| The Unofficial Samba HOWTO | ||
|---|---|---|
| Prev | Next | |
"All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use hammer." -- IBM maintenance manual, 1975
When installing Samba, you can either choose from a binary or source distribution. Binaries are usually pre-compiled and available from your Linux vendor's distribution CD. The disadvantage is that you're never certain how the binary was configured during the build. Additionally, such binaries tend to be optimized for older processors and not the modern Pentium-based ones. Building from scratch is perhaps the best way to gain experience in *NIX.
To download both Samba and its PGP signature, you can use something like:
$ wget
http://us1.samba.org/samba/ftp/samba-3.0.2a.tar.gz
$ wget
http://us1.samba.org/samba/ftp/samba-3.0.2a.tar.asc
Verifying a file's PGP signature allows you to ensure that the file itself has not been tampered with. In these days of insecurity, it's an absolute must when building from scratch for any program. You'll need gpg or a similar program to do this.
First, we need to download the master Samba Signing Public Key and import it. Otherwise, we have no way to verify the two files we've just downloaded:
$ gpg --keyserver www.keyserver.net --recv-keys
0x2F87AF6F
Since only the tar verision of the file is signed, we need to gunzip(1) and verify it:
$ gunzip samba-3.0.2a.tar.gz $ gpg --verify samba-3.0.2a.tar.asc
You should see something like the following (below). The warnings about "no ultimately trusted keys found" can be ignored since we only imported the Samba master signing key and have not ultimately trusted it.
gpg: Signature made Mon Dec 15 06:56:17 2003 PST using DSA key ID 2F87AF6F gpg: Good signature from "Samba Distribution Verification Key <samba-bugs@samba.org>" gpg: checking the trustdb gpg: no ultimately trusted keys found gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 3275 F01D 6565 3A81 AE7B 320C D779 0A5F 2F87 AF6F
What you would not want to see would be something like:
gpg: Signature made Mon Dec 15 06:56:17 2003 PST using DSA key ID 2F87AF6F gpg: BAD signature from "Samba Distribution Verification Key <samba-bugs@samba.org>"
Last but not least, we should finish uncompressing our Samba source file:
$ tar xf samba-3.0.2a.tar
To install Samba with these configuration options, use:
$ cd samba-3.0.2a/source
$ ./configure
\
--prefix=/usr
\
--localstatedir=/var
\
--with-configdir=/etc/samba
\
--with-privatedir=/etc/samba/private
\
--with-lockdir=/var/lock
\
--with-piddir=/var/run
\
--with-logfilebase=/var/log
\
--with-smbmount
\
--with-utmp
\
--with-syslog
The configuration options roughly translate to:
--prefix=/usr
Without this setting, Samba will be installed in /usr/local/samba, a location steeped in historical precedence. Developers tend to prefer to have everything in one place as they tend to "blow away" the directory several times during a day as part of development. However, it's useful to have Samba be installed in our system path.
--localstatedir=/var
Place all variable state data in /var rather than /usr/local/samba/var
--with-configdir=/etc
Place all system configuration files in /etc/samba rather than /usr/local/samba/conf
--with-privatedir=/etc/samba/private
Place the smbpasswd database, along with other private files, in /etc/samba/private rather than /usr/local/samba/conf/private
--with-lockdir=/var/lock
Place the lockfile in /var/lock rather than /usr/local/samba/var/locks
--with-piddir=/var/run
Place the runtime file in /var/run rather than /usr/local/samba/var/locks
--with-logfilebase=/var/log
Place the logfiles in /var/log rather than /usr/local/samba/var/log
--with-smbmount
If you plan to mount Windows shares on your Linux box, you'll need this command. Usually, your system's mount command requires no additional information about the type of filesystem you are attempting to mount. For a few types however (e.g., NFS, SMB/CIFS), additional code is necessary. Using this option automatically creates the smbmount and smbumount commands along with the file /sbin/mount.smbfs (which is actually just a soft link to smbmount).
--with-utmp
Tells Samba to generate user accounting statistcs in the system's utmp file.
--with-syslog
Enable experiemental logging directly via syslog.
Next, we'll build Samba:
$ make
If space is an issue, you can remove any unneeded symbols from the compiled binaries and libraries to reduce the size of the program. As a result, our final Samba package will be approximately 19 MB in size instead of 41 MB. We have to be careful doing this as we don't want to remove any necessary symbols from our shared library file (libsmbclient.so). If this is something you really want to do, you can try:
$ strip --strip-debug bin/libsmbclient.so
$ mv
bin/libsmbclient.so .
$ strip --strip-unneeded bin/*
$ mv libsmbclient.so
bin/
Finally, we'll install the program:
# make install
SWAT should really stand for "Single Worst Annoying Technology". Unless you really want to short-change your learning curve and/or have a need for this, you'll want to remove it. Those that configure the system by hand will be better off than their SWAT-dependent counterparts. To remove swat, simply run:
# rm -rf /usr/swat
First, verify that your /etc/services file includes the following definitions (chances are that they're already defined). Don't be suprised if you see entries for 137/tcp and so forth; IANA typically includes both tcp and udp entries regardless of whether or not the protocol requires it. The following entries correspond to http://www.iana.org/assignments/port-numbers:
netbios-ns 137/udp # NETBIOS Name Service netbios-dgm 138/udp # NETBIOS Datagram Service netbios-ssn 139/tcp # NETBIOS Session Service microsoft-ds 445/tcp # Microsoft-DS
You'll need to create your initial smb.conf(5) file in /etc/samba/smb.conf. The following won't do much other than allow you to run Samba (it doesn't even list any shared yet); however you'll need this file in order to run Samba and continue configuring it.
[global]
netbios name = ServerName
workgroup = WORKGROUP
security = user
log file = /var/log/samba.log
log level = 1
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192
wins support = yes
domain logons = yes
os level = 99
To run the file sharing portion of the Samba server, use:
# /usr/sbin/smbd -D
To run the WINS portion of the Samba server, you'll also want to run:
# /usr/sbin/nmbd -D
To automatically start and stop Samba, you can use:
#!/bin/sh
# $Id: rc.samba,v 1.2 2004/02/03 11:15:11 davidrl Exp $
# chkconfig: 2345 24 48
# description: Script to start/stop/restart the Samba SMB file/print server.
samba_start() {
if [ -f /etc/samba/smb.conf ]; then
if [ -x /usr/bin/smbd ]; then
echo "Starting Samba (smbd)"
/usr/bin/smbd -D
fi
if [ -x /usr/bin/nmbd ]; then
echo "Starting Samba (nmbd)"
/usr/bin/nmbd -D
fi
fi
}
samba_stop() {
echo "Stopping Samba..."
if [ -f /var/locks/smbd.pid ]; then
kill `cat /var/locks/smbd.pid`
fi
if [ -f /var/locks/nmbd.pid ]; then
kill `cat /var/locks/nmbd.pid`
fi
}
samba_restart() {
samba_stop
sleep 5
samba_start
}
case "$1" in
'start')
samba_start
;;
'stop')
samba_stop
;;
'restart')
samba_restart
;;
*)
echo "Usage: $0 start|stop|restart"
esac
| Prev | Home | Next |
| Introduction | Server Configuration |