freenas 11.3 – set up a jail only to use samba

November 7, 2021 freenas, linux, samba

Samba in FreeNAS 11.2 used to work, you could connect from older PCs to the shares, but now that’s broken.

The hack: you can create a new jail with the sole purpose of running samba to access your zfs pools. In the example below, I called my jail “mysambajail.florida”

First, create a new jail.

Start it up.

Enter the shell using FreeNAS.

# and set a password for root
passwd

If you have a router or pfsense firewall, and need to set up dhcp, you can get the new jail’s mac address:

ifconfig

and get the ether address and set up dhcp in your router or pfsense.

If you need to restart networking to get the new dhcp ip, use: /etc/rc.d/netif restart

If you’ve set up dhcp to give you an IP based on this jail’s hardware address, you should see the new IP after you run /etc/rc.d/netif restart

Install and set up samba:

# enable SSH to box:
ssh-keygen -A

vi /etc/ssh/sshd_config
	# Add:
	PermitRootLogin yes

vi /etc/rc.conf
	# Add:
	sshd_enable="YES"

# start sshd
service sshd onerestart

# check that it's started
service sshd status

Now you can use putty/Mobox to get into the new jail if you want to.

ssh root@mysambajail.florida

# install samba:
pkg update
pkg search samba

# look for the latest version

# install the latest version
pkg install samba413-4.13.1_1
# y

pkg install nano

Next, create directories in the jail where you’ll mount directories from the zfs pool:

mkdir /mnt/backups
mkdir /mnt/vms

Next, stop the jail, then add your needed mount points from the zfs pool, so that the jail can see these directories.

Once the jail is stopped, got to its mount points. Go to Actions, Add, and add them all in the jail under /mnt

Example:

Do this for all the directories you need.

Once they’re mounted, start up the jail again.

Shell into the jail.

You should be able to see the files in the jail, ex:

ls /mnt/backups

Next, add some samba configs to share your directories over samba:

# look for the config file
smbd -b | grep "CONFIGFILE"

# edit the config file
nano /usr/local/etc/smb4.conf

# my drives
[backups]
comment = This is the /mnt/backups shared drive
path = /mnt/backups
browseable = yes
read only = no
guest ok = no
writable = yes
admin users = vmuser,myuser
write list = vmuser,myuser
create mask = 0775
directory mask = 0775
public = no

# start samba
/usr/local/etc/rc.d/samba_server onestart
/usr/local/etc/rc.d/samba_server onerestart

You need to create shell users and samba users. I recommend when you create a shell user you use the option at the end to lock the user’s account, so that they don’t ssh into the box.

# add a shell user, like "vmuser" or "myuser"
adduser

# also add user in samba:
smbpasswd -a vmuser

Try connecting now, using a samba user created earlier.

# Try connecting from Windows:
\\mysambajail.florida

# or:
net use * /delete
net use z: \\mysambajail.florida\backups /USER:vmuser

Make sure the Jail is set to autostart when FreeNAS starts.

First, stop the jail.

Then go the jail and click on Edit, and Auto-start.

Lastly, make sure that samba_enabled is set to YES so that it autostarts in the samba jail:

# in the jail:
nano /etc/rc.conf

and add:

samba_server_enable="YES"

per https://www.freebsd.org/doc/handbook/network-samba.html

To check the status to see if samba is running, use:

/usr/local/etc/rc.d/samba_server onestatus

and you start it:

/usr/local/etc/rc.d/samba_server onestart

and you restart your whole server and make sure everything starts automatically:

sudo shutdown -p now