Samba server on pfSense 2.0.2
-
I will most likely get flamed, die in a fire and burn in hell for eternity for sharing this but….here goes...
go to ssh shell and type:
setenv PACKAGESITE "ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.3-release/Latest/"
pkg_add -r samba36
then create the folder
/home/public
and set priv. to 777
create the file
/usr/local/etc/smb.conf
[global] netbios name = Server server string = pfSense workgroup = WORKGROUP os level = 39 security = share preferred master = yes usershare allow guests = yes guest account = root socket options = TCP_NODELAY [Public] comment = Huh? writeable = yes public = yes path = /home/public browseable = yes guest ok = yescreate the file /etc/rc.conf.local
samba_enable="YES" nmbd_enable="YES" smbd_enable="YES" winbindd_enable="YES"then start your server
/usr/local/etc/rc.d/samba start
if it doesnt work then…god hate you...
-
I don't know why this would be a big deal/flame bait. All you need to do is add
interfaces = e1000g0
to your smb.conf where e1000g0 is your internal LAN interface and it should only be available from your LAN (and only create firewall rules for the LAN interface as well).
I know that this is a bad practice in general to put your data on your firewall which is why I won't do it. However it does depend on the data. If you are putting data on there that you don't need secure like music files, etc… then who cares.
-
I will most likely get flamed, die in a fire and burn in hell for eternity for sharing this but….here goes...
Samba on pfSense is like a flashlight on a toaster - it is strange and dangerous but sometimes handy ;D
-
I don't know why this would be a big deal/flame bait. All you need to do is add
interfaces = e1000g0
to your smb.conf where e1000g0 is your internal LAN interface and it should only be available from your LAN (and only create firewall rules for the LAN interface as well).
I know that this is a bad practice in general to put your data on your firewall which is why I won't do it. However it does depend on the data. If you are putting data on there that you don't need secure like music files, etc… then who cares.
It's not about securing the data, it's about securing the firewall. The odds of someone exploiting the firewall to get to your data are very, very low.
The odds of someone exploiting samba to compromise your firewall are much, much higher.
That said, I wouldn't do it, but I can see why someone would. I've done it before (years ago, before I ran pfSense), but I wouldn't do it now.
Also we tend to think of pfSense in its main role as a firewall, but it can also be an appliance platform. If someone really wanted to, they could setup pfSense standing alone with one interface on their LAN and have it work as just a file server. Not sure why someone would want to do that when FreeNAS exists, but that has never stopped anyone before. :-) In that type of environment, it can make sense. It's just not very common.
-
I am getting this error. help :'(
Starting nmbd.
/libexec/ld-elf.so.1: /usr/local/lib/libtalloc.so.2: unsupported file layout
/usr/local/etc/rc.d/samba: WARNING: failed to start nmbd
Starting smbd.
/libexec/ld-elf.so.1: /usr/local/lib/libtalloc.so.2: unsupported file layout
/usr/local/etc/rc.d/samba: WARNING: failed to start smbd
Starting winbindd.
/libexec/ld-elf.so.1: /usr/local/lib/libtalloc.so.2: unsupported file layout
/usr/local/etc/rc.d/samba: WARNING: failed to start winbindd -
Solved it! It seems that the dependencies are for 32bit. Here's what I did for my 64bit pfSense 2.0.2 box:
Delete the packages samba, talloc and python.
pkg_delete -v samba <version>pkg_delete -v talloc <version>pkg_delete -v python <version>*you can see the installed version of these packages in your system by using the command pkg_info.</version></version></version>
set the packagesite variable to use the 64bit instead of 32bit repository.
setenv PACKAGESITE "ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-8.3-release/Latest/"
*take note of the amd64 after the ports.
install samba again.
pkg_add -r -v samba36
*this will also install it's dependencies, talloc and python libraries.
configure the smb.conf then start the smb service.
/usr/local/etc/rc.d/samba startthat's it!!
-
Guys, see this:
http://forum.pfsense.org/index.php/topic,59357.0.html
-
Hi guys got a problem when trying to run samba, please see below. Please help what could be the problem.
[2.0.3-RELEASE][admin@mydomain.local]/home/public(26): /usr/local/etc/rc.d/samba start
Starting nmbd.
/libexec/ld-elf.so.1: Shared object "libsasl2.so.2" not found, required by "libldap-2.4.so.8"
/usr/local/etc/rc.d/samba: WARNING: failed to start nmbd
Starting smbd.
/libexec/ld-elf.so.1: Shared object "libsasl2.so.2" not found, required by "libldap-2.4.so.8"
/usr/local/etc/rc.d/samba: WARNING: failed to start smbd
Starting winbindd.
/libexec/ld-elf.so.1: Shared object "libsasl2.so.2" not found, required by "libldap-2.4.so.8"
/usr/local/etc/rc.d/samba: WARNING: failed to start winbindd -
well the quide is quite good it works just as i wanted with some optimizations.
the problem is that after every restart of pfsense samba is not starting as it should.
after a restart giving "service samba status"
i get```
nmbd is not running.
smbd is not running.
winbindd is not running.if i try this "service winbindd start"winbindd does not exist in /etc/rc.d or the local startup
directories (/usr/local/etc/rc.d)this is my: /etc/rc.conf.localsamba_enable="YES"
nmbd_enable="YES"
smbd_enable="YES"
winbindd_enable="YES"if i reinstall everything , it works!!!, until the next restart :( any ideas ? -
For me its working with this modification and after reboot samba is working as expected.
cp /usr/local/etc/rc.d/samba /usr/local/etc/rc.d/samba.sh
Forgot to mention u can start/stop samba without making the modification with:
/usr/local/etc/rc.d/samba onestart
/usr/local/etc/rc.d/samba onestopWith those commands maybe u can make an cron job to allow users to share with samba at any time u want :D
Best regards
P.S. Sorry for my english, is not my native language
-
Registered just to reply to this thread (and probably others in the future).
The problem I got with this Samba package is that it's trying to put the PID files into a folder in /var/run that doesn't exist (apparently /var/run is cleaned on reboot) and it doesn't have the foresight to create said folder again. The fix is simple, create that folder automatically during boot before Samba starts. edit: or you can just edit the startup script so that the PID files are created in a valid location.
The easiest way I found to do it is to edit the xml config file (/cf/conf/config.xml) and add "<shellcmd>mkdir /var/run/samba</shellcmd>" at the end of the system section so it becomes something like this :
…
<dnsallowoverride><shellcmd>mkdir /var/run/samba</shellcmd><interfaces>...</interfaces></dnsallowoverride>
You might also need to copy the samba run script to samba.sh as suggested by ghostdust for Samba to start automatically.
cp /usr/local/etc/rc.d/samba /usr/local/etc/rc.d/samba.sh
After this everything should work fine, at least it did so on my test machine.
-
-
<shellcmd>mkdir /var/run/samba</shellcmd>
-
cp /usr/local/etc/rc.d/samba /usr/local/etc/rc.d/samba.sh
After this everything should work fine, at least it did so on my test machine.
Just tested this , and i can confirm that it is working like a charm even after a restart.
I want to thank both Haxdal & ghostdust. -
-
I know this is pretty old post,
but would love to have a samba or ftp package on my pfbox,
my current hardware is simply overkill for a firewall.
-
@hongkonger:
I know this is pretty old post,
but would love to have a samba or ftp package on my pfbox,
my current hardware is simply overkill for a firewall.
Well the guide is pretty straight forward about samba server.
Read the guide and the troubleshooting below.
Here to help with ;) -
Instructions for pfsense 2.2.2-RELEASE (FreeBSD 10.1) with regards to the original steps
run these commands:
pkg
pkg install net/samba42Note 1: samba4.3 released on september 8th, you may be able to install this in future with pkg install net/samba43
Note 2: this has a bunch of dependencies which pkg will need to add automatically, potential security issuesCreate /etc/rc.conf with this (rc.conf.local no longer required):
samba_server_enable="YES"Primary conf file name changed:
cat /usr/local/etc/smb4.conf
[global]
server string = pfSense
interfaces = em0, lo
bind interfaces only = Yes
guest account = root
os level = 39
preferred master = Yes
usershare allow guests = Yes
idmap config * : backend = tdb[Public]
comment = Huh?
path = /home/
read only = No
guest ok = YesNote 3: keep an eye on the interface only section, replace yours their and change the path as needed.
Providing god doesn't hate you:
/usr/local/etc/rc.d/samba_server start
Performing sanity check on Samba configuration: OK
Starting nmbd.
Starting smbd.Note 4: Conf file help: (on a linux system) run testparm <your conf="" file="">. This outputted a better formatted conf file that worked on freebsd.
Also make sure you bind your interfaces right, you probably don't want this on the internet (maybe you do?)
netstat -na | grep 445
tcp4 0 0 192.168.1.1.445 . LISTEN
netstat -na | grep 137
udp4 0 0 192.168.1.255.137 .
udp4 0 0 192.168.1.1.137 .
udp4 0 0 *.137 .General help:
http://wiki.samba.org/index.php/Samba4/HOWTOHere's a FreeBSD gpart cheat sheet for those who are lazy and normally use gparted on linux like me:
https://forums.freebsd.org/threads/gpart-cheatsheet-wiping-drives-partitioning-formating.45411/
mount /dev/da0p1 backup/Hope this helps others, feel free to comment if things i've placed here should be done differently.</your>
-
Hope this helps others,
Only to get open or damage their firewall. SAMBA on WAN connected devices are a huge security risk
and that not only based on BSD or Linux. Even!feel free to comment if things i've placed here should be done differently.
A SAMBA server has nothing to search on a firewall, router, gateway or any other device
connected to the WAN interface directly. -
@BlueKobold:
Hope this helps others,
Only to get open or damage their firewall. SAMBA on WAN connected devices are a huge security risk
and that not only based on BSD or Linux. Even!feel free to comment if things i've placed here should be done differently.
A SAMBA server has nothing to search on a firewall, router, gateway or any other device
connected to the WAN interface directly.I think these points, as valid as they are, are covered extensively in this and especially other places on the pfsense forum. the only place where someone likely would risk this is a home environment where the security risks from hacked cell phones or infected windows PCs probably outweighs smbd on pfsense by a couple orders of magnitude.
for me, I have a USB external HDD that needs to be connected to a PC or other device, and that device needs to stay on 24x7 for constant remote file access. I try to limit the kilowatt hours of electricity usage as much as possible so that is my main motivation instead of connecting it to a PC and leaving that on (pfsense runs on an old laptop at my home). buying a external HDD enclosure that has ethernet and it's own smbd running is not free either so this is a good free alternative with the implied security risk, to an environment which contains a limited amount of sensitive information.
-
I love it how people justify garbage setups because of minuscule costs..
So you could pickup a pogo plug (tiny computer) for under $20 uses like zero power. You could pickup a pi again for under $35 for sure.. You could get the latest and greatest pi 2 b+ kit with SD card, etc.. for $55 uses like nothing for power..
pogo you can run arch linux on, has usb 2, usb 3 and even 1 USM/SATA Slot
http://www.amazon.com/Pogoplug-Series-4-Backup-Device/dp/B006I5MKZYSo your setting up something that clearly is unsupported because its a power saving issue, or cost of running a new piece of hardware? That you can get for pennies? Clearly you paying for internet, have a laptop, and most likley multiple pcs? Since you mention old PC buty don't want to leave it on because of power.
But you can not afford $20 to have a new toy to play with!!! And also provide your samba sharing server…
