Chapter 21: Desktop FreeBSD
Overview
Why use FreeBSD on the desktop? Well, why not? FreeBSD makes as good a desktop as it does a server. While FreeBSD's development focus has generally been on the server side, that same crash−resistance and stability makes it a wonderful desktop.
Your FreeBSD desktop will allow you to access your local Windows NT network, share your files, browse the Web, read email, and compose letters, all without crashing even once. Plus, using FreeBSD as a desktop is a wonderful way to learn UNIX and build your confidence as a sysadmin.
Note At one time, "workstation" meant "UNIX computer." The UNIX in question was SunOS, a direct descendant of BSD4.2. If people could use BSD as a workstation that long ago, it'll certainly work for you now.
This chapter will not discuss in great detail exactly how to turn FreeBSD into a comfortable desktop, because that would be another book in itself! We'll go into some detail when discussing FreeBSD software that offers SMB support (Server Message Block, or SMB, is discussed in the next section), but otherwise we'll mostly provide pointers to useful programs that are documented elsewhere. With the understanding of FreeBSD you have acquired by reading this book, and the help of the mailing list archives, you should be able to make these tools work with just a bit of guidance.
Accessing File Shares
If you're on a typical office network, the standard network file−sharing protocol is Microsoft's Common Internet File Sharing, or CIFS. (CIFS was once known as Server Message Block, or SMB.) This is the typical "Network Neighborhood" that Windows users can access. While originally provided only by Microsoft Windows systems, this protocol has become something of a standard.
Thankfully, today there's an open−source CIFS file−sharing server, called Samba. Plus, many other commercial products, such as LanManager and NetApp, provide services via this protocol. FreeBSD itself includes programs to access CIFS shares, which exist in two parts: a kernel module and several user−land programs.
Prerequisites
Before you start, gather some basic information about your Windows network:
∙The workgroup or Windows domain name
∙A valid username and password
∙The IP address of the WINS server, or the DNS hostnames of all the hosts you want to access. (You can get the WINS server IP by running ipconfig /all on a Windows system.)
475
Character Sets
The first problem you have when attempting to access Windows shares is supporting the multiple character sets so common in Windows. (It's very easy for a Windows user to use characters not found in the standard English alphabet, and you don't want such a character to confuse your kernel.)
The FreeBSD kernel does not include the libraries to support multiple character sets, so you'll need to add them. Install the libiconv port from /usr/ports/converters/libiconv before you attempt to add CIFS support to your kernel.
Kernel Support for CIFS
Now recompile your kernel to handle CIFS by adding the following options to your kernel:
...............................................................................................
options NETSMB options NETSMBCRYPTO options LIBMCHAIN options LIBICONV options SMBFS
...............................................................................................
The SMBFS kernel functions are also available as a module, but since you have to rebuild your kernel anyway to include SMB networking support, you may as well compile it statically.
SMB Tools
Once you've built the kernel, install the SMB tools from /usr/ports/net/smbfs.[1] These tools must be exactly synchronized with your kernel, which makes packages mostly useless, unless you have several identical machines, and if you upgrade your FreeBSD install, you must upgrade the port. To make life still more difficult, the master SMBFS source−code repository lurks behind a very overloaded link in Kazakhstan. As such, I recommend that you store the distfile somewhere on your network, so you can easily rebuild the tools without having to refetch the source from the other side of the world (well, depending on where you're located).
Configuring CIFS
The SMB tools use a configuration file–either $HOME/.nsmbrc or /usr/local/ etc/nsmb.conf. All settings in nsmb.conf override settings in user home directories.
The configuration file is divided into sections by labels in square brackets. For example, settings that apply to every SMB connection are kept in the [default] section. You can create your own sections by specifying servers, users, and shares, in one of the following formats:
...............................................................................................
[servername]
[servername:username]
[servername:username:sharename]
...............................................................................................
476
For example, information that applies to an entire server goes in a section named after the server. Information that applies to a specific user is kept in a username section, and information that only applies to a single share is kept in a label that includes the share name. You can lump the information for all the shares under a [servername] entry if you don't have more specific information per share or per user.
Note Nsmb.conf uses CIFS values–for example, my Windows username is mlucas, but my UNIX username is mwlucas, so I use mlucas in nsmb.conf.
nsmb.conf Keywords
You use keywords, some of which can only be used in particular sections, to assign a configuration to a section. For example, servers have IP addresses and users don't, so you wouldn't add the IP address keywords to a user section.
To use a keyword, assign a value with an equal sign, as in keyword=value. Here are the keywords.
...............................................................................................
workgroup=string
...............................................................................................
The workgroup keyword specifies the name of the NT domain or Windows Workgroup you want to access.
...............................................................................................
addr=a.b.c.d
...............................................................................................
The addr keyword sets the IP (or IPX) address of an SMB server with this Windows hostname. This keyword can only appear under a plain [servername] label.
...............................................................................................
nbns=a.b.c.d
...............................................................................................
The nbns keyword sets the IP address of the NetBIOS (WINS) nameserver. You can put this line in the [default] section or under a particular [servername].
...............................................................................................
nbscope=string
...............................................................................................
The nbscope keyword sets the NetBIOS scope. If you don't know what NetBIOS scope is, you probably don't need to set it.
...............................................................................................
retry_count
...............................................................................................
The retry_count keyword specifies the number of times the SMB client will try to contact a server before assuming that the connection has broken. The default is probably fine.
...............................................................................................
timeout
...............................................................................................
477
The timeout setting is the length of time the system will wait for a response to an SMB request before trying again. Again, the default is probably fine.
...............................................................................................
password=string
...............................................................................................
The password keyword sets a clear−text password for a user or a share. If you must store passwords in nsmb.conf, be sure that only root can read the file. Storing a password in $HOME/.nsmbrc is a bad idea on a multi−user system.
You can scramble this password by running smbutil −crypt, and the scrambled password will have double dollar signs ($$) in front of it. However, while this will help prevent someone accidentally seeing the password, it can be easily unscrambled by a malicious user.
Minimum Configuration: Name Resolution
So let's build a basic nsmb.conf file. At an absolute bare minimum, we first need to be able to find hosts for which we need a workgroup and a NetBIOS name−server. I also have a user set up on the Windows−based servers to share files, so I'm going to put that username in the [default] section:
...............................................................................................
[default]
workgroup=EXAMPLE
nbns=192.168.2.80
username=unix
...............................................................................................
Armed with this information, you should be able to perform basic SMB name queries. Use smbutil(1) to test this:
...............................................................................................
# smbutil lookup fileserv4
Got response from 192.168.2.80
IP address of fileserv4: 192.168.1.202
#
...............................................................................................
If this works, you have basic SMB functionality.
Other smbutil Functions
Before you can mount a filesystem from a Windows host, you must log in to it. (Only root can use these smbutil functions.)
...............................................................................................
# smbutil login //unix@fileserv4
Password: Connected to UNIX
#
...............................................................................................
478