FreeBSD15.1 : FTP Server , Samba Fileserver

# cd /etc/ssl
# openssl genrsa -des3 -out server.key 2048
Enter PEM pass phrase: [pass phrase:]
Verifying - Enter PEM pass phrase: [pass phrase:]

# openssl rsa -in server.key -out server.key
Enter pass phrase for server.key: ←Enter the passphrase you just entered
writing RSA key

# chmod 400 server.key

# cd /etc/ssl/
# openssl req -new -x509 -days 3650 -key server.key -out ftp.crt
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:JP　←country name
State or Province Name (full name) [Some-State]:Osaka　←prefecture name
Locality Name (eg, city) []:Sakai　←municipalities
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Lepard　←Host name (or company name))
Organizational Unit Name (eg, section) []:　←Enter
Common Name (e.g. server FQDN or YOUR name) []:Admin　←Host name (or administrator name)
Email Address []:hoge@hoge.com　←Administrator's email address

# cat server.key ftp.crt > ftp.pem
# chmod 400 ftp.*

# cd /usr/ports/ftp/vsftpd
# make BATCH=yes WITH_VSFTPD_SSL=yes install clean

# chmod 640 /usr/local/etc/vsftpd.conf

# vi /usr/local/etc/vsftpd.conf
Line 12 : Change (do not allow anonymous login)
anonymous_enable=NO

Line 15 : Uncomment (Allow local login)
local_enable=YES

Line 18 : Uncomment (Allow to write)
write_enable=YES

Line 22 :  Uncomment (new file permission setting)
local_umask=022

Line 51 : Uncomment (specify log file)
xferlog_file=/var/log/vsftpd.log

Line 80 : Uncomment (Allow uploading in ASCII mode)
ascii_upload_enable=YES

Line 81 : Uncomment (Allow downloading in ASCII mode)
ascii_download_enable=YES

Line 98 : Uncomment
chroot_local_user=YES

Line 99 : Uncomment
chroot_list_enable=YES

Line 101 : Uncomment (user-specified file above)
chroot_list_file=/etc/vsftpd.chroot_list

Line 107 : Uncomment (allow per-directory deletion)
ls_recurse_enable=YES

Line 112 : IPv4 enabled
listen=YES

Line 134 : Uncomment
background=YES

# Add the following to the last line
# PASV mode enabled
pasv_enable=YES
# pasv_address
pasv_addr_resolve=YES
# pasv mode port number range
pasv_min_port=4000
pasv_max_port=4009
# Use local time
use_localtime=YES
#  Allow SSL connections
ssl_enable=YES
# Specify SSL certificate file
rsa_cert_file=/etc/ssl/ftp.pem
#  Do not reuse SSL sessions
require_ssl_reuse=NO
# Disable Forced SSL Connection
force_local_logins_ssl=NO
# Disable Forced SSL Connection
force_local_data_ssl=NO
# Show dot file
force_dot_files=YES

# echo "vsftpd: ALL" >> /etc/hosts.allow

# echo huong >> /etc/vsftpd.chroot_list

# sysrc vsftpd_enable="YES"

# service vsftpd start

# service ipfw restart

# pkg search samba
samba-nsupdate-9.16.5_3        nsupdate utility with the GSS-TSIG support
samba416-4.16.11_10            Free SMB/CIFS and AD/DC server and client for Unix
samba419-4.19.9_12             Free SMB/CIFS and AD/DC server and client for Unix
samba420-4.20.8_1              Free SMB/CIFS and AD/DC server and client for Unix
samba422-4.22.7_1              Free SMB/CIFS and AD/DC server and client for Unix
samba423-4.23.6_1              Free SMB/CIFS and AD/DC server and client for Unix

# pkg install samba420

# vi /usr/local/etc/smb4.conf

[global]
dos charset = CP932　←Character encoding used for communication with Windows clients
unix charset = UTF-8　←Character encoding used by FreeBSD on the Samba server side
workgroup = WORKGROUP　←Match the workgroup name set on the Windows side.
server string = FreeBSD　←Any name
netbios name = freebsd　　←Any name
security = user
 
[share]
path = /home/share　←Path of the directory to be shared
create mask = 0770　←Permissions for files/directories created in shared directories
directory mask = 0770 ←Permissions for files/directories created in shared directories
guest only = No　←No guest users allowed
guest ok = No　　←No guest users allowed
browseable = No
read only = No　　←Shared directories are writable
writable = Yes　　←Shared directories are writable

# mkdir /home/share
# chown huong:wheel /home/share
# chmod -R 0770 /home/share

# sysrc samba_server_enable="YES"

# service samba_server start

# pdbedit -a -u huong
new password: Password
retype new password: again Password
Unix username:        huong
NT username:
Account Flags:        [U          ]
User SID:             S-1-5-21-165518207-400400841-3263613001-1000
Primary Group SID:    S-1-5-21-165518207-400400841-3263613001-513
Full Name:            huong
Home Directory:       \\FREEBSD\huong
HomeDir Drive:
Logon Script:
Profile Path:         \\FREEBSD\huong\profile
Domain:               FREEBSD
Account desc:
Workstations:
Munged dial:
Logon time:           0
Logoff time:          Thu, 07 Feb 2036 00:06:39 JST
Kickoff time:         Thu, 07 Feb 2036 00:06:39 JST
Password last set:    Wed, 17 Jun 2026 09:25:27 JST
Password can change:  Wed, 17 Jun 2026 09:25:27 JST
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

# vi /usr/local/etc/ipfw.rules
Add the following
$IPF xxx allow tcp from any to any 445 in
$IPF xxx allow tcp from any to any 445 out

Reload Firewall Rules
# service ipfw restart