Samba server on pfSense 2.0.2

[evil_chewbaka]

I will most likely get flamed, die in a fire and burn in hell for eternity for sharing this but....here goes...

go to ssh shell and type:

    setenv PACKAGESITE "ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.3-release/Latest/"

    pkg_add -r samba36

then create the folder
  
   /home/public

and set priv. to 777

create the file

   /usr/local/etc/smb.conf

Code: [Select]

[global]
netbios name = Server
server string = pfSense
workgroup = WORKGROUP
os level = 39
security = share
preferred master = yes
usershare allow guests = yes
guest account = root

socket options = TCP_NODELAY

[Public]
	comment = Huh?
	writeable = yes
	public = yes
	path = /home/public
	browseable = yes
	guest ok = yes

create the file    /etc/rc.conf.local

Code: [Select]

samba_enable="YES"
nmbd_enable="YES"
smbd_enable="YES"
winbindd_enable="YES"

then start your server

   /usr/local/etc/rc.d/samba start


if it doesnt work then...god hate you...

[wheelz]

I don't know why this would be a big deal/flame bait.  All you need to do is add

interfaces = e1000g0

to your smb.conf where e1000g0 is your internal LAN interface and it should only be available from your LAN (and only create firewall rules for the LAN interface as well).

I know that this is a bad practice in general to put your data on your firewall which is why I won't do it.  However it does depend on the data.  If you are putting data on there that you don't need secure like music files, etc... then who cares.

[unguzov]

I will most likely get flamed, die in a fire and burn in hell for eternity for sharing this but....here goes...

Samba on pfSense is like a flashlight on a toaster - it is strange and dangerous but sometimes handy 
 

[jimp]

I don't know why this would be a big deal/flame bait.  All you need to do is add

interfaces = e1000g0

to your smb.conf where e1000g0 is your internal LAN interface and it should only be available from your LAN (and only create firewall rules for the LAN interface as well).

I know that this is a bad practice in general to put your data on your firewall which is why I won't do it.  However it does depend on the data.  If you are putting data on there that you don't need secure like music files, etc... then who cares.

It's not about securing the data, it's about securing the firewall. The odds of someone exploiting the firewall to get to your data are very, very low.

The odds of someone exploiting samba to compromise your firewall are much, much higher.

That said, I wouldn't do it, but I can see why someone would. I've done it before (years ago, before I ran pfSense), but I wouldn't do it now.

Also we tend to think of pfSense in its main role as a firewall, but it can also be an appliance platform. If someone really wanted to, they could setup pfSense standing alone with one interface on their LAN and have it work as just a file server. Not sure why someone would want to do that when FreeNAS exists, but that has never stopped anyone before. :-)  In that type of environment, it can make sense. It's just not very common.

[mamen0330]

I am getting this error. help

Starting nmbd.
/libexec/ld-elf.so.1: /usr/local/lib/libtalloc.so.2: unsupported file layout
/usr/local/etc/rc.d/samba: WARNING: failed to start nmbd
Starting smbd.
/libexec/ld-elf.so.1: /usr/local/lib/libtalloc.so.2: unsupported file layout
/usr/local/etc/rc.d/samba: WARNING: failed to start smbd
Starting winbindd.
/libexec/ld-elf.so.1: /usr/local/lib/libtalloc.so.2: unsupported file layout
/usr/local/etc/rc.d/samba: WARNING: failed to start winbindd

[mamen0330]

Solved it! It seems that the dependencies are for 32bit. Here's what I did for my 64bit pfSense 2.0.2 box:

Delete the packages samba, talloc and python.

pkg_delete -v samba<version>

pkg_delete -v talloc<version>

pkg_delete -v python<version>

*you can see the installed version of these packages in your system by using the command pkg_info.

set the packagesite variable to use the 64bit instead of 32bit repository.

setenv PACKAGESITE "ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-8.3-release/Latest/"

*take note of the amd64 after the ports.

install samba again.

pkg_add -r -v samba36

*this will also install it's dependencies, talloc and python libraries.

configure the smb.conf then start the smb service.

Code: [Select]

/usr/local/etc/rc.d/samba start

that's it!!

[Luiz Gustavo]

Guys, see this:

http://forum.pfsense.org/index.php/topic,59357.0.html

[dennisv]

Hi guys got a problem when trying to run samba, please see below. Please help what could be the problem.

[2.0.3-RELEASE][admin@mydomain.local]/home/public(26): /usr/local/etc/rc.d/samba start
Starting nmbd.
/libexec/ld-elf.so.1: Shared object "libsasl2.so.2" not found, required by "libldap-2.4.so.8"
/usr/local/etc/rc.d/samba: WARNING: failed to start nmbd
Starting smbd.
/libexec/ld-elf.so.1: Shared object "libsasl2.so.2" not found, required by "libldap-2.4.so.8"
/usr/local/etc/rc.d/samba: WARNING: failed to start smbd
Starting winbindd.
/libexec/ld-elf.so.1: Shared object "libsasl2.so.2" not found, required by "libldap-2.4.so.8"
/usr/local/etc/rc.d/samba: WARNING: failed to start winbindd

[salida]

well the quide is quite good it works just as i wanted with some optimizations.

the problem is that after every restart of pfsense samba is not starting as it should.
after a restart giving "service samba status"
i get

Code: [Select]

nmbd is not running.
smbd is not running.
winbindd is not running.

if i try this "service winbindd start"

Code: [Select]

winbindd does not exist in /etc/rc.d or the local startup
directories (/usr/local/etc/rc.d)

this is my: /etc/rc.conf.local

Code: [Select]

samba_enable="YES"
nmbd_enable="YES"
smbd_enable="YES"
winbindd_enable="YES"

if i reinstall everything , it works!!!, until the next restart
any ideas ?

[ghostdust]

For me its working with this modification and after reboot samba is working as expected.

cp /usr/local/etc/rc.d/samba /usr/local/etc/rc.d/samba.sh

Forgot to mention u can start/stop samba without making the modification with:

/usr/local/etc/rc.d/samba onestart
/usr/local/etc/rc.d/samba onestop

With those commands maybe u can make an cron job to allow users to share with samba at any time u want 


Best regards


P.S. Sorry for my english, is not my native language

[Haxdal]

Registered just to reply to this thread (and probably others in the future).

The problem I got with this Samba package is that it's trying to put the PID files into a folder in /var/run that doesn't exist (apparently /var/run is cleaned on reboot) and it doesn't have the foresight to create said folder again. The fix is simple, create that folder automatically during boot before Samba starts.  edit: or you can just edit the startup script so that the PID files are created in a valid location.

The easiest way I found to do it is to edit the xml config file (/cf/conf/config.xml) and add "<shellcmd>mkdir /var/run/samba</shellcmd>" at the end of the system section so it becomes something like this :

                ...
      <dnsallowoverride/>
      <shellcmd>mkdir /var/run/samba</shellcmd>
   </system>
   <interfaces>
        ...

You might also need to copy the samba run script to samba.sh as suggested by ghostdust for Samba to start automatically.

cp /usr/local/etc/rc.d/samba /usr/local/etc/rc.d/samba.sh

After this everything should work fine, at least it did so on my test machine.

[salida]

• <shellcmd>mkdir /var/run/samba</shellcmd>
• cp /usr/local/etc/rc.d/samba /usr/local/etc/rc.d/samba.sh

After this everything should work fine, at least it did so on my test machine.

Just tested this , and i can confirm that it is working like a charm even after a restart.
I want to thank both Haxdal & ghostdust.

[hongkonger]

I know this is pretty old post,

but would love to have a samba or ftp package on my pfbox,

my current hardware is simply overkill for a firewall.

[salida]

I know this is pretty old post,

but would love to have a samba or ftp package on my pfbox,

my current hardware is simply overkill for a firewall.

Well the guide is pretty straight forward about samba server.
Read the guide and the troubleshooting below.
Here to help with

[rsingh]

Instructions for pfsense 2.2.2-RELEASE (FreeBSD 10.1) with regards to the original steps

run these commands:
pkg
pkg install net/samba42

Note 1: samba4.3 released on september 8th, you may be able to install this in future with pkg install net/samba43
Note 2: this has a bunch of dependencies which pkg will need to add automatically, potential security issues

Create /etc/rc.conf with this (rc.conf.local no longer required):
samba_server_enable="YES"

Primary conf file name changed:
cat /usr/local/etc/smb4.conf
[global]
   server string = pfSense
   interfaces = em0, lo
   bind interfaces only = Yes
   guest account = root
   os level = 39
   preferred master = Yes
   usershare allow guests = Yes
   idmap config * : backend = tdb

[Public]
   comment = Huh?
   path = /home/
   read only = No
   guest ok = Yes

Note 3: keep an eye on the interface only section, replace yours their and change the path as needed.


Providing god doesn't hate you:

/usr/local/etc/rc.d/samba_server start
Performing sanity check on Samba configuration: OK
Starting nmbd.
Starting smbd.

Note 4: Conf file help: (on a linux system) run testparm <your conf file>. This outputted a better formatted conf file that worked on freebsd.

Also make sure you bind your interfaces right, you probably don't want this on the internet (maybe you do?)

netstat -na | grep 445
tcp4       0      0 192.168.1.1.445        *.*                    LISTEN
netstat -na | grep 137
udp4       0      0 192.168.1.255.137      *.*                   
udp4       0      0 192.168.1.1.137        *.*                   
udp4       0      0 *.137                  *.*       



General help:
http://wiki.samba.org/index.php/Samba4/HOWTO


Here's a FreeBSD gpart cheat sheet for those who are lazy and normally use gparted on linux like me:
https://forums.freebsd.org/threads/gpart-cheatsheet-wiping-drives-partitioning-formating.45411/
mount /dev/da0p1 backup/

Hope this helps others, feel free to comment if things i've placed here should be done differently.