL smbpasswd backend [ ] SAM_PGSQL With PostgreSQL smbpasswd backend [ ] SAM_OLD_LDAP With Samba2.x LDAP smbpasswd backend [ ] PAM_SMBPASS With SMB PAM module v(+) [ OK ] Cancel
I accepted the defaults, since I didn't really need anything beyond the basics. If, like me, you haven't installed the gettext port before, it will prompt you for options for that also. Accepting the defaults will work fine.
Server Configuration
Most of the configuration will take place in the smb.conf file. An example file is given in /usr/local/etc/, and is named smb.conf.default. I copied the example file and used it to work off of to create the smb.conf file.
# cp /usr/local/etc/smb.conf.default /usr/local/etc/smb.conf
Now I needed to edit the smb.conf file to set up the file server. First I set the workgroup and server string. The workgroup name needs to match the win32 machine's workgroup. The server string is just the description field in Windows file sharing, and can be set to just about anything you want.
workgroup = myworkgroup ... server string = My FreeBSD File Server
Those are really the only options I needed to change to get the server running.
Creating Shares
The next part of the smb.conf file sets up shares for the users to access. You should see a section that starts with the following lines.#============================ Share Definitions ============================== [homes] comment = Home Directories browseable = no writable = yes
This is what allows users to see their home directory. In order for my Windows user to be able to connect to the Samba file server, I needed to have a user with the same username and password on the FreeBSD server. FreeBSD will then map the Windows username to a local user. Adding a user on the FreeBSD server will add a home directory for them, and this first part of the configuration file will give the user access to it. I will cover adding users later in the configuration section.
I added a line to specify the path to my home directories. You only really need this if it is different than the default, but I usually specify it just to be safe.
[homes] comment = Home Directories browseable = no writable = yes path = /home/%u
This is also a good time to note that Samba has a lot of built in variables. In this example I used the %u variable, which gets replaced with the username that FreeBSD is mapping the client to.
I should also note that the [homes] share is special, in that it does not share a single directory like most other share definitions. When you specify a normal share, it is the same for every user. For example, I wanted to create a regular share, and I had a directory at /mnt/disk2 to use. I want this directory to show up to Windows users as My Documents, and I only want users in the group docusers to have access to the share.
[My Documents]
comment = Documents for Doc Users
path = /mnt/disk2
valid users = @docusers
public = no
writeable = yes
force group = docusers
create mask = 0760
Notice the @ in front of my group name. This tells Samba that the name provided is a group name, when normally it would look for a user name.
The line "public = no" tells Samba to only show this directory to valid users. If I had said yes here, every user would see the directory, even if they couldn't open it.
The "force group" line forces every file created by Windows users to be owned by the docusers group, even though they may have something different as their primary group. The reason you may want to do this is if you want everyone in that group to be able to see every file by default, which they wouldn't be able to do if it was owned by a different user and a group they aren't a member of. Forcing the owned group of every file makes sure every file created is visible to the entire group.
The line "create mask = 0760" is similar in function to the force group line, except it automatically sets the mode of any new file. In this example, the files will have the mode set to 760. This means that the owner can read, write, and execute, members of the owning group, docusers, can read and write, and all other users can do nothing with the file.
Adding Users
Now that I had created some shares, I needed add the user and group to map my Windows client user to. First, I added the group docusers, and made sure that group owns and can write to the /mnt/disk2 directory.
# pw group add docusers # chown -R :docusers /mnt/disk2 # chmod 760 /mnt/disk2
Now that my group was ready I added a user. I used the username "nesteffe", since that is what I used on my Windows machine. You want to make sure to use the same password you used on your Windows host, otherwise the user won't be able to authenticate.
# adduser Username: nesteffe Full name: Nate Steffen Uid (Leave empty for default): Login group [nesteffe]: Login group is nesteffe. Invite nesteffe into other groups? []: docusers Login class [default]: Shell (sh csh tcsh bash nologin) [sh]: bash Home directory [/home/nesteffe]: Use password-based authentication? [yes]: Use an empty password? (yes/no) [no]: Use a random password? (yes/no) [no]: Enter password: Enter password again: Lock out the account after creation? [no]: Username : nesteffe Password : ***** Full Name : Nate Steffen Uid : 1005 Class : Groups : nesteffe docusers Home : /home/nesteffe Shell : /usr/local/bin/bash Locked : no OK? (yes/no): y adduser: INFO: Successfully added (nesteffe) to the user database. Add another user? (yes/no): n Goodbye!
Starting Samba
To test the configuration I started the server using the supplied rc.d script.
# /usr/local/etc/rc.d/samba.sh start Starting SAMBA: Starting nmbd. Starting smbd.
Since I wanted Samba to start automatically, I added the following line to my /etc/rc.conf file.
samba_enable="YES"
Win32 Client Configuration
There isn't really anything to set up on the Windows machine, except for changing the workgroup to match the server. To edit this, right client My Computer, click Properties. Go to the Computer Name tab, click "Change", and enter your Workgroup name in the appropriate box.
You will want to make sure the "Workstation" and "TCP/IP NetBIOS Helper" services are running. Also check to make sure that NetBIOS is enabled in the WINS tab of your advanced properties for your network adapter. Both of these items have caused me trouble when using file sharing in the past.
Trying It Out
Now that I had everything configured, I opened up Windows Explorer on the client machine, and entered \\servername in the address bar. My shares appeared, and I could read and write files. If you run into problems however, there are a lot of good resources out on the internet. One of the best is the Samba website itself, http://us3.samba.org/samba/.
Conclusion
Installing Samba to share files with Win32 hosts in a workgroup is relatively easy. I have also configured Samba to act as a member server in Windows NT domains as well as Active Directory domains. Configuring Samba for Active Directory was by far the hardest, and I plan to write an article about how I accomplished that in the near future.