Samba-4.9.4

Introduction to Samba

The Samba package provides file and print services to SMB/CIFS clients and Windows networking to Linux clients. Samba can also be configured as a Windows Domain Controller replacement, a file/print server acting as a member of a Windows Active Directory domain and a NetBIOS (rfc1001/1002) nameserver (which among other things provides LAN browsing support).

This package is known to build and work properly using an LFS-8.4 platform.

Package Information

Samba Dependencies

Required

jansson-2.12, libtirpc-1.1.4, lmdb-0.9.23, Python-2.7.15, and rpcsvc-proto-1.4

Recommended

Optional

Avahi-0.7, Cups-2.2.10, Cyrus SASL-2.1.27, GDB-8.2.1, git-2.20.1, GnuPG-2.2.13 (required for ADS and testsuite), GnuTLS-3.6.6, jansson-2.12, libaio-0.3.111, libarchive-3.3.3, libcap-2.26 with PAM, libgcrypt-1.8.4, libnsl-1.2.0, Linux-PAM-1.3.0, MIT Kerberos V5-1.17, NSS-3.42.1, popt-1.16, Talloc-2.1.15 (included), Vala-0.42.5, Valgrind-3.14.0 (optionally used by the test suite), Wireshark-2.6.6 (module installed), xfsprogs-4.19.0, cmocka, ctdb (included), Gamin, GlusterFS, Heimdal (included), libunwind, ldb (included), M2Crypto (required for ADS), OpenAFS, PyGPGME (recommended for ADS), tevent (included), and tdb (included)

Optional (for the Developer Test Suite)

Install in listed order: six-1.12.0, argparse, extras, py, enum34, hypothesis, pytest, coverage, pytest-cov, doctools, unittest2, testtools, fixtures, python-mimeparse, contextlib2, traceback2, linecache2, testscenarios, testresources, virtualenv, pbr, and python-subunit

User Notes: http://wiki.linuxfromscratch.org/blfs/wiki/samba4

Installation of Samba

Fix a test that always fails:

echo "^samba4.rpc.echo.*on.*ncacn_np.*with.*object.*nt4_dc" >> selftest/knownfail

Install Samba by running the following commands:

CFLAGS="-I/usr/include/tirpc"          \
LDFLAGS="-ltirpc"                      \
  ./configure                          \
    --prefix=/usr                      \
    --sysconfdir=/etc                  \
    --localstatedir=/var               \
    --with-piddir=/run/samba           \
    --with-pammodulesdir=/lib/security \
    --enable-fhs                       \
    --without-ad-dc                    \
    --enable-selftest                  &&
make

To test the results, as the root user, issue: make quicktest. The test suite will produce lines that look like failures, but these are innocuous. The last few lines of output should report "ALL OK" for a good test run. A summary of any failures can be found in ./st/summary.

[Note]

Note

Additionally, developer test suites are available. If you've installed the optional python modules above, you can run these tests with make test. It is not recommended for the average builder at nearly 100 SBU and over a gigabyte of disk space, and you should expect ~80 errors and ~30 failures from the 3000+ tests.

Now, as the root user:

make install &&

mv -v /usr/lib/libnss_win{s,bind}.so*   /lib                       &&
ln -v -sf ../../lib/libnss_winbind.so.2 /usr/lib/libnss_winbind.so &&
ln -v -sf ../../lib/libnss_wins.so.2    /usr/lib/libnss_wins.so    &&

install -v -m644    examples/smb.conf.default /etc/samba &&

mkdir -pv /etc/openldap/schema                        &&

install -v -m644    examples/LDAP/README              \
                    /etc/openldap/schema/README.LDAP  &&

install -v -m644    examples/LDAP/samba*              \
                    /etc/openldap/schema              &&

install -v -m755    examples/LDAP/{get*,ol*} \
                    /etc/openldap/schema

Command Explanations

--enable-fhs: Assigns all other file paths in a manner compliant with the Filesystem Hierarchy Standard (FHS).

--without-ad-dc: Disable Active Directory Domain Controller functionality. See Setup a Samba Active Directory Domain Controller for detailed information. Remove this switch if you've installed the Python modules needed for ADS support. Note that BLFS does not provide a samba bootscript for an Active Directory domain controller.

--with-selftest-prefix=SELFTEST_PREFIX: This option specifies the test suite work directory (default=./st).

mv -v /usr/lib/libnss_win{s,bind}.so* /lib: The nss libraries are installed in /usr/lib by default. Move them to /lib.

ln -v -sf ../../lib/libnss_winbind.so.2 /usr/lib/libnss_winbind.so and ln -v -sf ../../lib/libnss_wins.so.2 /usr/lib/libnss_wins.so: These symlinks are required when applications build against these libraries.

install -v -m644 examples/LDAP/* /etc/openldap/schema: These commands are used to copy sample Samba schemas to the OpenLDAP schema directory.

install -v -m644 ../examples/smb.conf.default /etc/samba: This copies a default smb.conf file into /etc/samba. This sample configuration will not work until you copy it to /etc/samba/smb.conf and make the appropriate changes for your installation. See the configuration section for minimum values which must be set.

Configuring Samba

Config Files

/etc/samba/smb.conf

Printing to SMB Clients

If you use CUPS for print services, and you wish to print to a printer attached to an SMB client, you need to create an SMB backend device. To create the device, issue the following command as the root user:

ln -v -sf /usr/bin/smbspool /usr/lib/cups/backend/smb

Configuration Information

Due to the complexity and the many various uses for Samba, complete configuration for all the package's capabilities is well beyond the scope of the BLFS book. This section provides instructions to configure the /etc/samba/smb.conf file for two common scenarios. The complete contents of /etc/samba/smb.conf will depend on the purpose of Samba installation.

[Note]

Note

You may find it easier to copy the configuration parameters shown below into an empty /etc/samba/smb.conf file instead of copying and editing the default file as mentioned in the “Command Explanations” section. How you create/edit the /etc/samba/smb.conf file will be left up to you. Do ensure the file is only writeable by the root user (mode 644).

Scenario 1: Minimal Standalone Client-Only Installation

Choose this variant if you only want to transfer files using smbclient, mount Windows shares and print to Windows printers, and don't want to share your files and printers to Windows machines.

A /etc/samba/smb.conf file with the following three parameters is sufficient:

[global]
    workgroup = MYGROUP
    dos charset = cp850
    unix charset = ISO-8859-1

The values in this example specify that the computer belongs to a Windows workgroup named “MYGROUP”, uses the “cp850” character set on the wire when talking to MS-DOS and MS Windows 9x, and that the filenames are stored in the “ISO-8859-1” encoding on the disk. Adjust these values appropriately for your installation. The “unix charset” value must be the same as the output of locale charmap when executed with the LANG variable set to your preferred locale, otherwise the ls command may not display correct filenames of downloaded files.

There is no need to run any Samba servers in this scenario, thus you don't need to install the provided bootscripts.

Scenario 2: Standalone File/Print Server

Choose this variant if you want to share your files and printers to Windows machines in your workgroup in addition to the capabilities described in Scenario 1.

In this case, the /etc/samba/smb.conf.default file may be a good template to start from. Also add “dos charset” and “unix charset” parameters to the “[global]” section as described in Scenario 1 in order to prevent filename corruption. For security reasons, you may wish to define path = /home/alice/shared-files, assuming your user name is alice and you only want to share the files in that directory, instead of your entire home. Then, replace homes by shared-files and change also the “comment” if used the configuration file below or the /etc/samba/smb.conf.default to create yours.

The following configuration file creates a separate share for each user's home directory and also makes all printers available to Windows machines:

[global]
    workgroup = MYGROUP
    dos charset = cp850
    unix charset = ISO-8859-1

[homes]
    comment = Home Directories
    browseable = no
    writable = yes

[printers]
    comment = All Printers
    path = /var/spool/samba
    browseable = no
    guest ok = no
    printable = yes

Other parameters you may wish to customize in the “[global]” section include:

    server string =
    security =
    hosts allow =
    load printers =
    log file =
    max log size =
    socket options =
    local master =

Reference the comments in the /etc/samba/smb.conf.default file for information regarding these parameters.

Since the smbd and nmbd daemons are needed in this case, install the samba bootscript. Be sure to run smbpasswd (with the -a option to add users) to enable and set passwords for all accounts that need Samba access. Using the default Samba passdb backend, any user you attempt to add will also be required to exist in the /etc/passwd file.

Advanced Requirements

More complex scenarios involving domain control or membership are possible. Such setups are advanced topics and cannot be adequately covered in BLFS. Many complete books have been written on these topics alone. Note that in some domain membership scenarios, the winbindd daemon and the corresponding bootscript are needed.

There is quite a bit of documentation available which covers many of these advanced configurations. Point your web browser to the links below to view some of the documentation included with the Samba package:

Guest account

The default Samba installation uses the nobody user for guest access to the server. This can be overridden by setting the guest account = parameter in the /etc/samba/smb.conf file. If you utilize the guest account = parameter, ensure this user exists in the /etc/passwd file.

Systemd Units

To start the Samba daemons at boot, install the systemd units from the blfs-systemd-units-20180105 package by running the following command as the root user:

make install-samba

To start the winbindd daemon at boot, install the systemd unit from the blfs-systemd-units-20180105 package by running the following command as the root user:

make install-winbindd
[Note]

Note

This package comes with two types of units: A service file and a socket file. The service file will start the smbd daemon once at boot and it will keep running until the system shuts down. The socket file will make systemd listen on the smbd port (Default 445, needs to be edited for anything else) and will start the smbd daemon when something tries to connect to that port and stop the daemon when the connection is terminated. This is called socket activation and is analogous to using {,x}inetd on a SysVinit based system.

By default, the first method is used - the smbd daemon is started at boot and stopped at shutdown. If the socket method is desired, you need to run the following commands as the root user:

systemctl stop smbd &&
systemctl disable smbd &&
systemctl enable smbd.socket &&
systemctl start smbd.socket

Note that only the smbd daemon can be socket activated.

Contents

Installed Programs: cifsdd, dbwrap_tool, eventlogadm, findsmb,gentest, ldbadd, ldbdel, ldbedit, ldbmodify, ldbrename, ldbsearch, locktest, masktest, mvxattr, ndrdump, net, nmbd, nmblookup, ntlm_auth, oLschema2ldif, pdbedit, pidl, profiles, regdiff, regpatch, regshell, regtree, rpcclient, samba, samba_dnsupdate, samba_kcc, samba-gpupdate, samba-regedit, samba_spnupdate, samba-tool, samba_upgradedns, sharesec, smbcacls, smbclient, smbcontrol, smbcquotas, smbd, smbget, smbpasswd, smbspool, smbstatus, smbtar, smbtorture, smbtree, tdbbackup, tdbdump, tdbrestore, tdbtool, testparm, wbinfo, and winbindd
Installed Libraries: libdcerpc-binding.so, libdcerpc-samr.so, libdcerpc-server.so, libdcerpc.so, libndr-krb5pac.so, libndr-nbt.so, libndr.so, libndr-standard.so, libnetapi.so, libnss_winbind.so, libnss_wins.so, libsamba-credentials.so, libsamba-errors.so, libsamba-hostconfig.so, libsamba-passdb.so, libsamba-policy.so, libsamba-util.so, libsamdb.so, libsmbclient.so, libsmbconf.so, libsmbldap.so, libtevent-util.so, libwbclient.so, and winbind_krb5_locator.so; the pam_winbind.so PAM library; and assorted character set, filesystem and support modules under /usr/lib/{python2.7,samba}
Installed Directories: /etc/samba, /run/samba, /usr/include/samba-4.0, /usr/lib/perl5/vendor_perl/5.x.y/Parse/Pidl/{Samba{3,4},Wireshark}, /usr/lib/python2.7/site-packages/samba, /usr/{lib,share}/samba, and /var/{cache,lib,lock,log,run}/samba

Short Descriptions

cifsdd

is the dd command for SMB.

dbwrap_tool

is used to read and manipulate TDB/CTDB databases using the dbwrap interface.

eventlogadm

is used to write records to eventlogs from STDIN, add the specified source and DLL eventlog registry entries and display the active eventlog names (from smb.conf).

findsmb

is used to list info about machines that respond to SMB name queries on a subnet.

gentest

is used to run random generic SMB operations against two SMB servers and show the differences in behavior.

ldbadd

is a command-line utility for adding records to an LDB database.

ldbdel

is a command-line program for deleting LDB database records.

ldbedit

allows you to edit LDB databases using your preferred editor.

ldbmodify

allows you to modify records in an LDB database.

ldbrename

allows you to edit LDB databases using your preferred editor.

ldbsearch

searches an LDB database for records matching a specified expression.

locktest

is used to find differences in locking between two SMB servers.

masktest

is used to find differences in wildcard matching between Samba's implementation and that of a remote server.

mvxattr

is used to recursively rename extended attributes.

ndrdump

is a DCE/RPC Packet Parser and Dumper.

net

is a tool for administration of Samba and remote CIFS servers, similar to the net utility for DOS/Windows.

nmbd

is the Samba NetBIOS name server.

nmblookup

is used to query NetBIOS names and map them to IP addresses.

ntlm_auth

is a tool to allow external access to Winbind's NTLM authentication function.

oLschema2ldif

converts LDAP schema's to LDB-compatible LDIF.

pdbedit

is a tool used to manage the SAM database.

pidl

is an IDL (Interface Definition Language) compiler written in Perl.

profiles

is a utility that reports and changes SIDs in Windows registry files. It currently only supports Windows NT.

regdiff

is a Diff program for Windows registry files.

regpatch

applies registry patches to registry files.

regshell

is a Windows registry file browser using readline.

regtree

is a text-mode registry viewer.

rpcclient

is used to execute MS-RPC client side functions.

samba

is a server to provide AD and SMB/CIFS services to clients.

samba_dnsupdate

is used to update our DNS names using TSIG-GSS.

samba_kcc

is a script used to compute your KCC (Knowledge Consistency Checker) topology.

samba-gpupdate

allows you to edit Microsoft Group Policy Objects (GPOs).

samba-regedit

is a ncurses based tool to manage the Samba registry.

samba_spnupdate

is a script to update the servicePrincipalName names from spn_update_list.

samba-tool

is the main Samba administration tool.

samba_upgradedns

is a Unix SMB/CIFS implementation.

sharesec

manipulates share ACL permissions on SMB file shares.

smbcacls

is used to manipulate Windows NT access control lists.

smbclient

is a SMB/CIFS access utility, similar to FTP.

smbcontrol

is used to control running smbd, nmbd and winbindd daemons.

smbcquotas

is used to manipulate Windows NT quotas on SMB file shares.

smbd

is the main Samba daemon which provides SMB/CIFS services to clients.

smbget

is a simple utility with wget-like semantics, that can download files from SMB servers. You can specify the files you would like to download on the command-line.

smbpasswd

changes a user's Samba password.

smbspool

sends a print job to an SMB printer.

smbstatus

reports current Samba connections.

smbtar

is a shell script used for backing up SMB/CIFS shares directly to Linux tape drives or a file.

smbtorture

is a testsuite that runs several tests against a SMB server.

smbtree

is a text-based SMB network browser.

tdbbackup

is a tool for backing up or validating the integrity of Samba .tdb files.

tdbdump

is a tool used to print the contents of a Samba .tdb file.

tdbrestore

is a tool for creating a Samba .tdb file out of a ntdbdump.

tdbtool

is a tool which allows simple database manipulation from the command line.

testparm

checks an smb.conf file for proper syntax.

wbinfo

queries a running winbindd daemon.

winbindd

resolves names from Windows NT servers.

libnss_winbind.so

provides Name Service Switch API functions for resolving names from NT servers.

libnss_wins.so

provides API functions for Samba's implementation of the Windows Internet Naming Service.

libnetapi.so

provides the API functions for the administration tools used for Samba and remote CIFS servers.

libsmbclient.so

provides the API functions for the Samba SMB client tools.

libwbclient.so

provides API functions for Windows domain client services.

Last updated on 2019-02-20 23:16:01 -0800