2
<body bgcolor="#ffffff">
4
<img src="samba2_xs.gif" border="0" alt=" " height="100" width="76"
5
hspace="10" align="left" />
7
<h1 class="head0">Chapter 2. Installing Samba on a Unix System</h1>
9
<p><a name="INDEX-1"/>Now
10
that you know what Samba can do for you and your users,
11
it's time to get your own network set up.
12
Let's start with the installation of Samba. When
13
dancing the samba, one learns by taking small steps.
14
It's just the same when installing Samba; we need to
15
teach it step by step. This chapter will help you start off on the
18
<p>For illustrative purposes, we will be installing the 2.2.6 version of
19
the Samba server on a Linux system running Version 2.4 of the kernel.
20
However, the installation steps are essentially the same for all the
21
platforms Samba supports.</p>
24
<div class="sect1"><a name="samba2-CHP-2-SECT-1"/>
26
<h2 class="head1">Bundled Versions</h2>
28
<p><a name="INDEX-2"/><a name="INDEX-3"/>Samba is in such
29
popular use that many Unix distributions come with it already
30
installed. If you choose to use a bundled version of Samba, you can
31
breeze through most of this chapter, but you'll be
32
stuck with the Samba version and compile-time options your vendor
33
selected for you. That version of Samba can't be any
34
newer than the operating system release, so you're
35
likely to be pretty far behind the latest developments. On the other
36
hand, you can be fairly sure that a bundled version has been
37
installed properly, and perhaps it will take only a few simple
38
modifications to your <em class="emphasis">smb.conf</em> file for you to
39
be off and running. Samba is mature enough that you probably
40
don't need the latest release to meet your basic
41
needs, so you might be perfectly happy running a bundled version.</p>
43
<p>If you choose this option, be aware that your Samba files, including
45
<em class="emphasis">smb.conf</em>,<a name="INDEX-4"/> might be in different places
46
than they would be if you were to install from a binary or source
47
distribution. For example, with the Red Hat, Debian, and Mandrake
48
Linux distributions, <em class="emphasis">smb.conf</em> and some other
49
Samba-related files are in the <em class="emphasis">/etc/samba</em>
52
<p>If Samba is already installed on your system, you can check to see
53
what version you have by using the command:</p>
55
<blockquote><pre class="code">$ <tt class="userinput"><b>smbd -V</b></tt>
56
Version 2.2.6</pre></blockquote>
58
<p>(If this doesn't work, it might be because
59
<em class="emphasis">smbd</em> is not in your shell's
60
search path. If you have the <em class="emphasis">locate</em> or
61
<em class="emphasis">whereis</em> command in your Unix variant, you can
62
use it to locate the <em class="emphasis">smbd</em> executable.)</p>
64
<p>You might also be able to use a system-specific tool to query a
65
software-package maintenance utility. On Red Hat Linux, you can use
66
the <em class="emphasis">rpm</em><a name="INDEX-5"/> command to query the installed packages
69
<blockquote><pre class="code">$ <tt class="userinput"><b>rpm -qa | grep samba</b></tt>
70
samba-client-2.0.8-1.7.1
72
samba-common-2.0.8-1.7.1</pre></blockquote>
74
<p>This shows we have Samba 2.0.8, divided into three Red Hat Package
75
Manager (RPM) packages, bundled with Red Hat 7.1. If your version of
76
Samba is old, you might at the very least want to check with your
77
vendor for an update.</p>
79
<p>Otherwise, if you're sure you are going to install
80
from a binary or source distribution, you can remove the RPM packages
83
<blockquote><pre class="code"># <tt class="userinput"><b>rpm -e samba</b></tt>
84
# <tt class="userinput"><b>rpm -e samba-client</b></tt>
85
# <tt class="userinput"><b>rpm -e samba-common</b></tt></pre></blockquote>
87
<p>If you are not using Red Hat Linux, consult your
88
system's documentation to find the method that works
92
<div class="sect2"><a name="samba2-CHP-2-SECT-1.1"/>
94
<h3 class="head2">Binary or Source?</h3>
96
<p><a name="INDEX-6"/>Precompiled
97
"binary" packages are also
98
available for a large number of Unix platforms. These packages
99
contain binaries for each Samba executable, as well as the standard
100
Samba documentation. Note that while installing a binary distribution
101
can save you a fair amount of time and trouble, you should keep a
102
couple of issues in mind when deciding whether to use the binary or
103
compile the source yourself:</p>
106
<p>The binary packages can lag behind the latest version of the software
107
by one or two (maybe more) minor releases, especially after a series
108
of small changes and for less popular platforms. Compare the release
109
notes for the source and binary packages to make sure there
110
aren't any new features that you need on your
113
<p>If you use a precompiled binary that is dynamically linked, you will
114
need to ensure that you have the correct libraries required by the
115
executables. If your system does not already have the required
116
version of a library, you might have to install a new version. The
117
<em class="filename">README</em> file or <em class="filename">makefile</em>
118
that accompanies the binary distribution should list any special
121
<p>Many systems with shared libraries come with a nifty tool called
122
<em class="emphasis">ldd</em>. This tool will tell you which libraries a
123
specific binary requires and which libraries on the system satisfy
124
that requirement. For example, checking the <em class="emphasis">smbd</em>
125
program on our test machine gave us:</p>
127
<blockquote><pre class="code">$ <tt class="userinput"><b>ldd smbd</b></tt>
128
libdl.so.2 => /lib/libdl.so.2 (0x40026000)
129
libnsl.so.1 => /lib/libnsl.so.1 (0x4002a000)
130
libpam.so.0 => /lib/libpam.so.0 (0x40041000)
131
libc.so.6 => /lib/libc.so.6 (0x40049000)
132
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)</pre></blockquote>
134
<p>If there are any incompatibilities between Samba and specific
135
libraries on your machine, the distribution-specific documentation
136
should highlight them.</p>
138
<p>If your precompiled binary is statically linked, it is still possible
139
to have problems. There have been cases in which the statically
140
linked C library calls in Samba programs have been out of sync with
141
the operating-system kernel, even though this is
142
"not supposed to happen."</p>
144
<p>Keep in mind that each binary distribution carries preset values
145
about the target platform, such as default directories and
146
configuration option values. Again, check the documentation and the
147
makefile included in the source directory to see which directives and
148
variables were used when the binary was compiled. In some cases,
149
these will not be appropriate for your situation.</p>
151
<p>A few configuration items can be reset with command-line options at
152
runtime rather than at compile time. For example, if your binary
153
tries to place any log, lock, or status files in the
154
"wrong" place (for example, in
155
<em class="filename">/usr/local</em> ), you can override this without
158
<p>One point worth mentioning is that the Samba source requires an
159
<a name="INDEX-7"/><a name="INDEX-8"/><a name="INDEX-9"/>ANSI C
160
compiler. If you are on a legacy platform with a non-ANSI compiler,
161
such as the <em class="emphasis">cc</em> compiler on SunOS Version 4,
162
you'll have to install an ANSI-compliant compiler
163
such as <em class="emphasis">gcc</em> <a name="INDEX-10"/>before you do anything else.<a name="FNPTR-1"/><a href="#FOOTNOTE-1">[1]</a>
164
If installing a compiler isn't something you want to
165
wrestle with, you can start off with a binary package. However, for
166
the most flexibility and compatibility on your system, we always
167
recommend compiling from the latest stable or production source.</p>
169
<p>A typical installation will take about an hour to complete, including
170
downloading the source files and compiling them, setting up the
171
configuration files, and testing the server.</p>
173
<p>Here is an overview of the steps:</p>
176
<p><a name="INDEX-11"/>Download the source or binary files.</p>
178
<p>Read the installation documentation.</p>
180
<p>Configure a makefile.</p>
182
<p>Compile the server and utility programs.</p>
184
<p>Install the server files.</p>
186
<p>Create a Samba configuration file.</p>
188
<p>Test the configuration file.</p>
190
<p>Start the Samba daemons.</p>
192
<p>Test the Samba daemons. <a name="INDEX-12"/></p>
202
<div class="sect1"><a name="samba2-CHP-2-SECT-2"/>
204
<h2 class="head1">Downloading the Samba Distribution</h2>
206
<p><a name="INDEX-13"/>If
207
you would like to download the latest version of the Samba software,
208
the primary web site is <a href="http://www.samba.org">http://www.samba.org</a>. Once connected to this
209
page, you'll see links to several Samba mirror sites
210
across the world, both for the standard Samba web pages and for sites
211
devoted exclusively to downloading Samba. For the best performance,
212
choose a site that is closest to your own geographic location.</p>
214
<p>The standard Samba web sites have Samba
215
<a name="INDEX-14"/>documentation and
216
<a name="INDEX-15"/>tutorials,
217
<a name="INDEX-16"/>mailing-list
218
archives, and the latest Samba <a name="INDEX-17"/>news, as well as source and binary
219
distributions of Samba. The download sites (sometimes called
220
<em class="emphasis">F T P sites</em>) have only the source and binary
221
distributions. Unless you specifically want an older version of the
222
Samba server or are going to install a binary distribution, download
223
the latest source distribution from the closest mirror site. This
224
distribution is always named:</p>
226
<blockquote><pre class="code">samba-latest.tar.gz</pre></blockquote>
228
<p>which for the 2.2.6 release is an approximately 5MB file.</p>
230
<p>The source distribution has been archived with
231
<em class="emphasis">tar</em> and then compressed with the GNU
232
<em class="emphasis">gzip</em> program. To unpack it, move the file to the
233
directory in which you want the Samba source directory to be located,
234
then <em class="emphasis">cd</em> to that directory and run the command:</p>
236
<blockquote><pre class="code">$ <tt class="userinput"><b>tar xvfz samba-latest.tar.gz</b></tt></pre></blockquote>
238
<p>Or, if you do not have the GNU <em class="emphasis">tar</em> program
239
(which also handles the unzipping):</p>
241
<blockquote><pre class="code">$ <tt class="userinput"><b>gunzip samba-latest.tar.gz</b></tt>
242
$ <tt class="userinput"><b>tar xvf samba-latest.tar</b></tt></pre></blockquote>
244
<p>In that latter case, you might need to install the GNU
245
<em class="emphasis">gunzip</em> program first. While the
246
<em class="emphasis">tar</em> command runs, it will print out a list of
247
the files it installs.</p>
250
<div class="sect2"><a name="samba2-CHP-2-SECT-2.1"/>
252
<h3 class="head2">Read the Documentation</h3>
254
<p><a name="INDEX-18"/>This
255
part might seem obvious, but at one time or other you probably
256
uncompressed a package, blindly typed:</p>
258
<blockquote><pre class="code">$ <tt class="userinput"><b>configure; make; make install</b></tt></pre></blockquote>
260
<p>and walked away to get another cup of coffee. Do yourself a favor and
261
be a little more careful this time.</p>
263
<p>In the top-level directory that you just installed, there is a file
264
named <em class="filename">WHATSNEW.txt</em>, which contains the latest
265
news about the release. If you are upgrading, you can find important
266
information about bug fixes or configuration parameters that have
267
been added or are no longer supported.</p>
269
<p>With both source and binary packages you'll find a
270
large number of documents in the <em class="filename">docs</em> directory,
271
in a variety of formats. One file is especially important:</p>
273
<blockquote><pre class="code">docs/htmldocs/UNIX_INSTALL.html</pre></blockquote>
275
<p>This is the Samba Team's official instructions on
276
installing Samba on a Unix system, which you might like to use as
277
another perspective besides what we are telling you here.</p>
279
<p>In general, we expect you'll find to be most useful
280
the files in the following directories:</p>
283
<dt><b>docs/faq</b></dt>
285
<p>This is the Samba Frequently Asked Questions (FAQ) files.</p>
290
<dt><b>docs/htmldocs</b></dt>
292
<p>This is the miscellaneous documentation in HTML format.</p>
297
<dt><b>docs/textdocs</b></dt>
299
<p>Here is more documentation, in simple text format.</p>
304
<dt><b>docs/manpages</b></dt>
306
<p>You don't need to worry about these yet; during the
307
installation, the files will be installed so that you can use the
308
<em class="emphasis">man</em> command to read them. But you can take a
309
look in the directory to see which manpages are available.</p>
322
<div class="sect1"><a name="samba2-CHP-2-SECT-3"/>
324
<h2 class="head1">Configuring Samba</h2>
326
<p><a name="INDEX-19"/><a name="INDEX-20"/>Samba automatically configures itself
327
prior to compilation. This reduces the likelihood of a
328
machine-specific problem, but you might end up wishing for an option
329
after Samba has been installed.</p>
331
<p>The source distribution of Samba 2.2 and above
332
doesn't initially have a
333
<a name="INDEX-21"/>makefile. Instead, one is
334
generated through a <a name="INDEX-22"/><a name="INDEX-23"/>GNU <em class="filename">configure</em>
335
script, which is located in the <em class="filename">samba-2.2.x
336
/source/</em> directory. The <em class="firstterm">configure</em>
337
script takes care of the machine-specific issues of building Samba.</p>
339
<a name="samba2-CHP-2-NOTE-88"/><blockquote class="note"><h4 class="objtitle">NOTE</h4>
343
<p>Before running the <em class="filename">configure</em> script, it is
344
important that you become the root user on the system. Otherwise, you
345
might get a warning such as:</p>
348
<blockquote><pre class="code">configure: warning: running as non-root will disable some tests</pre></blockquote>
351
<p>You don't want any test to be disabled when the
352
Samba makefile is being created; it would leave the potential for
353
errors down the road when compiling or running Samba on your system.</p>
356
<p>When the <em class="filename">configure </em>script is run, it prints out
357
messages telling what it is doing, and error messages might be mixed
358
in. To make sure you see those very important error messages, we
359
suggest you run <em class="filename">configure </em>with its standard
360
output passed through some filter to capture the output and keep it
361
from scrolling out of sight. One method is using the
362
<em class="filename">more</em> command:</p>
364
<blockquote><pre class="code"># <tt class="userinput"><b>./configure | more</b></tt></pre></blockquote>
366
<p>We will show you another in a moment.</p>
368
<p>Although you can run <em class="filename">configure </em>as previously
369
with no options, you might want to add support for extra features by
370
passing options on the command line. For example:</p>
372
<blockquote><pre class="code"># <tt class="userinput"><b>./configure --with-winbind</b></tt></pre></blockquote>
374
<p>will configure the Samba makefile with support for winbind
375
authentication. If you would like a complete list of options, type
378
<blockquote><pre class="code"># <tt class="userinput"><b>./configure --help</b></tt></pre></blockquote>
380
<p>Each option enables or disables various features. You typically
381
enable a feature by specifying the
382
<tt class="literal">--</tt><a name="INDEX-24"/><a name="INDEX-25"/><a name="INDEX-26"/><a name="INDEX-27"/><tt class="literal">with-</tt><em class="replaceable">feature</em>
383
option, which will cause the feature to be compiled and installed.
384
Likewise, if you specify a
385
<tt class="literal">--without-</tt><em class="replaceable">feature</em>
386
option, the feature will be disabled. A full list of configuration
387
options is provided in <a href="appe.html">Appendix E</a>, but for now we
388
want to point out three of them, which are features we cover later in
392
<dt><b><tt class="literal">--with-msdfs</tt><a name="INDEX-28"/><a name="INDEX-29"/></b></dt>
394
<p>Include support for Microsoft Distributed filesystem (Dfs), which
395
allows dispersed network resources to be clumped together into one
396
easy-to-navigate directory tree. See <a href="ch08.html">Chapter 8</a>.</p>
401
<dt><b><tt class="literal">--with-smbwrapper</tt><a name="INDEX-30"/><a name="INDEX-31"/></b></dt>
403
<p>Include SMB wrapper support, which allows programs running on the
404
Unix host to access SMB shared folders as if they were Unix
405
filesystems. We recommend using this option. See <a href="ch05.html">Chapter 5</a>.</p>
410
<dt><b><tt class="literal">--with-smbmount</tt><a name="INDEX-32"/><a name="INDEX-33"/></b></dt>
412
<p>Include <em class="emphasis">smbmount</em> support, which allows SMB
413
shared folders to be mounted in the Unix filesystem. At the time of
414
this writing, support for this feature exists only for Linux. This is
415
also covered in <a href="ch05.html">Chapter 5</a>.</p>
420
<p>Each option is disabled by default, and none of the features is
421
essential to Samba. However, you may want to include them in your
422
configuration (as we will in our example) at least to be able to try
423
out the options in later chapters.</p>
425
<p>In addition, <a href="ch02.html#samba2-CHP-2-TABLE-1">Table 2-1</a> shows some other parameters
426
that you can give the <em class="filename">configure</em> script if you
427
wish to store parts of the Samba distribution in different places,
428
perhaps to make use of multiple disks or partitions. Note that the
429
defaults sometimes refer to a prefix specified earlier in the table.</p>
431
<a name="samba2-CHP-2-TABLE-1"/><h4 class="head4">Table 2-1. Additional configure options</h4><table border="1">
451
<p><tt class="literal">--prefix</tt><a name="INDEX-34"/><a name="INDEX-35"/>=<em class="replaceable">directory</em></p>
454
<p>Install architecture-independent files at the base directory
458
<p><em class="filename">/usr/local/samba</em></p>
463
<p><tt class="literal">--eprefix</tt><a name="INDEX-36"/><a name="INDEX-37"/>=<em class="replaceable">directory</em></p>
466
<p>Install architecture-dependent files at the base directory specified.</p>
469
<p><em class="filename">/usr/local/samba</em></p>
474
<p><tt class="literal">--bindir</tt><a name="INDEX-38"/><a name="INDEX-39"/>=<em class="replaceable">directory</em></p>
477
<p>Install user executables in the directory specified.</p>
480
<p><em class="replaceable">eprefix</em><em class="filename">/bin</em></p>
485
<p><tt class="literal">--sbindir</tt><a name="INDEX-40"/><a name="INDEX-41"/>=<em class="replaceable">directory</em></p>
488
<p>Install administrator executables in the directory specified.</p>
491
<p><em class="replaceable">eprefix</em><em class="filename">/bin</em></p>
496
<p><tt class="literal">--libexecdir</tt><a name="INDEX-42"/><a name="INDEX-43"/>=<em class="replaceable">directory</em></p>
499
<p>Install program executables in the directory specified.</p>
502
<p><em class="replaceable">eprefix</em><em class="filename">/libexec</em></p>
507
<p><tt class="literal">--datadir</tt><a name="INDEX-44"/><a name="INDEX-45"/>=<em class="replaceable">directory</em></p>
510
<p>Install read-only architecture-independent data in the directory
514
<p><em class="replaceable">prefix</em><em class="filename">/share</em></p>
519
<p><tt class="literal">--libdir</tt><a name="INDEX-46"/><a name="INDEX-47"/>=<em class="replaceable">directory</em></p>
522
<p>Install program libraries in the directory specified.</p>
525
<p><em class="replaceable">eprefix</em><em class="filename">/lib</em></p>
530
<p><tt class="literal">--includedir</tt><a name="INDEX-48"/><a name="INDEX-49"/>=<em class="replaceable">directory</em></p>
533
<p>Install package-include files in the directory specified.</p>
536
<p><em class="replaceable">prefix</em><em class="filename">/include</em></p>
541
<p><tt class="literal">--infodir</tt><a name="INDEX-50"/><a name="INDEX-51"/>=<em class="replaceable">directory</em></p>
544
<p>Install additional information files in the directory specified.</p>
547
<p><em class="replaceable">prefix</em><em class="filename">/info</em></p>
552
<p><tt class="literal">--mandir</tt><a name="INDEX-52"/><a name="INDEX-53"/>=<em class="replaceable">directory</em></p>
555
<p>Install manual pages in the directory specified.</p>
558
<p><em class="replaceable">prefix</em><em class="filename">/man</em></p>
564
<p>Here is a sample execution of the
565
<em class="filename">configure</em><a name="INDEX-54"/>
566
script, which creates a Samba 2.2.6 makefile for the Linux platform.
567
Note that you must run the configure script in the
568
<em class="emphasis">source</em> directory and that we are showing you yet
569
another way to capture the output of the script:</p>
571
<blockquote><pre class="code">$ <tt class="userinput"><b>cd samba-2.2.6/source/</b></tt>
572
$ <tt class="userinput"><b>su</b></tt>
574
# <tt class="userinput"><b>./configure --with-smbwrapper --with-smbmount \</b></tt>
575
<tt class="userinput"><b>--with-msdfs --with-syslog --with-utmp 2>&1 | tee config.my.log</b></tt>
576
loading cache ./config.cache
577
checking for gcc... (cached) gcc
578
checking whether the C compiler (gcc -O ) works... yes
579
checking whether the C compiler (gcc -O ) is a cross-compiler... no
580
checking whether we are using GNU C... (cached) yes
581
checking whether gcc accepts -g... (cached) yes
582
checking for a BSD-compatible install... (cached) /usr/bin/install -c
584
<i class="lineannotation">...(content omitted)...</i>
586
checking configure summary
588
creating ./config.status
589
creating include/stamp-h
591
creating include/config.h</pre></blockquote>
593
<p>In general, any message from <em class="filename">configure</em> that
594
doesn't begin with the words
595
<tt class="literal">checking</tt><a name="INDEX-55"/> or
596
<tt class="literal">creating</tt><a name="INDEX-56"/> is an
597
<a name="INDEX-57"/>error; it often helps to redirect the
598
output of the configure script to a file so that you can quickly
599
search for errors, as we did with the <em class="filename">tee</em>
600
command earlier. If there was an error during configuration, more
601
detailed information about it can be found in the
602
<em class="filename">config.log</em><a name="INDEX-58"/> file, which is written to the local
603
directory by the <em class="filename">configure</em> script, as well as in
604
the <em class="filename">config.my.log</em> file, which we created by
605
piping through the <em class="filename">tee</em> command. These files are
606
very similar in both name and content, but be careful to check both
607
of them for error messages before continuing!</p>
609
<p>If the configuration works, you'll see a
610
<tt class="literal">checking</tt> <tt class="literal">configure</tt>
611
<tt class="literal">summary</tt> message followed by a
612
<tt class="literal">configure</tt> <tt class="literal">OK</tt> message and four
613
or five file-creation messages. So far, so good. <a name="INDEX-59"/></p>
620
<div class="sect1"><a name="samba2-CHP-2-SECT-4"/>
622
<h2 class="head1">Compiling and Installing Samba</h2>
624
<p><a name="INDEX-60"/><a name="INDEX-61"/><a name="INDEX-62"/><a name="INDEX-63"/>At this point you should be ready to build
625
the Samba executables. Compiling is also easy: in the
626
<em class="filename">source</em> directory, type <tt class="literal">make</tt>
627
on the command line. The
628
<em class="filename">make</em><a name="INDEX-64"/> utility will produce a stream of
629
explanatory and success messages, beginning with:</p>
631
<blockquote><pre class="code">Using FLAGS = -O -Iinclude ...</pre></blockquote>
633
<p>This build includes compiles for both <em class="emphasis">smbd</em> and
634
<em class="emphasis">nmbd</em> and ends in a linking command for
635
<em class="filename">bin/nmblookup</em>. For example, here is a sample
636
make of Samba Version 2.2.6 on a Linux server:</p>
638
<blockquote><pre class="code"># make 2>&1 | tee make.log
639
Using FLAGS = -O -Iinclude -I./include -I./ubiqx -I./smbwrapper -D_LARGEFILE64
640
_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -DLOGFILEBASE="/usr/local/samba/va
641
r" -DCONFIGFILE="/usr/local/samba/lib/smb.conf" -DLMHOSTSFILE="/usr/local/samba/
642
lib/lmhosts" -DSWATDIR="/usr/local/samba/swat" -DSBINDIR="/usr/local/samba/bin
643
" -DLOCKDIR="/usr/local/samba/var/locks" -DCODEPAGEDIR="/usr/local/samba/lib/cod
644
epages" -DDRIVERFILE="/usr/local/samba/lib/printers.def" -DBINDIR="/usr/local/sa
645
mba/bin" -DHAVE_INCLUDES_H -DPASSWD_PROGRAM="/bin/passwd" -DSMB_PASSWD_FILE="/u
646
sr/local/samba/private/smbpasswd" -DTDB_PASSWD_FILE="/usr/local/samba/private/sm
648
Using FLAGS32 = -O -Iinclude -I./include -I./ubiqx -I./smbwrapper -D_LARGEFILE
649
64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -DLOGFILEBASE="/usr/local/samba/
650
var" -DCONFIGFILE="/usr/local/samba/lib/smb.conf" -DLMHOSTSFILE="/usr/local/samb
651
a/lib/lmhosts" -DSWATDIR="/usr/local/samba/swat" -DSBINDIR="/usr/local/samba/b
652
in" -DLOCKDIR="/usr/local/samba/var/locks" -DCODEPAGEDIR="/usr/local/samba/lib/c
653
odepages" -DDRIVERFILE="/usr/local/samba/lib/printers.def" -DBINDIR="/usr/local/
654
samba/bin" -DHAVE_INCLUDES_H -DPASSWD_PROGRAM="/bin/passwd" -DSMB_PASSWD_FILE="
655
/usr/local/samba/private/smbpasswd" -DTDB_PASSWD_FILE="/usr/local/samba/private/
657
Using LIBS = -ldl -lnsl -lpam
658
Compiling smbd/server.c
659
Compiling smbd/files.c
660
Compiling smbd/chgpasswd.c
661
Compiling smbd/connection.c
662
Compiling smbd/utmp.c
663
Compiling smbd/session.c
664
Compiling smbd/dfree.c
667
<i class="lineannotation">...(content omitted)...</i>
669
Compiling rpc_server/srv_srvsvc.c
670
Compiling rpc_server/srv_srvsvc_nt.c
671
Compiling rpc_server/srv_util.c
672
Compiling rpc_server/srv_wkssvc.c
673
Compiling rpc_server/srv_wkssvc_nt.c
674
Compiling rpc_server/srv_pipe.c
675
Compiling rpc_server/srv_dfs.c
676
Compiling rpc_server/srv_dfs_nt.c
677
Compiling rpc_server/srv_spoolss.c
678
Compiling rpc_server/srv_spoolss_nt.c
679
Compiling lib/util_getent.c
680
Compiling rpc_parse/parse_lsa.c
681
Compiling rpc_parse/parse_net.c
682
Compiling rpc_parse/parsen/smbmount
683
Compiling client/smbmnt.c
685
Compiling client/smbumount.c
686
Linking bin/smbumount
687
Compiling utils/nmblookup.c
688
Linking bin/nmblookup</pre></blockquote>
690
<p>If you encounter a problem when compiling, first check the Samba
691
documentation to see if it is easily fixable. Another possibility is
692
to search or post to the Samba mailing lists, which are given at the
693
end of <a href="ch12.html">Chapter 12</a> and on the Samba home page. Most
694
compilation issues are system-specific and almost always easy to
697
<p>Now that the files have been compiled, you can install them into the
698
directories you identified with the command:</p>
700
<blockquote><pre class="code">#<tt class="userinput"><b> make install</b></tt></pre></blockquote>
702
<p>If you happen to be <a name="INDEX-65"/>upgrading, your old Samba files will be
703
saved with the extension
704
<em class="emphasis">.old</em>,<a name="INDEX-66"/> and you can go back to that previous
705
version with the command
706
<tt class="literal">make</tt><a name="INDEX-67"/> <tt class="literal">revert</tt>. After doing a
707
<tt class="literal">make</tt><a name="INDEX-68"/> <tt class="literal">install</tt>, you should
708
copy the <em class="emphasis">.old</em> files (if they exist) to a new
709
location or name. Otherwise, the next time you install Samba, the
710
original <em class="emphasis">.old</em> will be overwritten without
711
warning and you could lose your earlier version. If you configured
712
Samba to use the default locations for files, the new files will be
713
installed in the directories listed in <a href="ch02.html#samba2-CHP-2-TABLE-2">Table 2-2</a>.
714
Remember that you need to perform the installation from an account
715
that has write privileges on these target directories; this is
716
typically the root account.</p>
718
<a name="samba2-CHP-2-TABLE-2"/><h4 class="head4">Table 2-2. Samba installation directories</h4><table border="1">
734
<p><em class="emphasis">/usr/local/samba</em></p>
742
<p><em class="emphasis">/usr/local/samba/bin</em></p>
750
<p><em class="emphasis">/usr/local/samba/lib</em></p>
753
<p><em class="emphasis">smb.conf</em>, <em class="emphasis">lmhosts</em>,
754
configuration files, etc.</p>
759
<p><em class="emphasis">/usr/local/samba/man</em></p>
762
<p>Samba documentation</p>
767
<p><em class="emphasis">/usr/local/samba/private</em></p>
770
<p>Samba-encrypted password file</p>
775
<p><em class="emphasis">/usr/local/samba/swat</em></p>
783
<p><em class="emphasis">/usr/local/samba/var</em></p>
786
<p>Samba log files, lock files, browse list info, shared memory files,
793
<p>Throughout the remainder of the book, we occasionally refer to the
794
location of the main tree as <em class="filename">/usr/local/samba</em>.
795
In most configurations, this is the base directory of the installed
796
Samba package; however, it can vary from system to system<em class="filename">
799
<a name="samba2-CHP-2-NOTE-90"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
800
<p>Watch out if you've made <em class="filename">/usr</em> a
801
read-only partition. You will want to put the logs, locks, and
802
password files somewhere else.</p>
805
<p>Here is the installation that we performed on our machine. You can
806
see that we used <em class="filename">/usr/local/samba</em> as the base
807
directory for the distribution:</p>
809
<blockquote><pre class="code"># <tt class="userinput"><b>make install 2>&1 | tee make-install.log</b></tt>
810
Using FLAGS = -O -Iinclude -I./include -I./ubiqx -I./smbwrapper -D_LARGEFILE64
811
_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -DLOGFILEBASE="/usr/local/samba/va
812
r" -DCONFIGFILE="/usr/local/samba/lib/smb.conf"
814
<i class="lineannotation">...(content omitted)...</i>
816
The binaries are installed. You can restore the old binaries (if there
817
were any) using the command "make revert". You can uninstall the binaries
818
using the command "make uninstallbin" or "make uninstall" to uninstall
819
binaries, manpages and shell scripts.
821
<i class="lineannotation">...(content omitted)...</i>
823
======================================================================
824
The SWAT files have been installed. Remember to read the swat/README
825
for information on enabling and using SWAT.
826
======================================================================</pre></blockquote>
828
<p>If the last message is about SWAT, you've
829
successfully installed all the files. Congratulations! You now have
830
Samba on your system!</p>
833
<div class="sect2"><a name="samba2-CHP-2-SECT-4.1"/>
835
<h3 class="head2">Upgrading Your Installation</h3>
837
<p><a name="INDEX-70"/><a name="INDEX-71"/>Eventually a new version of
838
Samba will be released, and you will want to upgrade. This is simple;
839
just repeat the same steps you used to install your current version.
840
Download the source distribution from the Samba web site and install
841
it, then run the <tt class="literal">./configure</tt>,
842
<tt class="literal">make</tt>, and <tt class="literal">make</tt>
843
<tt class="literal">install</tt> commands as before. If
844
you've forgotten which options you used with the
845
<a name="INDEX-72"/><a name="INDEX-73"/><a name="INDEX-74"/><a name="INDEX-75"/><em class="emphasis">configure</em>
846
script, take a look at the
847
<em class="filename">source/config.status</em><a name="INDEX-76"/><a name="INDEX-77"/> file in your previous
848
version's source distribution. The first few lines
849
of this file show the options used the last time
850
<em class="emphasis">configure</em> was run.</p>
852
<p>When you run the <tt class="literal">make
853
install</tt><a name="INDEX-78"/> command to install your new
854
version, the files of the previous version are replaced with the new
855
ones, and then all you have to do is restart the Samba daemons to get
856
your new version running. See <a href="ch02.html#samba2-CHP-2-SECT-8">Section 2.8</a> later in this chapter for directions on how to do this.</p>
862
<div class="sect2"><a name="samba2-CHP-2-SECT-4.2"/>
864
<h3 class="head2">Reconfiguring Samba</h3>
866
<p><a name="INDEX-79"/>If you
867
have already compiled Samba and wish to recompile the same source
868
code with different <em class="emphasis">configure</em> options, you
869
should run the following three commands in the
870
<em class="emphasis">source</em> directory before rerunning the
871
<em class="emphasis">configure</em> script:</p>
873
<blockquote><pre class="code"># <tt class="userinput"><b>autoconf</b></tt>
874
# <tt class="userinput"><b>make clean</b></tt>
875
# <tt class="userinput"><b>rm config.cache</b></tt></pre></blockquote>
877
<p>This ensures that you are starting with a clean slate and that your
878
previous <em class="emphasis">configure</em> command does not leave any
879
data around that can affect your new build. From here, you can rerun
880
<tt class="literal">./configure</tt> and then <tt class="literal">make</tt> and
881
<tt class="literal">make install</tt>.</p>
887
<div class="sect2"><a name="samba2-CHP-2-SECT-4.3"/>
889
<h3 class="head2">Setting Search Paths</h3>
891
<p><a name="INDEX-80"/>You
892
will probably want to run commands included in the Samba distribution
893
without having to specify their full directory paths. For that to
894
work, the directory in which the Samba executables are located,
895
<em class="filename">/usr/local/samba/bin</em> by default, must be added
896
to your shell's <a name="INDEX-81"/>PATH environment variable. This
897
environment variable is usually set in one or more of the
898
shell's startup files, which in the case of
899
<em class="emphasis">bash</em> are <em class="filename">/etc/profile</em>
900
(systemwide) and the <em class="filename">.bash_profile</em> and
901
<em class="filename">.bashrc</em> files in each user's
904
<p>To be able to read the <a name="INDEX-82"/><a name="INDEX-83"/><a name="INDEX-84"/>Samba manual pages using the
905
<em class="emphasis">man</em> command, the directory where
906
Samba's manual pages reside,
907
<em class="filename">/usr/local/samba/man</em> by default, must be in your
908
<a name="INDEX-85"/>MANPATH environment variable. On Red
909
Hat Linux, this can be accomplished by adding the following two lines
910
to <em class="filename">/etc/man.config</em>:</p>
912
<a name="INDEX-86"/><a name="INDEX-87"/><blockquote><pre class="code">
913
MANPATH /usr/local/samba/man
914
MANPATH_MAP /usr/local/samba/bin /usr/local/samba/man</pre></blockquote>
924
<div class="sect1"><a name="samba2-CHP-2-SECT-5"/>
926
<h2 class="head1">Enabling SWAT</h2>
928
<p>The <a name="INDEX-88"/><a name="INDEX-89"/>Samba
929
Web Administration Tool (SWAT) runs as a daemon under
930
<em class="emphasis">inetd</em> or <em class="filename">xinetd </em>and
931
provides a forms-based editor in your web browser for creating and
932
modifying <a name="INDEX-90"/>Samba's
933
configuration file. For SWAT to work, entries must be added for it in
934
the <em class="filename">/etc/services</em> and
935
<em class="filename">/etc/inetd.conf</em> (or
936
<em class="filename">/etc/xinetd.d/swat) </em>configuration files. To add
937
the entries, follow these two steps:</p>
940
<p>Check your <em class="filename">/etc/services</em> file, and if it does
941
not contain the following line, add it to the end of the file:</p>
943
<blockquote><pre class="code">swat 901/tcp</pre></blockquote>
946
<p>Now for <em class="filename">inetd </em><a name="INDEX-91"/>or <em class="filename">xinetd.
947
</em><a name="INDEX-92"/>These are "Internet
948
super daemons" that handle starting daemons on
949
demand, instead of letting them sit around in memory consuming system
950
resources. Most systems use <em class="filename">inetd, </em>but
951
<em class="filename">xinetd </em>is also used in some versions of Unix,
952
notably the Red Hat Linux (Versions 7 and newer) that we use in our
953
examples. You can use the <em class="emphasis">ps</em> command to see
954
which of the two your system is running.</p>
956
<p>For <em class="filename">inetd, </em>add a line to the
957
<em class="emphasis">/etc/</em><em class="filename">inetd.conf </em>file.
958
(Check your <em class="filename">inetd.conf</em> manual page to see the
959
exact format of the<em class="filename"> inetd.conf</em> file if it
960
differs from the following example.) Don't forget to
961
change the path to the SWAT binary if you installed it in a different
962
location from the default <em class="filename">/usr/local/samba</em>:</p>
964
<blockquote><pre class="code">swat stream tcp nowait root /usr/local/samba/bin/swat swat</pre></blockquote>
966
<p>Then force <em class="filename">inetd</em> to reread its configuration
967
file by sending it a SIGHUP (hangup) signal:</p>
969
<blockquote><pre class="code"># <tt class="userinput"><b>/bin/kill -HUP -a inetd</b></tt></pre></blockquote>
971
<p>Notice that we are using a version of the <em class="emphasis">kill</em>
972
command that supports the <em class="emphasis">-a</em> option, so as to
973
allow us to specify the process by name. On FreeBSD and Linux, you
974
can use the <em class="emphasis">killall</em> command<a name="FNPTR-2"/><a href="#FOOTNOTE-2">[2]</a> as follows:</p>
976
<blockquote><pre class="code"># <tt class="userinput"><b>killall -HUP inetd</b></tt></pre></blockquote>
978
<p>If you are not running Linux or FreeBSD and your version of
979
<em class="emphasis">kill</em> doesn't have the
980
<em class="emphasis">-a</em> option, you will need to use the
981
<em class="emphasis">ps</em> command to find the process ID and then
982
supply that to <em class="emphasis">kill</em>:</p>
984
<blockquote><pre class="code"># <tt class="userinput"><b>ps ax | grep inetd</b></tt>
986
1981 pts/4 S 0:00 grep inetd
987
# <tt class="userinput"><b>kill -HUP 780</b></tt></pre></blockquote>
989
<p>If your system is using <em class="filename">xinet, </em>add a file named
990
<em class="emphasis">swat</em> in your <em class="filename">/etc/xinetd.d
991
</em>directory, containing the following:</p>
993
<blockquote><pre class="code"># description: swat is the Samba Web Administration Tool, which
994
# allows an administrator to configure Samba using a web
995
# browser interface, with the URL http://localhost:901
1001
only_from = localhost
1003
log_on_failure += USERID
1004
server = /usr/local/samba/bin/swat
1007
}</pre></blockquote>
1009
<p>Then <em class="emphasis">xinetd</em> needs to be sent a signal<a name="FNPTR-3"/><a href="#FOOTNOTE-3">[3]</a> to make it reread its configuration files:</p>
1011
<blockquote><pre class="code"># <tt class="userinput"><b>/bin/kill -HUP -a xinetd</b></tt></pre></blockquote>
1013
<p>And that's pretty much it for the installation.
1014
Before you can start up Samba, however, you need to create a
1015
configuration file for it.</p>
1022
<div class="sect1"><a name="samba2-CHP-2-SECT-6"/>
1024
<h2 class="head1">A Basic Samba Configuration File</h2>
1026
<p><a name="INDEX-93"/>The
1027
key to configuring Samba is its configuration file,
1028
<em class="filename">smb.conf</em>. This configuration file can be very
1029
simple or extremely complex, and the rest of this book is devoted to
1030
helping you get deeply personal with this file. For now, however,
1031
we'll show you how to set up a single file service,
1032
which will allow you to fire up the Samba daemons and see that
1033
everything is running as it should be. In later chapters, you will
1034
see how to configure Samba for more complicated and interesting
1037
<p>The installation process does not automatically create an
1038
<em class="filename">smb.conf</em> configuration file, although several
1039
example files are included in the Samba distribution. To test the
1040
server software, though, we'll use the following
1041
file, which you can create in a text editor. It should be named
1042
<em class="filename">smb.conf</em> and placed in the
1043
<em class="emphasis">/usr/local/samba/lib</em> directory:<a name="FNPTR-4"/><a href="#FOOTNOTE-4">[4]</a></p>
1045
<blockquote><pre class="code">[global]
1048
comment = For testing only, please
1049
path = /usr/local/samba/tmp
1051
guest ok = yes</pre></blockquote>
1053
<p>This brief configuration file tells the Samba server to offer the
1054
<em class="filename">/usr/local/samba/tmp</em> directory on the server as
1055
an SMB share called <em class="emphasis">test</em>. The server also
1056
becomes part of the METRAN workgroup, of which each client must also
1057
be a part. If you have already chosen a name for your own workgroup,
1058
use the name of your workgroup instead of METRAN in the previous
1059
example. In case you are connecting your Samba system into an
1060
existing network and need to know the workgroup name, you can ask
1061
another system administrator or go to a Windows system in the
1062
workgroup and follow these instructions:</p>
1065
<p>Windows 95/98/Me/NT: open the Control Panel, then double-click the
1066
Network icon. Click the Identification tab, and look for the
1067
"Workgroup:" label.</p>
1069
<p>Windows 2000: open the Control Panel and double-click the System
1070
icon. Click the Network Identification tab. The workgroup name will
1071
appear below the computer name.</p>
1073
<p>Windows XP: open the Control Panel in Classic View mode and
1074
double-click the System icon. Then click the Computer Name tab.</p>
1076
<p>We'll use the <tt class="literal">[test]</tt> share in the
1077
next chapter to set up the Windows clients. For now, you can complete
1078
the setup by performing the following commands as root on your Unix
1081
<blockquote><pre class="code"># <tt class="userinput"><b>mkdir /usr/local/samba/tmp</b></tt>
1082
# <tt class="userinput"><b>chmod 777 /usr/local/samba/tmp</b></tt></pre></blockquote>
1084
<p>You might also want to put a file or two in the
1085
<em class="filename">/usr/local/samba/tmp</em> directory so that after
1086
your Windows systems are initially configured, you will have
1087
something to use to check that everything works.</p>
1089
<p>We should point out that in terms of system security, this is the
1090
worst setup possible. For the moment, however, we only wish to test
1091
Samba, so we'll leave security out of the picture.
1092
In addition, we will encounter some encrypted password issues with
1093
Windows clients later on, so this setup will afford us the least
1094
amount of headaches.</p>
1097
<div class="sect2"><a name="samba2-CHP-2-SECT-6.1"/>
1099
<h3 class="head2">Encrypted Passwords</h3>
1101
<p><a name="INDEX-94"/><a name="INDEX-95"/><a name="INDEX-96"/>If your Windows clients are using Windows
1102
98 or Windows NT 4 Service Pack 3 or above (including Windows 2000
1103
and Windows XP) and you are using a version of Samba earlier than
1104
3.0, you must add the following entry to the
1105
<tt class="literal">[global]</tt> section of the Samba configuration file:</p>
1107
<blockquote><pre class="code">[global]
1108
encrypt passwords = yes</pre></blockquote>
1110
<p>In addition, you must use the
1111
<em class="filename">smbpasswd</em><a name="INDEX-97"/> program (typically located in the
1112
directory <em class="filename">/usr/local/samba/bin/ </em>) to enter the
1113
username/password combinations of the Samba users into
1114
Samba's encrypted password database. For example, if
1115
you wanted to allow Unix user <tt class="literal">steve</tt> to access
1116
shares from a client system, you would use this command:</p>
1118
<blockquote><pre class="code"># <tt class="userinput"><b>smbpasswd -a steve</b></tt>
1120
Retype new SMB password:
1121
Added user steve.</pre></blockquote>
1123
<p>When the first user is added, the program will output a message
1124
saying that the encrypted password database does not exist.
1125
Don't worry: it will then create the database for
1126
you. Make sure that the username/password combinations you add to the
1127
encrypted database match the usernames and passwords you intend to
1128
use on the Windows client side. You must run
1129
<em class="emphasis">smbpasswd</em> for each client user.</p>
1131
<p>In Samba 3.0, passwords are encrypted by default, so the
1132
<tt class="literal">encrypt</tt> <tt class="literal">passwords</tt>
1133
<tt class="literal">=</tt> <tt class="literal">yes</tt> parameter in the
1134
configuration file is optional. However, you will still need to run
1135
the <em class="emphasis">smbpasswd</em> command to add users to the
1136
encrypted password file.</p>
1142
<div class="sect2"><a name="samba2-CHP-2-SECT-6.2"/>
1144
<h3 class="head2">Using SWAT</h3>
1146
<p><a name="INDEX-98"/>Creating
1147
a configuration file with SWAT is even easier than writing a
1148
configuration file by hand. To invoke SWAT, use your web browser to
1149
connect to <em class="emphasis">http://localhost:901</em>, and log on as
1150
root with the root password, as shown in <a href="ch02.html#samba2-CHP-2-FIG-1">Figure 2-1</a>.</p>
1152
<div class="figure"><a name="samba2-CHP-2-FIG-1"/><a name="INDEX-99"/><img src="figs/sam2_0201.gif"/></div><h4 class="head4">Figure 2-1. SWAT login</h4>
1154
<p>After logging in, click the GLOBALS button at the top of the screen.
1155
You should see the Global Variables page shown in <a href="ch02.html#samba2-CHP-2-FIG-2">Figure 2-2</a>.</p>
1157
<div class="figure"><a name="samba2-CHP-2-FIG-2"/><img src="figs/sam2_0202.gif"/></div><h4 class="head4">Figure 2-2. SWAT Global Variables page</h4>
1159
<p>In this example, notice that SWAT retrieved the workgroup name from
1160
the <em class="emphasis">smb.conf</em> file that you created. (If it
1161
didn't, go back and perform that step correctly.)
1162
Make sure that the <tt class="literal">security</tt> field is set to
1163
<tt class="literal">USER</tt>.</p>
1165
<p>If you are running Samba 2.2 and your Windows clients are at least
1166
Windows 98 or Windows NT 4 SP 3 or later versions, find
1167
<tt class="literal">encrypt</tt> <tt class="literal">passwords</tt> in the
1168
Security Options section and select <tt class="literal">yes</tt>.</p>
1170
<p>The only other option you need to change from the menu is one
1171
determining which system on the LAN resolves NetBIOS addresses; this
1172
system is called the <em class="emphasis">WINS server</em>. At the very
1173
bottom of the page, set the <tt class="literal">wins</tt>
1174
<tt class="literal">support</tt> field to <tt class="literal">Yes</tt>, unless
1175
you already have a WINS server on your network. If you do, put the
1176
WINS server's IP address in the
1177
<tt class="literal">wins</tt> <tt class="literal">server</tt> field instead. Then
1178
return to the top of the screen, and press the Commit Changes button
1179
to write the changes out to the <em class="emphasis">smb.conf</em> file.</p>
1181
<p>Next, click the SHARES icon. You should see a page similar to <a href="ch02.html#samba2-CHP-2-FIG-3">Figure 2-3</a>. Select <tt class="literal">test</tt> (to the right
1182
of the Choose Share button), and click the Choose Share button. You
1183
will see the Share Parameters screen, as shown in <a href="ch02.html#samba2-CHP-2-FIG-3">Figure 2-3</a>, with the <tt class="literal">comment</tt> and
1184
<tt class="literal">path</tt> fields filled in from your
1185
<em class="emphasis">smb.conf</em> file.</p>
1187
<div class="figure"><a name="samba2-CHP-2-FIG-3"/><img src="figs/sam2_0203.gif"/></div><h4 class="head4">Figure 2-3. SWAT Share Parameters screen</h4>
1189
<p>If you specified that you want to use encrypted passwords on the
1190
GLOBALS page, click the PASSWORD button. Near the top of the screen,
1191
you will see the Server Password Management section. Enter your Unix
1192
username and password in the spaces, and click the Add New User
1193
button. This functions the same as the <em class="emphasis">smbpasswd</em>
1194
utility and creates an entry in the
1195
<em class="emphasis">/usr/local/samba/private/smbpasswd</em> file to allow
1196
you to authenticate from a Windows client.</p>
1198
<p>Now click the VIEW button at the top, and SWAT shows you the
1199
following <em class="filename">smb.conf</em> file:</p>
1201
<blockquote><pre class="code"># Samba config file created using SWAT
1202
# from localhost (127.0.0.1)
1203
# Date: 2002/09/05 04:56:43
1207
encrypt passwords = Yes
1211
comment = For testing only!
1212
path = /usr/local/samba/tmp
1213
read only = No</pre></blockquote>
1215
<p>Once this configuration file is completed, you can skip the next step
1216
because the output of SWAT is guaranteed to be syntactically correct.
1217
<a name="INDEX-100"/></p>
1223
<div class="sect2"><a name="samba2-CHP-2-SECT-6.3"/>
1225
<h3 class="head2">Disabling Oplocks</h3>
1227
<p>The <em class="filename">smb.conf</em><a name="INDEX-101"/><a name="INDEX-102"/>
1228
file you have just created is certainly good enough for the purpose
1229
of initial setup and testing, and you can use it as a starting point
1230
from which to develop the configuration of your production Samba
1231
server. But before you get too far with that, we want to bring one
1232
thing to your attention.</p>
1234
<p>If you are the type of administrator who is highly concerned about
1235
data integrity, you might want to make the following modification to
1236
your <em class="filename">smb.conf</em> file before continuing:</p>
1238
<blockquote><pre class="code">[global]
1239
oplocks = no</pre></blockquote>
1241
<p>That is, use a text editor to add the line <tt class="literal">oplocks</tt>
1242
<tt class="literal">=</tt> <tt class="literal">no</tt> to the
1243
<tt class="literal">[global]</tt> section of your
1244
<em class="filename">smb.conf</em> file. With this example, as with other
1245
examples we will present throughout this book, you do not need to
1246
enter the <tt class="literal">[global]</tt> line again in your
1247
configuration file. We include it only to indicate in which section
1248
the parameter belongs.</p>
1250
<p>The <tt class="literal">oplocks</tt> <tt class="literal">=</tt>
1251
<tt class="literal">no</tt> parameter disables opportunistic locking by
1252
clients. This will result in significantly poorer performance, but
1253
will help ensure that flaky Windows clients and/or unreliable network
1254
hardware will not lead to corrupted files on the Samba server.</p>
1256
<p>We will cover opportunistic locking (oplocks) in more detail in the
1257
section "Locks and Oplocks" in
1258
<a href="ch08.html">Chapter 8</a>, and recommend that you understand the
1259
ideas presented there before implementing a production Samba server
1260
that serves database files or other valuable data.</p>
1266
<div class="sect2"><a name="samba2-CHP-2-SECT-6.4"/>
1268
<h3 class="head2">Testing the Configuration File</h3>
1270
<p><a name="INDEX-103"/>If you
1271
didn't use SWAT to create your configuration file,
1272
you should probably test it to ensure that it is syntactically
1273
correct. It might seem silly to run a test program against an
1274
eight-line configuration file, but it's good
1275
practice for the real ones that we'll be writing
1279
<em class="filename">testparm</em><a name="INDEX-104"/>, examines an
1280
<em class="filename">smb.conf</em> file for syntax errors and reports any
1281
it finds along with a list of the services enabled on your machine.
1282
An example follows; you'll notice that in our haste
1283
to get the server running we mistyped <tt class="literal">workgroup</tt> as
1284
<tt class="literal">workgrp</tt> (the output is often lengthy, so we
1285
recommend capturing it with the <em class="emphasis">tee</em> command):</p>
1287
<blockquote><pre class="code">Load smb config files from smb.conf
1288
Unknown parameter encountered: "workgrp"
1289
Ignoring unknown parameter "workgrp"
1290
Processing section "[test]"
1291
Loaded services file OK.
1292
Press Enter to see a dump of your service definitions
1295
workgroup = WORKGROUP
1298
server string = Samba 2.2.6
1300
bind interfaces only = No
1302
<i class="lineannotation">...(content omitted)...</i>
1305
comment = For testing only!
1306
path = /usr/local/samba/tmp
1307
read only = No</pre></blockquote>
1309
<p>The interesting parts are at the top and bottom. The top of the
1310
output will flag any syntax errors that you might have made, and the
1311
bottom lists the services that the server thinks it should offer. A
1312
word of advice: make sure you and the server have the same
1313
expectations. <a name="INDEX-105"/></p>
1323
<div class="sect1"><a name="samba2-CHP-2-SECT-7"/>
1325
<h2 class="head1">Firewall Configuration</h2>
1327
<p><a name="INDEX-106"/>As
1328
with any services that run on TCP/IP, the SMB networking services
1329
offered by Samba can be accessed from across the Internet unless your
1330
organization's firewall is properly configured. The
1331
following ports are used by Samba for SMB networking and SWAT:</p>
1334
<dt><b>Port 137</b></dt>
1336
<p>Used for NetBIOS network browsing</p>
1341
<dt><b>Port 138</b></dt>
1343
<p>Used for NetBIOS name service</p>
1348
<dt><b>Port 139</b></dt>
1350
<p>Used for file and printer sharing and other operations</p>
1355
<dt><b>Port 445</b></dt>
1357
<p>Used by Windows 2000/XP when NetBIOS over TCP/IP is disabled</p>
1362
<dt><b>Port 901</b></dt>
1369
<p>At the minimum, your organization's Internet
1370
firewall should shut down all the ports in the list to traffic in
1371
both directions. Do not assume that preventing incoming connections
1372
is sufficient; there are cracks that trick Windows clients into
1373
sending data out of the local area network and into the Internet by
1374
SMB protocol, even from a local network that uses private IP
1375
addresses not forwarded by routers. If you want SMB traffic to travel
1376
across the Internet to remote sites, the best way is to use a virtual
1377
private network (VPN). See the O'Reilly book,
1378
<em class="citetitle">Virtual Private Networks</em>, for more information
1379
on this subject.</p>
1381
<p>In addition, you might wish to configure a firewall on the Samba host
1382
system to keep SMB packets from traveling further than necessary
1383
within your organization's network. For example,
1384
port 901 can be shut down for remote accesses so that SWAT can be run
1385
only on the Samba host system. If you are using Samba to serve only a
1386
fraction of the client systems within your organization, consider
1387
allowing SMB packets (i.e., packets on ports 137-139 and 445) to go
1388
to or come from only those clients.</p>
1390
<p>For more information on configuring firewalls, see the
1391
O'Reilly book <em class="citetitle">Building Internet
1399
<div class="sect1"><a name="samba2-CHP-2-SECT-8"/>
1401
<h2 class="head1">Starting the Samba Daemons</h2>
1403
<p>Two Samba processes,
1404
<em class="emphasis">smbd</em><a name="INDEX-107"/> and
1405
<em class="emphasis">nmbd</em><a name="INDEX-108"/>, need to be running for Samba to work
1406
correctly. There are three ways to start them:</p>
1411
<p>Automatically, during system boot</p>
1413
<p>From <em class="emphasis">inetd or xinetd</em></p>
1416
<div class="sect2"><a name="samba2-CHP-2-SECT-8.1"/>
1418
<h3 class="head2">Starting the Daemons Manually</h3>
1420
<p><a name="INDEX-109"/><a name="INDEX-110"/>If you're in a
1421
hurry, you can start the Samba daemons by hand. As root, simply enter
1422
the following commands:</p>
1424
<blockquote><pre class="code"># <tt class="userinput"><b>/usr/local/samba/bin/smbd -D</b></tt>
1425
# <tt class="userinput"><b>/usr/local/samba/bin/nmbd -D</b></tt></pre></blockquote>
1427
<p>Samba will now be running on your system and is ready to accept
1428
connections. However, keep in mind that if either of the daemons exit
1429
for any reason (including system reboots), they will need to be
1430
restarted manually.</p>
1436
<div class="sect2"><a name="samba2-CHP-2-SECT-8.2"/>
1438
<h3 class="head2">Automatic Startup</h3>
1440
<p><a name="INDEX-111"/><a name="INDEX-112"/>To have the Samba daemons
1441
started automatically when the system boots, you need to add the
1442
commands listed in the previous section to your standard Unix startup
1443
scripts. The exact method varies depending on the flavor of Unix
1447
<div class="sect3"><a name="samba2-CHP-2-SECT-8.2.1"/>
1449
<h3 class="head3">BSD Unix</h3>
1451
<p><a name="INDEX-113"/><a name="INDEX-114"/><a name="INDEX-115"/>With a BSD-style Unix, you need to append
1452
the following code to the <em class="filename">rc.local </em>file, which
1453
is typically found in the <em class="filename">/etc</em> or
1454
<em class="filename">/etc/rc.d</em> directories:</p>
1456
<blockquote><pre class="code">if [ -x /usr/local/samba/bin/smbd]; then
1457
echo "Starting smbd..."
1458
/usr/local/samba/bin/smbd -D
1459
echo "Starting nmbd..."
1460
/usr/local/samba/bin/nmbd -D
1461
fi</pre></blockquote>
1463
<p>This code is very simple: it checks to see if the
1464
<em class="filename">smbd</em> file exists and has execute permissions,
1465
and if it does, it starts up both of the Samba daemons on system
1473
<div class="sect3"><a name="samba2-CHP-2-SECT-8.2.2"/>
1475
<h3 class="head3">System V Unix</h3>
1477
<p><a name="INDEX-116"/><a name="INDEX-117"/><a name="INDEX-118"/>With System V, things can get a little
1478
more complex. Depending on your Unix version, you might be able to
1479
get away with making a simple change to an
1480
<em class="filename">rc.local</em> file as with BSD Unix, but System V
1481
typically uses directories containing links to scripts that control
1482
daemons on the system. Hence, you need to instruct the system how to
1483
start and stop the Samba daemons. The first step to implement this is
1484
to modify the contents of the <em class="filename">/etc/rc.d/init.d</em>
1485
directory by adding something similar to the following shell script,
1486
which for this example we will name <em class="filename">smb </em>:</p>
1488
<blockquote><pre class="code">#!/bin/sh
1490
# Check that the Samba configuration file exists
1491
[ -f /usr/local/samba/lib/smb.conf ] || exit 0
1495
echo -n "Starting SMB services: "
1496
/usr/local/samba/bin/smbd -D
1500
echo -n "Starting NMB services: "
1501
/usr/local/samba/bin/nmbd -D
1503
if [ $ERROR2 -ne 0 ]
1514
echo -n "Shutting down SMB services: "
1515
/bin/kill -TERM -a smbd
1519
echo -n "Shutting down NMB services: "
1520
/bin/kill -TERM -a nmbd
1522
if [ $ERROR2 -ne 0 ]
1531
case "$1" in
1539
echo "Usage: $0 {start|stop}"
1543
exit $?</pre></blockquote>
1545
<p>With this script, you can start and stop <em class="emphasis">smbd</em>
1546
and <em class="emphasis">nmbd</em> like this:</p>
1548
<blockquote><pre class="code"># <tt class="userinput"><b>/etc/rc.d/init.d/smb start</b></tt>
1549
Starting SMB services:
1550
Starting NMB services:
1551
# <tt class="userinput"><b>ps ax | grep mbd</b></tt>
1552
1268 ? S 0:00 /usr/local/samba/bin/smbd -D
1553
1270 ? S 0:00 /usr/local/samba/bin/nmbd -D
1554
1465 pts/2 S 0:00 grep mbd
1555
# <tt class="userinput"><b>/etc/rc.d/init.d/smb stop</b></tt>
1556
Shutting down SMB services:
1557
Shutting down NMB services:</pre></blockquote>
1559
<p>If you are having trouble writing a startup script for your system,
1560
check to see if there is a packaged release of Samba (available from
1561
your Unix vendor or the Samba FTP site). If so, you might be able to
1562
extract a startup script from it to use as a starting point.
1563
Typically, this script doesn't change much (if at
1564
all) from release to release, so using a script from an older Samba
1565
version should not be a problem. Another possibility is to check the
1566
<em class="filename">packaging</em> directory in the Samba source
1567
distribution. In that directory, there are subdirectories for many
1568
Unix versions in which you can find a startup script for those
1569
versions. Even if your version isn't included, you
1570
can probably find a startup script for a similar version to use as a
1573
<p>Finally, we need to add symbolic links to the
1574
<em class="filename">smb</em> script in the
1575
<em class="emphasis">/etc/rc.d/rcX.d</em> directories:</p>
1577
<blockquote><pre class="code"># <tt class="userinput"><b>ln -s /etc/rc.d/init.d/smb /etc/rc.d/rc3.d/S35smb</b></tt>
1578
# <tt class="userinput"><b>ln -s /etc/rc.d/init.d/smb /etc/rc.d/rc5.d/S35smb</b></tt>
1580
# <tt class="userinput"><b>ln -s /etc/rc.d/init.d/smb /etc/rc.d/rc0.d/K35smb</b></tt>
1581
# <tt class="userinput"><b>ln -s /etc/rc.d/init.d/smb /etc/rc.d/rc1.d/K35smb</b></tt>
1582
# <tt class="userinput"><b>ln -s /etc/rc.d/init.d/smb /etc/rc.d/rc2.d/K35smb</b></tt>
1583
# <tt class="userinput"><b>ln -s /etc/rc.d/init.d/smb /etc/rc.d/rc4.d/K35smb</b></tt>
1584
# <tt class="userinput"><b>ln -s /etc/rc.d/init.d/smb /etc/rc.d/rc6.d/K35smb</b></tt></pre></blockquote>
1586
<p>The first two commands, with link names starting with an
1587
"S", cause Samba to be started when
1588
entering runlevels 3 or 5, which are the runlevels in which network
1589
file sharing (NFS) is normally enabled. The second group of commands,
1590
with link names starting with a
1591
"K", cause Samba to be shut down
1592
when entering any of the other runlevels (0, 1, 2, 4, or 6).</p>
1594
<p>The links starting with "S" are
1595
used to start the daemons, and the links starting with
1596
"K" are used for killing them. When
1597
the runlevel is changed, the links starting with
1598
"K" in the corresponding directory
1599
(e.g., the <em class="filename">rc3.d</em> directory for runlevel 3) are
1600
executed, followed by the links starting with
1601
"S". If we wanted, we could have
1602
Samba restarted when switching between runlevels 3 and 5 by adding a
1603
<em class="filename">K35smb</em> link to each <em class="filename">rc3.d</em>
1604
and <em class="filename">rc5.d </em>directory.</p>
1606
<p>The number after the K or S in the link names is used to set the
1607
order in which all the daemons with links in the directory are
1608
started or killed off. Get a long listing of the
1609
<em class="emphasis">rc3.d</em> or <em class="emphasis">rc5.d</em> directories
1610
to see how this is set up on your system. We use 35 to match the
1611
behavior of Red Hat's Samba RPM package. The
1612
important thing is to make sure when starting Samba that all services
1613
it requires are started before it. When shutting down, it is a good
1614
idea to shut down Samba before services it requires to avoid excess
1615
error messages in the log files, but the order is not as crucial.</p>
1622
<div class="sect3"><a name="samba2-CHP-2-SECT-8.2.3"/>
1624
<h3 class="head3">Darwin and Mac OS X</h3>
1626
<p><a name="INDEX-119"/><a name="INDEX-120"/><a name="INDEX-121"/><a name="INDEX-122"/>An installation of Samba is bundled with the
1627
Darwin distribution, which is included in Mac OS X.<a name="FNPTR-5"/><a href="#FOOTNOTE-5">[5]</a> </p>
1629
<p>The Samba daemons are started during system
1631
<em class="filename">/System/Library/StartupItems/Samba/Samba</em>. To
1632
trigger the execution of this script, edit the file
1633
<em class="filename">/etc/hostconfig</em> and change the SMBSERVER
1634
parameter to look like this:</p>
1636
<blockquote><pre class="code">SMBSERVER=-YES-</pre></blockquote>
1638
<p>On Mac OS X, the graphical user interface (GUI) provides an
1639
alternative to using the command line. Launch the System Preferences
1640
application, and select Sharing (see <a href="ch02.html#samba2-CHP-2-FIG-4">Figure 2-4</a>).
1641
Under the Services tab, turn on Windows File Sharing. This will make
1642
the aforementioned change to <em class="filename">/etc/hostconfig</em> and
1643
immediately execute the startup item.</p>
1645
<div class="figure"><a name="samba2-CHP-2-FIG-4"/><img src="figs/sam2_0204.gif"/></div><h4 class="head4">Figure 2-4. Mac OS X sharing preferences</h4>
1647
<p>If you decide to install Samba yourself on Mac OS X,
1648
it's best not to stomp on the installation provided
1649
with the OS. Use the procedures detailed earlier in this chapter to
1650
install the software into <em class="filename">/usr/local/samba</em> or
1651
some other area unaffected by OS upgrades. (Remember to set up users
1652
with <em class="emphasis">smbpasswd</em> if you're using
1653
encrypted passwords, as described earlier in this chapter. This step
1654
is handled automatically with entries in
1655
<em class="filename">/var/db/samba/hash</em> if you're
1656
using the built-in server on Mac OS X.) Once you've
1657
got that working, you can edit the Samba startup item script to refer
1658
to your installation, like this:</p>
1660
<blockquote><pre class="code"> #!/bin/sh
1665
if [ "${SMBSERVER:=-NO-}" = "-YES-" ]; then
1666
ConsoleMessage "Starting SMB server"
1668
if [ -f /usr/local/samba/lib/smb.conf ]; then
1669
/usr/local/samba/bin/smbd -D
1670
/usr/local/samba/bin/nmbd -D
1672
fi</pre></blockquote>
1674
<p>However, beware of OS updates, which can wipe out your changes. One
1675
solution is to make the script immutable, like this:</p>
1677
<blockquote><pre class="code"># <tt class="userinput"><b>chflags uchg /System/Library/StartupItems/Samba/Samba</b></tt></pre></blockquote>
1684
<div class="sect3"><a name="samba2-CHP-2-SECT-8.2.4"/>
1686
<h3 class="head3">Testing automatic startup</h3>
1688
<p><a name="INDEX-123"/><a name="INDEX-124"/>If you can afford a few minutes of
1689
downtime, reboot your system and again use the
1690
<em class="emphasis">ps</em> command to check that the
1691
<em class="emphasis">smbd</em> and <em class="emphasis">nmbd</em> daemons are
1692
running. And if you are managing a 24/7 server, we highly recommend
1693
that you find some downtime in which to reboot and perform this
1694
check. Otherwise, your next unscheduled downtime might surprise you
1695
with a mysterious absence of SMB networking services when the system
1696
comes up again! <a name="INDEX-125"/><a name="INDEX-126"/></p>
1705
<div class="sect2"><a name="samba2-CHP-2-SECT-8.3"/>
1707
<h3 class="head2">Starting from inetd</h3>
1709
<p><a name="INDEX-127"/><a name="INDEX-128"/><a name="INDEX-129"/>The <em class="emphasis">inetd</em>
1710
<em class="emphasis"><a name="FNPTR-6"/><a href="#FOOTNOTE-6">[6]</a></em> daemon is a Unix
1711
system's Internet "super
1712
daemon." It listens on ports defined in
1713
<em class="filename">/etc/services</em> and executes the appropriate
1714
program for each port, which is defined in
1715
<em class="filename">/etc/inetd.conf</em>. The advantage of this scheme is
1716
that you can have a large number of daemons ready to answer queries,
1717
but they don't all have to be running all the time.
1718
Instead, <em class="emphasis">inetd</em> listens for connection requests
1719
and starts the appropriate daemon when it is needed. The penalty is a
1720
small overhead cost of creating a new daemon process, as well as the
1721
fact that you need to edit two files rather than one to set things
1722
up. The <em class="emphasis">inetd</em> daemon is handy if you have only
1723
one or two Samba users or your machine is running too many daemons
1724
already. It's also easier to perform an upgrade
1725
without disturbing an existing connection.</p>
1727
<p>If you wish to start from <em class="filename">inetd</em>, first open
1728
<em class="filename">/etc/services</em> in your text editor. If you
1729
don't already have them defined, add the following
1732
<blockquote><pre class="code">netbios-ssn 139/tcp
1733
netbios-ns 137/udp</pre></blockquote>
1735
<p>Next, edit <em class="filename">/etc/inetd.conf</em>. Look for the
1736
following two lines and add them if they don't
1737
exist. If you already have <tt class="literal">smbd</tt> and
1738
<tt class="literal">nmbd</tt> lines in the file, edit them to point at the
1739
new <em class="emphasis">smbd</em> and <em class="emphasis">nmbd</em>
1740
you've installed. Your brand of Unix might use a
1741
slightly different syntax in this file; use the existing entries and
1742
the <em class="filename">inetd.conf </em> manual
1743
page as a guide:</p>
1745
<blockquote><pre class="code">netbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd smbd
1746
netbios-ns dgram udp wait root /usr/local/samba/bin/nmbd nmbd</pre></blockquote>
1748
<p>Finally, kill any <em class="emphasis">smbd</em> or
1749
<em class="emphasis">nmbd</em> processes and send the
1750
<em class="emphasis">inetd</em> process a hangup (HUP) signal to tell it
1751
to reread its configuration file:</p>
1753
<blockquote><pre class="code"># <tt class="userinput"><b>/bin/kill -TERM -a smbd</b></tt>
1754
# <tt class="userinput"><b>/bin/kill -TERM -a nmbd</b></tt>
1755
# <tt class="userinput"><b>/bin/kill -HUP -a inetd</b></tt></pre></blockquote>
1757
<p>After that, Samba should be up and running.</p>
1759
<p>As we've pointed out before, Red Hat and perhaps
1760
other Unix vendors supply <em class="emphasis">xinetd</em> rather than
1761
<em class="emphasis">inetd</em>. If you need to use
1762
<em class="emphasis">xinetd</em>, you will need to supply a configuration
1763
file in the <em class="emphasis">/etc/xinetd.d</em> directory.
1764
<a name="INDEX-130"/></p>
1774
<div class="sect1"><a name="samba2-CHP-2-SECT-9"/>
1776
<h2 class="head1">Testing the Samba Daemons</h2>
1778
<p><a name="INDEX-131"/><a name="INDEX-132"/>We're
1779
nearly done with the Samba server setup. All that's
1780
left to do is to make sure everything is working as we think it
1781
should. A convenient way to do this is to use the
1782
<em class="filename">smbclient</em><a name="INDEX-133"/> program to examine what the server is
1783
offering to the network. If everything is set up properly, you should
1784
be able to do the following:</p>
1786
<blockquote><pre class="code"># <tt class="userinput"><b>/usr/local/samba/bin/smbclient -U% -L localhost</b></tt>
1787
added interface ip=172.16.1.1 bcast=172.16.1.255 nmask=255.255.255.0
1788
Domain=[METRAN] OS=[Unix] Server=[Samba 2.2.6]
1790
Sharename Type Comment
1791
--------- ---- -------
1792
test Disk For testing only, please
1793
IPC$ IPC IPC Service (Samba 2.2.6)
1794
ADMIN$ Disk IPC Service (Samba 2.2.6)
1798
TOLTEC Samba 2.2.6 on toltec
1802
METRAN TOLTEC</pre></blockquote>
1804
<p>If there is a problem, don't panic! Try to start the
1805
daemons manually, and check the system output or the debug files at
1806
<em class="filename">/usr/local/samba/var/log.smb</em><a name="INDEX-134"/><a name="INDEX-135"/><a name="INDEX-136"/> to see if you can determine what happened.
1807
If you think it might be a more serious problem, skip to <a href="ch12.html">Chapter 12</a> for help on troubleshooting the Samba daemons.</p>
1809
<p>If it worked, congratulations! You now have successfully set up the
1810
Samba server with a disk share. It's a simple one,
1811
but we can use it to set up and test the Windows 95/98/Me and
1812
NT/2000/XP clients in the next chapter. Then we will start making it
1813
more interesting by adding services such as home directories,
1814
printers, and security, and by seeing how to integrate the server
1815
into a larger Windows domain. <a name="INDEX-137"/></p>
1820
<hr/><h4 class="head4">Footnotes</h4><blockquote><a name="FOOTNOTE-1"/>
1821
<p><a href="#FNPTR-1">[1]</a> <em class="emphasis">gcc</em> binaries are available for almost
1822
every modern machine. See <a href="http://www.gnu.org/">http://www.gnu.org/</a> for a list of sites with
1823
<em class="emphasis">gcc</em> and other GNU software.</p> <a name="FOOTNOTE-2"/> <p><a href="#FNPTR-2">[2]</a> Do
1824
not confuse this with the Solaris <em class="emphasis">killall</em>
1825
command, which performs part of the system shutdown sequence!</p>
1826
<a name="FOOTNOTE-3"/>
1827
<p><a href="#FNPTR-3">[3]</a> Depending on the version of <em class="emphasis">xinetd</em> you
1828
have and how it was compiled, you might need to send a USR1 or some
1829
other signal rather than the HUP signal. Check the manual page for
1830
<em class="emphasis">xinetd (8)</em> on your system for details.</p>
1831
<a name="FOOTNOTE-4"/>
1832
<p><a href="#FNPTR-4">[4]</a> If you did not compile Samba, but instead downloaded a binary,
1833
check with the documentation for the package to find out where it
1834
expects the <em class="filename">smb.conf</em> file to be. Or, try running
1835
the <em class="emphasis">testparm</em> program and look for the location
1836
of <em class="filename">smb.conf</em> in the first line of output. If
1837
Samba came preinstalled with your Unix system, an
1838
<em class="filename">smb.conf</em> file is probably already somewhere on
1839
your system.</p> <a name="FOOTNOTE-5"/>
1840
<p><a href="#FNPTR-5">[5]</a> In this book, we cover Darwin Version 6.0 and OS X Version
1841
10.2.</p> <a name="FOOTNOTE-6"/> <p><a href="#FNPTR-6">[6]</a> With early releases of Samba 2.2, there were reports
1842
of intermittent errors when starting from <em class="emphasis">inetd</em>.
1843
We provide this information so that it will be available for later
1844
releases when the problem will hopefully have been identified and
1845
corrected.</p> </blockquote>
1848
<hr/><h4 class="head4"><a href="toc.html">TOC</a></h4>