BSD DevCenter
oreilly.comSafari Books Online.Conferences.

advertisement


Big Scary Daemons

Stable SMB

11/15/2001

I discussed FreeBSD's SMB filesystem support well over a year ago. At the time, it was highly experimental and suffered occasional seizures.

It has since improved to the point where it is reliable enough for use in production settings. If you want to access a Windows share from your FreeBSD workstation, this is how you do it. Before you start, gather some basic information about your Windows network.

  • The workgroup or Windows domain name
  • A valid user name and password
  • The IP address of the WINS server, or the DNS host names of all the hosts you want to access. (You can get the WINS server IP by running ipconfig /all on a Windows system.)

The first problem you have is supporting the multiple character sets so common in Windows. It's very easy for a Windows user to use characters not found in the standard ASCII alphabet. You don't want to dump such a character into your kernel; you'll only confuse it, and a confused kernel is not a happy kernel. The FreeBSD kernel does not include the libraries to handle this. Install the libiconv port from /usr/ports/converters/libiconv before you proceed. Note that libiconv is under the LGPL; if you're interested in using SMBFS in an embedded system, run this by your legal department.

Now recompile your kernel to handle SMB. Just add the following options to your kernel.

options         NETSMB
options         NETSMBCRYPTO
options         LIBMCHAIN
options         LIBICONV
options	        SMBFS

The SMBFS kernel option is also available as a module. Because you already must rebuild your kernel to include SMB networking support, however, you might as well compile it statically.

Once you have the kernel built, install the SMB tools from /usr/ports/net/smbfs. The SMB tools must be exactly synchronized with your kernel. This makes packages mostly useless, unless you have several identical machines. If you upgrade your FreeBSD install, you must upgrade the port. To make life somewhat more difficult, the master SMBFS source code repository lurks behind a very slow link in Kazakhstan. I recommend that you store the distribution file somewhere on your network, so you can easily rebuild the tools without having to re-fetch the source from the other side of the world.

The SMB tools use a configuration file, either $HOME/.nsmbrc or /usr/local/etc/nsmb.conf. Any settings in nsmb.conf override settings in user home directories. The configuration file is divided into sections by labels in angle brackets. For example, settings that apply to every SMB connection are kept in the [default] section. You can create your own sections by specifying servers, users, and share, in one of the following formats.

[servername]
[servername:username]
[servername:username:sharename]

For example, information that applies to an entire server goes in a section named after the server. Information that applies to a specific user is kept in a user name section, and information that only applies to a single share is kept in a label that includes the share name. You could lump the information for all the shares under a [servername] entry if you don't have more specific information per share.

These values are all SMB values -- i.e., my Windows user name is "mlucas", but my Unix user name is "mwlucas", so I use "mlucas" in nsmb.conf.

You use keywords to assign a configuration to a section. Some keywords can only be used in particular sections. For example, servers have IP addresses, users don't. You assign a value with an equal sign, such as "keyword=value". Here are the keywords.

workgroup=string

This is the name of the NT domain or Windows workgroup you want to access.

addr=a.b.c.d

This is the IP (or IPX) address of a SMB server with this name. This can only appear under a plain [servername] label.

charsets local:remote

This handles conversions between the character set used on the FreeBSD system and the character set used on the SMB server. (As SMBFS was written in Central Asia, this was a matter of no small concern!)

nbns=a.b.c.d

This is the IP address of the NetBIOS (WINS) name server. You can put this in the [default] section or under a particular [servername].

nbscope=string

This is the NetBIOS scope. If you don't know what NetBIOS scope is, you probably don't need to set it.

retry_count

This is the number of times the SMB client will try to contact the server before assuming that the connection has broken. The default is probably fine.

timeout

This is the length of time the system will wait for a response to a SMB request. Again, the default is probably fine.

password=string

This is a clear-text password for a user or a share. If you must store passwords in nsmb.conf, be sure that only root can read the file. Storing a password in $HOME/.nsmbrc is a bad idea on a multi-user system. You can scramble this password by running smbutil -crypt. The scrambled password will have double dollar signs ($$) in front of it. This will help prevent someone accidentally seeing the password, but it can be easily unscrambled by a malicious user.

Pages: 1, 2

Next Pagearrow





Sponsored by: