This page tries to summarize the current status of Samba on FreeBSD operating system.

There is a Samba page on FreeBSD's wiki, but it was last updated nearly fifteen years ago.

Recently multiple threads appeared on FreeBSD's official mailing lists (e.g. this and this), but there were more questions than answers; OTOH, there's been a lot of activities going on in several Bugzilla reports.

Warning: these informations are what I found with my researches on the web and my own tests; I cannot guarantee they are 100% exact or complete and I take no responsibility. You are welcome to mail me corrections, additions, suggestions, etc...

Samba versions

General issues

Older FreeBSD versions

The new VFS seems to require the nodup option of fdescfs. This means FreeBSD versions before 13.x are out of luck and the port has currently been marked IGNOREd for <13.1.

Support for legacy OS versions (12.4) might be investigated in the future.

If running on 12.4 is required now, with specific limitations, one might try to remove the IGNORE line and test: the theory says that new VFS code should still work with older versions of the FreeBSD, just much slower. Unfortunately practice shows that it's not working besides very basic fileserver mode, without usage of stream_xattrs module and zfsacl. YMMV.

Databases location

Whenever in Samba's documentation you read "/usr/local/samba", keep in mind that on FreeBSD, the databases are in /var/db/samba4.

Bundled libraries

The Samba ports requires a lot of libraries to build: for a few of them, a choice exist to either use a bundled version or a dependent port.

By default ldb is bundled, while cmocka, talloc, tevent and tdb are not.

Not bundling tdb might be the cause of "samba-tool offine backup" getting stuck (see this thread). TODO: check this!


Samba makes use of filesystem ACLs (which, unfortunately, are not fully standardized between different OSes and FSes):

Samba is quite Linux-centric on ACL/xattr handling, but ACLs and xattr in FreeBSD are different from Linux. Also, running Samba in a jail further complicates things.

While a full solution is still under discussion, there seems to be, at the moment, a few alternatives:

Shadow copies

If using ZFS, it might be useful to take periodical snapshots (with py-zfs-autobackup or similar tool) and let users access them as "previous versions".

A tentative was made to create a libzfs based general solution, but seems far from being usable.

Meanwhile the standard vfs_shadow_copy2 module can do, provided it is configured properly (but see this bug).

Also read on if you are running Samba in a jail.


Running Samba in a jail is a controversial practice: while it has obvious advantages (e.g. running an AD DC and a fileserver on the same machine), some people think it is a bad idea; others are instead doing this and report it as working. Upstream will usually wash their hands of any trouble if Samba does not work in a jail.

One peculiarity of jails is the inability to access the SYSTEM extended attributes namespace:

Samba 4.16's RC script also wants to mount its own private fdescfs filesystem: in order to allow for this in a jail, you need allow.mount.fdescfs=true, which in turns needs enforce_statfs<2.

Jail privileges are clearly insufficient, if, when starting Samba, you see:

warn "samba_server: cannot fdescfs mount to /var/run/samba4/fd"

Due to the script not working properly, you could also see:

mount: none: Operation not permitted

If using EZJail, you should edit /usr/local/etc/ezjail/{jail_name}, with the following line:

export jail_{jail_name}_parameters="allow.mount.fdescfs=true enforce_statfs=1"

If using ZFS and you want shadow copies:

Also notice they can't possibly work for directories mounted from outside the jail (e.g. with nullfs).

Missing cores

It can happen that some Samba daemon crashes, but is unable to produce a core; in the log something the following will show up:

      unable to change to %N.core
      refusing to dump core

Setting the following should solve:

      sysctl kern.corefile=/somepath/%N_%P.core
      sysctl kern.sugid_coredump=1

Notice that, in order to be able to get useful dumps, Samba needs to be compiled WITH_DEBUG.

Specific problems

This list tries to address some of the current problems users are like to encounter and provide links to relevant informations, possibly providing a solution or workaround.

By no means this list is meant to be exhaustive.

4.8 to 4.10 upgrade

Upgrading from 4.8 to 4.10 should be attempted by following Samba's standard procedure. Non-FreeBSD specific notes are mostly out of scope here.

Things to pay attention to:

Provisioning an AD DC domain

Warning: information in this chapter was collected a long time ago and many things might have changed. It might not be true, fresh, or relevant anymore.

In the first place, provisioning seems to fail unless you specify additional options.

Adding --option="vfs objects=freebsd" seems to be enough to provision in a non jailed UFS2-with-ACLs situation.

Similarly --option="vfs objects=zfsacl" lets provisioning work on ZFS (base or jail).

Given that, I've had mixed results, as updates to the ports seem to have intermittently broken and fixed it (see this bug).

Classic upgrade

Warning: information in this chapter was collected a long time ago and many things might have changed. It might not be true, fresh, or relevant anymore.

I've managed to Classic upgrades succesfully on ZFS with --option="vfs objects=zfsacl".

Given that, I've had mixed results, as updates to the ports seem to have intermittently broken and fixed it (see this bug).

AD DC in a jail not starting

If a jailed AD DC instance does not start, the cause might be to the nbt service.

See this bug for full info and workaround.

"Directory name is invalid" when opening files

I've seen this on several systems running Samba 4.16 after the upgrade from FreeBSD 13.1 to 13.2 (with absolutely no changes in the configurations/options/etc...).

While the underlying cause is still unknown to me, the following is a quick fix:

find {share} -exec rmextattr user DOSATTRIB "{}" ";"

Take backups before doing this, as I take no responsibility for any side-effect.

Page last updated on 2023/6/3.