Samba – connecting FreeBSD to Microsoft
The main page for Samba is http://www.samba.org/
You
might also want to see the NFS article.
NOTE: If you want to access Microsoft file systems from your FreeBSD
box, you want Sharity-Light.
18 October
Samba is a port which allows a FreeBSD box to share file systems with a
Microsoft box. Or the other way around depending on your point of view. The
man pages for Samba describe it as a LanManager like fileserver for UNIX.
To quote from The Complete FreeBSD by Greg Lehey:
Samba is a collection of software components which implement the SMB protocol
over TCP/IP. You can use it to interface with Microsoft environments such as Windows
for Workgroups, Windows 95, and Windows NT.
5:22 pm – The install begins
The instructions for installation seem quite easy.
cd /usr/ports/net/samba make install
Let’s see how it goes. It’s downloading a 1.3 MB file for Samba version
1.98.18. Time for some food.
5:48 pm – After the build
I own a copy of The Complete FreeBSD and it’s one of the
books I recommend you buy. It’s what I’m using to
install Samba. You will get more detail from that book than I have
supplied here.
Samba can be run from startup or it can be run from inetd.
I choose the later (see below, I changed my mind). Edit /etc/inetd.conf
file. Near the bottom you should see two lines referring to Samba.
Uncomment them. They look like this:
netbios-ssn stream ....etc netbios-ns dgram ...etc
Then either reboot or restart inetd by doing the following:
kill -1 <pid>
where pid is the process id of inetd as found by
ps -auwx | grep inetd
6:14 pm – Configuration
As the book says, Samba does not come with a configuration file. So I did the
following:
cp /usr/ports/net/samba/work/samba-1.9.18p0/examples/simple/smb.conf /usr/local/etc
Create a directory /var/log/samba and make it readable and writable only by root.
Modify /usr/local/etc/smb.conf. Here’s what I have in mine.
Please note, not all of the file is shown here:
[global] socket options = TCP_NODELAY printing = bsd printcap name = /etc/printcap load printers = yes guest account = guest[ftp] comment = ftp server file area path = /var/spool/ftp/pub read only = yes public = yes
The key things to remember are:
- point guest_account to a valid account (in the above example, guest).
- change the log file entry to point to /var/log/samba/log.%m
6:54 pm – Testing the setup
To test the above connection, I did the following:
bash-2.02$ smbclient \\\\freebsd\\ftp Added interface ip=10.0.0.1 bcast=10.0.0.255 nmask=255.255.255.0 Server time is Sun Oct 18 18:52:19 1998 Timezone is UTC+13.0 Password: Domain=[WORKGROUP] OS=[Unix] Server=[Samba 1.9.18p8] security=share smb: \>
Note that I did not enter a password. It is a public service.
I will write more about this later.
19 October
You will notice above that the default domain is WORKGROUP. You may not want
that and may wish to consider adding the following line to the .conf file.
This example involves the TESTING domain.
[global] workgroup = TESTING
Changing the startup
I’ve decided to run samba from startup rather than from /etc/inetd.conf.
I’m doing this because I spotted a message in the mailing list archives which
suggested this was a good idea until things were stable. So here’s what I did to
achieve that change.
- comment out the lines in /etc/inetd.conf which refer to Samba.
See above for details.
- put the following lines in /etc/rc.local (NOTE: /etc/rc.local
is deprecated; use /usr/local/etc/rc.d/ instead; see Starting
stuff at boot time and Installing IP
Filter 3.3.3 for an example)
echo " smbd" && /usr/local/sbin/smbd -D echo " nmbd" && /usr/local/sbin/nmbd -D
I acutally stopped the existing copies of these program and restarted them from
scratch. I think that’s overkill, but so what.
Getting SAMBA visible from Windows Explorer
With the above steps, you should be able to connect to your Samba server by
following these steps on your Windows machine:
- Start Explorer or File Manager.
- Select Tools->Map Network Drive (the actual menu item may vary).
- Select the drive you wish to map.
- Enter \\FreeBSD\ftp in the Path field where FreeBSD is the name of
your Samba server and ftp is the service you added above. - In the field titled Connect As, you have to enter the user id of your FreeBSD box.
You may also be prompted for a password on that box.
If this doesn’t work, I strongly urge you to follow the Samba diagnostics.
I found them very useful.
It is frequently difficult to find the DIAGNOSIS.TXT file referred to by so many SAMBA
documents. It seems to move around the website. Hopefully this will settle down. I suggest
trying the following in the order provided:
- http://www.cise.ufl.edu/help/software/doc/samba/DIAGNOSIS.txt
- A copy of the above file stored on my server
- this Google search
Good luck
Also have a look at the Logon Problems for a potential NT problem and
solution.
Getting SAMBA to appear under your workgroup
One of the good things about Samba, is that you can treat it like any other Windows
machine (as degrading as that may be to a FreeBSD box). In fact, what I liked seeing
was my FreeBSD box listed under Network Neighbourhood. Very nice!
In order to do
this, I think you need the following entries in /usr/local/etc/smb.conf.
[global] remote announce = 10.0.0.255/WORKGROUP
where 10.0.0.255 is the broadcast address for your subnet and WORKGROUP
is the Windows domain or workgroup into which you wish the Samba services to be
advertised.
smb.conf
There are the entries from my Samba configuration file. They might help you.
Some things may have been changed for security reasons.
[global] hosts allow = 10.0.0. workgroup = WORKGROUP socket options = TCP_NODELAY printing = bsd printcap name = /etc/printcap load printers = yes guest account = guest remote announce = 10.0.0.255/WORKGROUP security = share
You should refer to man smb.conf for more information about these settings.
Login Problems under NT
NOTE: I’m told this hack is not needed. See the following section.
When I
first tried a Samba file service which was user specific, I found that connecting
or browsing to that service resulted in the following error:
no authority to log on from this station
The full text of the message is available, but the
solution has been extracted below for your convenience. Note that this is for NT 4
only.
- Run Registry Editor (Regedt32.exe).
- From the HKEY_LOCAL_MACHINE subtree, go to the following key:
\system\currentcontrolset\services\rdr\parameters - Click Add Value on the Edit menu.
- Add the following:
Value Name: EnablePlainTextPassword
Data Type: REG_DWORD
Data: 1 - Click OK and then quit Registry Editor.
- Shut down and restart Windows NT.
NOTE: I’ve been told that recent versions of Samba avoid this
problem with a configuration file setting. I’ve not tracked that down yet.
Please refer to the following section for more information.
Samba Authentication (added on 5 July 2000)
I’ve
got Samba running on Linux – still have to set it up on FreeBSD. The Windows registry hack
is unnecessary. MS users logon to Windows, not NT Domain, using the same user names
that appear in /etc/passwd and smbpasswd (wherever you have put it). They can then access
their home directories and /tmp on the Samba server without further authentication.
encrypt passwords = yes.
The only share I haven’t been able to get working properly yet is the printer share.
My printer is an HP-812C which uses IEEE 1284 two-way communication and apparently
the printer is not communicating back to the Windows boxes. Maybe if I use the HP-550C
driver, this can be made to work.
3 November
There have been many questions regarding the Samba login process. I
found something very interesting in the mailing list archives.
For those interested in the full text, the
original archive entry is available. The following is an extract from that
entry:
Windows 98 and NT4(SP3) _require_ encrypted passwords from the server. There are two
possible solutions:
- Enable encrypted passwords in Samba. This is the best solution if the Samba server is
being accessed by a WinNT boxes, or a mixture of Win95/Win98/WinNT clients. However,
password encryption in samba requires another password file
(/usr/local/private/smbpasswd), which you would create, populate and maintain.- Disable the requirement of encrypted passwords in you Win98 clients. This needs a
single addition to the Win98 registry: go to
"HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\VNETSUP" and add the
value "EnablePlainTextPassword" = 1 (dword). Then reboot.You may want to read some documents in /usr/local/share/doc/samba, such as Win95.txt
(yes, Win95) or ENCRYPTION.txt.
I also found virtually the same information at another
site.
Another archive
message suggested adding "encrypt passwords = yes" to /etc/smb.conf
. I have not tried that.
Mounting NT drives
If you have an NT box which has a share on it, you can mount it from your FreeBSD box
using smbmount. But there’s no reason why that share can’t be on another
FreeBSD box. This sounds like it may be a good alternative to using
NFS. I’ve searched my system for smbmount, but can’t find it.
I’ve found the source file, but I can’t compile it. It appears that it is for Linux
only. I’ve asked a question on the mailing list. I’ll report back later.
It
appears that the answer may be Sharity-Light, previously known
as Rumba.
Samba 2.0.6 – shares are printers (added on 20 April 2000)
Ernie Dunbar wrote in with this
bit about Samba 2.0.6 and printers:
This version seems to think that, by default, shares are printers, not disks.
Perhaps this is a feature and not a bug. But if you make a disk share, make sure you
include printable=no in the share information in smb.conf.The way you tell if your server is acting this way is to use "smbclient -L
smbhost" which will display the type of each share.
Windows shared printer (added on 5 July 2000)
Adriel Ickler wrote in with this sharing a Windows printer:
After reviewing the solutions for printing to a windows shared printer, and being
dissatisfied with them I created my own solution, I was told I should share it with others
via an article.
- Create a fifo in /dev, mine is /dev/smbprint
mkfifo /dev/smbprint
- Set up a printer EXACTLY like normal, except use /dev/smbprint as the device
instead of /dev/lpt0 or whatever.
- Make a shell script for flushing the fifo (You can use lpq to test if the fifo has data
in it). It only needs to contain this line (which is wrapped, it should be all on a
single line):/usr/local/bin/smbclient //sharename/printername -c "print -" <
/dev/smbprint
Time server (added on 31 December 2000)
Lanny Baron wrote in to say that Samba can be your time server. Add
the following to your smb.conf file:
time server = Yes
Interface Issues (added on 11 April 2003)
If you see the following types of error messages, then you probably haven’t set the interfaces
in the your samba configuration file.
smbd[73262]: [2003/04/11 08:13:38, 0] lib/interface.c:load_interfaces(216)
smbd[73262]: WARNING: no network interfaces found
nmbd[73265]: [2003/04/11 08:13:38, 0] lib/interface.c:load_interfaces(216)
nmbd[73265]: WARNING: no network interfaces found
nmbd[73265]: [2003/04/11 08:13:38, 0] nmbd/nmbd_subnetdb.c:create_subnets(239)
nmbd[73265]: create_subnets: No local interfaces !
If you see the above, look for a line like this in your configuration file and make sure it refers
to a network interface card (NIC) which exists and has an IP address.
interfaces = rl0
If you don’t find a line like the above, perhaps you need to add it.
Can’t get the mount? (added on 28 September 2004)
Today at work I was trying to get a Samba mount to work on my NT box. Only my machine could not mount.
The *nix box in question was not part of the Windows domain. The solution was to remove the entry for me
in /etc/samba/smbusers
that mapped my domain account to a samba account. This
entry maps a Windows user id to a Unix user id. In my case, both user ids were the same (dan
).
We don’t know why this solved the problem.
Then, the mount would not resume upon login. I had to manually set it each time. The solution was to make my Samba password
the same as my Windows password. Then it automagically mounted at each login.