source: server/major/samba3.xml@ 1970f00

10.0 10.1 11.0 11.1 11.2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 krejzi/svn lazarus nosym perl-modules qt5new systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/soup3 xry111/test-20220226
Last change on this file since 1970f00 was 1970f00, checked in by Randy McMurchy <randy@…>, 15 years ago

Updated to Python-2.5.2

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@7286 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 40.8 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY samba3-download-http "http://us1.samba.org/samba/ftp/stable/samba-&samba3-version;.tar.gz">
8 <!ENTITY samba3-download-ftp "ftp://us5.samba.org/pub/samba-ftp/samba-&samba3-version;.tar.gz">
9 <!ENTITY samba3-md5sum "e4979a6aa6f18f0e36bacc25cab7b02d">
10 <!ENTITY samba3-size "18.1 MB">
11 <!ENTITY samba3-buildsize "238 MB">
12 <!ENTITY samba3-time "2.3 SBU (additional 1.0 SBU to run the test suite)">
13]>
14
15<sect1 id="samba3" xreflabel="Samba-&samba3-version;">
16 <?dbhtml filename="samba3.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>Samba-&samba3-version;</title>
24
25 <indexterm zone="samba3">
26 <primary sortas="a-Samba">Samba</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to Samba</title>
31
32 <para>The <application>Samba</application> package provides file and print
33 services to SMB/CIFS clients and Windows networking to Linux clients.
34 <application>Samba</application> can also be configured as a Windows NT
35 4.0 Domain Controller replacement (with caveats working with NT PDC's and
36 BDC's), a file/print server acting as a member of a Windows NT 4.0 or
37 Active Directory domain and a NetBIOS (rfc1001/1002) nameserver (which
38 amongst other things provides LAN browsing support).</para>
39
40 <bridgehead renderas="sect3">Package Information</bridgehead>
41 <itemizedlist spacing="compact">
42 <listitem>
43 <para>Download (HTTP): <ulink url="&samba3-download-http;"/></para>
44 </listitem>
45 <listitem>
46 <para>Download (FTP): <ulink url="&samba3-download-ftp;"/></para>
47 </listitem>
48 <listitem>
49 <para>Download MD5 sum: &samba3-md5sum;</para>
50 </listitem>
51 <listitem>
52 <para>Download size: &samba3-size;</para>
53 </listitem>
54 <listitem>
55 <para>Estimated disk space required: &samba3-buildsize;</para>
56 </listitem>
57 <listitem>
58 <para>Estimated build time: &samba3-time;</para>
59 </listitem>
60 </itemizedlist>
61
62 <!--<bridgehead renderas="sect3">Additional Downloads</bridgehead>
63 <itemizedlist spacing="compact">
64 <listitem>
65 <para>Required patch: <ulink
66 url="http://us3.samba.org/samba/patches/patches-&samba3-version;/spoolss.diff"/></para>
67 </listitem>
68 </itemizedlist> -->
69
70 <bridgehead renderas="sect3">Samba Dependencies</bridgehead>
71
72 <bridgehead renderas="sect4">Optional</bridgehead>
73 <para role="optional"><xref linkend="popt"/>,
74 <xref linkend="linux-pam"/>,
75 <xref linkend="cups"/>,
76 <xref linkend="openldap"/>,
77 <xref linkend="gamin"/>,
78 <xref linkend="heimdal"/> or <xref linkend="mitkrb"/>,
79 <xref linkend="python"/> (to build Samba API bindings for the
80 <application>Python</application> installation),
81 <ulink url="ftp://oss.sgi.com/projects/xfs/cmd_tars/">libacl</ulink>
82 (requires <ulink url="ftp://oss.sgi.com/projects/xfs/cmd_tars/">libattr</ulink>),
83 and <ulink url="http://valgrind.kde.org/">Valgrind</ulink> (optionally
84 used by the test suite)</para>
85
86 <para condition="html" role="usernotes">User Notes:
87 <ulink url="&blfs-wiki;/samba3"/></para>
88
89 </sect2>
90
91 <sect2 role="installation">
92 <title>Installation of Samba</title>
93
94 <note>
95 <para>If you wish to run the test suite after the binaries are built,
96 you must add the <option>--enable-socket-wrapper</option> parameter to
97 the <command>configure</command> script below. You may want to run
98 <command>configure</command> with the <option>--help</option> parameter
99 first. There may be other parameters needed to take advantage of
100 optional dependencies.</para>
101 </note>
102
103 <para>Install <application>Samba</application> by running the following
104 commands:</para>
105
106<!-- <screen><userinput>for FILENAME in $(ls ../*.diff); do patch -Np1 -i $FILENAME; done &amp;&amp; -->
107
108<screen><userinput>cd source &amp;&amp;
109
110./configure \
111 --prefix=/usr \
112 --sysconfdir=/etc \
113 --localstatedir=/var \
114 --with-piddir=/var/run \
115 --with-pammodulesdir=/lib/security \
116 --with-fhs \
117 --with-smbmount &amp;&amp;
118make</userinput></screen>
119
120 <para>You must become the <systemitem class="username">root</systemitem>
121 user to run the test framework. To run the tests, issue:
122 <command>make test</command>. If you have
123 <application>Linux-PAM</application> installed and built the PAM library
124 modules, you can perform a dlopen test by issuing:
125 <command>make test_pam_modules</command>.</para>
126
127 <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
128
129<screen role="root"><userinput>make install &amp;&amp;
130mv -v /usr/lib/samba/libsmbclient.so /usr/lib &amp;&amp;
131ln -v -sf ../libsmbclient.so /usr/lib/samba &amp;&amp;
132ln -v -sf libsmbclient.so /usr/lib/libsmbclient.so.0 &amp;&amp;
133
134chmod -v 644 /usr/include/lib{smbclient,msrpc}.h &amp;&amp;
135
136install -v -m755 nsswitch/libnss_win{s,bind}.so /lib &amp;&amp;
137ln -v -sf libnss_winbind.so /lib/libnss_winbind.so.2 &amp;&amp;
138ln -v -sf libnss_wins.so /lib/libnss_wins.so.2 &amp;&amp;
139
140install -v -m644 ../examples/smb.conf.default /etc/samba &amp;&amp;
141
142install -v -m755 -d /usr/share/doc/samba-&samba3-version; &amp;&amp;
143install -v -m644 ../docs/*.pdf /usr/share/doc/samba-&samba3-version; &amp;&amp;
144ln -v -s ../../samba/swat /usr/share/doc/samba-&samba3-version;</userinput></screen>
145
146 <para>If you passed the <option>--with-python</option> option to the
147 <command>configure</command> script, issue the following command as the
148 <systemitem class="username">root</systemitem> user to install the
149 <application>Python</application> extensions:</para>
150
151<screen role="root"><userinput>make python_install</userinput></screen>
152
153 </sect2>
154
155 <sect2 role="commands">
156 <title>Command Explanations</title>
157
158 <para><parameter>--sysconfdir=/etc</parameter>: Sets the configuration
159 file directory to avoid the default of
160 <filename class="directory">/usr/etc</filename>.</para>
161
162 <para><parameter>--localstatedir=/var</parameter>: Sets the variable
163 data directory to avoid the default of
164 <filename class="directory">/usr/var</filename>.</para>
165
166 <para><parameter>--with-fhs</parameter>: Assigns all other file paths in
167 a manner compliant with the Filesystem Hierarchy Standard (FHS).</para>
168
169 <para><parameter>--with-smbmount</parameter>: Orders the creation of an
170 extra binary for use by the <command>mount</command> command so that
171 mounting remote SMB (Windows) shares becomes no more complex than
172 mounting remote NFS shares.</para>
173
174 <para><option>--with-pam</option>: Use this parameter to link
175 <application>Linux-PAM</application> into the build. This
176 also builds the <filename class='libraryfile'>pam_winbind.so</filename>
177 and <filename class='libraryfile'>pam_smbpass.so</filename>
178 <application>PAM</application> modules. You can find
179 instructions on how to configure and use the
180 <filename class='libraryfile'>pam_winbind.so</filename>module by running
181 <command>man winbindd</command>.</para>
182
183 <para><command>mv -v /usr/lib/samba/libsmbclient.so ...; ln -v -sf
184 ../libsmbclient.so ...</command>: The
185 <filename class='libraryfile'>libsmbclient.so</filename> library is needed
186 by other packages. This command moves it to a location where other packages
187 can find it.</para>
188
189 <para><command>install -v -m755 nsswitch/libnss_win{s,bind}.so /lib</command>:
190 The nss libraries are not installed by default. If you intend to use
191 winbindd for domain auth, and/or WINS name resolution,
192 you need these libraries.</para>
193
194 <para><command>ln -v -sf libnss_winbind.so /lib/libnss_winbind.so.2</command>
195 and <command>ln -v -sf libnss_wins.so /lib/libnss_wins.so.2</command>:
196 These symlinks are required by glibc to use the NSS
197 libraries.</para>
198
199 <para><command>install -v -m644 ../examples/smb.conf.default
200 /etc/samba</command>: This copies a default <filename>smb.conf</filename>
201 file into <filename>/etc/samba</filename>. This sample configuration will
202 not work until you copy it to <filename>/etc/samba/smb.conf</filename> and
203 make the appropriate changes for your installation. See the configuration
204 section for minimum values which must be set.</para>
205
206 </sect2>
207
208 <sect2 role="configuration">
209 <title>Configuring Samba</title>
210
211 <sect3 id="samba3-config">
212 <title>Config Files</title>
213
214 <para>/etc/samba/smb.conf</para>
215
216 <indexterm zone="samba3 samba3-config">
217 <primary sortas="e-etc-samba-smb.conf">/etc/samba/smb.conf</primary>
218 </indexterm>
219
220 </sect3>
221
222 <sect3>
223 <title>Mounting Shares by Unprivileged Users</title>
224
225 <para>If it is desired for unprivileged users to directly mount (and
226 unmount) SMB and CIFS shares, the <command>smbmnt</command>,
227 <command>smbumount</command>, <command>mount.cifs</command> and
228 <command>umount.cifs</command> commands must be setuid
229 <systemitem class='username'>root</systemitem>. Note that users can
230 only mount SMB/CIFS shares on a mount point owned by that user (requires
231 write access also). If desired, change these programs to setuid
232 <systemitem class='username'>root</systemitem> by issuing the following
233 command as the <systemitem class='username'>root</systemitem>
234 user:</para>
235
236<screen role="root"><userinput>chmod -v 4755 /usr/bin/smb{mnt,umount} \
237 /usr/sbin/{,u}mount.cifs</userinput></screen>
238
239 </sect3>
240
241 <sect3>
242 <title>Printing to SMB Clients</title>
243
244 <para>If you use <application>CUPS</application> for print services,
245 and you wish to print to a printer attached to an SMB client, you
246 need to create an SMB backend device. To create the device, issue the
247 following command as the <systemitem class="username">root</systemitem>
248 user:</para>
249
250<screen role="root"><userinput>ln -v -sf /usr/bin/smbspool /usr/lib/cups/backend/smb</userinput></screen>
251
252 </sect3>
253
254 <sect3>
255 <title>Configuration Information</title>
256
257 <para>Due to the complexity and the many various uses for
258 <application>Samba</application>, complete configuration for all the
259 package's capabilities is well beyond the scope of the BLFS book. This
260 section provides instructions to configure the
261 <filename>/etc/samba/smb.conf</filename> file for two common scenarios.
262 The complete contents of <filename>/etc/samba/smb.conf</filename> will
263 depend on the purpose of <application>Samba</application>
264 installation.</para>
265
266 <note>
267 <para>You may find it easier to copy the configuration parameters shown
268 below into an empty <filename>/etc/samba/smb.conf</filename> file
269 instead of copying and editing the default file as mentioned in the
270 <quote>Command Explanations</quote> section. How you create/edit the
271 <filename>/etc/samba/smb.conf</filename> file will be left up to
272 you. Do ensure the file is only writeable by the
273 <systemitem class="username">root</systemitem> user (mode 644).</para>
274 </note>
275
276 <sect4>
277 <title>Scenario 1: Minimal Standalone Client-Only Installation</title>
278
279 <para>Choose this variant if you only want to transfer files using
280 <command>smbclient</command>, mount Windows shares and print to Windows
281 printers, and don't want to share your files and printers to Windows
282 machines.</para>
283
284 <para>A <filename>/etc/samba/smb.conf</filename> file with the following
285 three parameters is sufficient:</para>
286
287<screen role='root'><literal>[global]
288 workgroup = <replaceable>MYGROUP</replaceable>
289 dos charset = <replaceable>cp850</replaceable>
290 unix charset = <replaceable>ISO-8859-1</replaceable></literal></screen>
291
292 <para>The values in this example specify that the computer belongs to a
293 Windows workgroup named
294 <quote><replaceable>MYGROUP</replaceable></quote>, uses the
295 <quote><replaceable>cp850</replaceable></quote> character set on the
296 wire when talking to MS-DOS and MS Windows 9x, and that the filenames
297 are stored in the <quote><replaceable>ISO-8859-1</replaceable></quote>
298 encoding on the disk. Adjust these values appropriately for your
299 installation. The <quote>unix charset</quote> value must be the same as
300 the output of <command>locale charmap</command> when executed with the
301 <envar>LANG</envar> variable set to your preferred locale, otherwise the
302 <command>ls</command> command may not display correct filenames of
303 downloaded files.</para>
304
305 <para>There is no need to run any <application>Samba</application>
306 servers in this scenario, thus you don't need to install the provided
307 bootscripts.</para>
308
309 </sect4>
310
311 <sect4>
312 <title>Scenario 2: Standalone File/Print Server</title>
313
314 <para>Choose this variant if you want to share your files and printers
315 to Windows machines in your workgroup in addition to the capabilities
316 described in Scenario 1.</para>
317
318 <para>In this case, the <filename>/etc/samba/smb.conf.default</filename>
319 file may be a good template to start from. Also add
320 <quote>dos charset</quote> and <quote>unix charset</quote> parameters
321 to the <quote>[global]</quote> section as described in Scenario 1 in
322 order to prevent filename corruption.</para>
323
324 <para>The following configuration file creates a separate share for each
325 user's home directory and also makes all printers available to Windows
326 machines:</para>
327
328<screen role='root'><literal>[global]
329 workgroup = <replaceable>MYGROUP</replaceable>
330 dos charset = <replaceable>cp850</replaceable>
331 unix charset = <replaceable>ISO-8859-1</replaceable>
332
333[homes]
334 comment = Home Directories
335 browseable = no
336 writable = yes
337
338[printers]
339 comment = All Printers
340 path = /var/spool/samba
341 browseable = no
342 guest ok = no
343 printable = yes</literal></screen>
344
345 <para>Other parameters you may wish to customize in the
346 <quote>[global]</quote> section include:</para>
347
348<screen role='root'><literal> server string =
349 security =
350 hosts allow =
351 load printers =
352 log file =
353 max log size =
354 socket options =
355 local master =</literal></screen>
356
357 <para>Reference the comments in the
358 <filename>/etc/samba/smb.conf.default</filename> file for information
359 regarding these parameters.</para>
360
361 <para>Since the <command>smbd</command> and <command>nmbd</command>
362 daemons are needed in this case, install the <filename>samba</filename>
363 bootscript. Be sure to run <command>smbpasswd</command> (with the
364 <option>-a</option> option to add users) to enable and
365 set passwords for all accounts that need
366 <application>Samba</application> access, or use the SWAT web interface
367 (see below) to do the same. Using the default
368 <application>Samba</application> passdb backend, any user you attempt
369 to add will also be required to exist in the
370 <filename>/etc/passwd</filename> file.</para>
371
372 </sect4>
373
374 <sect4>
375 <title>Advanced Requirements</title>
376
377 <para>More complex scenarios involving domain control or membership are
378 possible if the right flags are passed to the ./configure script when
379 the package is built. Such setups are advanced topics and cannot be
380 adequately covered in BLFS. Many complete books have been written on
381 these topics alone. It should be noted, however, that a
382 <application>Samba</application> BDC cannot be used as a fallback
383 for a Windows PDC, and conversely, a Windows BDC cannot be used as a
384 fallback for a <application>Samba</application> PDC. Also in some
385 domain membership scenarios, the <command>winbindd</command> daemon and
386 the corresponding bootscript are needed.</para>
387
388 <para>There is quite a bit of documentation available which covers many
389 of these advanced configurations. Point your web browser to the links
390 below to view some of the documentation included with the
391 <application>Samba</application> package:</para>
392
393 <itemizedlist spacing='compact'>
394 <listitem>
395 <para>Using Samba, 2nd Edition; a popular book published by O'Reilly
396 <ulink url="file:///usr/share/samba/swat/using_samba/toc.html"/></para>
397 </listitem>
398 <listitem>
399 <para>The Official Samba HOWTO and Reference Guide <ulink
400 url="file:///usr/share/samba/swat/help/Samba-HOWTO-Collection/index.html"/>
401 </para>
402 </listitem>
403 <listitem>
404 <para>Samba-3 by Example
405 <ulink url="file:///usr/share/samba/swat/help/Samba-Guide/index.html"/>
406 </para>
407 </listitem>
408 <listitem>
409 <para>The Samba-3 man Pages
410 <ulink url="file:///usr/share/samba/swat/help/samba.7.html"/></para>
411 </listitem>
412 </itemizedlist>
413
414 </sect4>
415
416 </sect3>
417
418 <sect3 id="samba3-swat-config">
419 <title>Configuring SWAT</title>
420
421 <para>The built in SWAT (<application>Samba</application> Web
422 Administration Tool) utility can be used for basic configuration of
423 the <application>Samba</application> installation, but because it may
424 be inconvenient, undesirable or perhaps even impossible to gain
425 access to the console, BLFS recommends setting up access to SWAT using
426 <application>Stunnel</application>. Without
427 <application>Stunnel</application>, the
428 <systemitem class="username">root</systemitem> password is transmitted
429 in clear text over the wire, and is considered an unacceptable security
430 risk. After considering the security implications of using SWAT without
431 <application>Stunnel</application>, and you still wish to implement SWAT
432 without it, instructions are provided at this end of this section.</para>
433
434 <indexterm zone="samba3 samba3-swat-config">
435 <primary sortas="g-SWAT">SWAT</primary>
436 </indexterm>
437
438 <sect4>
439 <title>Setting up SWAT using Stunnel</title>
440
441 <para>First install, or ensure you have already installed, the
442 <xref linkend="stunnel"/> package.</para>
443
444 <para>Next you must add entries to <filename>/etc/services</filename>
445 and modify the <command>inetd</command>/<command>xinetd</command>
446 configuration.</para>
447
448 <indexterm zone="samba3 samba3-swat-config">
449 <primary sortas="e-etc-services">/etc/services</primary>
450 </indexterm>
451
452 <indexterm zone="samba3 samba3-swat-config">
453 <primary sortas="e-etc-inetd.conf">/etc/inetd.conf</primary>
454 </indexterm>
455
456 <indexterm zone="samba3 samba3-swat-config">
457 <primary sortas="e-etc-xinetd.conf">/etc/xinetd.conf</primary>
458 </indexterm>
459
460 <para>Add swat and swat_tunnel entries to
461 <filename>/etc/services</filename> with the following commands issued
462 as the <systemitem class="username">root</systemitem> user:</para>
463
464<screen role="root"><userinput>echo "swat 904/tcp" &gt;&gt; /etc/services &amp;&amp;
465echo "swat_tunnel 905/tcp" &gt;&gt; /etc/services</userinput></screen>
466
467 <para>If <command>inetd</command> is used, the following command will
468 add the swat_tunnel entry to <filename>/etc/inetd.conf</filename> (as
469 user <systemitem class="username">root</systemitem>):</para>
470
471<screen role="root"><userinput>echo "swat_tunnel stream tcp nowait.400 root /usr/sbin/swat swat" \
472 &gt;&gt; /etc/inetd.conf</userinput></screen>
473
474 <para>Issue a <command>killall -HUP inetd</command> to reread the
475 changed <filename>inetd.conf</filename> file.</para>
476
477 <para>If you use <command>xinetd</command>, the following command will
478 create the <application>Samba</application> file as
479 <filename>/etc/xinetd.d/swat_tunnel</filename> (you may need to modify
480 or remove the <quote>only_from</quote> line to include the desired
481 host[s]):</para>
482
483<screen role="root"><userinput>cat &gt;&gt; /etc/xinetd.d/swat_tunnel &lt;&lt; "EOF"
484<literal># Begin /etc/xinetd.d/swat_tunnel
485
486service swat_tunnel
487{
488 port = 905
489 socket_type = stream
490 wait = no
491 only_from = 127.0.0.1
492 user = root
493 server = /usr/sbin/swat
494 log_on_failure += USERID
495}
496
497# End /etc/xinetd.d/swat_tunnel</literal>
498EOF</userinput></screen>
499
500 <indexterm zone="samba3 samba3-swat-config">
501 <primary sortas="e-etc-xinetd.d-swat-tunnel">/etc/xinetd.d/swat_tunnel</primary>
502 </indexterm>
503
504 <para>Issue a <command>killall -HUP xinetd</command> to read the new
505 <filename>/etc/xinetd.d/swat_tunnel</filename> file.</para>
506
507 <para>Next, you must add an entry for the swat service to the
508 <filename>/etc/stunnel/stunnel.conf</filename> file (as user
509 <systemitem class="username">root</systemitem>):</para>
510
511 <indexterm zone="samba3 samba3-swat-config">
512 <primary sortas="e-etc-stunnel-stunnel.conf">/etc/stunnel/stunnel.conf</primary>
513 </indexterm>
514
515<screen role="root"><userinput>cat &gt;&gt; /etc/stunnel/stunnel.conf &lt;&lt; "EOF"
516<literal>[swat]
517accept = 904
518connect = 905
519TIMEOUTclose = 1</literal>
520
521EOF</userinput></screen>
522
523 <para>Restart the <command>stunnel</command> daemon using the following
524 command as the <systemitem class="username">root</systemitem> user:</para>
525
526<screen role="root"><userinput>/etc/rc.d/init.d/stunnel restart</userinput></screen>
527
528 <para>SWAT can be launched by pointing your web browser to
529 <uri>https://<replaceable>&lt;CA_DN_field&gt;</replaceable>:904</uri>.
530 Substitute the hostname listed in the DN field of the CA certificate
531 used with <application>Stunnel</application> for
532 <replaceable>&lt;CA_DN_field&gt;</replaceable>.</para>
533
534 </sect4>
535
536 <sect4>
537 <title>Setting up SWAT without Stunnel</title>
538
539 <warning>
540 <para>BLFS does not recommend using these procedures because of the
541 security risk involved. However, in a home network environment and
542 disclosure of the <systemitem class='username'>root</systemitem>
543 password is an acceptable risk, the following
544 instructions are provided for your convenience.</para>
545 </warning>
546
547 <para>Add a swat entry to <filename>/etc/services</filename> with the
548 following command issued as the
549 <systemitem class='username'>root</systemitem> user:</para>
550
551<screen role='root'><userinput>echo "swat 904/tcp" &gt;&gt; /etc/services</userinput></screen>
552
553 <para>If <command>inetd</command> is used, the following command
554 issued as the <systemitem class='username'>root</systemitem> user will
555 add a swat entry to the <filename>/etc/inetd.conf</filename> file:</para>
556
557<screen role='root'><userinput>echo "swat stream tcp nowait.400 root /usr/sbin/swat swat" \
558 &gt;&gt; /etc/inetd.conf</userinput></screen>
559
560 <para>Issue a <command>killall -HUP inetd</command> to reread the
561 changed <filename>inetd.conf</filename> file.</para>
562
563 <para>If <command>xinetd</command> is used, the following command
564 issued as the <systemitem class='username'>root</systemitem> user
565 will create an <filename>/etc/xinetd.d/swat</filename> file:</para>
566
567<screen role='root'><userinput>cat &gt;&gt; /etc/xinetd.d/swat &lt;&lt; "EOF"
568<literal># Begin /etc/xinetd.d/swat
569
570service swat
571{
572 port = 904
573 socket_type = stream
574 wait = no
575 only_from = 127.0.0.1
576 user = root
577 server = /usr/sbin/swat
578 log_on_failure += USERID
579}
580
581# End /etc/xinetd.d/swat</literal>
582EOF</userinput></screen>
583
584 <para>Issue a <command>killall -HUP xinetd</command> to read the
585 new <filename>/etc/xinetd.d/swat</filename> file.</para>
586
587 <para>SWAT can be launched by pointing your web browser to
588 http://localhost:904.</para>
589
590 </sect4>
591
592 </sect3>
593
594 <sect3>
595 <title/>
596
597 <note>
598 <para>If you linked <application>Linux-PAM</application> into the
599 <application>Samba</application> build, you'll need to create an
600 <filename>/etc/pam.d/samba</filename> file.</para>
601 </note>
602
603 <indexterm zone="samba3 samba3-swat-config">
604 <primary sortas="e-etc-pam.d-samba">/etc/pam.d/samba</primary>
605 </indexterm>
606
607 </sect3>
608
609 <sect3 id="samba3-init">
610 <title>Boot Script</title>
611
612 <para>For your convenience, boot scripts have been provided for
613 <application>Samba</application>. There are two included in the
614 <xref linkend="bootscripts"/> package. The first,
615 <filename>samba</filename>, will start the <command>smbd</command>
616 and <command>nmbd</command> daemons needed to provide SMB/CIFS
617 services. The second script, <filename>winbind</filename>, starts
618 the <command>winbindd</command> daemon, used for providing Windows
619 domain services to Linux clients.</para>
620
621 <indexterm zone="samba3 samba3-init">
622 <primary sortas="f-samba">samba</primary>
623 </indexterm>
624
625 <indexterm zone="samba3 samba3-init">
626 <primary sortas="f-winbind">winbind</primary>
627 </indexterm>
628
629 <para>The default <application>Samba</application> installation uses the
630 <systemitem class='username'>nobody</systemitem> user for guest access
631 to the server. This can be overridden by setting the
632 <option>guest account =</option> parameter in the
633 <filename>/etc/samba/smb.conf</filename> file. If you utilize the
634 <option>guest account =</option> parameter, ensure this user exists in
635 the <filename>/etc/passwd</filename> file. To use the default user,
636 issue the following commands as the
637 <systemitem class='username'>root</systemitem> user:</para>
638
639<screen><userinput>groupadd -g 99 nogroup &amp;&amp;
640useradd -c "Unprivileged Nobody" -d /dev/null -g nogroup \
641 -s /bin/false -u 99 nobody</userinput></screen>
642
643 <para>Install the <filename>samba</filename> script with the following
644 command issued as the <systemitem class="username">root</systemitem>
645 user:</para>
646
647<screen role="root"><userinput>make install-samba</userinput></screen>
648
649 <para>If you also need the <filename>winbind</filename>
650 script:</para>
651
652<screen role="root"><userinput>make install-winbind</userinput></screen>
653
654 </sect3>
655
656 </sect2>
657
658 <sect2 role="content">
659 <title>Contents</title>
660
661 <segmentedlist>
662 <segtitle>Installed Programs</segtitle>
663 <segtitle>Installed Libraries</segtitle>
664 <segtitle>Installed Directories</segtitle>
665
666<!--newprogs: eventlogadm smbget-->
667
668 <seglistitem>
669 <seg>eventlogadm, findsmb, mount.cifs, mount.smbfs, net, nmbd,
670 nmblookup, ntlm_auth, pdbedit, profiles, rpcclient, smbcacls,
671 smbclient, smbcontrol, smbcquotas, smbd, smbget, smbmnt, smbmount,
672 smbpasswd, smbspool, smbstatus, smbtar, smbtree, smbumount, swat,
673 tdbbackup, tdbdump, tdbtool, testparm, unmount.cifs, wbinfo
674 and winbindd</seg>
675 <seg>libnss_winbind.so, libnss_wins.so, libsmbclient.so, libmsrpc.so,
676 the pam_winbind.so and pam_smbpass.so PAM libraries, and assorted
677 character set, filesystem and support modules.</seg>
678 <seg>/etc/samba, /usr/lib/python&python-majorver;/site-packages/samba,
679 /usr/lib/samba, /usr/share/doc/samba-&samba3-version;,
680 /usr/share/samba, /var/lib/samba and /var/log/samba</seg>
681 </seglistitem>
682 </segmentedlist>
683
684 <variablelist>
685 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
686 <?dbfo list-presentation="list"?>
687 <?dbhtml list-presentation="table"?>
688
689 <varlistentry id="eventlogadm">
690 <term><command>eventlogadm</command></term>
691 <listitem>
692 <para>is used to write records to eventlogs from STDIN, add the
693 specified source and DLL eventlog registry entries and display the
694 active eventlog names (from <filename>smb.conf</filename>).</para>
695 <indexterm zone="samba3 eventlogadm">
696 <primary sortas="b-eventlogadm">eventlogadm</primary>
697 </indexterm>
698 </listitem>
699 </varlistentry>
700
701 <varlistentry id="findsmb">
702 <term><command>findsmb</command></term>
703 <listitem>
704 <para>lists information about machines that respond to
705 SMB name queries on a subnet.</para>
706 <indexterm zone="samba3 findsmb">
707 <primary sortas="b-findsmb">findsmb</primary>
708 </indexterm>
709 </listitem>
710 </varlistentry>
711
712 <varlistentry id="mount.cifs">
713 <term><command>mount.cifs</command></term>
714 <listitem>
715 <para>mounts a Linux CIFS filesystem. It is usually invoked
716 indirectly by the <command>mount</command> command when using the
717 <option>-t cifs</option> option.</para>
718 <indexterm zone="samba3 mount.cifs">
719 <primary sortas="b-mount.cifs">mount.cifs</primary>
720 </indexterm>
721 </listitem>
722 </varlistentry>
723
724 <varlistentry id="mount.smbfs">
725 <term><command>mount.smbfs</command></term>
726 <listitem>
727 <para>is a symlink to <command>smbmount</command> which provides
728 <command>/bin/mount</command> with a way to mount remote Windows
729 (or <application>Samba</application>) fileshares.</para>
730 <indexterm zone="samba3 mount.smbfs">
731 <primary sortas="b-mount.smbfs">mount.smbfs</primary>
732 </indexterm>
733 </listitem>
734 </varlistentry>
735
736 <varlistentry id="net">
737 <term><command>net</command></term>
738 <listitem>
739 <para>is a tool for administration of
740 <application>Samba</application> and remote CIFS servers, similar
741 to the <command>net</command> utility for DOS/Windows.</para>
742 <indexterm zone="samba3 net">
743 <primary sortas="b-net">net</primary>
744 </indexterm>
745 </listitem>
746 </varlistentry>
747
748 <varlistentry id="nmbd">
749 <term><command>nmbd</command></term>
750 <listitem>
751 <para>is the <application>Samba</application>
752 NetBIOS name server.</para>
753 <indexterm zone="samba3 nmbd">
754 <primary sortas="b-nmbd">nmbd</primary>
755 </indexterm>
756 </listitem>
757 </varlistentry>
758
759 <varlistentry id="nmblookup">
760 <term><command>nmblookup</command></term>
761 <listitem>
762 <para>is used to query NetBIOS names and map
763 them to IP addresses.</para>
764 <indexterm zone="samba3 nmblookup">
765 <primary sortas="b-nmblookup">nmblookup</primary>
766 </indexterm>
767 </listitem>
768 </varlistentry>
769
770 <varlistentry id="ntlm_auth">
771 <term><command>ntlm_auth</command></term>
772 <listitem>
773 <para>is a tool to allow external access to Winbind's
774 NTLM authentication function.</para>
775 <indexterm zone="samba3 ntlm_auth">
776 <primary sortas="b-ntlm_auth">ntlm_auth</primary>
777 </indexterm>
778 </listitem>
779 </varlistentry>
780
781 <varlistentry id="pdbedit">
782 <term><command>pdbedit</command></term>
783 <listitem>
784 <para>is a tool used to manage the SAM database.</para>
785 <indexterm zone="samba3 pdbedit">
786 <primary sortas="b-pdbedit">pdbedit</primary>
787 </indexterm>
788 </listitem>
789 </varlistentry>
790
791 <varlistentry id="profiles">
792 <term><command>profiles</command></term>
793 <listitem>
794 <para>is a utility that reports and changes SIDs in Windows
795 registry files. It currently only supports Windows NT.</para>
796 <indexterm zone="samba3 profiles">
797 <primary sortas="b-profiles">profiles</primary>
798 </indexterm>
799 </listitem>
800 </varlistentry>
801
802 <varlistentry id="rpcclient">
803 <term><command>rpcclient</command></term>
804 <listitem>
805 <para>is used to execute MS-RPC client side functions.</para>
806 <indexterm zone="samba3 rpcclient">
807 <primary sortas="b-rpcclient">rpcclient</primary>
808 </indexterm>
809 </listitem>
810 </varlistentry>
811
812 <varlistentry id="smbcacls">
813 <term><command>smbcacls</command></term>
814 <listitem>
815 <para>is used to manipulate Windows NT access control lists.</para>
816 <indexterm zone="samba3 smbcacls">
817 <primary sortas="b-smbcacls">smbcacls</primary>
818 </indexterm>
819 </listitem>
820 </varlistentry>
821
822 <varlistentry id="smbclient">
823 <term><command>smbclient</command></term>
824 <listitem>
825 <para>is a SMB/CIFS access utility, similar to FTP.</para>
826 <indexterm zone="samba3 smbclient">
827 <primary sortas="b-smbclient">smbclient</primary>
828 </indexterm>
829 </listitem>
830 </varlistentry>
831
832 <varlistentry id="smbcontrol">
833 <term><command>smbcontrol</command></term>
834 <listitem>
835 <para>is used to control running <command>smbd</command>,
836 <command>nmbd</command> and <command>winbindd</command>
837 daemons.</para>
838 <indexterm zone="samba3 smbcontrol">
839 <primary sortas="b-smbcontrol">smbcontrol</primary>
840 </indexterm>
841 </listitem>
842 </varlistentry>
843
844 <varlistentry id="smbcquotas">
845 <term><command>smbcquotas</command></term>
846 <listitem>
847 <para>is used to manipulate Windows NT quotas on
848 SMB file shares.</para>
849 <indexterm zone="samba3 smbcquotas">
850 <primary sortas="b-smbcquotas">smbcquotas</primary>
851 </indexterm>
852 </listitem>
853 </varlistentry>
854
855 <varlistentry id="smbd">
856 <term><command>smbd</command></term>
857 <listitem>
858 <para>is the main <application>Samba</application> daemon which
859 provides SMB/CIFS services to clients.</para>
860 <indexterm zone="samba3 smbd">
861 <primary sortas="b-smbd">smbd</primary>
862 </indexterm>
863 </listitem>
864 </varlistentry>
865
866 <varlistentry id="smbget">
867 <term><command>smbget</command></term>
868 <listitem>
869 <para>is a simple utility with <command>wget</command>-like
870 semantics, that can download files from SMB servers. You can specify
871 the files you would like to download on the command-line.</para>
872 <indexterm zone="samba3 smbget">
873 <primary sortas="b-smbget">smbget</primary>
874 </indexterm>
875 </listitem>
876 </varlistentry>
877
878 <varlistentry id="smbmnt">
879 <term><command>smbmnt</command></term>
880 <listitem>
881 <para>is a helper application used by the
882 <command>smbmount</command> program to do the actual mounting of
883 SMB shares. It can be installed setuid
884 <systemitem class='username'>root</systemitem> if you want
885 unprivileged users to be able to mount their SMB shares.</para>
886 <indexterm zone="samba3 smbmnt">
887 <primary sortas="b-smbmnt">smbmnt</primary>
888 </indexterm>
889 </listitem>
890 </varlistentry>
891
892 <varlistentry id="smbmount">
893 <term><command>smbmount</command></term>
894 <listitem>
895 <para>is usually invoked as <command>mount.smbfs</command> by the
896 <command>mount</command> command when using the
897 <parameter>-t smbfs</parameter> option, mounts a Linux SMB
898 filesystem.</para>
899 <indexterm zone="samba3 smbmount">
900 <primary sortas="b-smbmount">smbmount</primary>
901 </indexterm>
902 </listitem>
903 </varlistentry>
904
905 <varlistentry id="smbpasswd">
906 <term><command>smbpasswd</command></term>
907 <listitem>
908 <para>changes a user's <application>Samba</application>
909 password.</para>
910 <indexterm zone="samba3 smbpasswd">
911 <primary sortas="b-smbpasswd">smbpasswd</primary>
912 </indexterm>
913 </listitem>
914 </varlistentry>
915
916 <varlistentry id="smbspool">
917 <term><command>smbspool</command></term>
918 <listitem>
919 <para>sends a print job to an SMB printer.</para>
920 <indexterm zone="samba3 smbspool">
921 <primary sortas="b-smbspool">smbspool</primary>
922 </indexterm>
923 </listitem>
924 </varlistentry>
925
926 <varlistentry id="smbstatus">
927 <term><command>smbstatus</command></term>
928 <listitem>
929 <para>reports current <application>Samba</application>
930 connections.</para>
931 <indexterm zone="samba3 smbstatus">
932 <primary sortas="b-smbstatus">smbstatus</primary>
933 </indexterm>
934 </listitem>
935 </varlistentry>
936
937 <varlistentry id="smbtar">
938 <term><command>smbtar</command></term>
939 <listitem>
940 <para>is a shell script used for backing up SMB/CIFS shares
941 directly to Linux tape drives or a file.</para>
942 <indexterm zone="samba3 smbtar">
943 <primary sortas="b-smbtar">smbtar</primary>
944 </indexterm>
945 </listitem>
946 </varlistentry>
947
948 <varlistentry id="smbtree">
949 <term><command>smbtree</command></term>
950 <listitem>
951 <para>is a text-based SMB network browser.</para>
952 <indexterm zone="samba3 smbtree">
953 <primary sortas="b-smbtree">smbtree</primary>
954 </indexterm>
955 </listitem>
956 </varlistentry>
957
958 <varlistentry id="smbumount">
959 <term><command>smbumount</command></term>
960 <listitem>
961 <para>is used by unprivileged users to unmount SMB filesystems,
962 provided that it is setuid root.</para>
963 <indexterm zone="samba3 smbumount">
964 <primary sortas="b-smbumount">smbumount</primary>
965 </indexterm>
966 </listitem>
967 </varlistentry>
968
969 <varlistentry id="swat">
970 <term><command>swat</command></term>
971 <listitem>
972 <para>is the <application>Samba</application> Web Administration
973 Tool.</para>
974 <indexterm zone="samba3 swat">
975 <primary sortas="b-swat">swat</primary>
976 </indexterm>
977 </listitem>
978 </varlistentry>
979
980 <varlistentry id="tdbbackup">
981 <term><command>tdbbackup</command></term>
982 <listitem>
983 <para>is a tool for backing up or validating the integrity of
984 <application>Samba</application> <filename>.tdb</filename>
985 files.</para>
986 <indexterm zone="samba3 tdbbackup">
987 <primary sortas="b-tdbbackup">tdbbackup</primary>
988 </indexterm>
989 </listitem>
990 </varlistentry>
991
992 <varlistentry id="tdbdump">
993 <term><command>tdbdump</command></term>
994 <listitem>
995 <para> is a tool used to print the contents of a
996 <application>Samba</application> <filename>.tdb</filename>
997 file.</para>
998 <indexterm zone="samba3 tdbdump">
999 <primary sortas="b-tdbdump">tdbdump</primary>
1000 </indexterm>
1001 </listitem>
1002 </varlistentry>
1003
1004 <varlistentry id="tdbtool">
1005 <term><command>tdbtool</command></term>
1006 <listitem>
1007 <para>is a tool which allows simple database manipulation from the
1008 command line.</para>
1009 <indexterm zone="samba3 tdbtool">
1010 <primary sortas="b-tdbtool">tdbtool</primary>
1011 </indexterm>
1012 </listitem>
1013 </varlistentry>
1014
1015 <varlistentry id="testparm">
1016 <term><command>testparm</command></term>
1017 <listitem>
1018 <para>checks an <filename>smb.conf</filename> file for proper
1019 syntax.</para>
1020 <indexterm zone="samba3 testparm">
1021 <primary sortas="b-testparm">testparm</primary>
1022 </indexterm>
1023 </listitem>
1024 </varlistentry>
1025
1026 <varlistentry id="umount.cifs">
1027 <term><command>umount.cifs</command></term>
1028 <listitem>
1029 <para>is used by normal, non-<systemitem
1030 class="username">root</systemitem> users, to
1031 <command>unmount</command> their own Common Internet File System
1032 (CIFS) mounts.</para>
1033 <indexterm zone="samba3 umount.cifs">
1034 <primary sortas="b-umount.cifs">umount.cifs</primary>
1035 </indexterm>
1036 </listitem>
1037 </varlistentry>
1038
1039 <varlistentry id="wbinfo">
1040 <term><command>wbinfo</command></term>
1041 <listitem>
1042 <para>queries a running <command>winbindd</command> daemon.</para>
1043 <indexterm zone="samba3 wbinfo">
1044 <primary sortas="b-wbinfo">wbinfo</primary>
1045 </indexterm>
1046 </listitem>
1047 </varlistentry>
1048
1049 <varlistentry id="winbindd">
1050 <term><command>winbindd</command></term>
1051 <listitem>
1052 <para>resolves names from Windows NT servers.</para>
1053 <indexterm zone="samba3 winbindd">
1054 <primary sortas="b-winbindd">winbindd</primary>
1055 </indexterm>
1056 </listitem>
1057 </varlistentry>
1058
1059 </variablelist>
1060
1061 </sect2>
1062
1063</sect1>
Note: See TracBrowser for help on using the repository browser.