SMB Server
SAMBA is a very popular open-source implementation of the SMB protocol that runs on various operating systems including FreeBSD. Using SAMBA, you can turn your FreeBSD server into a high performance Windows File Sharing server, which can integrate into your hybrid network.
SAMBA is available in FreeBSD's ports collection under /usr/ports/net/samba3.
After installing SAMBA via port (or package), just like any other server package you should configure it using the configuration file and enable it in /etc/rc.conf:
samba_enable="YES"
The default configuration file for samba is located at /usr/local/etc/smb.conf. The default configuration file contains the basic configuration including a few sample shared directories and printers. You should modify this file (or create a new one from the scratch) to suit your specific needs.
You need to set up your server name, workgroup name, security-level, and access control rules in your smb.conf file, before actually setting up your shared directories/printers:
[global] workgroup = MYGROUP server string = Samba Server security = user hosts allow = 192.168.1. 192.168.2. 127.
This will set your workgroup name, server name (as it will be seen by other SMB hosts), security-level (which can be chosen from various options such as user, share, server, ads, and domain) as well as the hosts that are allowed to access this server.
There are also further advanced options that can be specified in this configuration file, such as debugging and logging options, Master Browser preference, centralized password server settings, and wins/dns proxy settings. The default configuration file is crafted in a way that it fits in most of the simple deployments. However, all these configuration parameters along with a short description and their default value are present in the sample configuration file, which can be modified to suit your need.
After tweaking general configuration parameters, you should specify your shared resources configuration. Each share has its own configuration block, like the following example:
[myshare] comment = sample shared directory path = /usr/home/babak/mydocs valid users = babak jdoe public = no writeable = yes printable = no
This example shows a simple shared directory. The share can be accessed on the number using its name (in this example, myshare). We have also specified the actual address of the directories we are going to share over the network. This share would not be available for everyone and users should be authenticated, hence the valid users parameter. Only the users, babak and jdoe, are authorized to access this share. The share is also writable so that users can create and modify the shared files across the network. And as the last parameter, we have also specified that this share is not a printer (which explains the printable parameter).
Authentication
The recent example shows that we can set up shares for specific users that would be authenticated over the network and granted access according to specified access policies.
SAMBA can authenticate users with a local password database, or a password server that you may configure for this reason. The password server can be a Windows Active Directory, Windows NT Domain Controller or even LDAP.
In most simple deployments, administrator chooses the local password database to store user passwords. This local password database can be maintained using the smbpasswd(8) utility. Using this utility you can add, delete, enable, disable, and change users' password for the users you configure to access SMB shared over the network.
# smbpasswd -a babak New SMB password: Retype new SMB password: startsmbfilepwent_internal: file /usr/local/etc/samba/smbpasswd did not exist. File successfully created. Added user babak.
This will add a new user named babak to samba's local password database at /usr/ local/etc/samba/smbpasswd.
In the local authentication scheme, the user should also exist in the systems password database (the /etc/passwd file) before you can actually add it to SAMBA's password database. Otherwise, it fails to add the user.