Operating System Requirements

From SambaWiki
Revision as of 22:17, 27 May 2014 by Mmuehlfeld (talk | contribs) (Face-lifting the page (structure, formattings, text changes, etc.))

File System Support

To use the advanced features of Samba, you need a filesystem that supports both the "user" and "system" xattr namespace. You need this support on file systems that you will share through Samba.

For Samba Active Directory Domain Controllers, „samba-tool“ tests during the provisioning the xattr support for /usr/local/samba/var/locks/sysvol/.


ext3

fstab

For filesystems of that type shared by Samba, add the following options to your /etc/fstab:

/dev/...          /srv/samba/demo          ext3          user_xattr,acl,barrier=1          1 1

Note: The „barrier=1“ option ensures that tdb transactions are safe against unexpected power loss.

Please be careful modifying your fstab. It can lead into an unbootable system!


Kernel support

Ensure that your kernel has the following options enabled:

CONFIG_EXT3_FS_XATTR=y
CONFIG_EXT3_FS_SECURITY=y
CONFIG_EXT3_FS_POSIX_ACL=y


ext4

fstab

For filesystems of that type shared by Samba, add the following options to your /etc/fstab:

/dev/...          /srv/samba/demo          ext4          user_xattr,acl,barrier=1          1 1

Note: The „barrier=1“ option ensures that tdb transactions are safe against unexpected power loss.

Please be careful modifying your fstab. It can lead into an unbootable system!


Kernel support

Ensure that your kernel has the following options enabled:

CONFIG_EXT4_FS_XATTR=y
CONFIG_EXT4_FS_SECURITY=y
CONFIG_EXT4_FS_POSIX_ACL=y


XFS

fstab

No special mount options are required in your fstab.


Kernel support

Ensure that your kernel has the following options enabled:

CONFIG_XFS_POSIX_ACL=y


File Systems without xattr support

Note: This is not recommended!!!

If you don't have a filesystem with xattr support, you can simulate it by adding the following line to your smb.conf:

  posix:eadb = /usr/local/samba/private/eadb.tdb

This will place all extra file attributes (NT ACLs, DOS EAs, streams, etc), in that tdb.

Note: Because it is not efficient and doesn't scale well it should not be used in production!


Testing your filesystem

Note: This is not required for file systems without xattr support.

Before you start testing, ensure, that you have the „attr“ package installed!

Run the following commands as root to test xattr support:

# touch test.txt
# setfattr -n user.test -v test test.txt
# setfattr -n security.test -v test2 test.txt

The following commands should return the shown output:

# getfattr -d test.txt
# file: test.txt
user.test="test"

# getfattr -n security.test -d test.txt
# file: test.txt
security.test="test2"

Run the following commands as root to test extended ACL support:

# touch test.txt
# setfacl -m g:adm:rwx test.txt

The following command should return the shown output:

# getfacl test.txt
# file: test.txt
# owner: root
# group: root
user::rw-
group::r--
group:adm:rwx
mask::rwx
other::r--

Note: Getting an "Operation not supported" error means your kernel is not configured correctly or your filesystem is not mounted with the correct options.

Note: Getting an "Operation not permitted" error means you didn't run the commands as user „root“.



Required Libraries and programs

Depending on your distribution, the package name of the following libraries and programs may differ. Typically they are labled with lib*-dev or lib*-devel. See Distribution specific package installation.

Required:

  • python
A good portion of Samba is written using python, including the build system itself (waf).

(Recommended) Optional:

  • acl
Required for a successfull Samba AD DC deployment! On Member Servers it is required to use the complete set of Windows ACLs.
  • xattr
Required for a successfull Samba AD DC deployment! On Member Servers it is required to use the complete set of Windows ACLs.
  • blkid
  • gnutls
  • readline
  • cups
Required for CUPS printer sharing support.
  • bsd or setproctitle
Required for process title updating support.
  • xsltproc
Required for building man pages and other documentation.
  • docbook
Required for building man pages and other documentation.
  • openldap
Required to build the Samba NT4-style PDC components with LDAP support and Active Directory Member Server support. Also required for the Samba classicupgrade.


Distribution specific package installation

The following examples will cover all of the required libraries and programs. It will also cover BIND, kerberos and file system tools. If you plan to use the internal DNS server, you do not need BIND, but you do still need the package that contains the „nsupdate“ binary.


Debian / Ubuntu

# apt-get install build-essential libacl1-dev libattr1-dev \
   libblkid-dev libgnutls-dev libreadline-dev python-dev libpam0g-dev \
   python-dnspython gdb pkg-config libpopt-dev libldap2-dev \
   dnsutils libbsd-dev attr krb5-user docbook-xsl libcups2-dev acl


Fedora

# yum install libacl-devel libblkid-devel gnutls-devel \
   readline-devel python-devel gdb pkgconfig libattr-devel \
   krb5-workstation


Red Hat Enterprise Linux / CentOS / Scientific Linux

# yum install gcc libacl-devel libblkid-devel gnutls-devel \
   readline-devel python-devel gdb pkgconfig krb5-workstation \
   zlib-devel setroubleshoot-server libaio-devel \
   setroubleshoot-plugins policycoreutils-python \
   libsemanage-python setools-libs-python setools-libs \
   popt-devel libpcap-devel sqlite-devel libidn-devel \
   libxml2-devel libacl-devel libsepol-devel libattr-devel \
   keyutils-libs-devel cyrus-sasl-devel cups-devel bind-utils


openSUSE

# zypper install libacl-devel python-selinux autoconf make \
    python-devel gdb sqlite3-devel libgnutls-devel binutils \
    policycoreutils-python setools-libs selinux-policy \
    setools-libs popt-devel libpcap-devel keyutils-devel \
    libidn-devel libxml2-devel libacl-devel libsepol-devel \
    libattr-devel zlib-devel cyrus-sasl-devel gcc \
    krb5-client openldap2-devel libopenssl-devel\
    bind-utils bind-lib


Gentoo

Please note that the following sections assume at least an intermediate understanding of the Gentoo packaging system.


Python

Gentoo uses Python 3 as the default python interpreter, but at this time Samba requires Python 2 (2.4.2 or later). The following set of commands will install and set up Python 2 as the default python interpreter.

# emerge --ask --noreplace '<dev-lang/python-3'
# eselect python set python2.7
# python-updater


Kerberos

On Gentoo, you have two choices for a kerberos implementation, app-crypt/mit-krb5 and app-crypt/heimdal. Unfortunately the two implementations can not be installed at the same time. Currently, the Samba only supports app-crypt/heimdal. So you must first uninstall app-crypt/mit-krb5, if installed. Then install app-crypt/heimdal and rebuild any packages that were using the previous kerberos implementation.

# emerge --unmerge --ask app-crypt/mit-krb5
# emerge --ask app-crypt/heimdal
# revdep-rebuild -- -ask


Bind

To enable automatic zone management, net-dns/bind and net-dns/bind-tools should be emerged with the USE flags for berkdb, dlz and gssapi set. To enable them permanently, add the following to /etc/package.use:

net-dns/bind berkdb dlz gssapi
net-dns/bind-tools gssapi

Then, emerge net-dns/bind:

# emerge --ask  net-dns/bind net-dns/bind-tools


Samba-supplied Libraries (tdb/ldb/tevent)

There are a few Samba libraries that need to be installed. Note that these packages might be keyworded as unstable, so you might need to add the following to your /etc/package.keywords:

~sys-libs/tevent-0.9.17
~sys-libs/tdb-1.2.10
~sys-libs/ldb-1.1.12
~sys-libs/talloc-2.0.7

Additionally, Samba requires sys-libs/tdb and sys-libs/talloc to be emerged with the USE flag python set. To enable this permanently, add the following to /etc/package.use:

sys-libs/tdb python
sys-libs/talloc python

Note: In new(er) installations of Gentoo, the above files will be located in /etc/portage/, i.e. /etc/portage/package.keywords and /etc/portage/package.use. They may be symlinked to /etc for backward compatibility.

Now, emerge the packages:

# emerge --ask '=sys-libs/talloc-2.0.7' '=sys-libs/tdb-1.2.10' '=sys-libs/tevent-0.9.17' '=sys-libs/ldb-1.1.12'

Note that ebuilds for the required versions of the above packages might not be availiable in the portage tree. In this case, check Gentoo's Bugzilla for updated ebuilds.


Other Misc. Build/Run Dependencies

To ensure a successful Samba 4 installation, there are a few other packages that should be installed, as shown below:

# emerge --ask net-libs/gnutls sys-apps/acl dev-libs/cyrus-sasl dev-python/subunit dev-python/dnspython net-dns/libidn 

FIXME: Are dev-python/dnspython net-dns/libidn still required?