29.10. File and Print Services for Microsoft® Windows® Clients (Samba)
Prev Chapter 29. Network Servers Next

29.10. File and Print Services for Microsoft® Windows® Clients (Samba)

Contributed by Murray Stokely.

29.10.1. Overview

Samba is a popular open source software package that provides file and print services for Microsoft® Windows® clients. Such clients can connect to and use FreeBSD filespace as if it was a local disk drive, or FreeBSD printers as if they were local printers.

Samba software packages should be included on the FreeBSD installation media. If they were not installed when first installing FreeBSD, then they may be installed from the net/samba34 port or package.

29.10.2. Configuration

A default Samba configuration file is installed as /usr/local/share/examples/samba34/smb.conf.default. This file must be copied to /usr/local/etc/smb.conf and customized before Samba can be used.

The smb.conf file contains runtime configuration information for Samba, such as definitions of the printers and file system shares that will be shared with Windows® clients. The Samba package includes a web based tool called swat which provides a simple way of configuring the smb.conf file.

29.10.2.1. Using the Samba Web Administration Tool (SWAT)

The Samba Web Administration Tool (SWAT) runs as a daemon from inetd. Therefore, inetd must be enabled as shown in Section 29.2, “The inetd Super-Server, and the following line in /etc/inetd.conf should be uncommented before swat can be used to configure Samba:

swat stream tcp nowait/400 root /usr/local/sbin/swat swat

As explained in Example 29.1, “Reloading the inetd Configuration File”, the inetd configuration must be reloaded after this configuration file is changed.

Once swat has been enabled in inetd.conf, a web browser may be used to connect to http://localhost:901. At first login, the system root account must be used.

Once successfully logging on to the main Samba configuration page, the system documentation will be available, or configuration may begin by clicking on the Globals tab. The Globals section corresponds to the variables that are set in the [global] section of /usr/local/etc/smb.conf.

29.10.2.2. Global Settings

Whether swat is being used or /usr/local/etc/smb.conf is being edited directly, the first directives encountered when configuring Samba are:

workgroup

NT Domain-Name or Workgroup-Name for the computers that will be accessing this server.

netbios name

This sets the NetBIOS name by which a Samba server is known. By default it is the same as the first component of the host's DNS name.

server string

This sets the string that will be displayed with the net view command and some other networking tools that seek to display descriptive text about the server.

29.10.2.3. Security Settings

Two of the most important settings in /usr/local/etc/smb.conf are the security model chosen, and the backend password format for client users. The following directives control these options:

security

The two most common options here are security = share and security = user. If the clients use usernames that are the same as their usernames on the FreeBSD machine then user level security should be used. This is the default security policy and it requires clients to first log on before they can access shared resources.

In share level security, clients do not need to log onto the server with a valid username and password before attempting to connect to a shared resource. This was the default security model for older versions of Samba.

passdb backend

Samba has several different backend authentication models. Clients may be authenticated with LDAP, NIS+, an SQL database, or a modified password file. The default authentication method is smbpasswd, and that is all that will be covered here.

Assuming that the default smbpasswd backend is used, the /usr/local/etc/samba/smbpasswd file must be created to allow Samba to authenticate clients. To provide the UNIX® user accounts access from Windows® clients, use the following command:

# smbpasswd -a username

Note:

The recommended backend is now tdbsam, and the following command should be used to add user accounts:

# pdbedit -a -u username

Please see the Official Samba HOWTO for additional information about configuration options. With the basics outlined here, the minimal required start running Samba will be explained. Other documentation should be consulted in addition to the information here.

29.10.3. Starting Samba

The net/samba34 port adds a new startup script, which can be used to control Samba. To enable this script, so that it can be used for example to start, stop or restart Samba, add the following line to the /etc/rc.conf file:

samba_enable="YES"

Or, for fine grain control:

nmbd_enable="YES"
smbd_enable="YES"

Note:

This will also configure Samba to automatically start at system boot time.

It is possible then to start Samba at any time by typing:

# service samba start Starting SAMBA: removing stale tdbs : Starting nmbd. Starting smbd.

Please refer to Section 12.7, “Using rc(8) Under FreeBSD” for more information about using rc scripts.

Samba actually consists of three separate daemons. Notice that both the nmbd and smbd daemons are started by the samba script. If winbind, name resolution services were enabled in smb.conf, the winbindd daemon will be started as well.

Samba may be stopped at any time by typing:

# service samba stop

Samba is a complex software suite with functionality that allows broad integration with Microsoft® Windows® networks. For more information about functionality beyond the basic installation described here, please see http://www.samba.org.

Prev Up Next
29.9. File Transfer Protocol (FTP) Home 29.11. Clock Synchronization with NTP

All FreeBSD documents are available for download at http://ftp.FreeBSD.org/pub/FreeBSD/doc/

Questions that are not answered by the documentation may be sent to <freebsd-questions@FreeBSD.org>.

Send questions about this document to <freebsd-doc@FreeBSD.org>.