Daily Archives: September 27, 2010

Installing Samba (for windows file sharing) in FreeBSD

People keep telling me that they have trouble getting Samba to work properly.  I found it difficult to get working properly too, so here’s a guide that should make it a lot easier…

First of all, we need to install it!  Make sure you have updated your Ports tree (see other posts) and then, as root:

cd /usr/ports/net/samba34
make config

This will show the configuration dialog box for options for the port.  Using the space bar and cursor keys, deselect ALL the options, and then enable only these:


Press TAB to go to OK and press enter.  Now you can build and install the port with:

make install distclean

It will go off and install dependencies if it needs to.  If you see any other configuration boxes, just accept the defaults and move on.

This takes a while as it has to install quite a few packages/ports, mostly for the file alteration monitor support – but it’s worth it so be patient.  If you already have X/gnome2 installed, this process will be much quicker.

Once the port is installed, we need to make a few changes to the limits within FreeBSD to make samba a little happier…  edit /etc/sysctl.conf and add the following:


And we also need to add another kernel module.  edit /boot/loader.conf and add the following:


Now, we need to tell samba to start on bootup, edit /etc/rc.conf and add the following:


And finally, we need to make ourselves a config file.  Edit /usr/local/etc/smb.conf and remove its entire contents.  Replace with the following template:

server string = Server Name
interfaces = em0
bind interfaces only = Yes
map to guest = Bad User
passdb backend = tdbsam
log file = /var/log/samba34/log.%m
max log size = 500
name resolve order = wins lmhosts bcast host
load printers = No
os level = 10
preferred master = No
domain master = No
dns proxy = No
wins support = No
ldap ssl = no
hosts allow =,,
hosts deny =
case sensitive = Yes
level2 oplocks = Yes
oplocks = Yes

comment = Temp Folder
path = /tmp
guest only = Yes
guest ok = Yes
read only = No

Replace ‘interfaces’ with your network interface name (mine is em0)

Your windows netbios name, by default, will be the hostname of your FreeBSD server up to the first dot.  E.g. for test.dan.me.uk the netbios name is TEST.

Reboot to startup samba with all the relevant changes.  Browse to the server and you will see “tmp” share which is a user nobody access to /tmp.

Check the samba documentation on how to define other shares, such as per-user homedir shares.

Switching from MD5 to Blowfish/SHA512 password hashes in FreeBSD

By default, FreeBSD uses MD5 hashes for its encrypted passwords for users (SHA512 for FreeBSD 9.1+).  However, blowfish is available in all recent versions of FreeBSD and it’s really easy to change the default…

edit the file /etc/login.conf and change the following line:


To read the following:


Then rebuild the login database with the following command:

cap_mkdb /etc/login.conf

Now all passwords you change or set when adding a user will be encrypted using blowfish.  You can change your current password with passwd and when changed, your password will be blowfish encrypted.

If your system uses MD5, it’s preferrable to change over to Blowfish as it’s more secure… However, if your system supports SHA512 you should prefer this (passwd_format=sha512) – except for very few situations. (SHA512 is supported in FreeBSD 9.1+ only)

DirectAdmin requires the system to use md5 not blowfish or sha512, otherwise you will never be able to login to your DA web console.