Configure Samba with anonymous file share access in freebsd

Posted on 10:10 AM by Bharathvn

You might want to share files with your windows clients. Samba will allow you to do so. First let's install it:

cd /usr/ports/net/samba3
make install clean

Now that its installed add the following line to /etc/rc.conf:

samba_enable="YES"

Now we need to create the samba configuration file.

cd /usr/local/etc
vi smb.conf

The amount of configuration required for Samba is actually quite minimal. Add the following lines to the new file we just created:

[global]
workgroup = MSHOME
passdb backend = tdbsam

[global] marks the beginning of global configuration, and we will simply name our server Samba Server. For our "workgroup," WORKGROUP is the default for Windows NT clients, and MSHOME is used by win9x clients. Nevertheless, feel free to choose any alternative. (Unless you want to serve files to a Windows XP Home client--due to limitations in XP Home that do not exist in XP Pro, a Windows XP Home client can only share files with computers in the workgroup MSHOME). The passdb is used to store passwords for samba users - we will use tdbsam.

At this point you will have to make a decision of whether or not you want anonymous or password based access to your samba server. If you want your server to require password authentification, add the following lines to our smb.conf file:

;User-Based Configuration
security = user

[share]
path = /big/samba
read only = no
valid users = xaenn

By choosing security level user, users must login in order to access our Samba server. [share] defines our samba share (you may have any number of samba shares, in order to give different access to different users, however, we will simply demonstrate one). The path determines in what directory on your system the share will reside - be sure you have sufficient space depending on what you intend to share with Samba. We want to enable write access, because we will later create one readable and one writable directory. Finally, list the valid users, in this case, only xaenn may login to this share.

If, on the other hand, you want to allow anyone to share files with your server anonymously, add the following lines to smb.conf instead:

;Anonymous Configuration
security = share
guest account = pcguest

[share]
path = /big/samba
read only = no
guest ok = yes

By choosing security level share, users do not need to login in order to access our Samba server. We define the guest account as pcguest. [share] defines our samba share. The path determines in what directory on your system the share will reside - be sure you have sufficient space depending on what you intend to share with Samba. We want to enable write access, because we will later create one readable and one writable directory. Finally, we enable guest access to this share.

Save your changes and exit the file. Now we will setup the directory structure for our share:

mkdir /big/samba
cd /big/samba
mkdir in pub
chown nobody in
chmod 5777 in

Within our /big/samba directory, we created two subdirectories: "in" and "pub". We allow all users to write to in, but we don't allow anyone other than the system root to write to pub - it is our place for sharing files with other users.

Now it's important that the users you added to our Samba configuration actually exist on the system. If you used your own username, then obviously it will already be a user on your system. However, if you decided to use "pcguest" chances are you will need to create this account.

fongsaiyuk# adduser
Username: pcguest
Full name: Guest
Uid (Leave empty for default):
Login group [pcguest]:
Login group is pcguest. Invite pcguest into other groups? []:
Login class [default]:
Shell (sh csh tcsh bash zsh rzsh nologin) [sh]: nologin
Home directory [/home/pcguest]:
Use password-based authentication? [yes]: no
Lock out the account after creation? [no]:
Username : pcguest
Password :
Full Name : Guest
Uid : 1003
Class :
Groups : pcguest
Home : /home/pcguest
Shell : /usr/sbin/nologin
Locked : no
OK? (yes/no): yes
adduser: INFO: Successfully added (pcguest) to the user database.

Now we then have to add this user to Samba (even if you didn't create a new user above, you will have to follow this step for any users in your Samba configuration - xaenn or pcguest, depending on which you used.

pdbedit -a -u pcguest

For pcguest just hit 'Enter' at the prompts for "new password" and "retype new password". (This will leave the password blank, which is what we want for anonymous access). For a normal user choose an appropriate password. You should then see a bunch of statistics about the new user we added.

Now we can start Samba

/usr/local/etc/rc.d/samba start

Or at anytime if you change something in smb.conf and need your new settings to take effect.

/usr/local/etc/rc.d/samba restart

Windows users should now have user (login) or anonymous (guest) access to our Samba share, depending on which configuration was used. If you run into problems, you can test your share with the following command:

smbclient //bsd/share

You can also test your configuration file for errors by typing:

testparm