diff options
Diffstat (limited to 'docs/htmldocs/using_samba/ch02.html')
| -rw-r--r-- | docs/htmldocs/using_samba/ch02.html | 1849 |
1 files changed, 1849 insertions, 0 deletions
diff --git a/docs/htmldocs/using_samba/ch02.html b/docs/htmldocs/using_samba/ch02.html new file mode 100644 index 0000000000..ecefb2fb7d --- /dev/null +++ b/docs/htmldocs/using_samba/ch02.html @@ -0,0 +1,1849 @@ +<html> +<body bgcolor="#ffffff"> + +<img src="samba2_xs.gif" border="0" alt=" " height="100" width="76" +hspace="10" align="left" /> + +<h1 class="head0">Chapter 2. Installing Samba on a Unix System</h1> + +<p><a name="INDEX-1"/>Now +that you know what Samba can do for you and your users, +it's time to get your own network set up. +Let's start with the installation of Samba. When +dancing the samba, one learns by taking small steps. +It's just the same when installing Samba; we need to +teach it step by step. This chapter will help you start off on the +right foot.</p> + +<p>For illustrative purposes, we will be installing the 2.2.6 version of +the Samba server on a Linux system running Version 2.4 of the kernel. +However, the installation steps are essentially the same for all the +platforms Samba supports.</p> + + +<div class="sect1"><a name="samba2-CHP-2-SECT-1"/> + +<h2 class="head1">Bundled Versions</h2> + +<p><a name="INDEX-2"/><a name="INDEX-3"/>Samba is in such +popular use that many Unix distributions come with it already +installed. If you choose to use a bundled version of Samba, you can +breeze through most of this chapter, but you'll be +stuck with the Samba version and compile-time options your vendor +selected for you. That version of Samba can't be any +newer than the operating system release, so you're +likely to be pretty far behind the latest developments. On the other +hand, you can be fairly sure that a bundled version has been +installed properly, and perhaps it will take only a few simple +modifications to your <em class="emphasis">smb.conf</em> file for you to +be off and running. Samba is mature enough that you probably +don't need the latest release to meet your basic +needs, so you might be perfectly happy running a bundled version.</p> + +<p>If you choose this option, be aware that your Samba files, including +the very important +<em class="emphasis">smb.conf</em>,<a name="INDEX-4"/> might be in different places +than they would be if you were to install from a binary or source +distribution. For example, with the Red Hat, Debian, and Mandrake +Linux distributions, <em class="emphasis">smb.conf</em> and some other +Samba-related files are in the <em class="emphasis">/etc/samba</em> +directory.</p> + +<p>If Samba is already installed on your system, you can check to see +what version you have by using the command:</p> + +<blockquote><pre class="code">$ <tt class="userinput"><b>smbd -V</b></tt> +Version 2.2.6</pre></blockquote> + +<p>(If this doesn't work, it might be because +<em class="emphasis">smbd</em> is not in your shell's +search path. If you have the <em class="emphasis">locate</em> or +<em class="emphasis">whereis</em> command in your Unix variant, you can +use it to locate the <em class="emphasis">smbd</em> executable.)</p> + +<p>You might also be able to use a system-specific tool to query a +software-package maintenance utility. On Red Hat Linux, you can use +the <em class="emphasis">rpm</em><a name="INDEX-5"/> command to query the installed packages +for Samba:</p> + +<blockquote><pre class="code">$ <tt class="userinput"><b>rpm -qa | grep samba</b></tt> +samba-client-2.0.8-1.7.1 +samba-2.0.8-1.7.1 +samba-common-2.0.8-1.7.1</pre></blockquote> + +<p>This shows we have Samba 2.0.8, divided into three Red Hat Package +Manager (RPM) packages, bundled with Red Hat 7.1. If your version of +Samba is old, you might at the very least want to check with your +vendor for an update.</p> + +<p>Otherwise, if you're sure you are going to install +from a binary or source distribution, you can remove the RPM packages +as follows:</p> + +<blockquote><pre class="code"># <tt class="userinput"><b>rpm -e samba</b></tt> +# <tt class="userinput"><b>rpm -e samba-client</b></tt> +# <tt class="userinput"><b>rpm -e samba-common</b></tt></pre></blockquote> + +<p>If you are not using Red Hat Linux, consult your +system's documentation to find the method that works +for you.</p> + + +<div class="sect2"><a name="samba2-CHP-2-SECT-1.1"/> + +<h3 class="head2">Binary or Source?</h3> + +<p><a name="INDEX-6"/>Precompiled +"binary" packages are also +available for a large number of Unix platforms. These packages +contain binaries for each Samba executable, as well as the standard +Samba documentation. Note that while installing a binary distribution +can save you a fair amount of time and trouble, you should keep a +couple of issues in mind when deciding whether to use the binary or +compile the source yourself:</p> + +<ul><li> +<p>The binary packages can lag behind the latest version of the software +by one or two (maybe more) minor releases, especially after a series +of small changes and for less popular platforms. Compare the release +notes for the source and binary packages to make sure there +aren't any new features that you need on your +platform.</p> +</li><li> +<p>If you use a precompiled binary that is dynamically linked, you will +need to ensure that you have the correct libraries required by the +executables. If your system does not already have the required +version of a library, you might have to install a new version. The +<em class="filename">README</em> file or <em class="filename">makefile</em> +that accompanies the binary distribution should list any special +requirements.</p> + +<p>Many systems with shared libraries come with a nifty tool called +<em class="emphasis">ldd</em>. This tool will tell you which libraries a +specific binary requires and which libraries on the system satisfy +that requirement. For example, checking the <em class="emphasis">smbd</em> +program on our test machine gave us:</p> + +<blockquote><pre class="code">$ <tt class="userinput"><b>ldd smbd</b></tt> + libdl.so.2 => /lib/libdl.so.2 (0x40026000) + libnsl.so.1 => /lib/libnsl.so.1 (0x4002a000) + libpam.so.0 => /lib/libpam.so.0 (0x40041000) + libc.so.6 => /lib/libc.so.6 (0x40049000) + /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)</pre></blockquote> + +<p>If there are any incompatibilities between Samba and specific +libraries on your machine, the distribution-specific documentation +should highlight them.</p> +</li><li> +<p>If your precompiled binary is statically linked, it is still possible +to have problems. There have been cases in which the statically +linked C library calls in Samba programs have been out of sync with +the operating-system kernel, even though this is +"not supposed to happen."</p> +</li><li> +<p>Keep in mind that each binary distribution carries preset values +about the target platform, such as default directories and +configuration option values. Again, check the documentation and the +makefile included in the source directory to see which directives and +variables were used when the binary was compiled. In some cases, +these will not be appropriate for your situation.</p> + +<p>A few configuration items can be reset with command-line options at +runtime rather than at compile time. For example, if your binary +tries to place any log, lock, or status files in the +"wrong" place (for example, in +<em class="filename">/usr/local</em> ), you can override this without +recompiling.</p> +</li></ul> +<p>One point worth mentioning is that the Samba source requires an +<a name="INDEX-7"/><a name="INDEX-8"/><a name="INDEX-9"/>ANSI C +compiler. If you are on a legacy platform with a non-ANSI compiler, +such as the <em class="emphasis">cc</em> compiler on SunOS Version 4, +you'll have to install an ANSI-compliant compiler +such as <em class="emphasis">gcc</em> <a name="INDEX-10"/>before you do anything else.<a name="FNPTR-1"/><a href="#FOOTNOTE-1">[1]</a> +If installing a compiler isn't something you want to +wrestle with, you can start off with a binary package. However, for +the most flexibility and compatibility on your system, we always +recommend compiling from the latest stable or production source.</p> + +<p>A typical installation will take about an hour to complete, including +downloading the source files and compiling them, setting up the +configuration files, and testing the server.</p> + +<p>Here is an overview of the steps:</p> + +<ol><li> +<p><a name="INDEX-11"/>Download the source or binary files.</p> +</li><li> +<p>Read the installation documentation.</p> +</li><li> +<p>Configure a makefile.</p> +</li><li> +<p>Compile the server and utility programs.</p> +</li><li> +<p>Install the server files.</p> +</li><li> +<p>Create a Samba configuration file.</p> +</li><li> +<p>Test the configuration file.</p> +</li><li> +<p>Start the Samba daemons.</p> +</li><li> +<p>Test the Samba daemons. <a name="INDEX-12"/></p> +</li></ol> + +</div> + + +</div> + + + +<div class="sect1"><a name="samba2-CHP-2-SECT-2"/> + +<h2 class="head1">Downloading the Samba Distribution</h2> + +<p><a name="INDEX-13"/>If +you would like to download the latest version of the Samba software, +the primary web site is <a href="http://www.samba.org">http://www.samba.org</a>. Once connected to this +page, you'll see links to several Samba mirror sites +across the world, both for the standard Samba web pages and for sites +devoted exclusively to downloading Samba. For the best performance, +choose a site that is closest to your own geographic location.</p> + +<p>The standard Samba web sites have Samba +<a name="INDEX-14"/>documentation and +<a name="INDEX-15"/>tutorials, +<a name="INDEX-16"/>mailing-list +archives, and the latest Samba <a name="INDEX-17"/>news, as well as source and binary +distributions of Samba. The download sites (sometimes called +<em class="emphasis">F T P sites</em>) have only the source and binary +distributions. Unless you specifically want an older version of the +Samba server or are going to install a binary distribution, download +the latest source distribution from the closest mirror site. This +distribution is always named:</p> + +<blockquote><pre class="code">samba-latest.tar.gz</pre></blockquote> + +<p>which for the 2.2.6 release is an approximately 5MB file.</p> + +<p>The source distribution has been archived with +<em class="emphasis">tar</em> and then compressed with the GNU +<em class="emphasis">gzip</em> program. To unpack it, move the file to the +directory in which you want the Samba source directory to be located, +then <em class="emphasis">cd</em> to that directory and run the command:</p> + +<blockquote><pre class="code">$ <tt class="userinput"><b>tar xvfz samba-latest.tar.gz</b></tt></pre></blockquote> + +<p>Or, if you do not have the GNU <em class="emphasis">tar</em> program +(which also handles the unzipping):</p> + +<blockquote><pre class="code">$ <tt class="userinput"><b>gunzip samba-latest.tar.gz</b></tt> +$ <tt class="userinput"><b>tar xvf samba-latest.tar</b></tt></pre></blockquote> + +<p>In that latter case, you might need to install the GNU +<em class="emphasis">gunzip</em> program first. While the +<em class="emphasis">tar</em> command runs, it will print out a list of +the files it installs.</p> + + +<div class="sect2"><a name="samba2-CHP-2-SECT-2.1"/> + +<h3 class="head2">Read the Documentation</h3> + +<p><a name="INDEX-18"/>This +part might seem obvious, but at one time or other you probably +uncompressed a package, blindly typed:</p> + +<blockquote><pre class="code">$ <tt class="userinput"><b>configure; make; make install</b></tt></pre></blockquote> + +<p>and walked away to get another cup of coffee. Do yourself a favor and +be a little more careful this time.</p> + +<p>In the top-level directory that you just installed, there is a file +named <em class="filename">WHATSNEW.txt</em>, which contains the latest +news about the release. If you are upgrading, you can find important +information about bug fixes or configuration parameters that have +been added or are no longer supported.</p> + +<p>With both source and binary packages you'll find a +large number of documents in the <em class="filename">docs</em> directory, +in a variety of formats. One file is especially important:</p> + +<blockquote><pre class="code">docs/htmldocs/UNIX_INSTALL.html</pre></blockquote> + +<p>This is the Samba Team's official instructions on +installing Samba on a Unix system, which you might like to use as +another perspective besides what we are telling you here.</p> + +<p>In general, we expect you'll find to be most useful +the files in the following directories:</p> + +<dl> +<dt><b>docs/faq</b></dt> +<dd> +<p>This is the Samba Frequently Asked Questions (FAQ) files.</p> +</dd> + + + +<dt><b>docs/htmldocs</b></dt> +<dd> +<p>This is the miscellaneous documentation in HTML format.</p> +</dd> + + + +<dt><b>docs/textdocs</b></dt> +<dd> +<p>Here is more documentation, in simple text format.</p> +</dd> + + + +<dt><b>docs/manpages</b></dt> +<dd> +<p>You don't need to worry about these yet; during the +installation, the files will be installed so that you can use the +<em class="emphasis">man</em> command to read them. But you can take a +look in the directory to see which manpages are available.</p> +</dd> + +</dl> + + +</div> + + +</div> + + + +<div class="sect1"><a name="samba2-CHP-2-SECT-3"/> + +<h2 class="head1">Configuring Samba</h2> + +<p><a name="INDEX-19"/><a name="INDEX-20"/>Samba automatically configures itself +prior to compilation. This reduces the likelihood of a +machine-specific problem, but you might end up wishing for an option +after Samba has been installed.</p> + +<p>The source distribution of Samba 2.2 and above +doesn't initially have a +<a name="INDEX-21"/>makefile. Instead, one is +generated through a <a name="INDEX-22"/><a name="INDEX-23"/>GNU <em class="filename">configure</em> +script, which is located in the <em class="filename">samba-2.2.x +/source/</em> directory. The <em class="firstterm">configure</em> +script takes care of the machine-specific issues of building Samba.</p> + +<a name="samba2-CHP-2-NOTE-88"/><blockquote class="note"><h4 class="objtitle">NOTE</h4> + + + +<p>Before running the <em class="filename">configure</em> script, it is +important that you become the root user on the system. Otherwise, you +might get a warning such as:</p> + + +<blockquote><pre class="code">configure: warning: running as non-root will disable some tests</pre></blockquote> + + +<p>You don't want any test to be disabled when the +Samba makefile is being created; it would leave the potential for +errors down the road when compiling or running Samba on your system.</p> +</blockquote> + +<p>When the <em class="filename">configure </em>script is run, it prints out +messages telling what it is doing, and error messages might be mixed +in. To make sure you see those very important error messages, we +suggest you run <em class="filename">configure </em>with its standard +output passed through some filter to capture the output and keep it +from scrolling out of sight. One method is using the +<em class="filename">more</em> command:</p> + +<blockquote><pre class="code"># <tt class="userinput"><b>./configure | more</b></tt></pre></blockquote> + +<p>We will show you another in a moment.</p> + +<p>Although you can run <em class="filename">configure </em>as previously +with no options, you might want to add support for extra features by +passing options on the command line. For example:</p> + +<blockquote><pre class="code"># <tt class="userinput"><b>./configure --with-winbind</b></tt></pre></blockquote> + +<p>will configure the Samba makefile with support for winbind +authentication. If you would like a complete list of options, type +the following:</p> + +<blockquote><pre class="code"># <tt class="userinput"><b>./configure --help</b></tt></pre></blockquote> + +<p>Each option enables or disables various features. You typically +enable a feature by specifying the +<tt class="literal">--</tt><a name="INDEX-24"/><a name="INDEX-25"/><a name="INDEX-26"/><a name="INDEX-27"/><tt class="literal">with-</tt><em class="replaceable">feature</em> +option, which will cause the feature to be compiled and installed. +Likewise, if you specify a +<tt class="literal">--without-</tt><em class="replaceable">feature</em> +option, the feature will be disabled. A full list of configuration +options is provided in <a href="appe.html">Appendix E</a>, but for now we +want to point out three of them, which are features we cover later in +this book:</p> + +<dl> +<dt><b><tt class="literal">--with-msdfs</tt><a name="INDEX-28"/><a name="INDEX-29"/></b></dt> +<dd> +<p>Include support for Microsoft Distributed filesystem (Dfs), which +allows dispersed network resources to be clumped together into one +easy-to-navigate directory tree. See <a href="ch08.html">Chapter 8</a>.</p> +</dd> + + + +<dt><b><tt class="literal">--with-smbwrapper</tt><a name="INDEX-30"/><a name="INDEX-31"/></b></dt> +<dd> +<p>Include SMB wrapper support, which allows programs running on the +Unix host to access SMB shared folders as if they were Unix +filesystems. We recommend using this option. See <a href="ch05.html">Chapter 5</a>.</p> +</dd> + + + +<dt><b><tt class="literal">--with-smbmount</tt><a name="INDEX-32"/><a name="INDEX-33"/></b></dt> +<dd> +<p>Include <em class="emphasis">smbmount</em> support, which allows SMB +shared folders to be mounted in the Unix filesystem. At the time of +this writing, support for this feature exists only for Linux. This is +also covered in <a href="ch05.html">Chapter 5</a>.</p> +</dd> + +</dl> + +<p>Each option is disabled by default, and none of the features is +essential to Samba. However, you may want to include them in your +configuration (as we will in our example) at least to be able to try +out the options in later chapters.</p> + +<p>In addition, <a href="ch02.html#samba2-CHP-2-TABLE-1">Table 2-1</a> shows some other parameters +that you can give the <em class="filename">configure</em> script if you +wish to store parts of the Samba distribution in different places, +perhaps to make use of multiple disks or partitions. Note that the +defaults sometimes refer to a prefix specified earlier in the table.</p> + +<a name="samba2-CHP-2-TABLE-1"/><h4 class="head4">Table 2-1. Additional configure options</h4><table border="1"> + + + + +<tr> +<th> +<p>Option</p> +</th> +<th> +<p>Meaning</p> +</th> +<th> +<p>Default</p> +</th> +</tr> + + +<tr> +<td> +<p><tt class="literal">--prefix</tt><a name="INDEX-34"/><a name="INDEX-35"/>=<em class="replaceable">directory</em></p> +</td> +<td> +<p>Install architecture-independent files at the base directory +specified.</p> +</td> +<td> +<p><em class="filename">/usr/local/samba</em></p> +</td> +</tr> +<tr> +<td> +<p><tt class="literal">--eprefix</tt><a name="INDEX-36"/><a name="INDEX-37"/>=<em class="replaceable">directory</em></p> +</td> +<td> +<p>Install architecture-dependent files at the base directory specified.</p> +</td> +<td> +<p><em class="filename">/usr/local/samba</em></p> +</td> +</tr> +<tr> +<td> +<p><tt class="literal">--bindir</tt><a name="INDEX-38"/><a name="INDEX-39"/>=<em class="replaceable">directory</em></p> +</td> +<td> +<p>Install user executables in the directory specified.</p> +</td> +<td> +<p><em class="replaceable">eprefix</em><em class="filename">/bin</em></p> +</td> +</tr> +<tr> +<td> +<p><tt class="literal">--sbindir</tt><a name="INDEX-40"/><a name="INDEX-41"/>=<em class="replaceable">directory</em></p> +</td> +<td> +<p>Install administrator executables in the directory specified.</p> +</td> +<td> +<p><em class="replaceable">eprefix</em><em class="filename">/bin</em></p> +</td> +</tr> +<tr> +<td> +<p><tt class="literal">--libexecdir</tt><a name="INDEX-42"/><a name="INDEX-43"/>=<em class="replaceable">directory</em></p> +</td> +<td> +<p>Install program executables in the directory specified.</p> +</td> +<td> +<p><em class="replaceable">eprefix</em><em class="filename">/libexec</em></p> +</td> +</tr> +<tr> +<td> +<p><tt class="literal">--datadir</tt><a name="INDEX-44"/><a name="INDEX-45"/>=<em class="replaceable">directory</em></p> +</td> +<td> +<p>Install read-only architecture-independent data in the directory +specified.</p> +</td> +<td> +<p><em class="replaceable">prefix</em><em class="filename">/share</em></p> +</td> +</tr> +<tr> +<td> +<p><tt class="literal">--libdir</tt><a name="INDEX-46"/><a name="INDEX-47"/>=<em class="replaceable">directory</em></p> +</td> +<td> +<p>Install program libraries in the directory specified.</p> +</td> +<td> +<p><em class="replaceable">eprefix</em><em class="filename">/lib</em></p> +</td> +</tr> +<tr> +<td> +<p><tt class="literal">--includedir</tt><a name="INDEX-48"/><a name="INDEX-49"/>=<em class="replaceable">directory</em></p> +</td> +<td> +<p>Install package-include files in the directory specified.</p> +</td> +<td> +<p><em class="replaceable">prefix</em><em class="filename">/include</em></p> +</td> +</tr> +<tr> +<td> +<p><tt class="literal">--infodir</tt><a name="INDEX-50"/><a name="INDEX-51"/>=<em class="replaceable">directory</em></p> +</td> +<td> +<p>Install additional information files in the directory specified.</p> +</td> +<td> +<p><em class="replaceable">prefix</em><em class="filename">/info</em></p> +</td> +</tr> +<tr> +<td> +<p><tt class="literal">--mandir</tt><a name="INDEX-52"/><a name="INDEX-53"/>=<em class="replaceable">directory</em></p> +</td> +<td> +<p>Install manual pages in the directory specified.</p> +</td> +<td> +<p><em class="replaceable">prefix</em><em class="filename">/man</em></p> +</td> +</tr> + +</table> + +<p>Here is a sample execution of the +<em class="filename">configure</em><a name="INDEX-54"/> +script, which creates a Samba 2.2.6 makefile for the Linux platform. +Note that you must run the configure script in the +<em class="emphasis">source</em> directory and that we are showing you yet +another way to capture the output of the script:</p> + +<blockquote><pre class="code">$ <tt class="userinput"><b>cd samba-2.2.6/source/</b></tt> +$ <tt class="userinput"><b>su</b></tt> +Password: +# <tt class="userinput"><b>./configure --with-smbwrapper --with-smbmount \</b></tt> +<tt class="userinput"><b>--with-msdfs --with-syslog --with-utmp 2>&1 | tee config.my.log</b></tt> +loading cache ./config.cache +checking for gcc... (cached) gcc +checking whether the C compiler (gcc -O ) works... yes +checking whether the C compiler (gcc -O ) is a cross-compiler... no +checking whether we are using GNU C... (cached) yes +checking whether gcc accepts -g... (cached) yes +checking for a BSD-compatible install... (cached) /usr/bin/install -c + +<i class="lineannotation">...(content omitted)...</i> + +checking configure summary +configure OK +creating ./config.status +creating include/stamp-h +creating Makefile +creating include/config.h</pre></blockquote> + +<p>In general, any message from <em class="filename">configure</em> that +doesn't begin with the words +<tt class="literal">checking</tt><a name="INDEX-55"/> or +<tt class="literal">creating</tt><a name="INDEX-56"/> is an +<a name="INDEX-57"/>error; it often helps to redirect the +output of the configure script to a file so that you can quickly +search for errors, as we did with the <em class="filename">tee</em> +command earlier. If there was an error during configuration, more +detailed information about it can be found in the +<em class="filename">config.log</em><a name="INDEX-58"/> file, which is written to the local +directory by the <em class="filename">configure</em> script, as well as in +the <em class="filename">config.my.log</em> file, which we created by +piping through the <em class="filename">tee</em> command. These files are +very similar in both name and content, but be careful to check both +of them for error messages before continuing!</p> + +<p>If the configuration works, you'll see a +<tt class="literal">checking</tt> <tt class="literal">configure</tt> +<tt class="literal">summary</tt> message followed by a +<tt class="literal">configure</tt> <tt class="literal">OK</tt> message and four +or five file-creation messages. So far, so good. <a name="INDEX-59"/></p> + + +</div> + + + +<div class="sect1"><a name="samba2-CHP-2-SECT-4"/> + +<h2 class="head1">Compiling and Installing Samba</h2> + +<p><a name="INDEX-60"/><a name="INDEX-61"/><a name="INDEX-62"/><a name="INDEX-63"/>At this point you should be ready to build +the Samba executables. Compiling is also easy: in the +<em class="filename">source</em> directory, type <tt class="literal">make</tt> +on the command line. The +<em class="filename">make</em><a name="INDEX-64"/> utility will produce a stream of +explanatory and success messages, beginning with:</p> + +<blockquote><pre class="code">Using FLAGS = -O -Iinclude ...</pre></blockquote> + +<p>This build includes compiles for both <em class="emphasis">smbd</em> and +<em class="emphasis">nmbd</em> and ends in a linking command for +<em class="filename">bin/nmblookup</em>. For example, here is a sample +make of Samba Version 2.2.6 on a Linux server:</p> + +<blockquote><pre class="code"># make 2>&1 | tee make.log +Using FLAGS = -O -Iinclude -I./include -I./ubiqx -I./smbwrapper -D_LARGEFILE64 +_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -DLOGFILEBASE="/usr/local/samba/va +r" -DCONFIGFILE="/usr/local/samba/lib/smb.conf" -DLMHOSTSFILE="/usr/local/samba/ +lib/lmhosts" -DSWATDIR="/usr/local/samba/swat" -DSBINDIR="/usr/local/samba/bin +" -DLOCKDIR="/usr/local/samba/var/locks" -DCODEPAGEDIR="/usr/local/samba/lib/cod +epages" -DDRIVERFILE="/usr/local/samba/lib/printers.def" -DBINDIR="/usr/local/sa +mba/bin" -DHAVE_INCLUDES_H -DPASSWD_PROGRAM="/bin/passwd" -DSMB_PASSWD_FILE="/u +sr/local/samba/private/smbpasswd" -DTDB_PASSWD_FILE="/usr/local/samba/private/sm +bpasswd.tdb" +Using FLAGS32 = -O -Iinclude -I./include -I./ubiqx -I./smbwrapper -D_LARGEFILE +64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -DLOGFILEBASE="/usr/local/samba/ +var" -DCONFIGFILE="/usr/local/samba/lib/smb.conf" -DLMHOSTSFILE="/usr/local/samb +a/lib/lmhosts" -DSWATDIR="/usr/local/samba/swat" -DSBINDIR="/usr/local/samba/b +in" -DLOCKDIR="/usr/local/samba/var/locks" -DCODEPAGEDIR="/usr/local/samba/lib/c +odepages" -DDRIVERFILE="/usr/local/samba/lib/printers.def" -DBINDIR="/usr/local/ +samba/bin" -DHAVE_INCLUDES_H -DPASSWD_PROGRAM="/bin/passwd" -DSMB_PASSWD_FILE=" +/usr/local/samba/private/smbpasswd" -DTDB_PASSWD_FILE="/usr/local/samba/private/ +smbpasswd.tdb" +Using LIBS = -ldl -lnsl -lpam +Compiling smbd/server.c +Compiling smbd/files.c +Compiling smbd/chgpasswd.c +Compiling smbd/connection.c +Compiling smbd/utmp.c +Compiling smbd/session.c +Compiling smbd/dfree.c +Compiling smbd/dir.c + +<i class="lineannotation">...(content omitted)...</i> + +Compiling rpc_server/srv_srvsvc.c +Compiling rpc_server/srv_srvsvc_nt.c +Compiling rpc_server/srv_util.c +Compiling rpc_server/srv_wkssvc.c +Compiling rpc_server/srv_wkssvc_nt.c +Compiling rpc_server/srv_pipe.c +Compiling rpc_server/srv_dfs.c +Compiling rpc_server/srv_dfs_nt.c +Compiling rpc_server/srv_spoolss.c +Compiling rpc_server/srv_spoolss_nt.c +Compiling lib/util_getent.c +Compiling rpc_parse/parse_lsa.c +Compiling rpc_parse/parse_net.c +Compiling rpc_parse/parsen/smbmount +Compiling client/smbmnt.c +Linking bin/smbmnt +Compiling client/smbumount.c +Linking bin/smbumount +Compiling utils/nmblookup.c +Linking bin/nmblookup</pre></blockquote> + +<p>If you encounter a problem when compiling, first check the Samba +documentation to see if it is easily fixable. Another possibility is +to search or post to the Samba mailing lists, which are given at the +end of <a href="ch12.html">Chapter 12</a> and on the Samba home page. Most +compilation issues are system-specific and almost always easy to +overcome.</p> + +<p>Now that the files have been compiled, you can install them into the +directories you identified with the command:</p> + +<blockquote><pre class="code">#<tt class="userinput"><b> make install</b></tt></pre></blockquote> + +<p>If you happen to be <a name="INDEX-65"/>upgrading, your old Samba files will be +saved with the extension +<em class="emphasis">.old</em>,<a name="INDEX-66"/> and you can go back to that previous +version with the command +<tt class="literal">make</tt><a name="INDEX-67"/> <tt class="literal">revert</tt>. After doing a +<tt class="literal">make</tt><a name="INDEX-68"/> <tt class="literal">install</tt>, you should +copy the <em class="emphasis">.old</em> files (if they exist) to a new +location or name. Otherwise, the next time you install Samba, the +original <em class="emphasis">.old</em> will be overwritten without +warning and you could lose your earlier version. If you configured +Samba to use the default locations for files, the new files will be +installed in the directories listed in <a href="ch02.html#samba2-CHP-2-TABLE-2">Table 2-2</a>. +Remember that you need to perform the installation from an account +that has write privileges on these target directories; this is +typically the root account.</p> + +<a name="samba2-CHP-2-TABLE-2"/><h4 class="head4">Table 2-2. Samba installation directories</h4><table border="1"> + + + +<tr> +<th> +<p>Directory</p> +</th> +<th> +<p>Description</p> +</th> +</tr> + + +<tr> +<td> +<p><em class="emphasis">/usr/local/samba</em></p> +</td> +<td> +<p>Main tree</p> +</td> +</tr> +<tr> +<td> +<p><em class="emphasis">/usr/local/samba/bin</em></p> +</td> +<td> +<p>Binaries</p> +</td> +</tr> +<tr> +<td> +<p><em class="emphasis">/usr/local/samba/lib</em></p> +</td> +<td> +<p><em class="emphasis">smb.conf</em>, <em class="emphasis">lmhosts</em>, +configuration files, etc.</p> +</td> +</tr> +<tr> +<td> +<p><em class="emphasis">/usr/local/samba/man</em></p> +</td> +<td> +<p>Samba documentation</p> +</td> +</tr> +<tr> +<td> +<p><em class="emphasis">/usr/local/samba/private</em></p> +</td> +<td> +<p>Samba-encrypted password file</p> +</td> +</tr> +<tr> +<td> +<p><em class="emphasis">/usr/local/samba/swat</em></p> +</td> +<td> +<p>SWAT files</p> +</td> +</tr> +<tr> +<td> +<p><em class="emphasis">/usr/local/samba/var</em></p> +</td> +<td> +<p>Samba log files, lock files, browse list info, shared memory files, +process ID files</p> +</td> +</tr> + +</table> + +<p>Throughout the remainder of the book, we occasionally refer to the +location of the main tree as <em class="filename">/usr/local/samba</em>. +In most configurations, this is the base directory of the installed +Samba package; however, it can vary from system to system<em class="filename"> +</em>.</p> + +<a name="samba2-CHP-2-NOTE-90"/><blockquote class="note"><h4 class="objtitle">TIP</h4> +<p>Watch out if you've made <em class="filename">/usr</em> a +read-only partition. You will want to put the logs, locks, and +password files somewhere else.</p> +</blockquote> + +<p>Here is the installation that we performed on our machine. You can +see that we used <em class="filename">/usr/local/samba</em> as the base +directory for the distribution:</p> + +<blockquote><pre class="code"># <tt class="userinput"><b>make install 2>&1 | tee make-install.log</b></tt> +Using FLAGS = -O -Iinclude -I./include -I./ubiqx -I./smbwrapper -D_LARGEFILE64 +_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -DLOGFILEBASE="/usr/local/samba/va +r" -DCONFIGFILE="/usr/local/samba/lib/smb.conf" + +<i class="lineannotation">...(content omitted)...</i> + +The binaries are installed. You can restore the old binaries (if there +were any) using the command "make revert". You can uninstall the binaries +using the command "make uninstallbin" or "make uninstall" to uninstall +binaries, manpages and shell scripts. + +<i class="lineannotation">...(content omitted)...</i> + +====================================================================== +The SWAT files have been installed. Remember to read the swat/README +for information on enabling and using SWAT. +======================================================================</pre></blockquote> + +<p>If the last message is about SWAT, you've +successfully installed all the files. Congratulations! You now have +Samba on your system!</p> + + +<div class="sect2"><a name="samba2-CHP-2-SECT-4.1"/> + +<h3 class="head2">Upgrading Your Installation</h3> + +<p><a name="INDEX-70"/><a name="INDEX-71"/>Eventually a new version of +Samba will be released, and you will want to upgrade. This is simple; +just repeat the same steps you used to install your current version. +Download the source distribution from the Samba web site and install +it, then run the <tt class="literal">./configure</tt>, +<tt class="literal">make</tt>, and <tt class="literal">make</tt> +<tt class="literal">install</tt> commands as before. If +you've forgotten which options you used with the +<a name="INDEX-72"/><a name="INDEX-73"/><a name="INDEX-74"/><a name="INDEX-75"/><em class="emphasis">configure</em> +script, take a look at the +<em class="filename">source/config.status</em><a name="INDEX-76"/><a name="INDEX-77"/> file in your previous +version's source distribution. The first few lines +of this file show the options used the last time +<em class="emphasis">configure</em> was run.</p> + +<p>When you run the <tt class="literal">make +install</tt><a name="INDEX-78"/> command to install your new +version, the files of the previous version are replaced with the new +ones, and then all you have to do is restart the Samba daemons to get +your new version running. See <a href="ch02.html#samba2-CHP-2-SECT-8">Section 2.8</a> later in this chapter for directions on how to do this.</p> + + +</div> + + +<div class="sect2"><a name="samba2-CHP-2-SECT-4.2"/> + +<h3 class="head2">Reconfiguring Samba</h3> + +<p><a name="INDEX-79"/>If you +have already compiled Samba and wish to recompile the same source +code with different <em class="emphasis">configure</em> options, you +should run the following three commands in the +<em class="emphasis">source</em> directory before rerunning the +<em class="emphasis">configure</em> script:</p> + +<blockquote><pre class="code"># <tt class="userinput"><b>autoconf</b></tt> +# <tt class="userinput"><b>make clean</b></tt> +# <tt class="userinput"><b>rm config.cache</b></tt></pre></blockquote> + +<p>This ensures that you are starting with a clean slate and that your +previous <em class="emphasis">configure</em> command does not leave any +data around that can affect your new build. From here, you can rerun +<tt class="literal">./configure</tt> and then <tt class="literal">make</tt> and +<tt class="literal">make install</tt>.</p> + + +</div> + + +<div class="sect2"><a name="samba2-CHP-2-SECT-4.3"/> + +<h3 class="head2">Setting Search Paths</h3> + +<p><a name="INDEX-80"/>You +will probably want to run commands included in the Samba distribution +without having to specify their full directory paths. For that to +work, the directory in which the Samba executables are located, +<em class="filename">/usr/local/samba/bin</em> by default, must be added +to your shell's <a name="INDEX-81"/>PATH environment variable. This +environment variable is usually set in one or more of the +shell's startup files, which in the case of +<em class="emphasis">bash</em> are <em class="filename">/etc/profile</em> +(systemwide) and the <em class="filename">.bash_profile</em> and +<em class="filename">.bashrc</em> files in each user's +home directory.</p> + +<p>To be able to read the <a name="INDEX-82"/><a name="INDEX-83"/><a name="INDEX-84"/>Samba manual pages using the +<em class="emphasis">man</em> command, the directory where +Samba's manual pages reside, +<em class="filename">/usr/local/samba/man</em> by default, must be in your +<a name="INDEX-85"/>MANPATH environment variable. On Red +Hat Linux, this can be accomplished by adding the following two lines +to <em class="filename">/etc/man.config</em>:</p> + +<a name="INDEX-86"/><a name="INDEX-87"/><blockquote><pre class="code"> +MANPATH /usr/local/samba/man +MANPATH_MAP /usr/local/samba/bin /usr/local/samba/man</pre></blockquote> + + +</div> + + +</div> + + + +<div class="sect1"><a name="samba2-CHP-2-SECT-5"/> + +<h2 class="head1">Enabling SWAT</h2> + +<p>The <a name="INDEX-88"/><a name="INDEX-89"/>Samba +Web Administration Tool (SWAT) runs as a daemon under +<em class="emphasis">inetd</em> or <em class="filename">xinetd </em>and +provides a forms-based editor in your web browser for creating and +modifying <a name="INDEX-90"/>Samba's +configuration file. For SWAT to work, entries must be added for it in +the <em class="filename">/etc/services</em> and +<em class="filename">/etc/inetd.conf</em> (or +<em class="filename">/etc/xinetd.d/swat) </em>configuration files. To add +the entries, follow these two steps:</p> + +<ol><li> +<p>Check your <em class="filename">/etc/services</em> file, and if it does +not contain the following line, add it to the end of the file:</p> + +<blockquote><pre class="code">swat 901/tcp</pre></blockquote> +</li> +<li> +<p>Now for <em class="filename">inetd </em><a name="INDEX-91"/>or <em class="filename">xinetd. +</em><a name="INDEX-92"/>These are "Internet +super daemons" that handle starting daemons on +demand, instead of letting them sit around in memory consuming system +resources. Most systems use <em class="filename">inetd, </em>but +<em class="filename">xinetd </em>is also used in some versions of Unix, +notably the Red Hat Linux (Versions 7 and newer) that we use in our +examples. You can use the <em class="emphasis">ps</em> command to see +which of the two your system is running.</p> +</li></ol> +<p>For <em class="filename">inetd, </em>add a line to the +<em class="emphasis">/etc/</em><em class="filename">inetd.conf </em>file. +(Check your <em class="filename">inetd.conf</em> manual page to see the +exact format of the<em class="filename"> inetd.conf</em> file if it +differs from the following example.) Don't forget to +change the path to the SWAT binary if you installed it in a different +location from the default <em class="filename">/usr/local/samba</em>:</p> + +<blockquote><pre class="code">swat stream tcp nowait root /usr/local/samba/bin/swat swat</pre></blockquote> + +<p>Then force <em class="filename">inetd</em> to reread its configuration +file by sending it a SIGHUP (hangup) signal:</p> + +<blockquote><pre class="code"># <tt class="userinput"><b>/bin/kill -HUP -a inetd</b></tt></pre></blockquote> + +<p>Notice that we are using a version of the <em class="emphasis">kill</em> +command that supports the <em class="emphasis">-a</em> option, so as to +allow us to specify the process by name. On FreeBSD and Linux, you +can use the <em class="emphasis">killall</em> command<a name="FNPTR-2"/><a href="#FOOTNOTE-2">[2]</a> as follows:</p> + +<blockquote><pre class="code"># <tt class="userinput"><b>killall -HUP inetd</b></tt></pre></blockquote> + +<p>If you are not running Linux or FreeBSD and your version of +<em class="emphasis">kill</em> doesn't have the +<em class="emphasis">-a</em> option, you will need to use the +<em class="emphasis">ps</em> command to find the process ID and then +supply that to <em class="emphasis">kill</em>:</p> + +<blockquote><pre class="code"># <tt class="userinput"><b>ps ax | grep inetd</b></tt> + 780 ? S 0:00 inetd + 1981 pts/4 S 0:00 grep inetd +# <tt class="userinput"><b>kill -HUP 780</b></tt></pre></blockquote> + +<p>If your system is using <em class="filename">xinet, </em>add a file named +<em class="emphasis">swat</em> in your <em class="filename">/etc/xinetd.d +</em>directory, containing the following:</p> + +<blockquote><pre class="code"># description: swat is the Samba Web Administration Tool, which +# allows an administrator to configure Samba using a web +# browser interface, with the URL http://localhost:901 +service swat. +{ + socket_type = stream + wait = no + protocol = tcp + only_from = localhost + user = root + log_on_failure += USERID + server = /usr/local/samba/bin/swat + port = 901 + disable = no +}</pre></blockquote> + +<p>Then <em class="emphasis">xinetd</em> needs to be sent a signal<a name="FNPTR-3"/><a href="#FOOTNOTE-3">[3]</a> to make it reread its configuration files:</p> + +<blockquote><pre class="code"># <tt class="userinput"><b>/bin/kill -HUP -a xinetd</b></tt></pre></blockquote> + +<p>And that's pretty much it for the installation. +Before you can start up Samba, however, you need to create a +configuration file for it.</p> + + +</div> + + + +<div class="sect1"><a name="samba2-CHP-2-SECT-6"/> + +<h2 class="head1">A Basic Samba Configuration File</h2> + +<p><a name="INDEX-93"/>The +key to configuring Samba is its configuration file, +<em class="filename">smb.conf</em>. This configuration file can be very +simple or extremely complex, and the rest of this book is devoted to +helping you get deeply personal with this file. For now, however, +we'll show you how to set up a single file service, +which will allow you to fire up the Samba daemons and see that +everything is running as it should be. In later chapters, you will +see how to configure Samba for more complicated and interesting +tasks.</p> + +<p>The installation process does not automatically create an +<em class="filename">smb.conf</em> configuration file, although several +example files are included in the Samba distribution. To test the +server software, though, we'll use the following +file, which you can create in a text editor. It should be named +<em class="filename">smb.conf</em> and placed in the +<em class="emphasis">/usr/local/samba/lib</em> directory:<a name="FNPTR-4"/><a href="#FOOTNOTE-4">[4]</a></p> + +<blockquote><pre class="code">[global] + workgroup = METRAN +[test] + comment = For testing only, please + path = /usr/local/samba/tmp + read only = no + guest ok = yes</pre></blockquote> + +<p>This brief configuration file tells the Samba server to offer the +<em class="filename">/usr/local/samba/tmp</em> directory on the server as +an SMB share called <em class="emphasis">test</em>. The server also +becomes part of the METRAN workgroup, of which each client must also +be a part. If you have already chosen a name for your own workgroup, +use the name of your workgroup instead of METRAN in the previous +example. In case you are connecting your Samba system into an +existing network and need to know the workgroup name, you can ask +another system administrator or go to a Windows system in the +workgroup and follow these instructions:</p> + +<ul><li> +<p>Windows 95/98/Me/NT: open the Control Panel, then double-click the +Network icon. Click the Identification tab, and look for the +"Workgroup:" label.</p> +</li><li> +<p>Windows 2000: open the Control Panel and double-click the System +icon. Click the Network Identification tab. The workgroup name will +appear below the computer name.</p> +</li><li> +<p>Windows XP: open the Control Panel in Classic View mode and +double-click the System icon. Then click the Computer Name tab.</p> +</li></ul> +<p>We'll use the <tt class="literal">[test]</tt> share in the +next chapter to set up the Windows clients. For now, you can complete +the setup by performing the following commands as root on your Unix +server:</p> + +<blockquote><pre class="code"># <tt class="userinput"><b>mkdir /usr/local/samba/tmp</b></tt> +# <tt class="userinput"><b>chmod 777 /usr/local/samba/tmp</b></tt></pre></blockquote> + +<p>You might also want to put a file or two in the +<em class="filename">/usr/local/samba/tmp</em> directory so that after +your Windows systems are initially configured, you will have +something to use to check that everything works.</p> + +<p>We should point out that in terms of system security, this is the +worst setup possible. For the moment, however, we only wish to test +Samba, so we'll leave security out of the picture. +In addition, we will encounter some encrypted password issues with +Windows clients later on, so this setup will afford us the least +amount of headaches.</p> + + +<div class="sect2"><a name="samba2-CHP-2-SECT-6.1"/> + +<h3 class="head2">Encrypted Passwords</h3> + +<p><a name="INDEX-94"/><a name="INDEX-95"/><a name="INDEX-96"/>If your Windows clients are using Windows +98 or Windows NT 4 Service Pack 3 or above (including Windows 2000 +and Windows XP) and you are using a version of Samba earlier than +3.0, you must add the following entry to the +<tt class="literal">[global]</tt> section of the Samba configuration file:</p> + +<blockquote><pre class="code">[global] + encrypt passwords = yes</pre></blockquote> + +<p>In addition, you must use the +<em class="filename">smbpasswd</em><a name="INDEX-97"/> program (typically located in the +directory <em class="filename">/usr/local/samba/bin/ </em>) to enter the +username/password combinations of the Samba users into +Samba's encrypted password database. For example, if +you wanted to allow Unix user <tt class="literal">steve</tt> to access +shares from a client system, you would use this command:</p> + +<blockquote><pre class="code"># <tt class="userinput"><b>smbpasswd -a steve</b></tt> +New SMB password: +Retype new SMB password: +Added user steve.</pre></blockquote> + +<p>When the first user is added, the program will output a message +saying that the encrypted password database does not exist. +Don't worry: it will then create the database for +you. Make sure that the username/password combinations you add to the +encrypted database match the usernames and passwords you intend to +use on the Windows client side. You must run +<em class="emphasis">smbpasswd</em> for each client user.</p> + +<p>In Samba 3.0, passwords are encrypted by default, so the +<tt class="literal">encrypt</tt> <tt class="literal">passwords</tt> +<tt class="literal">=</tt> <tt class="literal">yes</tt> parameter in the +configuration file is optional. However, you will still need to run +the <em class="emphasis">smbpasswd</em> command to add users to the +encrypted password file.</p> + + +</div> + + +<div class="sect2"><a name="samba2-CHP-2-SECT-6.2"/> + +<h3 class="head2">Using SWAT</h3> + +<p><a name="INDEX-98"/>Creating +a configuration file with SWAT is even easier than writing a +configuration file by hand. To invoke SWAT, use your web browser to +connect to <em class="emphasis">http://localhost:901</em>, and log on as +root with the root password, as shown in <a href="ch02.html#samba2-CHP-2-FIG-1">Figure 2-1</a>.</p> + +<div class="figure"><a name="samba2-CHP-2-FIG-1"/><a name="INDEX-99"/><img src="figs/sam2_0201.gif"/></div><h4 class="head4">Figure 2-1. SWAT login</h4> + +<p>After logging in, click the GLOBALS button at the top of the screen. +You should see the Global Variables page shown in <a href="ch02.html#samba2-CHP-2-FIG-2">Figure 2-2</a>.</p> + +<div class="figure"><a name="samba2-CHP-2-FIG-2"/><img src="figs/sam2_0202.gif"/></div><h4 class="head4">Figure 2-2. SWAT Global Variables page</h4> + +<p>In this example, notice that SWAT retrieved the workgroup name from +the <em class="emphasis">smb.conf</em> file that you created. (If it +didn't, go back and perform that step correctly.) +Make sure that the <tt class="literal">security</tt> field is set to +<tt class="literal">USER</tt>.</p> + +<p>If you are running Samba 2.2 and your Windows clients are at least +Windows 98 or Windows NT 4 SP 3 or later versions, find +<tt class="literal">encrypt</tt> <tt class="literal">passwords</tt> in the +Security Options section and select <tt class="literal">yes</tt>.</p> + +<p>The only other option you need to change from the menu is one +determining which system on the LAN resolves NetBIOS addresses; this +system is called the <em class="emphasis">WINS server</em>. At the very +bottom of the page, set the <tt class="literal">wins</tt> +<tt class="literal">support</tt> field to <tt class="literal">Yes</tt>, unless +you already have a WINS server on your network. If you do, put the +WINS server's IP address in the +<tt class="literal">wins</tt> <tt class="literal">server</tt> field instead. Then +return to the top of the screen, and press the Commit Changes button +to write the changes out to the <em class="emphasis">smb.conf</em> file.</p> + +<p>Next, click the SHARES icon. You should see a page similar to <a href="ch02.html#samba2-CHP-2-FIG-3">Figure 2-3</a>. Select <tt class="literal">test</tt> (to the right +of the Choose Share button), and click the Choose Share button. You +will see the Share Parameters screen, as shown in <a href="ch02.html#samba2-CHP-2-FIG-3">Figure 2-3</a>, with the <tt class="literal">comment</tt> and +<tt class="literal">path</tt> fields filled in from your +<em class="emphasis">smb.conf</em> file.</p> + +<div class="figure"><a name="samba2-CHP-2-FIG-3"/><img src="figs/sam2_0203.gif"/></div><h4 class="head4">Figure 2-3. SWAT Share Parameters screen</h4> + +<p>If you specified that you want to use encrypted passwords on the +GLOBALS page, click the PASSWORD button. Near the top of the screen, +you will see the Server Password Management section. Enter your Unix +username and password in the spaces, and click the Add New User +button. This functions the same as the <em class="emphasis">smbpasswd</em> +utility and creates an entry in the +<em class="emphasis">/usr/local/samba/private/smbpasswd</em> file to allow +you to authenticate from a Windows client.</p> + +<p>Now click the VIEW button at the top, and SWAT shows you the +following <em class="filename">smb.conf</em> file:</p> + +<blockquote><pre class="code"># Samba config file created using SWAT +# from localhost (127.0.0.1) +# Date: 2002/09/05 04:56:43 + +# Global parameters + workgroup = METRAN + encrypt passwords = Yes + wins support = Yes + +[test] + comment = For testing only! + path = /usr/local/samba/tmp + read only = No</pre></blockquote> + +<p>Once this configuration file is completed, you can skip the next step +because the output of SWAT is guaranteed to be syntactically correct. +<a name="INDEX-100"/></p> + + +</div> + + +<div class="sect2"><a name="samba2-CHP-2-SECT-6.3"/> + +<h3 class="head2">Disabling Oplocks</h3> + +<p>The <em class="filename">smb.conf</em><a name="INDEX-101"/><a name="INDEX-102"/> +file you have just created is certainly good enough for the purpose +of initial setup and testing, and you can use it as a starting point +from which to develop the configuration of your production Samba +server. But before you get too far with that, we want to bring one +thing to your attention.</p> + +<p>If you are the type of administrator who is highly concerned about +data integrity, you might want to make the following modification to +your <em class="filename">smb.conf</em> file before continuing:</p> + +<blockquote><pre class="code">[global] + oplocks = no</pre></blockquote> + +<p>That is, use a text editor to add the line <tt class="literal">oplocks</tt> +<tt class="literal">=</tt> <tt class="literal">no</tt> to the +<tt class="literal">[global]</tt> section of your +<em class="filename">smb.conf</em> file. With this example, as with other +examples we will present throughout this book, you do not need to +enter the <tt class="literal">[global]</tt> line again in your +configuration file. We include it only to indicate in which section +the parameter belongs.</p> + +<p>The <tt class="literal">oplocks</tt> <tt class="literal">=</tt> +<tt class="literal">no</tt> parameter disables opportunistic locking by +clients. This will result in significantly poorer performance, but +will help ensure that flaky Windows clients and/or unreliable network +hardware will not lead to corrupted files on the Samba server.</p> + +<p>We will cover opportunistic locking (oplocks) in more detail in the +section "Locks and Oplocks" in +<a href="ch08.html">Chapter 8</a>, and recommend that you understand the +ideas presented there before implementing a production Samba server +that serves database files or other valuable data.</p> + + +</div> + + +<div class="sect2"><a name="samba2-CHP-2-SECT-6.4"/> + +<h3 class="head2">Testing the Configuration File</h3> + +<p><a name="INDEX-103"/>If you +didn't use SWAT to create your configuration file, +you should probably test it to ensure that it is syntactically +correct. It might seem silly to run a test program against an +eight-line configuration file, but it's good +practice for the real ones that we'll be writing +later on.</p> + +<p>The test parser, +<em class="filename">testparm</em><a name="INDEX-104"/>, examines an +<em class="filename">smb.conf</em> file for syntax errors and reports any +it finds along with a list of the services enabled on your machine. +An example follows; you'll notice that in our haste +to get the server running we mistyped <tt class="literal">workgroup</tt> as +<tt class="literal">workgrp</tt> (the output is often lengthy, so we +recommend capturing it with the <em class="emphasis">tee</em> command):</p> + +<blockquote><pre class="code">Load smb config files from smb.conf +Unknown parameter encountered: "workgrp" +Ignoring unknown parameter "workgrp" +Processing section "[test]" +Loaded services file OK. +Press Enter to see a dump of your service definitions +# Global parameters +[global] + workgroup = WORKGROUP + netbios name = + netbios aliases = + server string = Samba 2.2.6 + interfaces = + bind interfaces only = No + +<i class="lineannotation">...(content omitted)...</i> + +[test] + comment = For testing only! + path = /usr/local/samba/tmp + read only = No</pre></blockquote> + +<p>The interesting parts are at the top and bottom. The top of the +output will flag any syntax errors that you might have made, and the +bottom lists the services that the server thinks it should offer. A +word of advice: make sure you and the server have the same +expectations. <a name="INDEX-105"/></p> + + +</div> + + +</div> + + + +<div class="sect1"><a name="samba2-CHP-2-SECT-7"/> + +<h2 class="head1">Firewall Configuration</h2> + +<p><a name="INDEX-106"/>As +with any services that run on TCP/IP, the SMB networking services +offered by Samba can be accessed from across the Internet unless your +organization's firewall is properly configured. The +following ports are used by Samba for SMB networking and SWAT:</p> + +<dl> +<dt><b>Port 137</b></dt> +<dd> +<p>Used for NetBIOS network browsing</p> +</dd> + + + +<dt><b>Port 138</b></dt> +<dd> +<p>Used for NetBIOS name service</p> +</dd> + + + +<dt><b>Port 139</b></dt> +<dd> +<p>Used for file and printer sharing and other operations</p> +</dd> + + + +<dt><b>Port 445</b></dt> +<dd> +<p>Used by Windows 2000/XP when NetBIOS over TCP/IP is disabled</p> +</dd> + + + +<dt><b>Port 901</b></dt> +<dd> +<p>Used by SWAT</p> +</dd> + +</dl> + +<p>At the minimum, your organization's Internet +firewall should shut down all the ports in the list to traffic in +both directions. Do not assume that preventing incoming connections +is sufficient; there are cracks that trick Windows clients into +sending data out of the local area network and into the Internet by +SMB protocol, even from a local network that uses private IP +addresses not forwarded by routers. If you want SMB traffic to travel +across the Internet to remote sites, the best way is to use a virtual +private network (VPN). See the O'Reilly book, +<em class="citetitle">Virtual Private Networks</em>, for more information +on this subject.</p> + +<p>In addition, you might wish to configure a firewall on the Samba host +system to keep SMB packets from traveling further than necessary +within your organization's network. For example, +port 901 can be shut down for remote accesses so that SWAT can be run +only on the Samba host system. If you are using Samba to serve only a +fraction of the client systems within your organization, consider +allowing SMB packets (i.e., packets on ports 137-139 and 445) to go +to or come from only those clients.</p> + +<p>For more information on configuring firewalls, see the +O'Reilly book <em class="citetitle">Building Internet +Firewalls</em>.</p> + + +</div> + + + +<div class="sect1"><a name="samba2-CHP-2-SECT-8"/> + +<h2 class="head1">Starting the Samba Daemons</h2> + +<p>Two Samba processes, +<em class="emphasis">smbd</em><a name="INDEX-107"/> and +<em class="emphasis">nmbd</em><a name="INDEX-108"/>, need to be running for Samba to work +correctly. There are three ways to start them:</p> + +<ul><li> +<p>Manually</p> +</li><li> +<p>Automatically, during system boot</p> +</li><li> +<p>From <em class="emphasis">inetd or xinetd</em></p> +</li></ul> + +<div class="sect2"><a name="samba2-CHP-2-SECT-8.1"/> + +<h3 class="head2">Starting the Daemons Manually</h3> + +<p><a name="INDEX-109"/><a name="INDEX-110"/>If you're in a +hurry, you can start the Samba daemons by hand. As root, simply enter +the following commands:</p> + +<blockquote><pre class="code"># <tt class="userinput"><b>/usr/local/samba/bin/smbd -D</b></tt> +# <tt class="userinput"><b>/usr/local/samba/bin/nmbd -D</b></tt></pre></blockquote> + +<p>Samba will now be running on your system and is ready to accept +connections. However, keep in mind that if either of the daemons exit +for any reason (including system reboots), they will need to be +restarted manually.</p> + + +</div> + + +<div class="sect2"><a name="samba2-CHP-2-SECT-8.2"/> + +<h3 class="head2">Automatic Startup</h3> + +<p><a name="INDEX-111"/><a name="INDEX-112"/>To have the Samba daemons +started automatically when the system boots, you need to add the +commands listed in the previous section to your standard Unix startup +scripts. The exact method varies depending on the flavor of Unix +you're using.</p> + + +<div class="sect3"><a name="samba2-CHP-2-SECT-8.2.1"/> + +<h3 class="head3">BSD Unix</h3> + +<p><a name="INDEX-113"/><a name="INDEX-114"/><a name="INDEX-115"/>With a BSD-style Unix, you need to append +the following code to the <em class="filename">rc.local </em>file, which +is typically found in the <em class="filename">/etc</em> or +<em class="filename">/etc/rc.d</em> directories:</p> + +<blockquote><pre class="code">if [ -x /usr/local/samba/bin/smbd]; then + echo "Starting smbd..." + /usr/local/samba/bin/smbd -D + echo "Starting nmbd..." + /usr/local/samba/bin/nmbd -D +fi</pre></blockquote> + +<p>This code is very simple: it checks to see if the +<em class="filename">smbd</em> file exists and has execute permissions, +and if it does, it starts up both of the Samba daemons on system +boot.</p> + + +</div> + + + +<div class="sect3"><a name="samba2-CHP-2-SECT-8.2.2"/> + +<h3 class="head3">System V Unix</h3> + +<p><a name="INDEX-116"/><a name="INDEX-117"/><a name="INDEX-118"/>With System V, things can get a little +more complex. Depending on your Unix version, you might be able to +get away with making a simple change to an +<em class="filename">rc.local</em> file as with BSD Unix, but System V +typically uses directories containing links to scripts that control +daemons on the system. Hence, you need to instruct the system how to +start and stop the Samba daemons. The first step to implement this is +to modify the contents of the <em class="filename">/etc/rc.d/init.d</em> +directory by adding something similar to the following shell script, +which for this example we will name <em class="filename">smb </em>:</p> + +<blockquote><pre class="code">#!/bin/sh + +# Check that the Samba configuration file exists +[ -f /usr/local/samba/lib/smb.conf ] || exit 0 + +start( ) +{ + echo -n "Starting SMB services: " + /usr/local/samba/bin/smbd -D + ERROR=$? + echo + + echo -n "Starting NMB services: " + /usr/local/samba/bin/nmbd -D + ERROR2=$? + if [ $ERROR2 -ne 0 ] + then + ERROR=1 + fi + echo + + return $ERROR +} + +stop( ) +{ + echo -n "Shutting down SMB services: " + /bin/kill -TERM -a smbd + ERROR=$? + echo + + echo -n "Shutting down NMB services: " + /bin/kill -TERM -a nmbd + ERROR2=$? + if [ $ERROR2 -ne 0 ] + then + ERROR=1 + fi + echo + + return $ERROR +} + +case "$1" in + start) + start + ;; + stop) + stop + ;; + *) + echo "Usage: $0 {start|stop}" + exit 1 +esac + +exit $?</pre></blockquote> + +<p>With this script, you can start and stop <em class="emphasis">smbd</em> +and <em class="emphasis">nmbd</em> like this:</p> + +<blockquote><pre class="code"># <tt class="userinput"><b>/etc/rc.d/init.d/smb start</b></tt> +Starting SMB services: +Starting NMB services: +# <tt class="userinput"><b>ps ax | grep mbd</b></tt> + 1268 ? S 0:00 /usr/local/samba/bin/smbd -D + 1270 ? S 0:00 /usr/local/samba/bin/nmbd -D + 1465 pts/2 S 0:00 grep mbd +# <tt class="userinput"><b>/etc/rc.d/init.d/smb stop</b></tt> +Shutting down SMB services: +Shutting down NMB services:</pre></blockquote> + +<p>If you are having trouble writing a startup script for your system, +check to see if there is a packaged release of Samba (available from +your Unix vendor or the Samba FTP site). If so, you might be able to +extract a startup script from it to use as a starting point. +Typically, this script doesn't change much (if at +all) from release to release, so using a script from an older Samba +version should not be a problem. Another possibility is to check the +<em class="filename">packaging</em> directory in the Samba source +distribution. In that directory, there are subdirectories for many +Unix versions in which you can find a startup script for those +versions. Even if your version isn't included, you +can probably find a startup script for a similar version to use as a +starting point.</p> + +<p>Finally, we need to add symbolic links to the +<em class="filename">smb</em> script in the +<em class="emphasis">/etc/rc.d/rcX.d</em> directories:</p> + +<blockquote><pre class="code"># <tt class="userinput"><b>ln -s /etc/rc.d/init.d/smb /etc/rc.d/rc3.d/S35smb</b></tt> +# <tt class="userinput"><b>ln -s /etc/rc.d/init.d/smb /etc/rc.d/rc5.d/S35smb</b></tt> + +# <tt class="userinput"><b>ln -s /etc/rc.d/init.d/smb /etc/rc.d/rc0.d/K35smb</b></tt> +# <tt class="userinput"><b>ln -s /etc/rc.d/init.d/smb /etc/rc.d/rc1.d/K35smb</b></tt> +# <tt class="userinput"><b>ln -s /etc/rc.d/init.d/smb /etc/rc.d/rc2.d/K35smb</b></tt> +# <tt class="userinput"><b>ln -s /etc/rc.d/init.d/smb /etc/rc.d/rc4.d/K35smb</b></tt> +# <tt class="userinput"><b>ln -s /etc/rc.d/init.d/smb /etc/rc.d/rc6.d/K35smb</b></tt></pre></blockquote> + +<p>The first two commands, with link names starting with an +"S", cause Samba to be started when +entering runlevels 3 or 5, which are the runlevels in which network +file sharing (NFS) is normally enabled. The second group of commands, +with link names starting with a +"K", cause Samba to be shut down +when entering any of the other runlevels (0, 1, 2, 4, or 6).</p> + +<p>The links starting with "S" are +used to start the daemons, and the links starting with +"K" are used for killing them. When +the runlevel is changed, the links starting with +"K" in the corresponding directory +(e.g., the <em class="filename">rc3.d</em> directory for runlevel 3) are +executed, followed by the links starting with +"S". If we wanted, we could have +Samba restarted when switching between runlevels 3 and 5 by adding a +<em class="filename">K35smb</em> link to each <em class="filename">rc3.d</em> +and <em class="filename">rc5.d </em>directory.</p> + +<p>The number after the K or S in the link names is used to set the +order in which all the daemons with links in the directory are +started or killed off. Get a long listing of the +<em class="emphasis">rc3.d</em> or <em class="emphasis">rc5.d</em> directories +to see how this is set up on your system. We use 35 to match the +behavior of Red Hat's Samba RPM package. The +important thing is to make sure when starting Samba that all services +it requires are started before it. When shutting down, it is a good +idea to shut down Samba before services it requires to avoid excess +error messages in the log files, but the order is not as crucial.</p> + + +</div> + + + +<div class="sect3"><a name="samba2-CHP-2-SECT-8.2.3"/> + +<h3 class="head3">Darwin and Mac OS X</h3> + +<p><a name="INDEX-119"/><a name="INDEX-120"/><a name="INDEX-121"/><a name="INDEX-122"/>An installation of Samba is bundled with the +Darwin distribution, which is included in Mac OS X.<a name="FNPTR-5"/><a href="#FOOTNOTE-5">[5]</a> </p> + +<p>The Samba daemons are started during system +boot by the script +<em class="filename">/System/Library/StartupItems/Samba/Samba</em>. To +trigger the execution of this script, edit the file +<em class="filename">/etc/hostconfig</em> and change the SMBSERVER +parameter to look like this:</p> + +<blockquote><pre class="code">SMBSERVER=-YES-</pre></blockquote> + +<p>On Mac OS X, the graphical user interface (GUI) provides an +alternative to using the command line. Launch the System Preferences +application, and select Sharing (see <a href="ch02.html#samba2-CHP-2-FIG-4">Figure 2-4</a>). +Under the Services tab, turn on Windows File Sharing. This will make +the aforementioned change to <em class="filename">/etc/hostconfig</em> and +immediately execute the startup item.</p> + +<div class="figure"><a name="samba2-CHP-2-FIG-4"/><img src="figs/sam2_0204.gif"/></div><h4 class="head4">Figure 2-4. Mac OS X sharing preferences</h4> + +<p>If you decide to install Samba yourself on Mac OS X, +it's best not to stomp on the installation provided +with the OS. Use the procedures detailed earlier in this chapter to +install the software into <em class="filename">/usr/local/samba</em> or +some other area unaffected by OS upgrades. (Remember to set up users +with <em class="emphasis">smbpasswd</em> if you're using +encrypted passwords, as described earlier in this chapter. This step +is handled automatically with entries in +<em class="filename">/var/db/samba/hash</em> if you're +using the built-in server on Mac OS X.) Once you've +got that working, you can edit the Samba startup item script to refer +to your installation, like this:</p> + +<blockquote><pre class="code"> #!/bin/sh + # Start Samba + + . /etc/rc.common + + if [ "${SMBSERVER:=-NO-}" = "-YES-" ]; then + ConsoleMessage "Starting SMB server" + + if [ -f /usr/local/samba/lib/smb.conf ]; then + /usr/local/samba/bin/smbd -D + /usr/local/samba/bin/nmbd -D + fi + fi</pre></blockquote> + +<p>However, beware of OS updates, which can wipe out your changes. One +solution is to make the script immutable, like this:</p> + +<blockquote><pre class="code"># <tt class="userinput"><b>chflags uchg /System/Library/StartupItems/Samba/Samba</b></tt></pre></blockquote> + + +</div> + + + +<div class="sect3"><a name="samba2-CHP-2-SECT-8.2.4"/> + +<h3 class="head3">Testing automatic startup</h3> + +<p><a name="INDEX-123"/><a name="INDEX-124"/>If you can afford a few minutes of +downtime, reboot your system and again use the +<em class="emphasis">ps</em> command to check that the +<em class="emphasis">smbd</em> and <em class="emphasis">nmbd</em> daemons are +running. And if you are managing a 24/7 server, we highly recommend +that you find some downtime in which to reboot and perform this +check. Otherwise, your next unscheduled downtime might surprise you +with a mysterious absence of SMB networking services when the system +comes up again! <a name="INDEX-125"/><a name="INDEX-126"/></p> + + +</div> + + +</div> + + +<div class="sect2"><a name="samba2-CHP-2-SECT-8.3"/> + +<h3 class="head2">Starting from inetd</h3> + +<p><a name="INDEX-127"/><a name="INDEX-128"/><a name="INDEX-129"/>The <em class="emphasis">inetd</em> +<em class="emphasis"><a name="FNPTR-6"/><a href="#FOOTNOTE-6">[6]</a></em> daemon is a Unix +system's Internet "super +daemon." It listens on ports defined in +<em class="filename">/etc/services</em> and executes the appropriate +program for each port, which is defined in +<em class="filename">/etc/inetd.conf</em>. The advantage of this scheme is +that you can have a large number of daemons ready to answer queries, +but they don't all have to be running all the time. +Instead, <em class="emphasis">inetd</em> listens for connection requests +and starts the appropriate daemon when it is needed. The penalty is a +small overhead cost of creating a new daemon process, as well as the +fact that you need to edit two files rather than one to set things +up. The <em class="emphasis">inetd</em> daemon is handy if you have only +one or two Samba users or your machine is running too many daemons +already. It's also easier to perform an upgrade +without disturbing an existing connection.</p> + +<p>If you wish to start from <em class="filename">inetd</em>, first open +<em class="filename">/etc/services</em> in your text editor. If you +don't already have them defined, add the following +two lines:</p> + +<blockquote><pre class="code">netbios-ssn 139/tcp +netbios-ns 137/udp</pre></blockquote> + +<p>Next, edit <em class="filename">/etc/inetd.conf</em>. Look for the +following two lines and add them if they don't +exist. If you already have <tt class="literal">smbd</tt> and +<tt class="literal">nmbd</tt> lines in the file, edit them to point at the +new <em class="emphasis">smbd</em> and <em class="emphasis">nmbd</em> +you've installed. Your brand of Unix might use a +slightly different syntax in this file; use the existing entries and +the <em class="filename">inetd.conf </em> manual +page as a guide:</p> + +<blockquote><pre class="code">netbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd smbd +netbios-ns dgram udp wait root /usr/local/samba/bin/nmbd nmbd</pre></blockquote> + +<p>Finally, kill any <em class="emphasis">smbd</em> or +<em class="emphasis">nmbd</em> processes and send the +<em class="emphasis">inetd</em> process a hangup (HUP) signal to tell it +to reread its configuration file:</p> + +<blockquote><pre class="code"># <tt class="userinput"><b>/bin/kill -TERM -a smbd</b></tt> +# <tt class="userinput"><b>/bin/kill -TERM -a nmbd</b></tt> +# <tt class="userinput"><b>/bin/kill -HUP -a inetd</b></tt></pre></blockquote> + +<p>After that, Samba should be up and running.</p> + +<p>As we've pointed out before, Red Hat and perhaps +other Unix vendors supply <em class="emphasis">xinetd</em> rather than +<em class="emphasis">inetd</em>. If you need to use +<em class="emphasis">xinetd</em>, you will need to supply a configuration +file in the <em class="emphasis">/etc/xinetd.d</em> directory. +<a name="INDEX-130"/></p> + + +</div> + + +</div> + + + +<div class="sect1"><a name="samba2-CHP-2-SECT-9"/> + +<h2 class="head1">Testing the Samba Daemons</h2> + +<p><a name="INDEX-131"/><a name="INDEX-132"/>We're +nearly done with the Samba server setup. All that's +left to do is to make sure everything is working as we think it +should. A convenient way to do this is to use the +<em class="filename">smbclient</em><a name="INDEX-133"/> program to examine what the server is +offering to the network. If everything is set up properly, you should +be able to do the following:</p> + +<blockquote><pre class="code"># <tt class="userinput"><b>/usr/local/samba/bin/smbclient -U% -L localhost</b></tt> +added interface ip=172.16.1.1 bcast=172.16.1.255 nmask=255.255.255.0 +Domain=[METRAN] OS=[Unix] Server=[Samba 2.2.6] + + Sharename Type Comment + --------- ---- ------- + test Disk For testing only, please + IPC$ IPC IPC Service (Samba 2.2.6) + ADMIN$ Disk IPC Service (Samba 2.2.6) + + Server Comment + --------- ------- + TOLTEC Samba 2.2.6 on toltec + + Workgroup Master + --------- ------- + METRAN TOLTEC</pre></blockquote> + +<p>If there is a problem, don't panic! Try to start the +daemons manually, and check the system output or the debug files at +<em class="filename">/usr/local/samba/var/log.smb</em><a name="INDEX-134"/><a name="INDEX-135"/><a name="INDEX-136"/> to see if you can determine what happened. +If you think it might be a more serious problem, skip to <a href="ch12.html">Chapter 12</a> for help on troubleshooting the Samba daemons.</p> + +<p>If it worked, congratulations! You now have successfully set up the +Samba server with a disk share. It's a simple one, +but we can use it to set up and test the Windows 95/98/Me and +NT/2000/XP clients in the next chapter. Then we will start making it +more interesting by adding services such as home directories, +printers, and security, and by seeing how to integrate the server +into a larger Windows domain. <a name="INDEX-137"/></p> + + +</div> + +<hr/><h4 class="head4">Footnotes</h4><blockquote><a name="FOOTNOTE-1"/> +<p><a href="#FNPTR-1">[1]</a> <em class="emphasis">gcc</em> binaries are available for almost +every modern machine. See <a href="http://www.gnu.org/">http://www.gnu.org/</a> for a list of sites with +<em class="emphasis">gcc</em> and other GNU software.</p> <a name="FOOTNOTE-2"/> <p><a href="#FNPTR-2">[2]</a> Do +not confuse this with the Solaris <em class="emphasis">killall</em> +command, which performs part of the system shutdown sequence!</p> +<a name="FOOTNOTE-3"/> +<p><a href="#FNPTR-3">[3]</a> Depending on the version of <em class="emphasis">xinetd</em> you +have and how it was compiled, you might need to send a USR1 or some +other signal rather than the HUP signal. Check the manual page for +<em class="emphasis">xinetd (8)</em> on your system for details.</p> +<a name="FOOTNOTE-4"/> +<p><a href="#FNPTR-4">[4]</a> If you did not compile Samba, but instead downloaded a binary, +check with the documentation for the package to find out where it +expects the <em class="filename">smb.conf</em> file to be. Or, try running +the <em class="emphasis">testparm</em> program and look for the location +of <em class="filename">smb.conf</em> in the first line of output. If +Samba came preinstalled with your Unix system, an +<em class="filename">smb.conf</em> file is probably already somewhere on +your system.</p> <a name="FOOTNOTE-5"/> +<p><a href="#FNPTR-5">[5]</a> In this book, we cover Darwin Version 6.0 and OS X Version +10.2.</p> <a name="FOOTNOTE-6"/> <p><a href="#FNPTR-6">[6]</a> With early releases of Samba 2.2, there were reports +of intermittent errors when starting from <em class="emphasis">inetd</em>. +We provide this information so that it will be available for later +releases when the problem will hopefully have been identified and +corrected.</p> </blockquote> + + +<hr/><h4 class="head4"><a href="toc.html">TOC</a></h4> +</body></html> |