Samba – connecting FreeBSD to Microsoft
The main page for Samba is http://www.samba.org/You might also want to see the NFS article.
NOTE: If you want to access Microsoft file systems from your FreeBSD box, you want Sharity-Light.
18 October
Samba is a port which allows a FreeBSD box to share file systems with a Microsoft box. Or the other way around depending on your point of view. The man pages for Samba describe it as a LanManager like fileserver for UNIX. To quote from The Complete FreeBSD by Greg Lehey:Samba is a collection of software components which implement the SMB protocol over TCP/IP. You can use it to interface with Microsoft environments such as Windows for Workgroups, Windows 95, and Windows NT.
5:22 pm – The install begins
The instructions for installation seem quite easy.cd /usr/ports/net/samba make install
Let’s see how it goes. It’s downloading a 1.3 MB file for Samba version 1.98.18. Time for some food.
5:48 pm – After the build
I own a copy of The Complete FreeBSD and it’s one of the books I recommend you buy. It’s what I’m using to install Samba. You will get more detail from that book than I have supplied here.Samba can be run from startup or it can be run from inetd. I choose the later (see below, I changed my mind). Edit /etc/inetd.conf file. Near the bottom you should see two lines referring to Samba. Uncomment them. They look like this:
netbios-ssn stream ....etc netbios-ns dgram ...etc
Then either reboot or restart inetd by doing the following:
kill -1 <pid>
where pid is the process id of inetd as found by
ps -auwx | grep inetd
6:14 pm – Configuration
As the book says, Samba does not come with a configuration file. So I did the following:cp /usr/ports/net/samba/work/samba-1.9.18p0/examples/simple/smb.conf /usr/local/etc
Create a directory /var/log/samba and make it readable and writable only by root.
Modify /usr/local/etc/smb.conf. Here’s what I have in mine. Please note, not all of the file is shown here:
[global] socket options = TCP_NODELAY printing = bsd printcap name = /etc/printcap load printers = yes guest account = guest[ftp] comment = ftp server file area path = /var/spool/ftp/pub read only = yes public = yes
The key things to remember are:
- point guest_account to a valid account (in the above example, guest).
- change the log file entry to point to /var/log/samba/log.%m
6:54 pm – Testing the setup
To test the above connection, I did the following:bash-2.02$ smbclient \\\\freebsd\\ftp Added interface ip=10.0.0.1 bcast=10.0.0.255 nmask=255.255.255.0 Server time is Sun Oct 18 18:52:19 1998 Timezone is UTC+13.0 Password: Domain=[WORKGROUP] OS=[Unix] Server=[Samba 1.9.18p8] security=share smb: \>
Note that I did not enter a password. It is a public service.
I will write more about this later.
19 October
You will notice above that the default domain is WORKGROUP. You may not want that and may wish to consider adding the following line to the .conf file. This example involves the TESTING domain.[global] workgroup = TESTING
Changing the startup
I’ve decided to run samba from startup rather than from /etc/inetd.conf. I’m doing this because I spotted a message in the mailing list archives which suggested this was a good idea until things were stable. So here’s what I did to achieve that change.- comment out the lines in /etc/inetd.conf which refer to Samba. See above for details.
- put the following lines in /etc/rc.local (NOTE: /etc/rc.local is deprecated; use /usr/local/etc/rc.d/ instead; see Starting stuff at boot time and Installing IP Filter 3.3.3 for an example)
echo " smbd" && /usr/local/sbin/smbd -D echo " nmbd" && /usr/local/sbin/nmbd -D
I acutally stopped the existing copies of these program and restarted them from scratch. I think that’s overkill, but so what.
Getting SAMBA visible from Windows Explorer
With the above steps, you should be able to connect to your Samba server by following these steps on your Windows machine:- Start Explorer or File Manager.
- Select Tools->Map Network Drive (the actual menu item may vary).
- Select the drive you wish to map.
- Enter \\FreeBSD\ftp in the Path field where FreeBSD is the name of your Samba server and ftp is the service you added above.
- In the field titled Connect As, you have to enter the user id of your FreeBSD box. You may also be prompted for a password on that box.
If this doesn’t work, I strongly urge you to follow the Samba diagnostics. I found them very useful. It is frequently difficult to find the DIAGNOSIS.TXT file referred to by so many SAMBA documents. It seems to move around the website. Hopefully this will settle down. I suggest trying the following in the order provided:
- http://www.cise.ufl.edu/help/software/doc/samba/DIAGNOSIS.txt
- A copy of the above file stored on my server
- this Google search
Getting SAMBA to appear under your workgroup
One of the good things about Samba, is that you can treat it like any other Windows machine (as degrading as that may be to a FreeBSD box). In fact, what I liked seeing was my FreeBSD box listed under Network Neighbourhood. Very nice!In order to do this, I think you need the following entries in /usr/local/etc/smb.conf.
[global] remote announce = 10.0.0.255/WORKGROUP
where 10.0.0.255 is the broadcast address for your subnet and WORKGROUP is the Windows domain or workgroup into which you wish the Samba services to be advertised.
smb.conf
There are the entries from my Samba configuration file. They might help you. Some things may have been changed for security reasons.[global] hosts allow = 10.0.0. workgroup = WORKGROUP socket options = TCP_NODELAY printing = bsd printcap name = /etc/printcap load printers = yes guest account = guest remote announce = 10.0.0.255/WORKGROUP security = share
You should refer to man smb.conf for more information about these settings.
Login Problems under NT
NOTE: I’m told this hack is not needed. See the following section.When I first tried a Samba file service which was user specific, I found that connecting or browsing to that service resulted in the following error:
no authority to log on from this station
The full text of the message is available, but the solution has been extracted below for your convenience. Note that this is for NT 4 only.
- Run Registry Editor (Regedt32.exe).
- From the HKEY_LOCAL_MACHINE subtree, go to the following key: \system\currentcontrolset\services\rdr\parameters
- Click Add Value on the Edit menu.
- Add the following:
Value Name: EnablePlainTextPassword
Data Type: REG_DWORD
Data: 1 - Click OK and then quit Registry Editor.
- Shut down and restart Windows NT.
NOTE: I’ve been told that recent versions of Samba avoid this problem with a configuration file setting. I’ve not tracked that down yet. Please refer to the following section for more information.
Samba Authentication (added on 5 July 2000)
I’ve got Samba running on Linux – still have to set it up on FreeBSD. The Windows registry hack is unnecessary. MS users logon to Windows, not NT Domain, using the same user names that appear in /etc/passwd and smbpasswd (wherever you have put it). They can then access their home directories and /tmp on the Samba server without further authentication. encrypt passwords = yes.
The only share I haven’t been able to get working properly yet is the printer share. My printer is an HP-812C which uses IEEE 1284 two-way communication and apparently the printer is not communicating back to the Windows boxes. Maybe if I use the HP-550C driver, this can be made to work.
3 November
There have been many questions regarding the Samba login process. I found something very interesting in the mailing list archives. For those interested in the full text, the original archive entry is available. The following is an extract from that entry:Windows 98 and NT4(SP3) _require_ encrypted passwords from the server. There are two possible solutions:
- Enable encrypted passwords in Samba. This is the best solution if the Samba server is being accessed by a WinNT boxes, or a mixture of Win95/Win98/WinNT clients. However, password encryption in samba requires another password file (/usr/local/private/smbpasswd), which you would create, populate and maintain.
- Disable the requirement of encrypted passwords in you Win98 clients. This needs a single addition to the Win98 registry: go to "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\VNETSUP" and add the value "EnablePlainTextPassword" = 1 (dword). Then reboot.
You may want to read some documents in /usr/local/share/doc/samba, such as Win95.txt (yes, Win95) or ENCRYPTION.txt.
I also found virtually the same information at another site.
Another archive message suggested adding "encrypt passwords = yes" to /etc/smb.conf . I have not tried that.
Mounting NT drives
If you have an NT box which has a share on it, you can mount it from your FreeBSD box using smbmount. But there’s no reason why that share can’t be on another FreeBSD box. This sounds like it may be a good alternative to using NFS. I’ve searched my system for smbmount, but can’t find it. I’ve found the source file, but I can’t compile it. It appears that it is for Linux only. I’ve asked a question on the mailing list. I’ll report back later.It appears that the answer may be Sharity-Light, previously known as Rumba.
Samba 2.0.6 – shares are printers (added on 20 April 2000)
Ernie Dunbar wrote in with this bit about Samba 2.0.6 and printers:This version seems to think that, by default, shares are printers, not disks. Perhaps this is a feature and not a bug. But if you make a disk share, make sure you include printable=no in the share information in smb.conf.
The way you tell if your server is acting this way is to use "smbclient -L smbhost" which will display the type of each share.
Windows shared printer (added on 5 July 2000)
Adriel Ickler wrote in with this sharing a Windows printer:After reviewing the solutions for printing to a windows shared printer, and being dissatisfied with them I created my own solution, I was told I should share it with others via an article.
- Create a fifo in /dev, mine is /dev/smbprint
mkfifo /dev/smbprint
- Set up a printer EXACTLY like normal, except use /dev/smbprint as the device instead of /dev/lpt0 or whatever.
- Make a shell script for flushing the fifo (You can use lpq to test if the fifo has data in it). It only needs to contain this line (which is wrapped, it should be all on a single line):
/usr/local/bin/smbclient //sharename/printername -c "print -" < /dev/smbprint
Time server (added on 31 December 2000)
Lanny Baron wrote in to say that Samba can be your time server. Add the following to your smb.conf file:
time server = Yes
Interface Issues (added on 11 April 2003)
If you see the following types of error messages, then you probably haven’t set the interfaces in the your samba configuration file.
smbd[73262]: [2003/04/11 08:13:38, 0] lib/interface.c:load_interfaces(216)
smbd[73262]: WARNING: no network interfaces found
nmbd[73265]: [2003/04/11 08:13:38, 0] lib/interface.c:load_interfaces(216)
nmbd[73265]: WARNING: no network interfaces found
nmbd[73265]: [2003/04/11 08:13:38, 0] nmbd/nmbd_subnetdb.c:create_subnets(239)
nmbd[73265]: create_subnets: No local interfaces !
If you see the above, look for a line like this in your configuration file and make sure it refers to a network interface card (NIC) which exists and has an IP address.
interfaces = rl0
If you don’t find a line like the above, perhaps you need to add it.
Can’t get the mount? (added on 28 September 2004)
Today at work I was trying to get a Samba mount to work on my NT box. Only my machine could not mount. The *nix box in question was not part of the Windows domain. The solution was to remove the entry for me in/etc/samba/smbusers
that mapped my domain account to a samba account. This
entry maps a Windows user id to a Unix user id. In my case, both user ids were the same (dan
).
We don’t know why this solved the problem.
Then, the mount would not resume upon login. I had to manually set it each time. The solution was to make my Samba password
the same as my Windows password. Then it automagically mounted at each login.