source: server/other/samba3.xml@ 8f2d9b0

10.0 10.1 11.0 6.0 6.1 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 ken/refactor-virt krejzi/svn lazarus nosym perl-modules qt5new systemd-11177 systemd-13485 trunk upgradedb xry111/git-date xry111/git-date-for-trunk xry111/git-date-test
Last change on this file since 8f2d9b0 was 8f2d9b0, checked in by Randy McMurchy <randy@…>, 17 years ago

Added direct links to specific sections in the book, pointed to by the Xorg and Stunnel instructions

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@3490 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 18.4 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
3 "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7<!ENTITY samba3-download-http "http://us1.samba.org/samba/ftp/samba-&samba3-version;.tar.gz">
8<!ENTITY samba3-download-ftp "ftp://ftp.samba.org/pub/samba/samba-&samba3-version;.tar.gz">
9<!ENTITY samba3-md5sum "9cf2bcef71509a81687dec8732545400">
10<!ENTITY samba3-size "15.1 MB">
11<!ENTITY samba3-buildsize "141 MB">
12<!ENTITY samba3-time "2.11 SBU">
13]>
14
15<sect1 id="samba3" xreflabel="Samba-&samba3-version;">
16<sect1info>
17<othername>$LastChangedBy$</othername>
18<date>$Date$</date>
19</sect1info>
20<?dbhtml filename="samba3.html"?>
21<title>Samba-&samba3-version;</title>
22
23<sect2>
24<title>Introduction to <application>Samba</application></title>
25
26<para>The <application>Samba</application> package provides file and print
27services to <acronym>SMB</acronym>/<acronym>CIFS</acronym> clients and
28Windows networking to Linux clients. <application>Samba</application> can also
29be configured as a Windows NT 4.0 Domain Controller replacement
30(with caveats working with NT <acronym>PDC</acronym>'s and
31<acronym>BDC</acronym>'s), a file/print server acting as a member of a
32Windows NT 4.0 or Active Directory domain and a NetBIOS (rfc1001/1002)
33nameserver (which amongst other things provides
34<acronym>LAN</acronym> browsing support).</para>
35
36<sect3><title>Package information</title>
37<itemizedlist spacing='compact'>
38<listitem><para>Download (HTTP):
39<ulink url="&samba3-download-http;"/></para></listitem>
40<listitem><para>Download (FTP):
41<ulink url="&samba3-download-ftp;"/></para></listitem>
42<listitem><para>Download MD5 sum:
43&samba3-md5sum;</para></listitem>
44<listitem><para>Download size:
45&samba3-size;</para></listitem>
46<listitem><para>Estimated disk space required:
47&samba3-buildsize;</para></listitem>
48<listitem><para>Estimated build time:
49&samba3-time;</para></listitem></itemizedlist>
50</sect3>
51
52<sect3>
53<title><application>Samba</application> dependencies</title>
54<sect4>
55<title>Optional</title>
56<para><xref linkend="popt"/>,
57<xref linkend="Linux_PAM"/>,
58<xref linkend="openldap"/>,
59<xref linkend="cups"/>,
60<xref linkend="heimdal"/> or <xref linkend="mitkrb"/>,
61<xref linkend="libxml2"/>,
62<xref linkend="mysql"/> or <xref linkend="postgresql"/>,
63<xref linkend="python"/>,
64<xref linkend="xinetd"/>,
65<ulink url="http://valgrind.kde.org/">Valgrind</ulink> and
66<xref linkend="stunnel"/> (used to encrypt access to SWAT)</para>
67</sect4>
68</sect3>
69
70</sect2>
71
72<sect2>
73<title>Installation of <application>Samba</application></title>
74
75<para>Install <application>Samba</application> by running the following
76commands:</para>
77
78<screen><userinput><command>cd source &amp;&amp;
79install -d /var/cache/samba &amp;&amp;
80./configure \
81 --prefix=/usr \
82 --sysconfdir=/etc \
83 --localstatedir=/var \
84 --with-piddir=/var/run \
85 --with-fhs \
86 --with-smbmount &amp;&amp;
87make &amp;&amp;
88make install &amp;&amp;
89mv /usr/lib/samba/libsmbclient.so /usr/lib &amp;&amp;
90ln -sf ../libsmbclient.so /usr/lib/samba &amp;&amp;
91chmod 644 /usr/include/libsmbclient.h \
92 /usr/lib/samba/libsmbclient.a &amp;&amp;
93install -m755 nsswitch/libnss_win{s,bind}.so /lib &amp;&amp;
94ln -sf libnss_winbind.so /lib/libnss_winbind.so.2 &amp;&amp;
95ln -sf libnss_wins.so /lib/libnss_wins.so.2 &amp;&amp;
96cp ../examples/smb.conf.default /etc/samba &amp;&amp;
97install -m644 ../docs/*.pdf /usr/share/samba &amp;&amp;
98if [ -f nsswitch/pam_winbind.so ]; then
99 install -m755 nsswitch/pam_winbind.so /lib/security
100fi</command></userinput></screen>
101
102<note><para>You may want to run <command>configure</command> with the
103<parameter>--help</parameter> parameter. There may be other parameters
104needed to take advantage of the optional dependencies.</para></note>
105
106</sect2>
107
108<sect2>
109<title>Command explanations</title>
110
111<para><command>install -d /var/cache/samba</command>: This directory is
112needed for proper operation of the <command>smbd</command> and
113<command>nmbd</command> daemons.</para>
114
115<para><parameter>--sysconfdir=/etc</parameter>: Sets the configuration
116file directory to avoid the default of
117<filename class="directory">/usr/etc</filename>.</para>
118
119<para><parameter>--localstatedir=/var</parameter>: Sets the variable
120data directory to avoid the default of
121<filename class="directory">/usr/var</filename>.</para>
122
123<para><option>--with-fhs</option>: Assigns all other file paths in a manner
124compliant with the Filesystem Hierarchy Standard
125(<acronym>FHS</acronym>).</para>
126
127<para><option>--with-smbmount</option>: Orders the creation of an extra
128binary for use by the <command>mount</command> command so that mounting remote
129<acronym>SMB</acronym> (Windows) shares becomes no more complex than mounting
130remote <acronym>NFS</acronym> shares.</para>
131
132<para><option>--with-pam</option>: Use this parameter to link
133<application>Linux-<acronym>PAM</acronym></application> into the build. This
134also builds the <filename class='libraryfile'>pam_winbind.so</filename>
135<application><acronym>PAM</acronym></application> module. You can find
136instructions on how to configure and use the module by running
137<command>man winbindd</command>.</para>
138
139<para><command>mv /usr/lib/samba/libsmbclient.so ...; ln -sf
140../libsmbclient.so ...</command>: The
141<filename class='libraryfile'>libsmbclient.so</filename> library is needed
142by other packages. This command moves it to a location where other packages
143can find it.</para>
144
145<para><command>install -m755 nsswitch/libnss_win{s,bind}.so /lib</command>:
146The nss libraries are not installed by default. If you intend to use
147winbindd for domain auth, and/or <acronym>WINS</acronym> name resolution,
148you need these libraries.</para>
149
150<para><command>ln -sf libnss_winbind.so /lib/libnss_winbind.so.2</command>
151and <command>ln -sf libnss_wins.so /lib/libnss_wins.so.2</command>:
152These symlinks are required by glibc to use the nss libraries.</para>
153
154<para><command>cp ../examples/smb.conf.default /etc/samba</command>:
155This copies a default <filename>smb.conf </filename>into
156<filename>/etc/samba</filename>. This sample configuration will not
157work unless edited for your site, and renamed
158<filename>smb.conf</filename>.</para>
159
160</sect2>
161
162<sect2>
163<title>Configuring <application>Samba</application></title>
164
165<sect3><title>Configuration overview and available documentation</title>
166
167<para>Due to the complexity and the many various uses for
168<application>Samba</application>, complete configuration is well beyond the
169scope of the BLFS book. Advanced configurations including setting up Primary
170and Backup Domain Controllers are advanced topics and cannot be adequately
171covered in BLFS (it should be noted, however, that a
172<application>Samba</application> BDC cannot be used as a fallback for a
173<application>Windows</application> <acronym>PDC</acronym>, and conversely, a
174<application>Windows</application> <acronym>BDC</acronym> cannot be used as a
175fallback for a <application>Samba</application> <acronym>PDC</acronym>). Many
176complete books have been written on these topics alone.</para>
177
178<para>There is quite a bit of documentation available which covers many of
179these advanced configurations. Point your web browser to the links below to
180view some of the documentation included with the
181<application>Samba</application> package:</para>
182
183<itemizedlist spacing='compact'>
184<listitem><para>Using Samba, 2nd Edition; a popular book published by O'Reilly
185<ulink url="file:///usr/share/samba/swat/using_samba/toc.html"/></para>
186</listitem>
187
188<listitem><para>The Official Samba HOWTO and Reference Guide <ulink
189url="file:///usr/share/samba/swat/help/Samba-HOWTO-Collection/index.html"/>
190</para>
191</listitem>
192
193<listitem><para>Samba-3 by Example
194<ulink url="file:///usr/share/samba/swat/help/Samba-Guide/index.html"/></para>
195</listitem>
196
197<listitem><para>The Samba-3 man Pages
198<ulink url="file:///usr/share/samba/swat/help/samba.7.html"/></para>
199</listitem>
200</itemizedlist>
201</sect3>
202
203<sect3 id="samba3-swat-config"><title>Configuring SWAT</title>
204
205<para>The built in <acronym>SWAT</acronym>
206(<application>Samba</application> Web Administration Tool) utility can be used
207for basic configuration of the <application>Samba</application> installation,
208but because it may be inconvenient, undesireable or perhaps even impossible
209to gain access to the console, BLFS recommends setting up access to
210<acronym>SWAT</acronym> using <application>Stunnel</application>.</para>
211
212<para>First you must add entries to <filename>/etc/services</filename> and
213modify the <command>inetd</command>/<command>xinetd</command>
214configuration.</para>
215
216<para>Add swat and swat_tunnel entries to
217<filename>/etc/services</filename> with the following commands:</para>
218
219<screen><userinput><command>echo "swat 901/tcp" &gt;&gt; /etc/services &amp;&amp;
220echo "swat_tunnel 902/tcp" &gt;&gt; /etc/services</command></userinput></screen>
221
222<para>If <command>inetd</command> is used, the following command will add the
223swat_tunnel entry to <filename>/etc/inetd.conf</filename>: </para>
224
225<screen><userinput><command>echo "swat_tunnel stream tcp nowait.400 root /usr/sbin/swat swat" \
226 &gt;&gt; /etc/inetd.conf</command></userinput></screen>
227<para>Issue a <command>killall -HUP inetd</command> to reread the
228changed <filename>inetd.conf</filename> file.</para>
229
230<para>If <command>xinetd</command> is used, the following command will
231add the swat_tunnel entry to <filename>/etc/xinetd.conf</filename> (you may
232need to modify or remove the <quote>only_from</quote> line to include the
233desired host[s]):</para>
234
235<screen><userinput><command>cat &gt;&gt; /etc/xinetd.conf &lt;&lt; "EOF"</command>
236service swat_tunnel
237{
238 port = 902
239 socket_type = stream
240 wait = no
241 only_from = 127.0.0.1
242 user = root
243 server = /usr/sbin/swat
244 log_on_failure += USERID
245}
246<command>EOF</command></userinput></screen>
247
248<para>Issue a <command>killall -HUP xinetd</command> to reread the
249changed <filename>xinetd.conf</filename> file.</para>
250
251<para>Next, you must add an entry for the swat service to the
252<filename>/etc/stunnel/stunnel.conf</filename> file:</para>
253
254<screen><userinput><command>cat &gt;&gt; /etc/stunnel/stunnel.conf &lt;&lt; "EOF"</command>
255[swat]
256accept = 901
257connect = 902
258
259<command>EOF</command></userinput></screen>
260
261<para>Restart the <command>stunnel</command> daemon using the following
262command:</para>
263
264<screen><userinput><command>/etc/rc.d/init.d/stunnel restart</command></userinput></screen>
265
266<para><acronym>SWAT</acronym> can be launched by pointing your web browser to
267<userinput>https://<replaceable>[CA_DN_field]</replaceable>:901</userinput>.
268Substitute the hostname listed in the <acronym>DN</acronym> field of the
269<acronym>CA</acronym> certificate used with
270<application>Stunnel</application> for
271<replaceable>[CA_DN_field]</replaceable>.</para>
272
273<note><para>If you linked
274<application>Linux-<acronym>PAM</acronym></application> into the
275<application>Samba</application> build, you'll need to create an
276<filename>/etc/pam.d/samba</filename> file.</para></note>
277</sect3>
278
279<sect3><title>Printing to <acronym>SMB</acronym> clients</title>
280
281<para>If you use <application><acronym>CUPS</acronym></application> for print
282services, and you wish to print to a printer attached to an
283<acronym>SMB</acronym> client, you need to create an <acronym>SMB</acronym>
284backend device. To create the device, issue the following command:</para>
285
286<screen><userinput><command>ln -sf /usr/bin/smbspool /usr/lib/cups/backend/smb</command></userinput></screen>
287</sect3>
288
289<sect3><title>Installing bootscripts</title>
290
291<para>For your convenience, boot scripts have been provided for
292<application>Samba</application>. There are two included in the
293<xref linkend="intro-important-bootscripts"/> package. The first,
294<filename>samba</filename>, will start the <command>smbd</command> and
295<command>nmbd</command> daemons needed to provide
296<acronym>SMB</acronym>/<acronym>CIFS</acronym> services. The second
297script, <filename>winbind</filename>, starts the <command>winbindd</command>
298daemon, used for providing Windows domain services to Linux clients.</para>
299
300<para>Install the <filename>samba</filename> script with the following
301command:</para>
302
303<screen><userinput><command>make install-samba</command></userinput></screen>
304
305<para>If you also need the <filename>winbind</filename> script:</para>
306
307<screen><userinput><command>make install-winbind</command></userinput></screen>
308</sect3>
309
310</sect2>
311
312<sect2>
313<title>Contents</title>
314
315<para>The <application>Samba</application> package contains
316<command>findsmb</command>,
317<command>mount.smbfs</command>,
318<command>net</command>,
319<command>nmbd</command>,
320<command>nmblookup</command>,
321<command>ntlm_auth</command>,
322<command>pdbedit</command>,
323<command>profiles</command>,
324<command>rpcclient</command>,
325<command>smbcacls</command>,
326<command>smbclient</command>,
327<command>smbcontrol</command>,
328<command>smbcquotas</command>,
329<command>smbd</command>,
330<command>smbmnt</command>,
331<command>smbmount</command>,
332<command>smbpasswd</command>,
333<command>smbspool</command>,
334<command>smbstatus</command>,
335<command>smbtar</command>,
336<command>smbtree</command>,
337<command>smbumount</command>,
338<command>swat</command>,
339<command>tdbbackup</command>,
340<command>tdbdump</command>,
341<command>tdbtool</command>,
342<command>testparm</command>,
343<command>testprns</command>,
344<command>wbinfo</command> and
345<command>winbindd</command>.</para>
346
347</sect2>
348
349<sect2>
350<title>Description</title>
351<sect3><title>findsmb</title>
352<para><command>findsmb</command> lists information about machines that respond
353to <acronym>SMB</acronym> name queries on a subnet.</para></sect3>
354<sect3><title>mount.smbfs</title>
355<para><command>mount.smbfs</command> provides <command>/bin/mount</command>
356with a way to mount remote Windows (or
357<application>Samba</application>) fileshares.</para></sect3>
358<sect3><title>net</title>
359<para><command>net</command> is a tool for administration of
360<application>Samba</application> and remote <acronym>CIFS</acronym> servers,
361similar to the net utility for <acronym>DOS</acronym>/Windows.</para></sect3>
362<sect3><title>nmbd</title>
363<para><command>nmbd</command> is the <application>Samba</application>
364Net<acronym>BIOS</acronym> name server.</para></sect3>
365<sect3><title>nmblookup</title>
366<para><command>nmblookup</command> is used to query
367Net<acronym>BIOS</acronym> names and map them to <acronym>IP</acronym>
368addresses.</para></sect3>
369<sect3><title>ntlm_auth</title>
370<para><command>ntlm_auth</command> is a tool to allow external access to
371Winbind's <acronym>NTLM</acronym> authentication function.</para></sect3>
372<sect3><title>pdbedit</title>
373<para><command>pdbedit</command> is a tool used to manage the
374<acronym>SAM</acronym> database.</para></sect3>
375<sect3><title>profiles</title>
376<para><command>profiles</command> is a utility that reports and changes
377<acronym>SID</acronym>s in Windows registry files. It currently only supports
378NT.</para></sect3>
379<sect3><title>rpcclient</title>
380<para><command>rpcclient</command> is used to execute
381MS-<acronym>RPC</acronym> client side functions.</para></sect3>
382<sect3><title>smbcacls</title>
383<para><command>smbcacls</command> is used to manipulate NT access control
384lists.</para></sect3>
385<sect3><title>smbclient</title>
386<para><command>smbclient</command> is a <acronym>SMB</acronym>/<acronym>CIFS
387</acronym> access utility, similar to <acronym>FTP</acronym>.</para></sect3>
388<sect3><title>smbcontrol</title>
389<para><command>smbcontrol</command> is used to control running
390<command>smbd</command>, <command>nmbd</command> and
391<command>winbindd</command> daemons.</para></sect3>
392<sect3><title>smbcquotas</title>
393<para><command>smbcquotas</command> is used to manipulate NT quotas on
394<acronym>SMB</acronym> file shares.</para></sect3>
395<sect3><title>smbd</title>
396<para><command>smbd</command> is the main
397<application>Samba</application> daemon.</para></sect3>
398<sect3><title>smbmnt</title>
399<para><command>smbmnt</command> is a helper application used by the
400<command>smbmount</command> program to do the actual mounting of
401<acronym>SMB</acronym> shares. It can be installed setuid root if you want
402normal users to be able to mount their <acronym>SMB</acronym>
403shares.</para></sect3>
404<sect3><title>smbmount</title>
405<para><command>smbmount</command>, usually invoked as
406<command>mount.smbfs</command> by the <command>mount</command> command when
407using the <quote>-t smbfs</quote> option, mounts a Linux <acronym>SMB</acronym>
408filesystem.</para></sect3>
409<sect3><title>smbpasswd</title>
410<para><command>smbpasswd</command> changes a user's
411<application>Samba</application> password.</para></sect3>
412<sect3><title>smbspool</title>
413<para><command>smbspool</command> sends a print job to an
414<acronym>SMB</acronym> printer.</para></sect3>
415<sect3><title>smbstatus</title>
416<para><command>smbstatus</command> reports current
417<application>Samba</application> connections.</para></sect3>
418<sect3><title>smbtar</title>
419<para><command>smbtar</command> is a shell script used for backing up
420<acronym>SMB</acronym>/<acronym>CIFS</acronym> shares directly to Linux tape
421drives or a file.</para></sect3>
422<sect3><title>smbtree</title>
423<para><command>smbtree</command> is a text-based <acronym>SMB</acronym>
424network browser.</para></sect3>
425<sect3><title>smbumount</title>
426<para><command>smbumount</command> is used by normal users to unmount
427<acronym>SMB</acronym> filesystems, provided that it is setuid
428root.</para></sect3>
429<sect3><title>swat</title>
430<para><command>swat</command> is the
431<application>Samba</application> Web Administration Tool.</para></sect3>
432<sect3><title>tdbbackup</title>
433<para><command>tdbbackup</command> is a tool for backing up or validating the
434integrity of <application>Samba</application> <filename>.tdb</filename>
435files.</para></sect3>
436<sect3><title>tdbdump</title>
437<para><command>tdbdump</command> is a tool used to print the contents of a
438<application>Samba</application> <filename>.tdb</filename> file.</para></sect3>
439<sect3><title>tdbtool</title>
440<para><command>tdbtool</command> is a tool which allows simple database
441manipulation on the commandline.</para></sect3>
442<sect3><title>testparm</title>
443<para><command>testparm</command> checks an <filename>smb.conf</filename> file
444for proper syntax.</para></sect3>
445<sect3><title>testprns</title>
446<para><command>testprns</command> tests printer names.</para></sect3>
447<sect3><title>wbinfo</title>
448<para><command>wbinfo</command> queries a running <command>winbindd</command>
449daemon.</para></sect3>
450<sect3><title>winbindd</title>
451<para><command>winbindd</command> resolves names from NT servers.</para></sect3>
452
453</sect2>
454
455</sect1>
456
Note: See TracBrowser for help on using the repository browser.