%general-entities; ]> $LastChangedBy$ $Date$ Samba The Samba package provides file and print services to SMB/CIFS clients and Windows networking to Linux clients. Samba can also be configured as a Windows Domain Controller replacement, a file/print server acting as a member of a Windows Active Directory domain and a NetBIOS (rfc1001/1002) nameserver (which among other things provides LAN browsing support). &lfs79_checked; &gcc6_checked; Package Information Download (HTTP): Download (FTP): Download MD5 sum: &samba-md5sum; Download size: &samba-size; Estimated disk space required: &samba-buildsize; Estimated build time: &samba-time; Samba Dependencies Required Recommended (for documentation) and Optional , , , , , , , , , , , (optionally used by the test suite), , ctdb, Gamin, Heimdal, libaio, libunwind, ldb, OpenAFS, tevent, and tdb User Notes: If you wish to run the test suite after the binaries are built, you must add the --enable-selftest parameter to the configure script below. You may want to run configure with the --help parameter first. There may be other parameters needed to take advantage of optional dependencies. Install Samba by running the following commands: ./configure \ --prefix=/usr \ --sysconfdir=/etc \ --localstatedir=/var \ --with-piddir=/run/samba \ --with-pammodulesdir=/lib/security \ --enable-fhs \ --without-ad-dc \ --without-systemd && make To test the results, as the root user, issue: make quicktest 2>&1 | tee quicktest.log. Summary of the test results and some other information may be obtained with grep -A5 testsuites quicktest.log. There are other targets (test, subunit-test) available, but take a very long time (over 100 SBU). Now, as the root user: make install && mv -v /usr/lib/libnss_win{s,bind}.so* /lib && ln -v -sf ../../lib/libnss_winbind.so.2 /usr/lib/libnss_winbind.so && ln -v -sf ../../lib/libnss_wins.so.2 /usr/lib/libnss_wins.so && install -v -m644 examples/smb.conf.default /etc/samba && mkdir -pv /etc/openldap/schema && install -v -m644 examples/LDAP/README \ /etc/openldap/schema/README.LDAP && install -v -m644 examples/LDAP/samba* \ /etc/openldap/schema && install -v -m755 examples/LDAP/{get*,ol*} \ /etc/openldap/schema --enable-fhs: Assigns all other file paths in a manner compliant with the Filesystem Hierarchy Standard (FHS). --without-systemd: Disable systemd integration, which is not part of LFS/BLFS. If you use systemd, replace by --with-systemd. --without-ad-dc: Disable Active Directory Domain Controller functionality. See Setup a Samba Active Directory Domain Controller for detailed information. --with-selftest-prefix=SELFTEST_PREFIX: This option specify the test suite work directory (default=./st). mv -v /usr/lib/libnss_win{s,bind}.so* /lib: The nss libraries are installed in /usr/lib by default. Move them to /lib. ln -v -sf ../../lib/libnss_winbind.so.2 /usr/lib/libnss_winbind.so and ln -v -sf ../../lib/libnss_wins.so.2 /usr/lib/libnss_wins.so: These symlinks are required when applicates build against these libraries. install -v -m644 examples/LDAP/* /etc/openldap/schema: These commands are used to copy sample Samba schemas to the OpenLDAP schema directory. install -v -m644 ../examples/smb.conf.default /etc/samba: This copies a default smb.conf file into /etc/samba. This sample configuration will not work until you copy it to /etc/samba/smb.conf and make the appropriate changes for your installation. See the configuration section for minimum values which must be set. /etc/samba/smb.conf /etc/samba/smb.conf If you use CUPS for print services, and you wish to print to a printer attached to an SMB client, you need to create an SMB backend device. To create the device, issue the following command as the root user: ln -v -sf /usr/bin/smbspool /usr/lib/cups/backend/smb Due to the complexity and the many various uses for Samba, complete configuration for all the package's capabilities is well beyond the scope of the BLFS book. This section provides instructions to configure the /etc/samba/smb.conf file for two common scenarios. The complete contents of /etc/samba/smb.conf will depend on the purpose of Samba installation. You may find it easier to copy the configuration parameters shown below into an empty /etc/samba/smb.conf file instead of copying and editing the default file as mentioned in the Command Explanations section. How you create/edit the /etc/samba/smb.conf file will be left up to you. Do ensure the file is only writeable by the root user (mode 644). Choose this variant if you only want to transfer files using smbclient, mount Windows shares and print to Windows printers, and don't want to share your files and printers to Windows machines. A /etc/samba/smb.conf file with the following three parameters is sufficient: [global] workgroup = MYGROUP dos charset = cp850 unix charset = ISO-8859-1 The values in this example specify that the computer belongs to a Windows workgroup named MYGROUP, uses the cp850 character set on the wire when talking to MS-DOS and MS Windows 9x, and that the filenames are stored in the ISO-8859-1 encoding on the disk. Adjust these values appropriately for your installation. The unix charset value must be the same as the output of locale charmap when executed with the LANG variable set to your preferred locale, otherwise the ls command may not display correct filenames of downloaded files. There is no need to run any Samba servers in this scenario, thus you don't need to install the provided bootscripts. Choose this variant if you want to share your files and printers to Windows machines in your workgroup in addition to the capabilities described in Scenario 1. In this case, the /etc/samba/smb.conf.default file may be a good template to start from. Also add dos charset and unix charset parameters to the [global] section as described in Scenario 1 in order to prevent filename corruption. For security reasons, you may wish to define path = /home/alice/shared-files, assuming your user name is alice and you only want to share the files in that directory, instead of your entire home. Then, replace homes by shared-files and change also the comment if used the configuration file below or the /etc/samba/smb.conf.default to create yours. The following configuration file creates a separate share for each user's home directory and also makes all printers available to Windows machines: [global] workgroup = MYGROUP dos charset = cp850 unix charset = ISO-8859-1 [homes] comment = Home Directories browseable = no writable = yes [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no printable = yes Other parameters you may wish to customize in the [global] section include: server string = security = hosts allow = load printers = log file = max log size = socket options = local master = Reference the comments in the /etc/samba/smb.conf.default file for information regarding these parameters. Since the smbd and nmbd daemons are needed in this case, install the samba bootscript. Be sure to run smbpasswd (with the -a option to add users) to enable and set passwords for all accounts that need Samba access. Using the default Samba passdb backend, any user you attempt to add will also be required to exist in the /etc/passwd file. More complex scenarios involving domain control or membership are possible. Such setups are advanced topics and cannot be adequately covered in BLFS. Many complete books have been written on these topics alone. Note that in some domain membership scenarios, the winbindd daemon and the corresponding bootscript are needed. There is quite a bit of documentation available which covers many of these advanced configurations. Point your web browser to the links below to view some of the documentation included with the Samba package: Using Samba, 2nd Edition; a popular book published by O'Reilly The Official Samba HOWTO and Reference Guide Samba-3 by Example For your convenience, boot scripts have been provided for Samba. There are two included in the package. The first, samba, will start the smbd and nmbd daemons needed to provide SMB/CIFS services. The second script, winbind, starts the winbindd daemon, used for providing Windows domain services to Linux clients. samba winbind The default Samba installation uses the nobody user for guest access to the server. This can be overridden by setting the guest account = parameter in the /etc/samba/smb.conf file. If you utilize the guest account = parameter, ensure this user exists in the /etc/passwd file. To use the default user, issue the following commands as the root user: groupadd -g 99 nogroup && useradd -c "Unprivileged Nobody" -d /dev/null -g nogroup \ -s /bin/false -u 99 nobody Install the samba script with the following command issued as the root user: make install-samba If you also need the winbindd script to resolve names from Windows clients, run: make install-winbindd Installed Programs Installed Libraries Installed Directories cifsdd, dbwrap_tool, eventlogadm, gentest, ldbadd, ldbdel, ldbedit, ldbmodify, ldbrename, ldbsearch, locktest, masktest, ndrdump, net, nmbd, nmblookup, ntlm_auth, oLschema2ldif, pdbedit, pidl, profiles, regdiff, regpatch, regshell, regtree, rpcclient, samba, samba_dnsupdate, samba_kcc, samba-regedit, samba_spnupdate, samba-tool, samba_upgradedns, sharesec, smbcacls, smbclient, smbcontrol, smbcquotas, smbd, smbget, smbpasswd, smbspool, smbstatus, smbtar, smbta-util, smbtorture, smbtree, tdbbackup, tdbdump, tdbrestore, tdbtool, testparm, wbinfo, and winbindd libdcerpc-atsvc.so, libdcerpc-binding.so, libdcerpc-samr.so, libdcerpc-server.so, libdcerpc.so, libgensec.so, libndr-krb5pac.so, libndr-nbt.so, libndr.so, libndr-standard.so, libnetapi.so, libnss_winbind.so, libnss_wins.so, libregistry.so, libsamba-credentials.so, libsamba-hostconfig.so, libsamba-passdb.so, libsamba-policy.so, libsamba-util.so, libsamdb.so, libsmbclient-raw.so, libsmbclient.so, libsmbconf.so, libsmbldap.so, libtevent-util.so, libtorture.so, libwbclient.so, and winbind_krb5_locator.so; the pam_winbind.so and pam_smbpass.so PAM libraries; and assorted character set, filesystem and support modules under /usr/lib/{python&python2-majorver;,samba} /etc/samba, /run/samba, /usr/include/samba-4.0, /usr/lib/perl5/vendor_perl/5.x.y/Parse/Pidl/{Samba{3,4},Wireshark}, /usr/lib/python&python2-majorver;/site-packages/samba, /usr/{lib,share}/samba, and /var/{cache,lib,lock,log,run}/samba Short Descriptions cifsdd is the dd command for SMB. cifsdd dbwrap_tool is used to read and manipulate TDB/CTDB databases using the dbwrap interface. dbwrap_tool eventlogadm is used to write records to eventlogs from STDIN, add the specified source and DLL eventlog registry entries and display the active eventlog names (from smb.conf). eventlogadm gentest is used to run random generic SMB operations against two SMB servers and show the differences in behavior. gentest ldbadd is a command-line utility for adding records to an LDB database. ldbadd ldbdel is a command-line program for deleting LDB database records. ldbdel ldbedit allows you to edit LDB databases using your preferred editor. ldbedit ldbmodify allows you to modify records in an LDB database. ldbmodify ldbrename allows you to edit LDB databases using your preferred editor. ldbrename ldbsearch searches an LDB database for records matching a specified expression. ldbsearch locktest is used to find differences in locking between two SMB servers. locktest masktest is used to find differences in wildcard matching between Samba's implementation and that of a remote server. masktest ndrdump is a DCE/RPC Packet Parser and Dumper. ndrdump net is a tool for administration of Samba and remote CIFS servers, similar to the net utility for DOS/Windows. net nmbd is the Samba NetBIOS name server. nmbd nmblookup is used to query NetBIOS names and map them to IP addresses. nmblookup ntlm_auth is a tool to allow external access to Winbind's NTLM authentication function. ntlm_auth oLschema2ldif converts LDAP schema's to LDB-compatible LDIF. oLschema2ldif pdbedit is a tool used to manage the SAM database. pdbedit pidl is an IDL (Interface Definition Language) compiler written in Perl. pidl profiles is a utility that reports and changes SIDs in Windows registry files. It currently only supports Windows NT. profiles regdiff is a Diff program for Windows registry files. regdiff regpatch applies registry patches to registry files. regpatch regshell is a Windows registry file browser using readline. regshell regtree is a text-mode registry viewer. regtree rpcclient is used to execute MS-RPC client side functions. rpcclient samba is a server to provide AD and SMB/CIFS services to clients. samba samba_dnsupdate is used to update our DNS names using TSIG-GSS. samba_dnsupdate samba_kcc is a script used to compute your KCC (Knowledge Consistency Checker) topology. samba_kcc samba-regedit is a ncurses based tool to manage the Samba registry. samba-regedit samba_spnupdate is a script to update the servicePrincipalName names from spn_update_list. samba_spnupdate samba-tool is the main Samba administration tool. samba-tool samba_upgradedns is a Unix SMB/CIFS implementation. samba_upgradedns sharesec manipulates share ACL permissions on SMB file shares. sharesec smbcacls is used to manipulate Windows NT access control lists. smbcacls smbclient is a SMB/CIFS access utility, similar to FTP. smbclient smbcontrol is used to control running smbd, nmbd and winbindd daemons. smbcontrol smbcquotas is used to manipulate Windows NT quotas on SMB file shares. smbcquotas smbd is the main Samba daemon which provides SMB/CIFS services to clients. smbd smbget is a simple utility with wget-like semantics, that can download files from SMB servers. You can specify the files you would like to download on the command-line. smbget smbpasswd changes a user's Samba password. smbpasswd smbspool sends a print job to an SMB printer. smbspool smbstatus reports current Samba connections. smbstatus smbtar is a shell script used for backing up SMB/CIFS shares directly to Linux tape drives or a file. smbtar smbta-util is a tool to ease the configuration of the vfs_smb_traffic_analyzer module regarding data encryption. smbta-util smbtorture is a testsuite that runs several tests against a SMB server. smbtorture smbtree is a text-based SMB network browser. smbtree tdbbackup is a tool for backing up or validating the integrity of Samba .tdb files. tdbbackup tdbdump is a tool used to print the contents of a Samba .tdb file. tdbdump tdbrestore is a tool for creating a Samba .tdb file out of a ntdbdump. tdbrestore tdbtool is a tool which allows simple database manipulation from the command line. tdbtool testparm checks an smb.conf file for proper syntax. testparm wbinfo queries a running winbindd daemon. wbinfo winbindd resolves names from Windows NT servers. winbindd libnss_winbind.so provides Name Service Switch API functions for resolving names from NT servers. libnss_winbind.so libnss_wins.so provides API functions for Samba's implementation of the Windows Internet Naming Service. libnss_wins.so libnetapi.so provides the API functions for the administration tools used for Samba and remote CIFS servers. libnetapi.so libsmbclient.so provides the API functions for the Samba SMB client tools. libsmbclient.so libwbclient.so provides API functions for Windows domain client services. libwbclient.so