Context Navigation

samba3.xml@ 14ee86d

Visit:

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal

Last change on this file since 14ee86d was 14ee86d, checked in by Bruce Dubbs <bdubbs@…>, 12 years ago

Update to samba-3.6.8

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@10769 af4574ff-66df-0310-9fd7-8a98e5e911e0

Property mode set to 100644

File size: 41.9 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY samba3-download-http "http://ftp.samba.org/pub/samba/stable/samba-&samba3-version;.tar.gz">
8	<!ENTITY samba3-download-ftp "ftp://ftp.samba.org/pub/samba/stable/samba-&samba3-version;.tar.gz">
9	<!ENTITY samba3-md5sum "fbb245863eeef2fffe172df779a217be">
10	<!ENTITY samba3-size "32.5 MB">
11	<!ENTITY samba3-buildsize "472 MB">
12	<!ENTITY samba3-time "2.4 SBU">
13	]>
14
15	<sect1 id="samba3" xreflabel="Samba-&samba3-version;">
16	<?dbhtml filename="samba3.html"?>
17
18	<sect1info>
19	<othername>$LastChangedBy$</othername>
20	<date>$Date$</date>
21	</sect1info>
22
23	<title>Samba-&samba3-version;</title>
24
25	<indexterm zone="samba3">
26	<primary sortas="a-Samba">Samba</primary>
27	</indexterm>
28
29	<sect2 role="package">
30	<title>Introduction to Samba</title>
31
32	<para>The <application>Samba</application> package provides file and print
33	services to SMB/CIFS clients and Windows networking to Linux clients.
34	<application>Samba</application> can also be configured as a Windows NT
35	4.0 Domain Controller replacement (with caveats working with NT PDC's and
36	BDC's), a file/print server acting as a member of a Windows NT 4.0 or
37	Active Directory domain and a NetBIOS (rfc1001/1002) nameserver (which
38	amongst other things provides LAN browsing support).</para>
39
40	&lfs72_checked;
41
42	<bridgehead renderas="sect3">Package Information</bridgehead>
43	<itemizedlist spacing="compact">
44	<listitem>
45	<para>Download (HTTP): <ulink url="&samba3-download-http;"/></para>
46	</listitem>
47	<listitem>
48	<para>Download (FTP): <ulink url="&samba3-download-ftp;"/></para>
49	</listitem>
50	<listitem>
51	<para>Download MD5 sum: &samba3-md5sum;</para>
52	</listitem>
53	<listitem>
54	<para>Download size: &samba3-size;</para>
55	</listitem>
56	<listitem>
57	<para>Estimated disk space required: &samba3-buildsize;</para>
58	</listitem>
59	<listitem>
60	<para>Estimated build time: &samba3-time;</para>
61	</listitem>
62	</itemizedlist>
63
64	<!--<bridgehead renderas="sect3">Additional Downloads</bridgehead>
65	<itemizedlist spacing="compact">
66	<listitem>
67	<para>Required patch: <ulink
68	url="http://us3.samba.org/samba/patches/patches-&samba3-version;/spoolss.diff"/></para>
69	</listitem>
70	</itemizedlist> -->
71
72	<bridgehead renderas="sect3">Samba Dependencies</bridgehead>
73
74	<bridgehead renderas="sect4">Required</bridgehead>
75	<para role="required"><xref linkend="libtirpc"/></para>
76
77	<bridgehead renderas="sect4">Optional</bridgehead>
78	<para role="optional"><xref linkend="popt"/>,
79	<xref linkend="linux-pam"/>,
80	<xref linkend="cups"/>,
81	<xref linkend="openldap"/>,
82	<xref linkend="gamin"/>,
83	<xref linkend="acl"/>,
84	<xref linkend="xfs"/>,
85	<xref linkend="mitkrb"/>,
86	<xref linkend="python2"/> (used only in parts of the test suite),
87	<ulink url="http://tdb.samba.org/">tdb</ulink> (version 1.2.1),
88	<xref linkend="libcap2"/>,
89	<ulink url="http://www.nongnu.org/libunwind/">libunwind</ulink>,
90	<!-- <ulink url="http://people.redhat.com/dhowells/keyutils/">keyutils</ulink>
91	(required to build the <command>cifs.upcall</command> program), -->
92	<xref linkend="avahi"/>,
93	<ulink url="http://www.openafs.org/">OpenAFS</ulink>,
94	and <ulink url="http://valgrind.org/">Valgrind</ulink> (optionally
95	used by the test suite)</para>
96
97	<para>You will need to install one of the kerberos packages if you plan
98	on using your system to join a Windows NT domain.</para>
99
100	<bridgehead renderas="sect4">Optional for Samba4 Support</bridgehead>
101	<para role="optional"><xref linkend="gnutls"/> (recommended),
102	<xref linkend="python2"/>, and
103	<xref linkend="sqlite"/></para>
104
105	<para condition="html" role="usernotes">User Notes:
106	<ulink url="&blfs-wiki;/samba3"/></para>
107
108	</sect2>
109
110	<sect2 role="installation">
111	<title>Installation of Samba</title>
112
113	<note>
114	<para>If you wish to run the test suite after the binaries are built,
115	you must add the <option>--enable-socket-wrapper</option> parameter to
116	the <command>configure</command> script below. You may want to run
117	<command>configure</command> with the <option>--help</option> parameter
118	first. There may be other parameters needed to take advantage of
119	optional dependencies.</para>
120	</note>
121
122	<para>Install <application>Samba</application> by running the following
123	commands:</para>
124
125	<screen><userinput>cd source3 &&
126
127	./configure \
128	--prefix=/usr \
129	--sysconfdir=/etc \
130	--localstatedir=/var \
131	--with-piddir=/run \
132	--with-pammodulesdir=/lib/security \
133	--with-fhs \
134	--enable-nss-wrapper \
135	--enable-socket-wrapper &&
136	sed -i "s/-ldl/& -ltirpc -lpthread/" Makefile &&
137	make</userinput></screen>
138
139	<!--
140	<para>To test the results, issue: <command>make test</command>. If you have
141	<application>Linux-PAM</application> installed and built the PAM library
142	modules, you can perform a dlopen test by issuing:
143	<command>make test_pam_modules</command>.</para>
144	-->
145	<para>This program dose not come with a functional test suite.</para>
146
147	<para>Now, as the <systemitem class="username">root</systemitem> user:</para>
148
149	<screen role="root"><userinput>make install &&
150
151	install -v -m755 ../nsswitch/libnss_win{s,bind}.so /lib &&
152	ln -v -sf libnss_winbind.so /lib/libnss_winbind.so.2 &&
153	ln -v -sf libnss_wins.so /lib/libnss_wins.so.2 &&
154
155	install -v -m644 ../examples/smb.conf.default /etc/samba &&
156
157	if [ -d /etc/openldap/schema ]; then
158	install -v -m644 ../examples/LDAP/README \
159	/etc/openldap/schema/README.LDAP &&
160	install -v -m644 ../examples/LDAP/samba* \
161	/etc/openldap/schema &&
162	install -v -m755 ../examples/LDAP/{convert,get,ol*} \
163	/etc/openldap/schema &&
164	fi &&
165
166	install -v -m755 -d /usr/share/doc/samba-&samba3-version; &&
167	install -v -m644 ../docs/*.pdf \
168	/usr/share/doc/samba-&samba3-version; &&
169	ln -v -s ../../samba/swat /usr/share/doc/samba-&samba3-version;</userinput></screen>
170
171	</sect2>
172
173	<sect2 role="commands">
174	<title>Command Explanations</title>
175
176	<para><option>--enable-merged-build</option>: Use this parameter to build
177	the (alpha) Samba4 components (GnuTLS is recommended).</para>
178
179	<para><parameter>--sysconfdir=/etc</parameter>: Sets the configuration
180	file directory to avoid the default of
181	<filename class="directory">/usr/etc</filename>.</para>
182
183	<para><parameter>--localstatedir=/var</parameter>: Sets the variable
184	data directory to avoid the default of
185	<filename class="directory">/usr/var</filename>.</para>
186
187	<para><parameter>--with-fhs</parameter>: Assigns all other file paths in
188	a manner compliant with the Filesystem Hierarchy Standard (FHS).</para>
189
190	<para><parameter>--enable-nss-wrapper</parameter>: Builds the nss-wrapper
191	library.</para>
192
193	<para><parameter>--enable-socket-wrapper</parameter>: This options is
194	required to run the test suite.</para>
195
196	<para><command>sed -i "s/-ldl/& -ltirpc -lpthread/" Makefile</command>:
197	This command enables the build to complete when using libtirpc instead of
198	the deprecated GLibC rpc functions.</para>
199
200	<para><command>install -v -m755 nsswitch/libnss_win{s,bind}.so /lib</command>:
201	The nss libraries are not installed by default. If you intend to use
202	winbindd for Windows NT domain authentication, and/or WINS name resolution,
203	you need these libraries.</para>
204
205	<para><command>ln -v -sf libnss_winbind.so /lib/libnss_winbind.so.2</command>
206	and <command>ln -v -sf libnss_wins.so /lib/libnss_wins.so.2</command>:
207	These symlinks are required by <application>Glibc</application> to use the
208	NSS libraries.</para>
209
210	<para><command>if [ -d /etc/openldap/schema ]; then ...; fi</command>:
211	These commands are used to see if you have an OpenLDAP installation, and if
212	so, they copy sample Samba schemas to the OpenLDAP
213	<filename class='directory'>schema</filename> directory.</para>
214
215	<para><command>install -v -m644 ../examples/smb.conf.default
216	/etc/samba</command>: This copies a default <filename>smb.conf</filename>
217	file into <filename>/etc/samba</filename>. This sample configuration will
218	not work until you copy it to <filename>/etc/samba/smb.conf</filename> and
219	make the appropriate changes for your installation. See the configuration
220	section for minimum values which must be set.</para>
221
222	</sect2>
223
224	<sect2 role="configuration">
225	<title>Configuring Samba</title>
226
227	<sect3 id="samba3-config">
228	<title>Config Files</title>
229
230	<para>/etc/samba/smb.conf</para>
231
232	<indexterm zone="samba3 samba3-config">
233	<primary sortas="e-etc-samba-smb.conf">/etc/samba/smb.conf</primary>
234	</indexterm>
235
236	</sect3>
237	<!-- mount.cifs is now in the separate cifs-utils package
238	<sect3>
239	<title>Mounting Shares by Unprivileged Users</title>
240
241	<para>If it is desired for unprivileged users to directly mount (and
242	unmount) CIFS shares, the <command>mount.cifs</command> and
243	<command>umount.cifs</command> commands must be setuid
244	<systemitem class='username'>root</systemitem>. Note that users can
245	only mount CIFS shares on a mount point owned by that user (requires
246	write access also). If desired, change these programs to setuid
247	<systemitem class='username'>root</systemitem> by issuing the following
248	command as the <systemitem class='username'>root</systemitem>
249	user:</para>
250
251	<screen role="root"><userinput>chmod -v 4755 /usr/sbin/{,u}mount.cifs</userinput></screen>
252
253	</sect3>
254	-->
255	<sect3>
256	<title>Printing to SMB Clients</title>
257
258	<para>If you use <application>CUPS</application> for print services,
259	and you wish to print to a printer attached to an SMB client, you
260	need to create an SMB backend device. To create the device, issue the
261	following command as the <systemitem class="username">root</systemitem>
262	user:</para>
263
264	<screen role="root"><userinput>ln -v -sf /usr/bin/smbspool /usr/lib/cups/backend/smb</userinput></screen>
265
266	</sect3>
267
268	<sect3>
269	<title>Configuration Information</title>
270
271	<para>Due to the complexity and the many various uses for
272	<application>Samba</application>, complete configuration for all the
273	package's capabilities is well beyond the scope of the BLFS book. This
274	section provides instructions to configure the
275	<filename>/etc/samba/smb.conf</filename> file for two common scenarios.
276	The complete contents of <filename>/etc/samba/smb.conf</filename> will
277	depend on the purpose of <application>Samba</application>
278	installation.</para>
279
280	<note>
281	<para>You may find it easier to copy the configuration parameters shown
282	below into an empty <filename>/etc/samba/smb.conf</filename> file
283	instead of copying and editing the default file as mentioned in the
284	<quote>Command Explanations</quote> section. How you create/edit the
285	<filename>/etc/samba/smb.conf</filename> file will be left up to
286	you. Do ensure the file is only writeable by the
287	<systemitem class="username">root</systemitem> user (mode 644).</para>
288	</note>
289
290	<sect4>
291	<title>Scenario 1: Minimal Standalone Client-Only Installation</title>
292
293	<para>Choose this variant if you only want to transfer files using
294	<command>smbclient</command>, mount Windows shares and print to Windows
295	printers, and don't want to share your files and printers to Windows
296	machines.</para>
297
298	<para>A <filename>/etc/samba/smb.conf</filename> file with the following
299	three parameters is sufficient:</para>
300
301	<screen role='root'><literal>[global]
302	workgroup = <replaceable>MYGROUP</replaceable>
303	dos charset = <replaceable>cp850</replaceable>
304	unix charset = <replaceable>ISO-8859-1</replaceable></literal></screen>
305
306	<para>The values in this example specify that the computer belongs to a
307	Windows workgroup named
308	<quote><replaceable>MYGROUP</replaceable></quote>, uses the
309	<quote><replaceable>cp850</replaceable></quote> character set on the
310	wire when talking to MS-DOS and MS Windows 9x, and that the filenames
311	are stored in the <quote><replaceable>ISO-8859-1</replaceable></quote>
312	encoding on the disk. Adjust these values appropriately for your
313	installation. The <quote>unix charset</quote> value must be the same as
314	the output of <command>locale charmap</command> when executed with the
315	<envar>LANG</envar> variable set to your preferred locale, otherwise the
316	<command>ls</command> command may not display correct filenames of
317	downloaded files.</para>
318
319	<para>There is no need to run any <application>Samba</application>
320	servers in this scenario, thus you don't need to install the provided
321	bootscripts.</para>
322
323	</sect4>
324
325	<sect4>
326	<title>Scenario 2: Standalone File/Print Server</title>
327
328	<para>Choose this variant if you want to share your files and printers
329	to Windows machines in your workgroup in addition to the capabilities
330	described in Scenario 1.</para>
331
332	<para>In this case, the <filename>/etc/samba/smb.conf.default</filename>
333	file may be a good template to start from. Also add
334	<quote>dos charset</quote> and <quote>unix charset</quote> parameters
335	to the <quote>[global]</quote> section as described in Scenario 1 in
336	order to prevent filename corruption.</para>
337
338	<para>The following configuration file creates a separate share for each
339	user's home directory and also makes all printers available to Windows
340	machines:</para>
341
342	<screen role='root'><literal>[global]
343	workgroup = <replaceable>MYGROUP</replaceable>
344	dos charset = <replaceable>cp850</replaceable>
345	unix charset = <replaceable>ISO-8859-1</replaceable>
346
347	[homes]
348	comment = Home Directories
349	browseable = no
350	writable = yes
351
352	[printers]
353	comment = All Printers
354	path = /var/spool/samba
355	browseable = no
356	guest ok = no
357	printable = yes</literal></screen>
358
359	<para>Other parameters you may wish to customize in the
360	<quote>[global]</quote> section include:</para>
361
362	<screen role='root'><literal> server string =
363	security =
364	hosts allow =
365	load printers =
366	log file =
367	max log size =
368	socket options =
369	local master =</literal></screen>
370
371	<para>Reference the comments in the
372	<filename>/etc/samba/smb.conf.default</filename> file for information
373	regarding these parameters.</para>
374
375	<para>Since the <command>smbd</command> and <command>nmbd</command>
376	daemons are needed in this case, install the <filename>samba</filename>
377	bootscript. Be sure to run <command>smbpasswd</command> (with the
378	<option>-a</option> option to add users) to enable and
379	set passwords for all accounts that need
380	<application>Samba</application> access, or use the SWAT web interface
381	(see below) to do the same. Using the default
382	<application>Samba</application> passdb backend, any user you attempt
383	to add will also be required to exist in the
384	<filename>/etc/passwd</filename> file.</para>
385
386	</sect4>
387
388	<sect4>
389	<title>Advanced Requirements</title>
390
391	<para>More complex scenarios involving domain control or membership are
392	possible if the right flags are passed to the ./configure script when
393	the package is built. Such setups are advanced topics and cannot be
394	adequately covered in BLFS. Many complete books have been written on
395	these topics alone. It should be noted, however, that a
396	<application>Samba</application> BDC cannot be used as a fallback
397	for a Windows PDC, and conversely, a Windows BDC cannot be used as a
398	fallback for a <application>Samba</application> PDC. Also in some
399	domain membership scenarios, the <command>winbindd</command> daemon and
400	the corresponding bootscript are needed.</para>
401
402	<para>There is quite a bit of documentation available which covers many
403	of these advanced configurations. Point your web browser to the links
404	below to view some of the documentation included with the
405	<application>Samba</application> package:</para>
406
407	<itemizedlist spacing='compact'>
408	<listitem>
409	<para>Using Samba, 2nd Edition; a popular book published by O'Reilly
410	<ulink url="file:///usr/share/samba/swat/using_samba/toc.html"/></para>
411	</listitem>
412	<listitem>
413	<para>The Official Samba HOWTO and Reference Guide <ulink
414	url="file:///usr/share/samba/swat/help/Samba-HOWTO-Collection/index.html"/>
415	</para>
416	</listitem>
417	<listitem>
418	<para>Samba-3 by Example
419	<ulink url="file:///usr/share/samba/swat/help/Samba-Guide/index.html"/>
420	</para>
421	</listitem>
422	<listitem>
423	<para>The Samba-3 man Pages
424	<ulink url="file:///usr/share/samba/swat/help/samba.7.html"/></para>
425	</listitem>
426	</itemizedlist>
427
428	</sect4>
429
430	<sect4 id="samba3-init">
431	<title>Boot Script</title>
432
433	<para>For your convenience, boot scripts have been provided for
434	<application>Samba</application>. There are two included in the
435	<xref linkend="bootscripts"/> package. The first,
436	<filename>samba</filename>, will start the <command>smbd</command>
437	and <command>nmbd</command> daemons needed to provide SMB/CIFS
438	services. The second script, <filename>winbind</filename>, starts
439	the <command>winbindd</command> daemon, used for providing Windows
440	domain services to Linux clients.</para>
441
442	<indexterm zone="samba3 samba3-init">
443	<primary sortas="f-samba">samba</primary>
444	</indexterm>
445
446	<indexterm zone="samba3 samba3-init">
447	<primary sortas="f-winbind">winbind</primary>
448	</indexterm>
449
450	<para>The default <application>Samba</application> installation uses the
451	<systemitem class='username'>nobody</systemitem> user for guest access
452	to the server. This can be overridden by setting the
453	<option>guest account =</option> parameter in the
454	<filename>/etc/samba/smb.conf</filename> file. If you utilize the
455	<option>guest account =</option> parameter, ensure this user exists in
456	the <filename>/etc/passwd</filename> file. To use the default user,
457	issue the following commands as the
458	<systemitem class='username'>root</systemitem> user:</para>
459
460	<screen><userinput>groupadd -g 99 nogroup &&
461	useradd -c "Unprivileged Nobody" -d /dev/null -g nogroup \
462	-s /bin/false -u 99 nobody</userinput></screen>
463
464	<para>Install the <filename>samba</filename> script with the following
465	command issued as the <systemitem class="username">root</systemitem>
466	user:</para>
467
468	<screen role="root"><userinput>make install-samba</userinput></screen>
469
470	<para>If you also need the <filename>winbindd</filename>
471	script to resolve names from Windows clients, run:</para>
472
473	<screen role="root"><userinput>make install-winbindd</userinput></screen>
474
475	</sect4>
476
477	</sect3>
478
479	<sect3 id="samba3-swat-config">
480	<title>Configuring SWAT</title>
481
482	<para>The SWAT (<application>Samba</application> Web Administration Tool)
483	utility can be used for configuration of the
484	<application>Samba</application> installation.</para>
485
486	<indexterm zone="samba3 samba3-swat-config">
487	<primary sortas="g-configuring-SWAT">Configuring SWAT</primary>
488	</indexterm>
489	<!--
490	<sect4>
491	<title>Setting up SWAT using inetd</title>
492
493	<indexterm zone="samba3 samba3-swat-config">
494	<primary sortas="e-etc-inetd.conf">/etc/inetd.conf</primary>
495	</indexterm>
496
497	<indexterm zone="samba3 samba3-swat-config">
498	<primary sortas="e-etc-services">/etc/services</primary>
499	</indexterm>
500
501	<warning>
502	<para>BLFS does not recommend using these procedures because of the
503	security risk involved. However, in a home network environment and
504	disclosure of the <systemitem class='username'>root</systemitem>
505	password is an acceptable risk, the following
506	instructions are provided for your convenience.</para>
507	</warning>
508
509	<para>First you must add an entry to <filename>/etc/services</filename>
510	and modify the <command>inetd</command> configuration. Add this entry
511	with the following command issued as the <systemitem
512	class="username">root</systemitem> user:</para>
513
514	<screen role="root"><userinput>echo "swat 905/tcp" >> /etc/services</userinput></screen>
515
516	<para>Now add this entry to the <filename>/etc/inetd.conf</filename>
517	file, again as the <systemitem class="username">root</systemitem>
518	user:</para>
519
520	<screen role="root"><userinput>echo "swat stream tcp nowait.5 root /usr/sbin/swat swat >> /etc/inetd.conf</userinput></screen>
521
522	<para>Issue a <command>killall -HUP inetd</command> to reread the
523	changed <filename>inetd.conf</filename> file.</para>
524
525	<para>SWAT can be launched by pointing your web browser to
526	http://localhost:905.</para>
527
528	</sect4>
529	-->
530	<sect4>
531	<title>Setting up SWAT using xinetd</title>
532
533	<indexterm zone="samba3 samba3-swat-config">
534	<primary sortas="e-etc-xinetd.conf">/etc/xinetd.conf</primary>
535	</indexterm>
536
537	<para>If not already done, add an entry to <filename>/etc/services</filename> file
538	as the <systemitem class="username">root</systemitem> user:</para>
539
540	<screen role="root"><userinput>echo "swat 905/tcp" >> /etc/services</userinput></screen>
541
542	<para>Create the <application>Samba</application> <xref
543	linkend='xinetd'/> file as <filename>/etc/xinetd.d/swat</filename>.</para>
544
545	<warning>
546	<para>You may modify or remove the <quote>only_from</quote> line
547	below to include other host(s). BLFS does not recommend doing this
548	because of the security risk involved. However, in a home network
549	environment, disclosure of the <systemitem
550	class='username'>root</systemitem> password may be an acceptable
551	risk.</para>
552	</warning>
553
554	<screen role="root"><userinput>cat >> /etc/xinetd.d/swat << "EOF"
555	<literal># Begin /etc/xinetd.d/swat
556
557	service swat
558	{
559	port = 905
560	socket_type = stream
561	wait = no
562	instances = 5
563	only_from = 127.0.0.1
564	user = root
565	server = /usr/sbin/swat
566	log_on_failure += USERID
567	}
568
569	# End /etc/xinetd.d/swat</literal>
570	EOF</userinput></screen>
571
572	<para>Issue a <command>killall -HUP xinetd</command> to read the new
573	<filename>/etc/xinetd.d/swat</filename> file.</para>
574
575	<note>
576	<para>If you linked <application>Linux-PAM</application> into the
577	<application>Samba</application> build, you'll need to create an
578	<filename>/etc/pam.d/samba</filename> file.</para>
579	</note>
580
581	<para>SWAT can now be launched by pointing your web browser to
582	http://localhost:905.</para>
583
584	</sect4>
585
586	<sect4>
587	<title>Setting up SWAT using stunnel</title>
588
589	<para>A better way to set up SWAT for network access is through
590	<xref linkend='stunnel'/>. For convenience, a boot scripts has
591	been provided for SWAT via stunnel. First, create the stunnel
592	configuration file:</para>
593
594	<indexterm zone="samba3 samba3-swat-config">
595	<primary sortas="e-etc-stunnel-swat.conf">/etc/stunnel/swat.conf</primary>
596	</indexterm>
597
598	<screen role="root"><userinput>cat >> /etc/stunnel/swat.conf << "EOF"
599	<literal>; File: /etc/stunnel/swat.conf
600
601	pid = /run/stunnel-swat.pid
602	setuid = root
603	setgid = root
604	cert = /etc/stunnel/stunnel.pem
605
606	[swat]
607	accept = swat
608	exec = /usr/sbin/swat
609	</literal>
610	EOF</userinput></screen>
611
612	<para>Next, install the swat bootscript:</para>
613
614	<screen role="root"><userinput>make install-swat</userinput></screen>
615
616	<para>After starting the SWAT boot script the tool can be accessed by
617	pointing your web browser to https://localhost:905. Note:
618	<emphasis>https</emphasis>. If access to the tool needs to be
619	further restricted, then <xref linkend='iptables'/> can be
620	used.</para>
621
622	</sect4>
623
624	</sect3>
625
626	<sect3>
627	<title/>
628
629
630	<indexterm zone="samba3 samba3-swat-config">
631	<primary sortas="e-etc-pam.d-samba">/etc/pam.d/samba</primary>
632	</indexterm>
633
634	</sect3>
635
636
637	</sect2>
638
639	<sect2 role="content">
640	<title>Contents</title>
641
642	<segmentedlist>
643	<segtitle>Installed Programs</segtitle>
644	<segtitle>Installed Libraries</segtitle>
645	<segtitle>Installed Directories</segtitle>
646
647	<seglistitem>
648	<seg>cifs.upcall, eventlogadm, findsmb, ldbadd, ldbdel, ldbedit,
649	ldbmodify, ldbrename, ldbsearch, net, nmbd,
650	nmblookup, ntlm_auth, pdbedit, profiles, rpcclient, sharesec, smbcacls,
651	smbclient, smbcontrol, smbcquotas, smbd, smbget, smbpasswd, smbspool,
652	smbstatus, smbtar, smbtree, swat, testparm, wbinfo,
653	winbindd, and (if not using system TDB) tdbbackup, tdbdump, and
654	tdbtool</seg>
655	<seg>libnss_winbind.so, libnss_wins.so, libnetapi.so, libsmbclient.so,
656	libsmbsharemodes.so, libtalloc.so, libwbclient.so, the pam_winbind.so
657	and pam_smbpass.so PAM libraries, and assorted character set,
658	filesystem and support modules.</seg>
659	<seg>/etc/samba, /usr/lib/samba, /usr/share/doc/samba-&samba3-version;,
660	/usr/share/samba, /var/lib/samba and (if configured) /var/log/samba</seg>
661	</seglistitem>
662	</segmentedlist>
663
664	<variablelist>
665	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
666	<?dbfo list-presentation="list"?>
667	<?dbhtml list-presentation="table"?>
668
669	<varlistentry id="cifs.upcall">
670	<term><command>cifs.upcall</command></term>
671	<listitem>
672	<para>is a userspace upcall helper for Common Internet File Systems
673	(CIFS)</para>
674	<indexterm zone="samba3 cifs.upcall">
675	<primary sortas="b-cifs.upcall">cifs.upcall</primary>
676	</indexterm>
677	</listitem>
678	</varlistentry>
679
680	<varlistentry id="eventlogadm">
681	<term><command>eventlogadm</command></term>
682	<listitem>
683	<para>is used to write records to eventlogs from STDIN, add the
684	specified source and DLL eventlog registry entries and display the
685	active eventlog names (from <filename>smb.conf</filename>).</para>
686	<indexterm zone="samba3 eventlogadm">
687	<primary sortas="b-eventlogadm">eventlogadm</primary>
688	</indexterm>
689	</listitem>
690	</varlistentry>
691
692	<varlistentry id="findsmb">
693	<term><command>findsmb</command></term>
694	<listitem>
695	<para>lists information about machines that respond to
696	SMB name queries on a subnet.</para>
697	<indexterm zone="samba3 findsmb">
698	<primary sortas="b-findsmb">findsmb</primary>
699	</indexterm>
700	</listitem>
701	</varlistentry>
702
703	<varlistentry id="ldbadd">
704	<term><command>ldbadd</command></term>
705	<listitem>
706	<para>is a command-line utility for adding records to an LDB
707	database.</para>
708	<indexterm zone="samba3 ldbadd">
709	<primary sortas="b-ldbadd">ldbadd</primary>
710	</indexterm>
711	</listitem>
712	</varlistentry>
713
714	<varlistentry id="ldbdel">
715	<term><command>ldbdel</command></term>
716	<listitem>
717	<para>is a command-line program for deleting LDB database
718	records.</para>
719	<indexterm zone="samba3 ldbdel">
720	<primary sortas="b-ldbdel">ldbdel</primary>
721	</indexterm>
722	</listitem>
723	</varlistentry>
724
725	<varlistentry id="ldbedit">
726	<term><command>ldbedit</command></term>
727	<listitem>
728	<para>allows you to edit LDB databases using your preferred
729	editor.</para>
730	<indexterm zone="samba3 ldbedit">
731	<primary sortas="b-ldbedit">ldbedit</primary>
732	</indexterm>
733	</listitem>
734	</varlistentry>
735
736	<varlistentry id="ldbmodify">
737	<term><command>ldbmodify</command></term>
738	<listitem>
739	<para>allows you to modify records in an LDB database.</para>
740	<indexterm zone="samba3 ldbmodify">
741	<primary sortas="b-ldbmodify">ldbmodify</primary>
742	</indexterm>
743	</listitem>
744	</varlistentry>
745
746	<varlistentry id="ldbrename">
747	<term><command>ldbrename</command></term>
748	<listitem>
749	<para>allows you to edit LDB databases using your preferred
750	editor.</para>
751	<indexterm zone="samba3 ldbrename">
752	<primary sortas="b-ldbrename">ldbrename</primary>
753	</indexterm>
754	</listitem>
755	</varlistentry>
756
757	<varlistentry id="ldbsearch">
758	<term><command>ldbsearch</command></term>
759	<listitem>
760	<para>searches an LDB database for records matching a specified
761	expression.</para>
762	<indexterm zone="samba3 ldbsearch">
763	<primary sortas="b-ldbsearch">ldbsearch</primary>
764	</indexterm>
765	</listitem>
766	</varlistentry>
767
768	<varlistentry id="net">
769	<term><command>net</command></term>
770	<listitem>
771	<para>is a tool for administration of
772	<application>Samba</application> and remote CIFS servers, similar
773	to the <command>net</command> utility for DOS/Windows.</para>
774	<indexterm zone="samba3 net">
775	<primary sortas="b-net">net</primary>
776	</indexterm>
777	</listitem>
778	</varlistentry>
779
780	<varlistentry id="nmbd">
781	<term><command>nmbd</command></term>
782	<listitem>
783	<para>is the <application>Samba</application>
784	NetBIOS name server.</para>
785	<indexterm zone="samba3 nmbd">
786	<primary sortas="b-nmbd">nmbd</primary>
787	</indexterm>
788	</listitem>
789	</varlistentry>
790
791	<varlistentry id="nmblookup">
792	<term><command>nmblookup</command></term>
793	<listitem>
794	<para>is used to query NetBIOS names and map
795	them to IP addresses.</para>
796	<indexterm zone="samba3 nmblookup">
797	<primary sortas="b-nmblookup">nmblookup</primary>
798	</indexterm>
799	</listitem>
800	</varlistentry>
801
802	<varlistentry id="ntlm_auth">
803	<term><command>ntlm_auth</command></term>
804	<listitem>
805	<para>is a tool to allow external access to Winbind's
806	NTLM authentication function.</para>
807	<indexterm zone="samba3 ntlm_auth">
808	<primary sortas="b-ntlm_auth">ntlm_auth</primary>
809	</indexterm>
810	</listitem>
811	</varlistentry>
812
813	<varlistentry id="pdbedit">
814	<term><command>pdbedit</command></term>
815	<listitem>
816	<para>is a tool used to manage the SAM database.</para>
817	<indexterm zone="samba3 pdbedit">
818	<primary sortas="b-pdbedit">pdbedit</primary>
819	</indexterm>
820	</listitem>
821	</varlistentry>
822
823	<varlistentry id="profiles">
824	<term><command>profiles</command></term>
825	<listitem>
826	<para>is a utility that reports and changes SIDs in Windows
827	registry files. It currently only supports Windows NT.</para>
828	<indexterm zone="samba3 profiles">
829	<primary sortas="b-profiles">profiles</primary>
830	</indexterm>
831	</listitem>
832	</varlistentry>
833
834	<varlistentry id="rpcclient">
835	<term><command>rpcclient</command></term>
836	<listitem>
837	<para>is used to execute MS-RPC client side functions.</para>
838	<indexterm zone="samba3 rpcclient">
839	<primary sortas="b-rpcclient">rpcclient</primary>
840	</indexterm>
841	</listitem>
842	</varlistentry>
843
844	<varlistentry id="sharesec">
845	<term><command>sharesec</command></term>
846	<listitem>
847	<para>manipulates share ACL permissions on SMB file shares.</para>
848	<indexterm zone="samba3 sharesec">
849	<primary sortas="b-sharesec">sharesec</primary>
850	</indexterm>
851	</listitem>
852	</varlistentry>
853
854	<varlistentry id="smbcacls">
855	<term><command>smbcacls</command></term>
856	<listitem>
857	<para>is used to manipulate Windows NT access control lists.</para>
858	<indexterm zone="samba3 smbcacls">
859	<primary sortas="b-smbcacls">smbcacls</primary>
860	</indexterm>
861	</listitem>
862	</varlistentry>
863
864	<varlistentry id="smbclient">
865	<term><command>smbclient</command></term>
866	<listitem>
867	<para>is a SMB/CIFS access utility, similar to FTP.</para>
868	<indexterm zone="samba3 smbclient">
869	<primary sortas="b-smbclient">smbclient</primary>
870	</indexterm>
871	</listitem>
872	</varlistentry>
873
874	<varlistentry id="smbcontrol">
875	<term><command>smbcontrol</command></term>
876	<listitem>
877	<para>is used to control running <command>smbd</command>,
878	<command>nmbd</command> and <command>winbindd</command>
879	daemons.</para>
880	<indexterm zone="samba3 smbcontrol">
881	<primary sortas="b-smbcontrol">smbcontrol</primary>
882	</indexterm>
883	</listitem>
884	</varlistentry>
885
886	<varlistentry id="smbcquotas">
887	<term><command>smbcquotas</command></term>
888	<listitem>
889	<para>is used to manipulate Windows NT quotas on
890	SMB file shares.</para>
891	<indexterm zone="samba3 smbcquotas">
892	<primary sortas="b-smbcquotas">smbcquotas</primary>
893	</indexterm>
894	</listitem>
895	</varlistentry>
896
897	<varlistentry id="smbd">
898	<term><command>smbd</command></term>
899	<listitem>
900	<para>is the main <application>Samba</application> daemon which
901	provides SMB/CIFS services to clients.</para>
902	<indexterm zone="samba3 smbd">
903	<primary sortas="b-smbd">smbd</primary>
904	</indexterm>
905	</listitem>
906	</varlistentry>
907
908	<varlistentry id="smbget">
909	<term><command>smbget</command></term>
910	<listitem>
911	<para>is a simple utility with <command>wget</command>-like
912	semantics, that can download files from SMB servers. You can specify
913	the files you would like to download on the command-line.</para>
914	<indexterm zone="samba3 smbget">
915	<primary sortas="b-smbget">smbget</primary>
916	</indexterm>
917	</listitem>
918	</varlistentry>
919
920	<varlistentry id="smbpasswd">
921	<term><command>smbpasswd</command></term>
922	<listitem>
923	<para>changes a user's <application>Samba</application>
924	password.</para>
925	<indexterm zone="samba3 smbpasswd">
926	<primary sortas="b-smbpasswd">smbpasswd</primary>
927	</indexterm>
928	</listitem>
929	</varlistentry>
930
931	<varlistentry id="smbspool">
932	<term><command>smbspool</command></term>
933	<listitem>
934	<para>sends a print job to an SMB printer.</para>
935	<indexterm zone="samba3 smbspool">
936	<primary sortas="b-smbspool">smbspool</primary>
937	</indexterm>
938	</listitem>
939	</varlistentry>
940
941	<varlistentry id="smbstatus">
942	<term><command>smbstatus</command></term>
943	<listitem>
944	<para>reports current <application>Samba</application>
945	connections.</para>
946	<indexterm zone="samba3 smbstatus">
947	<primary sortas="b-smbstatus">smbstatus</primary>
948	</indexterm>
949	</listitem>
950	</varlistentry>
951
952	<varlistentry id="smbtar">
953	<term><command>smbtar</command></term>
954	<listitem>
955	<para>is a shell script used for backing up SMB/CIFS shares
956	directly to Linux tape drives or a file.</para>
957	<indexterm zone="samba3 smbtar">
958	<primary sortas="b-smbtar">smbtar</primary>
959	</indexterm>
960	</listitem>
961	</varlistentry>
962
963	<varlistentry id="smbtree">
964	<term><command>smbtree</command></term>
965	<listitem>
966	<para>is a text-based SMB network browser.</para>
967	<indexterm zone="samba3 smbtree">
968	<primary sortas="b-smbtree">smbtree</primary>
969	</indexterm>
970	</listitem>
971	</varlistentry>
972
973	<varlistentry id="swat">
974	<term><command>swat</command></term>
975	<listitem>
976	<para>is the <application>Samba</application> Web Administration
977	Tool.</para>
978	<indexterm zone="samba3 swat">
979	<primary sortas="b-swat">swat</primary>
980	</indexterm>
981	</listitem>
982	</varlistentry>
983
984	<varlistentry id="tdbbackup">
985	<term><command>tdbbackup</command></term>
986	<listitem>
987	<para>is a tool for backing up or validating the integrity of
988	<application>Samba</application> <filename>.tdb</filename>
989	files.</para>
990	<indexterm zone="samba3 tdbbackup">
991	<primary sortas="b-tdbbackup">tdbbackup</primary>
992	</indexterm>
993	</listitem>
994	</varlistentry>
995
996	<varlistentry id="tdbdump">
997	<term><command>tdbdump</command></term>
998	<listitem>
999	<para> is a tool used to print the contents of a
1000	<application>Samba</application> <filename>.tdb</filename>
1001	file.</para>
1002	<indexterm zone="samba3 tdbdump">
1003	<primary sortas="b-tdbdump">tdbdump</primary>
1004	</indexterm>
1005	</listitem>
1006	</varlistentry>
1007
1008	<varlistentry id="tdbtool">
1009	<term><command>tdbtool</command></term>
1010	<listitem>
1011	<para>is a tool which allows simple database manipulation from the
1012	command line.</para>
1013	<indexterm zone="samba3 tdbtool">
1014	<primary sortas="b-tdbtool">tdbtool</primary>
1015	</indexterm>
1016	</listitem>
1017	</varlistentry>
1018
1019	<varlistentry id="testparm">
1020	<term><command>testparm</command></term>
1021	<listitem>
1022	<para>checks an <filename>smb.conf</filename> file for proper
1023	syntax.</para>
1024	<indexterm zone="samba3 testparm">
1025	<primary sortas="b-testparm">testparm</primary>
1026	</indexterm>
1027	</listitem>
1028	</varlistentry>
1029
1030	<varlistentry id="wbinfo">
1031	<term><command>wbinfo</command></term>
1032	<listitem>
1033	<para>queries a running <command>winbindd</command> daemon.</para>
1034	<indexterm zone="samba3 wbinfo">
1035	<primary sortas="b-wbinfo">wbinfo</primary>
1036	</indexterm>
1037	</listitem>
1038	</varlistentry>
1039
1040	<varlistentry id="winbindd">
1041	<term><command>winbindd</command></term>
1042	<listitem>
1043	<para>resolves names from Windows NT servers.</para>
1044	<indexterm zone="samba3 winbindd">
1045	<primary sortas="b-winbindd">winbindd</primary>
1046	</indexterm>
1047	</listitem>
1048	</varlistentry>
1049
1050	<varlistentry id="libnss_winbind">
1051	<term><filename class='libraryfile'>libnss_winbind.so</filename></term>
1052	<listitem>
1053	<para>provides Name Service Switch API functions for resolving names
1054	from NT servers.</para>
1055	<indexterm zone="samba3 libnss_winbind">
1056	<primary sortas="c-libnss_winbind">libnss_winbind.so</primary>
1057	</indexterm>
1058	</listitem>
1059	</varlistentry>
1060
1061	<varlistentry id="libnss_wins">
1062	<term><filename class='libraryfile'>libnss_wins.so</filename></term>
1063	<listitem>
1064	<para>provides API functions for Samba's implementation of the
1065	Windows Internet Naming Service.</para>
1066	<indexterm zone="samba3 libnss_wins">
1067	<primary sortas="c-libnss_wins">libnss_wins.so</primary>
1068	</indexterm>
1069	</listitem>
1070	</varlistentry>
1071
1072	<varlistentry id="libnetapi">
1073	<term><filename class='libraryfile'>libnetapi.so</filename></term>
1074	<listitem>
1075	<para>provides the API functions for the administration tools used
1076	for Samba and remote CIFS servers.</para>
1077	<indexterm zone="samba3 libnetapi">
1078	<primary sortas="c-libnetapi">libnetapi.so</primary>
1079	</indexterm>
1080	</listitem>
1081	</varlistentry>
1082
1083	<varlistentry id="libsmbclient">
1084	<term><filename class='libraryfile'>libsmbclient.so</filename></term>
1085	<listitem>
1086	<para>provides the API functions for the Samba SMB client tools.</para>
1087	<indexterm zone="samba3 libsmbclient">
1088	<primary sortas="c-libsmbclient">libsmbclient.so</primary>
1089	</indexterm>
1090	</listitem>
1091	</varlistentry>
1092
1093	<varlistentry id="libsmbsharemodes">
1094	<term><filename class='libraryfile'>libsmbsharemodes.so</filename></term>
1095	<listitem>
1096	<para>provides API functions for accessing SMB share modes
1097	(locks etc.)</para>
1098	<indexterm zone="samba3 libsmbsharemodes">
1099	<primary sortas="c-libsmbsharemodes">libsmbsharemodes.so</primary>
1100	</indexterm>
1101	</listitem>
1102	</varlistentry>
1103
1104	<varlistentry id="libwbclient">
1105	<term><filename class='libraryfile'>libwbclient.so</filename></term>
1106	<listitem>
1107	<para>provides API functions for Windows domain client services.</para>
1108	<indexterm zone="samba3 libwbclient">
1109	<primary sortas="c-libwbclient">libwbclient.so</primary>
1110	</indexterm>
1111	</listitem>
1112	</varlistentry>
1113
1114	</variablelist>
1115
1116	</sect2>
1117
1118	</sect1>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: networking/netprogs/samba3.xml@ 14ee86d

Download in other formats: