Mounting windows shares/drives in pfsense



  • Greetings friends.
    i would like to mount windows shares on pfsense. Is that possible ?
    i had similar situation while i was trying to log squid; syslog server did the trick.
    Now the situation is a bit tricky.
    I'm trying to run aria2 ( http://aria2.sourceforge.net/ ) on pfsense and specify the download location on a windows shared drive.
    looking at this post –> http://forum.pfsense.org/index.php/topic,29135.0.html , i'm quite hopeless.
    any enlightenment is highly appreciated.
    TIA
    kalu


  • Netgate Administrator

    It would probably be easier to make windows share the folder using some protocol that pfSense can already talk to, like SCP or SFTP for example.
    I've never used it but this could do it: http://www.freesshd.com/

    Steve


  • Rebel Alliance Developer Netgate

    Well, on FreeBSD, mount_smbfs(8) can do that, but we don't include the files you'd need. You can probably just copy them over from a stock FreeBSD install of the same version as the pfSense version you're running (e.g. 2.0.x is FreeBSD 8.1).

    And to prove that works… At least on 2.0.2 amd64... (names and IPs changed to protect the innocent/guilty)

    fetch -o /usr/lib/ http://files.nyi.pfsense.org/jimp/smb/amd64/libsmb.a
    fetch -o /usr/lib/ http://files.nyi.pfsense.org/jimp/smb/amd64/libsmb.so.4
    fetch -o /usr/lib/ http://files.nyi.pfsense.org/jimp/smb/amd64/libsmb_p.a
    ln -s /usr/lib/libsmb.so.4 /usr/lib/libsmb.so
    fetch -o /usr/sbin http://files.nyi.pfsense.org/jimp/smb/amd64/mount_smbfs
    chmod a+x /usr/sbin/mount_smbfs
    fetch -o /boot/kernel/ http://files.nyi.pfsense.org/jimp/smb/amd64/smbfs.ko
    chmod a+x /boot/kernel/smbfs.ko
    fetch -o /boot/kernel/ http://files.nyi.pfsense.org/jimp/smb/amd64/libiconv.ko
    chmod a+x /boot/kernel/libiconv.ko
    fetch -o /boot/kernel/ http://files.nyi.pfsense.org/jimp/smb/amd64/libmchain.ko
    chmod a+x /boot/kernel/libmchain.ko
    rehash
    kldload libiconv
    kldload libmchain
    kldload smbfs
    mount_smbfs -I 192.168.x.y //jimp@myserver/jimp /mnt
    

    And the result:

    : mount
    //JIMP@MYSERVER/JIMP on /mnt (smbfs)
    : df /mnt
    Filesystem      1K-blocks      Used     Avail Capacity  Mounted on
    //JIMP@MYSERVER/JIMP 925779996 648483416 277296580    70%    /mnt
    : ls -l /mnt/pf*.tgz 
    -rwxr-xr-x  1 root  wheel  70624386 Nov 20 10:41 /mnt/pfSense-Full-Update-2.0.2-RELEASE-i386-20121114-2143.tgz
    
    

    Not sure I'd want to do that in production, but it does function…



  • Thanks stephenw10,
    Thanks jimp,
    I will give it a try and report back how it goes.
    kalu



  • Hi jimp
    Million $ Thank$
    worked like a charm

    [2.1-BETA0][admin@test-pfsense-test.localdomain]/(210): mount
    /dev/ufs/pfsense1 on / (ufs, local, noatime, synchronous)
    devfs on /dev (devfs, local)
    /dev/md0 on /tmp (ufs, local)
    /dev/md1 on /var (ufs, local)
    /dev/ufs/cf on /cf (ufs, local, noatime, synchronous)
    devfs on /var/dhcpd/dev (devfs, local)
    //SMBUSER@ICO-MA-01/SMBSHARE on /mnt (smbfs)

    [2.1-BETA0][admin@test-pfsense-test.localdomain]/(211): df /mnt
    Filesystem                  1K-blocks    Used    Avail Capacity  Mounted on
    //SMBUSER@ICO-MA-01/SMBSHARE 125925468 67524068 58401400    54%    /mnt
    [2.1-BETA0][admin@test-pfsense-test.localdomain]/(212):

    :)
    Yes in production server it's not a good idea.
    If i had to do it in production server,  I will make a user who only has write access to share D:\Downloads. If someone compromises the system he only will be able to delete everything inside D:\Downloads
    please correct me if my thinking is wrong.
    Many Many Thanks
    kalu



  • that would work in theory ….

    however ... every package on the system could one day be targetted when someone writes an exploit. If this happens, the pfsense team + volunteers try to update the supported packages as soon as possible.

    The samba-mount program will not be updated by the pfsense devs, you would have to update it manually if there is ever a security problem with it.


Locked