Samba is a free software re-implementation of the SMB networking protocol. Samba provides file and print services for Linux and Microsoft Windows clients. Samba can integrate with a Microsoft Windows Server domain, either as a Domain Controller or as a domain member. As of version 4, it supports Active Directory and Microsoft Windows NT domains.
Today I will look at setting up Samba, in particular, sharing for groups. Using groups means you can achieve a more efficient means of controlling user access. I will cover installation on FreeBSD, setting up Samba shares, configuration of the server and adding users. To confirm the installation I will test connecting from a client and also check the logs if the connection is not successful.
The installation output generates a lot of useful information about the local install and also where to look for additional help.
root@freebsd120:~ # pkg install samba48 Updating FreeBSD repository catalogue... FreeBSD repository is up to date. All repositories are up to date. The following 1 package(s) will be affected (of 0 checked): New packages to be INSTALLED: samba48: 4.8.12_4 Number of packages to be installed: 1 The process will require 173 MiB more space. 31 MiB to be downloaded. Proceed with this action? [y/N]: y [1/1] Fetching samba48-4.8.12_4.txz: 100% 31 MiB 989.1kB/s 00:33 Checking integrity... done (0 conflicting) [1/1] Installing samba48-4.8.12_4... [1/1] Extracting samba48-4.8.12_4: 100% ===== Message from samba48-4.8.12_4: -- How to start: http://wiki.samba.org/index.php/Samba4/HOWTO * Your configuration is: /usr/local/etc/smb4.conf * All the relevant databases are under: /var/db/samba4 * All the logs are under: /var/log/samba4 * Provisioning script is: /usr/local/bin/samba-tool For additional documentation check: http://wiki.samba.org/index.php/Samba4 Bug reports should go to the: https://bugzilla.samba.org/
Enable Samba on Startup
As with all services we have to add the service to /etc/rc.conf.
root@freebsd120:~ # echo 'samba_server_enable="YES"' >> /etc/rc.conf
Create Directories & Set Permissions
Before we configure Samba, let’s create the necessary directories and groups and assign access permissions. I’ll be creating two new shares called data and media. We will only be granting access to one of the shares so that we can view unauthorized access attempts in the logs.
root@freebsd120:~ # mkdir -p /usr/local/samba/data root@freebsd120:~ # pw groupadd smb-data root@freebsd120:~ # chgrp -R smb-data /usr/local/samba/data root@freebsd120:~ # chmod -R 770 /usr/local/samba/data root@freebsd120:~ # mkdir /usr/local/samba/media root@freebsd120:~ # pw groupadd smb-media root@freebsd120:~ # chgrp -R smb-media /usr/local/samba/media root@freebsd120:~ # chmod -R 770 /usr/local/samba/media root@freebsd120:~ # pw groupmod smb-data -m philip
Note: We did not add the user to smb-media group, we will look at this in testing the connection from a client later.
Create Samba Configuration File
Onto the main configuration file, I have created the two shares and assigned some basic global settings. Of interest to us here, is the log level line which sets minimal logging so we can view failed connection attempts. In the shares configuration we have assigned group access to @smb-data and @smb-media.
File to be created: /usr/local/etc/smb4.conf
[global] workgroup = WORKGROUP server string = Samba Server Version %v security = user passdb backend = tdbsam log level = 1 auth_audit:1 # Example: share /usr/local/samba/data accessible only to 'smb-data' group [data] path = /usr/local/samba/data valid users = @smb-data writable = yes browsable = yes read only = no guest ok = no public = no create mask = 0666 directory mask = 0755 # Example: share /usr/local/samba/data accessible only to 'smb-media' group [media] path = /usr/local/samba/media valid users = @smb-media writable = yes browsable = yes read only = no guest ok = no public = no create mask = 0666 directory mask = 0755
Add Samba User
Finally, we must add the user philip to Samba. This is achieved with the smbpasswd command.
smbpasswd -a philip
Start Samba Server
Everything is now set up, so it is just a matter of starting the Samba service.
root@freebsd120:~ # service samba_server start Performing sanity check on Samba configuration: OK Starting nmbd. Starting smbd. root@freebsd120:~ #
Test Connection From Client
philip can log into the smb-data share, as he is a member of smb-data group. He cannot log into the smb-media share, as he is not a member of smb-media group.
This can be verified in the log file: /var/log/samba4/log.smbd
[2019/11/17 18:22:00.148954, 1] ../source3/smbd/service.c:521(make_connection_snum) create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
While the popular “Using Samba” from O’Reilly seems to be everywhere, it is a little dated. Marcelo Leal’s “Implementing Samba 4” is a worthwhile read as it covers new topics such as Active Directory Services and other advanced topics.