Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Samba server on pfSense 2.0.2

    Scheduled Pinned Locked Moved pfSense Packages
    18 Posts 14 Posters 47.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      evil_chewbaka
      last edited by

      I will most likely get flamed, die in a fire and burn in hell for eternity for sharing this but….here goes...

      go to ssh shell and type:

      setenv PACKAGESITE "ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.3-release/Latest/"

      pkg_add -r samba36

      then create the folder

      /home/public

      and set priv. to 777

      create the file

      /usr/local/etc/smb.conf

      [global]
      netbios name = Server
      server string = pfSense
      workgroup = WORKGROUP
      os level = 39
      security = share
      preferred master = yes
      usershare allow guests = yes
      guest account = root
      
      socket options = TCP_NODELAY
      
      [Public]
      	comment = Huh?
      	writeable = yes
      	public = yes
      	path = /home/public
      	browseable = yes
      	guest ok = yes
      

      create the file    /etc/rc.conf.local

      samba_enable="YES"
      nmbd_enable="YES"
      smbd_enable="YES"
      winbindd_enable="YES"
      
      

      then start your server

      /usr/local/etc/rc.d/samba start

      if it doesnt work then…god hate you...

      1 Reply Last reply Reply Quote 0
      • W
        wheelz
        last edited by

        I don't know why this would be a big deal/flame bait.  All you need to do is add

        interfaces = e1000g0

        to your smb.conf where e1000g0 is your internal LAN interface and it should only be available from your LAN (and only create firewall rules for the LAN interface as well).

        I know that this is a bad practice in general to put your data on your firewall which is why I won't do it.  However it does depend on the data.  If you are putting data on there that you don't need secure like music files, etc… then who cares.

        1 Reply Last reply Reply Quote 1
        • U
          unguzov
          last edited by

          @evil_chewbaka:

          I will most likely get flamed, die in a fire and burn in hell for eternity for sharing this but….here goes...

          Samba on pfSense is like a flashlight on a toaster - it is strange and dangerous but sometimes handy  ;D

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            @wheelz:

            I don't know why this would be a big deal/flame bait.  All you need to do is add

            interfaces = e1000g0

            to your smb.conf where e1000g0 is your internal LAN interface and it should only be available from your LAN (and only create firewall rules for the LAN interface as well).

            I know that this is a bad practice in general to put your data on your firewall which is why I won't do it.  However it does depend on the data.  If you are putting data on there that you don't need secure like music files, etc… then who cares.

            It's not about securing the data, it's about securing the firewall. The odds of someone exploiting the firewall to get to your data are very, very low.

            The odds of someone exploiting samba to compromise your firewall are much, much higher.

            That said, I wouldn't do it, but I can see why someone would. I've done it before (years ago, before I ran pfSense), but I wouldn't do it now.

            Also we tend to think of pfSense in its main role as a firewall, but it can also be an appliance platform. If someone really wanted to, they could setup pfSense standing alone with one interface on their LAN and have it work as just a file server. Not sure why someone would want to do that when FreeNAS exists, but that has never stopped anyone before. :-)  In that type of environment, it can make sense. It's just not very common.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • M
              mamen0330
              last edited by

              I am getting this error. help :'(

              Starting nmbd.
              /libexec/ld-elf.so.1: /usr/local/lib/libtalloc.so.2: unsupported file layout
              /usr/local/etc/rc.d/samba: WARNING: failed to start nmbd
              Starting smbd.
              /libexec/ld-elf.so.1: /usr/local/lib/libtalloc.so.2: unsupported file layout
              /usr/local/etc/rc.d/samba: WARNING: failed to start smbd
              Starting winbindd.
              /libexec/ld-elf.so.1: /usr/local/lib/libtalloc.so.2: unsupported file layout
              /usr/local/etc/rc.d/samba: WARNING: failed to start winbindd

              1 Reply Last reply Reply Quote 0
              • M
                mamen0330
                last edited by

                Solved it! It seems that the dependencies are for 32bit. Here's what I did for my 64bit pfSense 2.0.2 box:

                Delete the packages samba, talloc and python.

                pkg_delete -v samba <version>pkg_delete -v talloc <version>pkg_delete -v python <version>*you can see the installed version of these packages in your system by using the command pkg_info.</version></version></version>

                set the packagesite variable to use the 64bit instead of 32bit repository.

                setenv PACKAGESITE "ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-8.3-release/Latest/"

                *take note of the amd64 after the ports.

                install samba again.

                pkg_add -r -v samba36

                *this will also install it's dependencies, talloc and python libraries.

                configure the smb.conf then start the smb service.

                /usr/local/etc/rc.d/samba start
                

                that's it!!

                1 Reply Last reply Reply Quote 0
                • L
                  lgcosta
                  last edited by

                  Guys, see this:

                  http://forum.pfsense.org/index.php/topic,59357.0.html

                  Luiz Gustavo - Suporte pfSense no Brasil
                  mundounix.com.br

                  1 Reply Last reply Reply Quote 0
                  • D
                    dennisv
                    last edited by

                    Hi guys got a problem when trying to run samba, please see below. Please help what could be the problem.

                    [2.0.3-RELEASE][admin@mydomain.local]/home/public(26): /usr/local/etc/rc.d/samba start
                    Starting nmbd.
                    /libexec/ld-elf.so.1: Shared object "libsasl2.so.2" not found, required by "libldap-2.4.so.8"
                    /usr/local/etc/rc.d/samba: WARNING: failed to start nmbd
                    Starting smbd.
                    /libexec/ld-elf.so.1: Shared object "libsasl2.so.2" not found, required by "libldap-2.4.so.8"
                    /usr/local/etc/rc.d/samba: WARNING: failed to start smbd
                    Starting winbindd.
                    /libexec/ld-elf.so.1: Shared object "libsasl2.so.2" not found, required by "libldap-2.4.so.8"
                    /usr/local/etc/rc.d/samba: WARNING: failed to start winbindd

                    1 Reply Last reply Reply Quote 0
                    • S
                      salida
                      last edited by

                      well the quide is quite good it works just as i wanted with some optimizations.

                      the problem is that after every restart of pfsense samba is not starting as it should.
                      after a restart giving "service samba status"
                      i get```
                      nmbd is not running.
                      smbd is not running.
                      winbindd is not running.

                      
                      if i try this "service winbindd start"
                      

                      winbindd does not exist in /etc/rc.d or the local startup
                      directories (/usr/local/etc/rc.d)

                      
                      this is my: /etc/rc.conf.local
                      

                      samba_enable="YES"
                      nmbd_enable="YES"
                      smbd_enable="YES"
                      winbindd_enable="YES"

                      
                      if i reinstall everything , it works!!!, until the next restart :(
                      any ideas ?
                      1 Reply Last reply Reply Quote 0
                      • G
                        ghostdust
                        last edited by

                        For me its working with this modification and after reboot samba is working as expected.

                        cp /usr/local/etc/rc.d/samba /usr/local/etc/rc.d/samba.sh

                        Forgot to mention u can start/stop samba without making the modification with:

                        /usr/local/etc/rc.d/samba onestart
                        /usr/local/etc/rc.d/samba onestop

                        With those commands maybe u can make an cron job to allow users to share with samba at any time u want  :D

                        Best regards

                        P.S. Sorry for my english, is not my native language

                        1 Reply Last reply Reply Quote 0
                        • H
                          Haxdal
                          last edited by

                          Registered just to reply to this thread (and probably others in the future).

                          The problem I got with this Samba package is that it's trying to put the PID files into a folder in /var/run that doesn't exist (apparently /var/run is cleaned on reboot) and it doesn't have the foresight to create said folder again. The fix is simple, create that folder automatically during boot before Samba starts.  edit: or you can just edit the startup script so that the PID files are created in a valid location.

                          The easiest way I found to do it is to edit the xml config file (/cf/conf/config.xml) and add "<shellcmd>mkdir /var/run/samba</shellcmd>" at the end of the system section so it becomes something like this :

                          …
                          <dnsallowoverride><shellcmd>mkdir /var/run/samba</shellcmd>

                          <interfaces>...</interfaces></dnsallowoverride>

                          You might also need to copy the samba run script to samba.sh as suggested by ghostdust for Samba to start automatically.

                          cp /usr/local/etc/rc.d/samba /usr/local/etc/rc.d/samba.sh

                          After this everything should work fine, at least it did so on my test machine.

                          1 Reply Last reply Reply Quote 0
                          • S
                            salida
                            last edited by

                            @Haxdal:

                            • <shellcmd>mkdir /var/run/samba</shellcmd>

                            • cp /usr/local/etc/rc.d/samba /usr/local/etc/rc.d/samba.sh

                            After this everything should work fine, at least it did so on my test machine.

                            Just tested this , and i can confirm that it is working like a charm even after a restart.
                            I want to thank both Haxdal & ghostdust.

                            1 Reply Last reply Reply Quote 0
                            • A
                              abidkhanhk
                              last edited by

                              I know this is pretty old post,

                              but would love to have a samba or ftp package on my pfbox,

                              my current hardware is simply overkill for a firewall.

                              1 Reply Last reply Reply Quote 0
                              • S
                                salida
                                last edited by

                                @hongkonger:

                                I know this is pretty old post,

                                but would love to have a samba or ftp package on my pfbox,

                                my current hardware is simply overkill for a firewall.

                                Well the guide is pretty straight forward about samba server.
                                Read the guide and the troubleshooting below.
                                Here to help with ;)

                                1 Reply Last reply Reply Quote 0
                                • R
                                  rsingh
                                  last edited by

                                  Instructions for pfsense 2.2.2-RELEASE (FreeBSD 10.1) with regards to the original steps

                                  run these commands:
                                  pkg
                                  pkg install net/samba42

                                  Note 1: samba4.3 released on september 8th, you may be able to install this in future with pkg install net/samba43
                                  Note 2: this has a bunch of dependencies which pkg will need to add automatically, potential security issues

                                  Create /etc/rc.conf with this (rc.conf.local no longer required):
                                  samba_server_enable="YES"

                                  Primary conf file name changed:
                                  cat /usr/local/etc/smb4.conf
                                  [global]
                                  server string = pfSense
                                  interfaces = em0, lo
                                  bind interfaces only = Yes
                                  guest account = root
                                  os level = 39
                                  preferred master = Yes
                                  usershare allow guests = Yes
                                  idmap config * : backend = tdb

                                  [Public]
                                  comment = Huh?
                                  path = /home/
                                  read only = No
                                  guest ok = Yes

                                  Note 3: keep an eye on the interface only section, replace yours their and change the path as needed.

                                  Providing god doesn't hate you:

                                  /usr/local/etc/rc.d/samba_server start
                                  Performing sanity check on Samba configuration: OK
                                  Starting nmbd.
                                  Starting smbd.

                                  Note 4: Conf file help: (on a linux system) run testparm <your conf="" file="">. This outputted a better formatted conf file that worked on freebsd.

                                  Also make sure you bind your interfaces right, you probably don't want this on the internet (maybe you do?)

                                  netstat -na | grep 445
                                  tcp4      0      0 192.168.1.1.445        .                    LISTEN
                                  netstat -na | grep 137
                                  udp4      0      0 192.168.1.255.137      .                   
                                  udp4      0      0 192.168.1.1.137        .                   
                                  udp4      0      0 *.137                  .

                                  General help:
                                  http://wiki.samba.org/index.php/Samba4/HOWTO

                                  Here's a FreeBSD gpart cheat sheet for those who are lazy and normally use gparted on linux like me:
                                  https://forums.freebsd.org/threads/gpart-cheatsheet-wiping-drives-partitioning-formating.45411/
                                  mount /dev/da0p1 backup/

                                  Hope this helps others, feel free to comment if things i've placed here should be done differently.</your>

                                  1 Reply Last reply Reply Quote 0
                                  • ?
                                    Guest
                                    last edited by

                                    Hope this helps others,

                                    Only to get open or damage their firewall. SAMBA on WAN connected devices are a huge security risk
                                    and that not only based on BSD or Linux. Even!

                                    feel free to comment if things i've placed here should be done differently.

                                    A SAMBA server has nothing to search on a firewall, router, gateway or any other device
                                    connected to the WAN interface directly.

                                    1 Reply Last reply Reply Quote 0
                                    • R
                                      rsingh
                                      last edited by

                                      @BlueKobold:

                                      Hope this helps others,

                                      Only to get open or damage their firewall. SAMBA on WAN connected devices are a huge security risk
                                      and that not only based on BSD or Linux. Even!

                                      feel free to comment if things i've placed here should be done differently.

                                      A SAMBA server has nothing to search on a firewall, router, gateway or any other device
                                      connected to the WAN interface directly.

                                      I think these points, as valid as they are, are covered extensively in this and especially other places on the pfsense forum. the only place where someone likely would risk this is a home environment where the security risks from hacked cell phones or infected windows PCs probably outweighs smbd on pfsense by a couple orders of magnitude.

                                      for me, I have a USB external HDD that needs to be connected to a PC or other device, and that device needs to stay on 24x7 for constant remote file access. I try to limit the kilowatt hours of electricity usage as much as possible so that is my main motivation instead of connecting it to a PC and leaving that on (pfsense runs on an old laptop at my home). buying a external HDD enclosure that has ethernet and it's own smbd running is not free either so this is a good free alternative with the implied security risk, to an environment which contains a limited amount of sensitive information.

                                      1 Reply Last reply Reply Quote 0
                                      • johnpozJ
                                        johnpoz LAYER 8 Global Moderator
                                        last edited by

                                        I love it how people justify garbage setups because of minuscule costs..

                                        So you could pickup a pogo plug (tiny computer) for under $20 uses like zero power.  You could pickup a pi again for under $35 for sure.. You could get the latest and greatest pi 2 b+ kit with SD card, etc.. for $55 uses like nothing for power..

                                        pogo you can run arch linux on, has usb 2, usb 3 and even 1 USM/SATA Slot
                                        http://www.amazon.com/Pogoplug-Series-4-Backup-Device/dp/B006I5MKZY

                                        So your setting up something that clearly is unsupported because its a power saving issue, or cost of running a new piece of hardware?  That you can get for pennies?  Clearly you paying for internet, have a laptop, and most likley multiple pcs?  Since you mention old PC buty don't want to leave it on because of power.

                                        But you can not afford $20 to have a new toy to play with!!!  And also provide your samba sharing server…

                                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                                        If you get confused: Listen to the Music Play
                                        Please don't Chat/PM me for help, unless mod related
                                        SG-4860 24.11 | Lab VMs 2.8, 24.11

                                        1 Reply Last reply Reply Quote 0
                                        • First post
                                          Last post
                                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.