Samba on FreeBSD 11.0

Starting with a freebsd 11.0 install from zero-samba with file shares once setup freebsd should operate like a NAS, editing the samba config file will allow you to create file shares to different folders or drives.

update the system freebsd-update fetch / install

root@bsdtest:/usr/home/sysadmin # pkg search samba
 p5-Samba-LDAP-0.05_2           Manage a Samba PDC with an LDAP Backend
 p5-Samba-SIDhelper-0.0.0_3     Create SIDs based on G/UIDs
 samba-nsupdate-9.8.6_1         nsupdate utility with GSS-TSIG support
 samba-virusfilter-0.1.3_1      On-access anti-virus filter for Samba
 samba36-3.6.25_3               Free SMB and CIFS client and server for Unix
 samba36-libsmbclient-3.6.25_2  Shared lib from the samba package
 samba36-nmblookup-3.6.25       NetBIOS Name lookup tool
 samba36-smbclient-3.6.25       Samba "ftp-like" client
 samba42-4.2.14                 Free SMB/CIFS and AD/DC server and client for Unix
 samba43-4.3.11_1               Free SMB/CIFS and AD/DC server and client for Unix
 samba44-4.4.5_1                Free SMB/CIFS and AD/DC server and client for Unix

install Samba44

root@bsdtest:/usr/home/austinjaney # pkg install samba44
 Updating FreeBSD repository catalogue...
 FreeBSD repository is up-to-date.
 All repositories are up-to-date.
 The following 36 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
 samba44: 4.4.5_1
 python27: 2.7.12
 libffi: 3.2.1
 indexinfo: 0.2.5
 readline: 6.3.8
 gettext-runtime: 0.19.8.1
 talloc: 2.1.6
 python2: 2_3
 libsunacl: 1.0
 popt: 1.16_1
 py27-iso8601: 0.1.11
 py27-setuptools27: 23.1.0
 py27-dnspython: 1.14.0
 openldap-client: 2.4.44
 tevent: 0.9.28
 ldb: 1.1.26
 tdb: 1.3.9,1
 gnutls: 3.4.15
 nettle: 3.2
 gmp: 5.1.3_3
 ca_root_nss: 3.27.1
 libtasn1: 4.9
 trousers: 0.3.13_1
 tpm-emulator: 0.7.4_1
 p11-kit: 0.23.2
 libidn: 1.33_1
 libinotify: 20160505
 gamin: 0.1.10_8
 glib: 2.46.2_3
 libiconv: 1.14_9
 perl5: 5.20.3_15
 pcre: 8.39
 libarchive: 3.2.1,1
 expat: 2.2.0
 lzo2: 2.09
 liblz4: 131

Number of packages to be installed: 36

The process will require 302 MiB more space.
 24 MiB to be downloaded.

Proceed with this action? [y/N]: y
 Fetching ldb-1.1.26.txz: 100% 196 KiB 201.1kB/s 00:01
 Fetching tdb-1.3.9,1.txz: 100% 82 KiB 83.9kB/s 00:01
 Fetching gnutls-3.4.15.txz: 100% 2 MiB 2.1MB/s 00:01
 Fetching nettle-3.2.txz: 100% 1 MiB 1.1MB/s 00:01
 Fetching gmp-5.1.3_3.txz: 100% 476 KiB 487.1kB/s 00:01
 Fetching ca_root_nss-3.27.1.txz: 100% 324 KiB 332.0kB/s 00:01
 Fetching libtasn1-4.9.txz: 100% 594 KiB 608.6kB/s 00:01
 Fetching trousers-0.3.13_1.txz: 100% 463 KiB 474.0kB/s 00:01
 Fetching tpm-emulator-0.7.4_1.txz: 100% 112 KiB 114.6kB/s 00:01
 Fetching p11-kit-0.23.2.txz: 100% 226 KiB 231.3kB/s 00:01
 Fetching libidn-1.33_1.txz: 100% 202 KiB 207.2kB/s 00:01
 Fetching libinotify-20160505.txz: 100% 18 KiB 18.7kB/s 00:01
 Fetching gamin-0.1.10_8.txz: 100% 49 KiB 50.5kB/s 00:01
 Fetching glib-2.46.2_3.txz: 100% 3 MiB 1.4MB/s 00:02
 Fetching libiconv-1.14_9.txz: 100% 591 KiB 605.1kB/s 00:01
 Fetching perl5-5.20.3_15.txz: 100% 13 MiB 6.9MB/s 00:02
 Fetching pcre-8.39.txz: 100% 1 MiB 36.1kB/s 00:31
 pkg: http://pkg.FreeBSD.org/FreeBSD:11:amd64/quarterly/All/pcre-8.39.txz: Operation timed out
 root@bsdtest:/usr/home/austinjaney # reboot
 Connection to 192.168.115.139 closed by remote host.
 Connection to 192.168.115.139 closed.
 Austins-MacBook-Pro:~ austinjaney$ ssh austinjaney@192.168.115.139
 Password for austinjaney@bsdtest:
 Last login: Fri Nov 18 00:34:33 2016 from 192.168.115.1
 FreeBSD 11.0-RELEASE-p2 (GENERIC) #0: Mon Oct 24 06:55:27 UTC 2016

Welcome to FreeBSD!

Release Notes, Errata: https://www.FreeBSD.org/releases/
 Security Advisories: https://www.FreeBSD.org/security/
 FreeBSD Handbook: https://www.FreeBSD.org/handbook/
 FreeBSD FAQ: https://www.FreeBSD.org/faq/
 Questions List: https://lists.FreeBSD.org/mailman/listinfo/freebsd-questions/
 FreeBSD Forums: https://forums.FreeBSD.org/

Documents installed with the system are in the /usr/local/share/doc/freebsd/
 directory, or can be installed later with: pkg install en-freebsd-doc
 For other languages, replace "en" with a language code like de or fr.

Show the version of FreeBSD installed: freebsd-version ; uname -a
 Please include that output and any error messages when posting questions.
 Introduction to manual pages: man man
 FreeBSD directory layout: man hier

Edit /etc/motd to change this login announcement.
 You can `set autologout = 30' to have tcsh log you off automatically
 if you leave the shell idle for more than 30 minutes.
 $ su
 Password:
 root@bsdtest:/usr/home/austinjaney # ls
 .cshrc .login_conf .mailrc .rhosts
 .login .mail_aliases .profile .shrc
 root@bsdtest:/usr/home/austinjaney # pkg install samba44
 Updating FreeBSD repository catalogue...
 FreeBSD repository is up-to-date.
 All repositories are up-to-date.
 The following 36 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
 samba44: 4.4.5_1
 python27: 2.7.12
 libffi: 3.2.1
 indexinfo: 0.2.5
 readline: 6.3.8
 gettext-runtime: 0.19.8.1
 talloc: 2.1.6
 python2: 2_3
 libsunacl: 1.0
 popt: 1.16_1
 py27-iso8601: 0.1.11
 py27-setuptools27: 23.1.0
 py27-dnspython: 1.14.0
 openldap-client: 2.4.44
 tevent: 0.9.28
 ldb: 1.1.26
 tdb: 1.3.9,1
 gnutls: 3.4.15
 nettle: 3.2
 gmp: 5.1.3_3
 ca_root_nss: 3.27.1
 libtasn1: 4.9
 trousers: 0.3.13_1
 tpm-emulator: 0.7.4_1
 p11-kit: 0.23.2
 libidn: 1.33_1
 libinotify: 20160505
 gamin: 0.1.10_8
 glib: 2.46.2_3
 libiconv: 1.14_9
 perl5: 5.20.3_15
 pcre: 8.39
 libarchive: 3.2.1,1
 expat: 2.2.0
 lzo2: 2.09
 liblz4: 131

Number of packages to be installed: 36

The process will require 302 MiB more space.
 2 MiB to be downloaded.

Proceed with this action? [y/N]: y
 Fetching pcre-8.39.txz: 100% 1 MiB 1.1MB/s 00:01
 Fetching libarchive-3.2.1,1.txz: 100% 678 KiB 694.7kB/s 00:01
 Fetching expat-2.2.0.txz: 100% 101 KiB 103.7kB/s 00:01
 Fetching lzo2-2.09.txz: 100% 112 KiB 114.6kB/s 00:01
 Fetching liblz4-131.txz: 100% 76 KiB 78.2kB/s 00:01
 Checking integrity... done (0 conflicting)
 [1/36] Installing indexinfo-0.2.5...
 [1/36] Extracting indexinfo-0.2.5: 100%
 [2/36] Installing libffi-3.2.1...
 [2/36] Extracting libffi-3.2.1: 100%
 [3/36] Installing readline-6.3.8...
 [3/36] Extracting readline-6.3.8: 100%
 [4/36] Installing gettext-runtime-0.19.8.1...
 [4/36] Extracting gettext-runtime-0.19.8.1: 100%
 [5/36] Installing python27-2.7.12...
 [5/36] Extracting python27-2.7.12: 100%
 [6/36] Installing python2-2_3...
 [6/36] Extracting python2-2_3: 100%
 [7/36] Installing gmp-5.1.3_3...
 [7/36] Extracting gmp-5.1.3_3: 100%
 [8/36] Installing talloc-2.1.6...
 [8/36] Extracting talloc-2.1.6: 100%
 [9/36] Installing ca_root_nss-3.27.1...
 [9/36] Extracting ca_root_nss-3.27.1: 100%
 [10/36] Installing libtasn1-4.9...
 [10/36] Extracting libtasn1-4.9: 100%
 [11/36] Installing tpm-emulator-0.7.4_1...
 ===> Creating groups.
 Creating group '_tss' with gid '601'.
 ===> Creating users
 Creating user '_tss' with uid '601'.
 [11/36] Extracting tpm-emulator-0.7.4_1: 100%
 [12/36] Installing libiconv-1.14_9...
 [12/36] Extracting libiconv-1.14_9: 100%
 [13/36] Installing perl5-5.20.3_15...
 [13/36] Extracting perl5-5.20.3_15: 100%
 [14/36] Installing pcre-8.39...
 [14/36] Extracting pcre-8.39: 100%
 [15/36] Installing popt-1.16_1...
 [15/36] Extracting popt-1.16_1: 100%
 [16/36] Installing py27-setuptools27-23.1.0...
 [16/36] Extracting py27-setuptools27-23.1.0: 100%
 [17/36] Installing openldap-client-2.4.44...
 [17/36] Extracting openldap-client-2.4.44: 100%
 [18/36] Installing tevent-0.9.28...
 [18/36] Extracting tevent-0.9.28: 100%
 [19/36] Installing tdb-1.3.9,1...
 [19/36] Extracting tdb-1.3.9,1: 100%
 [20/36] Installing nettle-3.2...
 [20/36] Extracting nettle-3.2: 100%
 [21/36] Installing trousers-0.3.13_1...
 ===> Creating groups.
 Using existing group '_tss'.
 ===> Creating users
 Using existing user '_tss'.
 [21/36] Extracting trousers-0.3.13_1: 100%
 [22/36] Installing p11-kit-0.23.2...
 [22/36] Extracting p11-kit-0.23.2: 100%
 [23/36] Installing libidn-1.33_1...
 [23/36] Extracting libidn-1.33_1: 100%
 [24/36] Installing glib-2.46.2_3...
 [24/36] Extracting glib-2.46.2_3: 100%
 No schema files found: doing nothing.
 [25/36] Installing expat-2.2.0...
 [25/36] Extracting expat-2.2.0: 100%
 [26/36] Installing lzo2-2.09...
 [26/36] Extracting lzo2-2.09: 100%
 [27/36] Installing liblz4-131...
 [27/36] Extracting liblz4-131: 100%
 [28/36] Installing libsunacl-1.0...
 [28/36] Extracting libsunacl-1.0: 100%
 [29/36] Installing py27-iso8601-0.1.11...
 [29/36] Extracting py27-iso8601-0.1.11: 100%
 [30/36] Installing py27-dnspython-1.14.0...
 [30/36] Extracting py27-dnspython-1.14.0: 100%
 [31/36] Installing ldb-1.1.26...
 [31/36] Extracting ldb-1.1.26: 100%
 [32/36] Installing gnutls-3.4.15...
 [32/36] Extracting gnutls-3.4.15: 100%
 [33/36] Installing libinotify-20160505...
 [33/36] Extracting libinotify-20160505: 100%
 [34/36] Installing gamin-0.1.10_8...
 [34/36] Extracting gamin-0.1.10_8: 100%
 [35/36] Installing libarchive-3.2.1,1...
 [35/36] Extracting libarchive-3.2.1,1: 100%
 [36/36] Installing samba44-4.4.5_1...
 [36/36] Extracting samba44-4.4.5_1: 100%
 Message from python27-2.7.12:
 ===========================================================================

Note that some standard Python modules are provided as separate ports
 as they require additional dependencies. They are available as:

bsddb databases/py-bsddb
 gdbm databases/py-gdbm
 sqlite3 databases/py-sqlite3
 tkinter x11-toolkits/py-tkinter

=======================================================================
 Message from ca_root_nss-3.27.1:
 ********************************* WARNING *********************************

FreeBSD does not, and can not warrant that the certification authorities
 whose certificates are included in this package have in any way been
 audited for trustworthiness or RFC 3647 compliance.

Assessment and verification of trust is the complete responsibility of the
 system administrator.

*********************************** NOTE **********************************

This package installs symlinks to support root certificates discovery by
 default for software that uses OpenSSL.

This enables SSL Certificate Verification by client software without manual
 intervention.

If you prefer to do this manually, replace the following symlinks with
 either an empty file or your site-local certificate bundle.

* /etc/ssl/cert.pem
 * /usr/local/etc/ssl/cert.pem
 * /usr/local/openssl/cert.pem

********************************************************************
 Message from perl5-5.20.3_15:
 The /usr/bin/perl symlink has been removed starting with Perl 5.20.
 For shebangs, you should either use:

#!/usr/local/bin/perl

or

#!/usr/bin/env perl

The first one will only work if you have a /usr/local/bin/perl,
 the second will work as long as perl is in PATH.
 Message from openldap-client-2.4.44:
 ************************************************************

The OpenLDAP client package has been successfully installed.

Edit
 /usr/local/etc/openldap/ldap.conf
 to change the system-wide client defaults.

Try `man ldap.conf' and visit the OpenLDAP FAQ-O-Matic at
 http://www.OpenLDAP.org/faq/index.cgi?file=3
 for more information.

************************************************************
 Message from trousers-0.3.13_1:
 To run tcsd automatically, add the following line to /etc/rc.conf:

tcsd_enable="YES"

You might want to edit /usr/local/etc/tcsd.conf to reflect your setup.

If you want to use tcsd with software TPM emulator, use the following
 configuration in /etc/rc.conf:

tcsd_enable="YES"
 tcsd_mode="emulator"
 tpmd_enable="YES"

To use TPM, add your_account to '_tss' group like following:

# pw groupmod _tss -m your_account
 Message from libinotify-20160505:
 =======================================================================

Libinotify functionality on FreeBSD is missing support for

- detecting a file being moved into or out of a directory within the
 same filesystem
 - certain modifications to a symbolic link (rather than the
 file it points to.)

in addition to the known limitations on all platforms using kqueue(2)
 where various open and close notifications are unimplemented.

This means the following regression tests will fail:

Directory notifications:
 IN_MOVED_FROM
 IN_MOVED_TO

Open/close notifications:
 IN_OPEN
 IN_CLOSE_NOWRITE
 IN_CLOSE_WRITE

Symbolic Link notifications:
 IN_DONT_FOLLOW
 IN_ATTRIB
 IN_MOVE_SELF
 IN_DELETE_SELF

Kernel patches to address the missing directory and symbolic link
 notifications are available from:

https://github.com/libinotify-kqueue/libinotify-kqueue/tree/master/patches

=======================================================================
 You might want to consider increasing the kern.maxfiles tunable if you plan
 to use this library for applications that need to monitor activity of a lot
 of files.

If the default on your system is too low, add the following line to
 /boot/loader.conf, then reboot the system:

kern.maxfiles="25000"
 =======================================================================
 Message from gamin-0.1.10_8:
 =======================================================================

Gamin will only provide realtime notification of changes for at most n files,
 where n is the minimum value between (kern.maxfiles * 0.7) and
 (kern.maxfilesperproc - 200). Beyond that limit, files will be polled.

If you often open several large folders with Nautilus, you might want to
 increase the kern.maxfiles tunable (you do not need to set
 kern.maxfilesperproc, since it is computed at boot time from kern.maxfiles).

For a typical desktop, add the following line to /boot/loader.conf, then
 reboot the system:

kern.maxfiles="25000"

The behavior of gamin can be controlled via the various gaminrc files.
 See http://www.gnome.org/~veillard/gamin/config.html on how to create
 these files. In particular, if you find gam_server is taking up too much
 CPU time polling for changes, something like the following may help
 in one of the gaminrc files:

# reduce polling frequency to once per 10 seconds
 # for UFS file systems in order to lower CPU load
 fsset ufs poll 10

=======================================================================

===> NOTICE:

The gamin port currently does not have a maintainer. As a result, it is
 more likely to have unresolved issues, not be up-to-date, or even be removed in
 the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
 Message from samba44-4.4.5_1:
 =======================================================================

How to start: http://wiki.samba.org/index.php/Samba4/HOWTO

* Your configuration is: /usr/local/etc/smb4.conf

* All the relevant databases are under: /var/db/samba4

* All the logs are under: /var/log/samba4

* Provisioning script is: /usr/local/bin/samba-tool

For additional documentation check: http://wiki.samba.org/index.php/Samba4

Bug reports should go to the: https://bugzilla.samba.org/

=======================================================================

Done. now its config time, yes I use nano (pkg install nano) first lets use these Kernel options

root@bsdtest:/usr/home/sysadmin # nano /etc/sysctl.conf

# $FreeBSD: releng/11.0/etc/sysctl.conf 112200 2003-03-13 18:43:50Z mux $
 #
 # This file is read when going to multi-user and its contents piped thru
 # ``sysctl'' to adjust kernel values. ``man 5 sysctl.conf'' for details.
 #

# Uncomment this to prevent users from seeing information about processes that
 # are being run under another UID.
 #security.bsd.see_other_uids=0

kern.maxfiles=25600
kern.maxfilesperproc=16384
net.inet.tcp.sendspace=65536
net.inet.tcp.recvspace=65536

now lets edit our Samba config

root@bsdtest:/usr/home/austinjaney # nano /usr/local/etc/smb4.conf

[global]
 workgroup = MYGROUP
 realm = mygroup.local
 netbios name = NAS

[your share name]
  path = /home/username
  public = no
  writable = yes
  printable = no
  guest ok = no
  valid users = username

now enable samba and start it!

root@bsdtest:/usr/home/sysadmin # sysrc samba_server_enable=YES
root@bsdtest:/usr/home/austinjaney # service samba_server start

Creating Users

root@bsdtest:/usr/home/austinjaney # adduser username
root@bsdtest:/usr/home/austinjaney # pdbedit -a -u username

Removing Users

root@bsdtest:/usr/home/austinjaney # rmuser username

SNMP Printer Billing

So this is something iv been playing with recently, SNMP or the “Simple Network Management Protocol” is a Protocol that was created in 1988 and seems to have really taken off since then being included in most printers, switches, routers and other network devices.  Depending on the device it seems to offer a wide range of information using the command snmpwalk on a mac or other linux / unix system will let you look at what information that device offers over the protocal

snmpwalk -c public 192.168.1.1/other ip on your network

You can get some other IP’s on your network by running arp -a

Anyways,  so that’s pretty cool but what good is it if it doesn’t do anything?  So here’s my use case for it,  at the company I work at we have printers, like 14 printers and they are all leased because of the way we lease them we need to supply the company with how many “impressions” are printed (I’m not sure what an impression is but it seems like its either 1 page or more likely one inch of printing.)  The printers we have are xerox printers and its in the spec that they (and most printers it sounds like) record the impressions they make in the MIB or the management information base,  which from the look at it looks to be a hierarchical tree that happens to store the printers information about just random stuff.  Its all arranged by OIDs or object identifiers which happen to be quarry able threw SNMP FTW!

Fun scripting time,  So this is what I came up with

touch meterreads.txt

Echo Printer billing meters report >> meterreads.txt

date >> meterreads.txt

echo  ________________________________________________________________ >> meterreads.txt

Echo MX4357765 Xerox WorkCentre 7845 >> meterreads.txt

Echo black impressions >> meterreads.txt

snmpwalk -c public 192.168.10.91 .1.3.6.1.4.1.253.8.53.13.2.1.6.1.20.34 >> meterreads.txt

Echo Color impressions >> meterreads.txt

sleep 10

snmpwalk -c public 192.168.10.91 .1.3.6.1.4.1.253.8.53.13.2.1.6.1.20.33 >> meterreads.txt

 

This gets me a txt file named meterreads.txt that’s first line contains the name of the report the date a line to break up the confusion then the name of the printer and then finally a query that will spit out the black and color impressions data from the printers MIB.

The output looks something like this…

printer billing meters report

Mon Aug  8 08:47:00 PDT 2016

_________________________________________________________________

MX4357765 Xerox WorkCentre 7845

black impressions

SNMPv2-SMI::enterprises.253.8.53.13.2.1.6.1.20.34 = INTEGER: 29466

Color impressions

SNMPv2-SMI::enterprises.253.8.53.13.2.1.6.1.20.33 = INTEGER: 50722