Samba-3.0.11

Introduction to Samba

The Samba package provides file and print services to SMB/CIFS clients and Windows networking to Linux clients. Samba can also be configured as a Windows NT 4.0 Domain Controller replacement (with caveats working with NT PDC's and BDC's), a file/print server acting as a member of a Windows NT 4.0 or Active Directory domain and a NetBIOS (rfc1001/1002) nameserver (which amongst other things provides LAN browsing support).

Package information

Installation of Samba

Install Samba by running the following commands:

cd source &&
install -d /var/cache/samba &&
./configure \
    --prefix=/usr \
    --sysconfdir=/etc \
    --localstatedir=/var \
    --with-piddir=/var/run \
    --with-fhs \
    --with-smbmount &&
make

Now, as the root user:

make install &&
mv /usr/lib/samba/libsmbclient.so /usr/lib &&
ln -sf ../libsmbclient.so /usr/lib/samba &&
chmod 644 /usr/include/libsmbclient.h \
          /usr/lib/samba/libsmbclient.a &&
install -m755 nsswitch/libnss_win{s,bind}.so /lib &&
ln -sf libnss_winbind.so /lib/libnss_winbind.so.2 &&
ln -sf libnss_wins.so /lib/libnss_wins.so.2 &&
cp ../examples/smb.conf.default /etc/samba &&
install -m644 ../docs/*.pdf /usr/share/samba &&
if [ -f nsswitch/pam_winbind.so ]; then 
    install -m755 nsswitch/pam_winbind.so /lib/security
fi
[Note]

Note

You may want to run configure with the --help parameter. There may be other parameters needed to take advantage of the optional dependencies.

Command explanations

install -d /var/cache/samba: This directory is needed for proper operation of the smbd and nmbd daemons.

--sysconfdir=/etc: Sets the configuration file directory to avoid the default of /usr/etc.

--localstatedir=/var: Sets the variable data directory to avoid the default of /usr/var.

--with-fhs: Assigns all other file paths in a manner compliant with the Filesystem Hierarchy Standard (FHS).

--with-smbmount: Orders the creation of an extra binary for use by the mount command so that mounting remote SMB (Windows) shares becomes no more complex than mounting remote NFS shares.

--with-pam: Use this parameter to link Linux-PAM into the build. This also builds the pam_winbind.so PAM module. You can find instructions on how to configure and use the module by running man winbindd.

mv /usr/lib/samba/libsmbclient.so ...; ln -sf ../libsmbclient.so ...: The libsmbclient.so library is needed by other packages. This command moves it to a location where other packages can find it.

install -m755 nsswitch/libnss_win{s,bind}.so /lib: The nss libraries are not installed by default. If you intend to use winbindd for domain auth, and/or WINS name resolution, you need these libraries.

ln -sf libnss_winbind.so /lib/libnss_winbind.so.2 and ln -sf libnss_wins.so /lib/libnss_wins.so.2: These symlinks are required by glibc to use the nss libraries.

cp ../examples/smb.conf.default /etc/samba: This copies a default smb.conf into /etc/samba. This sample configuration will not work unless edited for your site, and renamed smb.conf.

Configuring Samba

Config files

/etc/samba/smb.conf

Configuration overview and available documentation

Due to the complexity and the many various uses for Samba, complete configuration is well beyond the scope of the BLFS book. Advanced configurations including setting up Primary and Backup Domain Controllers are advanced topics and cannot be adequately covered in BLFS (it should be noted, however, that a Samba BDC cannot be used as a fallback for a Windows PDC, and conversely, a Windows BDC cannot be used as a fallback for a Samba PDC). Many complete books have been written on these topics alone.

There is quite a bit of documentation available which covers many of these advanced configurations. Point your web browser to the links below to view some of the documentation included with the Samba package:

Configuring SWAT

The built in SWAT (Samba Web Administration Tool) utility can be used for basic configuration of the Samba installation, but because it may be inconvenient, undesireable or perhaps even impossible to gain access to the console, BLFS recommends setting up access to SWAT using Stunnel.

First you must add entries to /etc/services and modify the inetd/xinetd configuration.

Add swat and swat_tunnel entries to /etc/services with the following commands issued as the root user:

echo "swat            901/tcp" >> /etc/services &&
echo "swat_tunnel     902/tcp" >> /etc/services

If inetd is used, the following command will add the swat_tunnel entry to /etc/inetd.conf (as user root):

echo "swat_tunnel stream tcp nowait.400 root /usr/sbin/swat swat" \
    >> /etc/inetd.conf

Issue a killall -HUP inetd to reread the changed inetd.conf file.

If xinetd is used, the following command issued as the root user will add the swat_tunnel entry to /etc/xinetd.conf (you may need to modify or remove the “only_from” line to include the desired host[s]):

cat >> /etc/xinetd.conf << "EOF"
service swat_tunnel
{
    port            = 902
    socket_type     = stream
    wait            = no
    only_from       = 127.0.0.1
    user            = root
    server          = /usr/sbin/swat
    log_on_failure  += USERID
}
EOF

Issue a killall -HUP xinetd to reread the changed xinetd.conf file.

Next, you must add an entry for the swat service to the /etc/stunnel/stunnel.conf file (as user root):

cat >> /etc/stunnel/stunnel.conf << "EOF"
[swat]
accept  = 901
connect = 902

EOF

Restart the stunnel daemon using the following command as the root user:

/etc/rc.d/init.d/stunnel restart

SWAT can be launched by pointing your web browser to https://[CA_DN_field]:901. Substitute the hostname listed in the DN field of the CA certificate used with Stunnel for [CA_DN_field].

[Note]

Note

If you linked Linux-PAM into the Samba build, you'll need to create an /etc/pam.d/samba file.

Printing to SMB clients

If you use CUPS for print services, and you wish to print to a printer attached to an SMB client, you need to create an SMB backend device. To create the device, issue the following command as the root user:

ln -sf /usr/bin/smbspool /usr/lib/cups/backend/smb

Installing bootscripts

For your convenience, boot scripts have been provided for Samba. There are two included in the blfs-bootscripts-6.0 package. The first, samba, will start the smbd and nmbd daemons needed to provide SMB/CIFS services. The second script, winbind, starts the winbindd daemon, used for providing Windows domain services to Linux clients.

Install the samba script with the following command issued as the root user:

make install-samba

If you also need the winbind script:

make install-winbind

Contents

Installed Programs: findsmb, mount.smbfs, net, nmbd, nmblookup, ntlm_auth, pdbedit, profiles, rpcclient, smbcacls, smbclient, smbcontrol, smbcquotas, smbd, smbmnt, smbmount, smbpasswd, smbspool, smbstatus, smbtar, smbtree, smbumount, swat, tdbbackup, tdbdump, tdbtool, testparm, testprns, wbinfo and winbindd
Installed Libraries: libnss_winbind.so, libnss_wins.so, libsmbclient.[so,a], the pam_winbind.so PAM library and assorted character set, filesystem and support modules.
Installed Directories: /etc/samba, /usr/lib/samba, /usr/share/samba, /var/cache/samba and /var/lib/samba

Short Descriptions

findsmb

lists information about machines that respond to SMB name queries on a subnet.

mount.smbfs

is a symlink to mountsmb which provides /bin/mount with a way to mount remote Windows (or Samba) fileshares.

net

is a tool for administration of Samba and remote CIFS servers, similar to the net utility for DOS/Windows.

nmbd

is the Samba NetBIOS name server.

nmblookup

is used to query NetBIOS names and map them to IP addresses.

ntlm_auth

is a tool to allow external access to Winbind's NTLM authentication function.

pdbedit

is a tool used to manage the SAM database.

profiles

is a utility that reports and changes SIDs in Windows registry files. It currently only supports Windows NT.

rpcclient

is used to execute MS-RPC client side functions.

smbcacls

is used to manipulate Windows NT access control lists.

smbclient

is a SMB/CIFS access utility, similar to FTP.

smbcontrol

is used to control running smbd, nmbd and winbindd daemons.

smbcquotas

is used to manipulate Windows NT quotas on SMB file shares.

smbd

is the main Samba daemon which provides SMB/CIFS services to clients.

smbmnt

is a helper application used by the smbmount program to do the actual mounting of SMB shares. It can be installed setuid root if you want normal users to be able to mount their SMB shares.

smbmount

is usually invoked as mount.smbfs by the mount command when using the -t smbfs option, mounts a Linux SMB filesystem.

smbpasswd

changes a user's Samba password.

smbspool

sends a print job to an SMB printer.

smbstatus

reports current Samba connections.

smbtar

is a shell script used for backing up SMB/CIFS shares directly to Linux tape drives or a file.

smbtree

is a text-based SMB network browser.

smbumount

is used by normal users to unmount SMB filesystems, provided that it is setuid root.

swat

is the Samba Web Administration Tool.

tdbbackup

is a tool for backing up or validating the integrity of Samba .tdb files.

tdbdump

is a tool used to print the contents of a Samba .tdb file.

tdbtool

is a tool which allows simple database manipulation from the command line.

testparm

checks an smb.conf file for proper syntax.

testprns

tests printer names.

wbinfo

queries a running winbindd daemon.

winbindd

resolves names from Windows NT servers.

Last updated on 2005-02-26 18:29:26 -0700