http:///https:///api.php?action=feedcontributions&user=MarcAnto&feedformat=atomSambaWiki - User contributions [en]2024-03-19T01:46:11ZUser contributionsMediaWiki 1.39.5https://wiki.samba.org/index.php?title=Managing_the_Samba_AD_DC_Service_Using_an_Init_Script&diff=10319Managing the Samba AD DC Service Using an Init Script2015-06-25T18:12:23Z<p>MarcAnto: /* Debian Systems */</p>
<hr />
<div>This is a topic which pops every so often -- ''where are the Init scripts for Samba4?'' The problem is that init scripts are very distribution specific. The HOWTO states, "Samba4 alpha13 doesn't yet have init scripts included for each platform, but making one for your platform should not be difficult." Well, they may not be rocket science, but not everyone knows how to build a robust startup script and then integrate it with their particular startup infrastructure. This gets even more weird when distributions like Fedora radically overhaul their approach to init. (SysV to "systemd")<br />
<br />
The intent of this page is to provide a sample of at least a few init scripts, listed by their distribution family (eg., Debian based systems and Red Hat/Fedora).<br />
<br />
== Red Hat/Fedora based systems ==<br />
For SysV style service init scripts, Red Hat puts the init scripts in the /etc/rc.d/init.d directory, and then links to these scripts from the various run level directories (eg, link in /etc/rc3.d/S80samba4 -> ../rc.d/init.d/samba4)<br />
<br />
Fedora has gone to a systemd based startup for Init. You can still use SysV style scripts such as this one, and configure the automatic startup of the Samba4 server and different run levels through the "chkconfig" tool.<br />
<br />
#!/bin/bash<br />
#<br />
# samba4 This shell script takes care of starting and stopping<br />
# samba4 daemons.<br />
#<br />
# chkconfig: - 58 74<br />
# description: Samba 4.0 will be the next version of the Samba suite<br />
# and incorporates all the technology found in both the Samba4 alpha<br />
# series and the stable 3.x series. The primary additional features<br />
# over Samba 3.6 are support for the Active Directory logon protocols<br />
# used by Windows 2000 and above.<br />
<br />
### BEGIN INIT INFO<br />
# Provides: samba4<br />
# Required-Start: $network $local_fs $remote_fs<br />
# Required-Stop: $network $local_fs $remote_fs<br />
# Should-Start: $syslog $named<br />
# Should-Stop: $syslog $named<br />
# Short-Description: start and stop samba4<br />
# Description: Samba 4.0 will be the next version of the Samba suite<br />
# and incorporates all the technology found in both the Samba4 alpha<br />
# series and the stable 3.x series. The primary additional features<br />
# over Samba 3.6 are support for the Active Directory logon protocols<br />
# used by Windows 2000 and above.<br />
### END INIT INFO<br />
<br />
# Source function library.<br />
. /etc/init.d/functions<br />
<br />
<br />
# Source networking configuration.<br />
. /etc/sysconfig/network<br />
<br />
<br />
prog=samba<br />
prog_dir=/usr/local/samba/sbin/<br />
lockfile=/var/lock/subsys/$prog<br />
<br />
<br />
start() {<br />
[ "$NETWORKING" = "no" ] && exit 1<br />
# [ -x /usr/sbin/ntpd ] || exit 5<br />
<br />
# Start daemons.<br />
echo -n $"Starting samba4: "<br />
daemon $prog_dir/$prog -D<br />
RETVAL=$?<br />
echo<br />
[ $RETVAL -eq 0 ] && touch $lockfile<br />
return $RETVAL<br />
}<br />
<br />
<br />
stop() {<br />
[ "$EUID" != "0" ] && exit 4<br />
echo -n $"Shutting down samba4: "<br />
killproc $prog_dir/$prog<br />
RETVAL=$?<br />
echo<br />
[ $RETVAL -eq 0 ] && rm -f $lockfile<br />
return $RETVAL<br />
}<br />
<br />
<br />
# See how we were called.<br />
case "$1" in<br />
start)<br />
start<br />
;;<br />
stop)<br />
stop<br />
;;<br />
status)<br />
status $prog<br />
;;<br />
restart)<br />
stop<br />
start<br />
;;<br />
reload)<br />
echo "Not implemented yet."<br />
exit 3<br />
;;<br />
*)<br />
echo $"Usage: $0 {start|stop|status|restart|reload}"<br />
exit 2<br />
esac<br />
<br />
== Debian Systems ==<br />
<br />
1) Retrieve the init script<br />
<br />
To retrieve the Debian init script, run:<br />
<br />
$ wget "http://anonscm.debian.org/gitweb/?p=pkg-samba/samba.git;a=blob_plain;f=debian/samba.samba-ad-dc.init;h=3132d2e367675f822342a5b7bc2e50c046aa3b8f;hb=HEAD" -O /etc/init.d/samba-ad-dc<br />
<br />
2) (Optional) Update the paths where Samba is installed<br />
<br />
The Debian package assumes that Samba is installed in /usr. If you've installed it in the default location (/usr/local/samba) instead, run:<br />
<br />
$ sed -i 's|/usr/sbin|/usr/local/samba/sbin|g' /etc/init.d/samba-ad-dc<br />
<br />
Likewise the Debian package assumes you'll use /etc/samba/smb.conf for the configuration file. If you're using the default location and build run:<br />
<br />
$ sed -i 's|/etc/samba|/usr/local/samba/etc|g' /etc/init.d/samba-ad-dc<br />
<br />
Again, the Debian package assumes you'll use /var/run/samba as pid directory. If you're using the default location, run:<br />
<br />
$ sed -i 's|/var/run/samba|/usr/local/samba/var/run|g' /etc/init.d/samba-ad-dc<br />
<br />
Last, if you're using the default location for samba-tools, run :<br />
<br />
$ sed -i 's|samba-tool|/usr/local/samba/bin/samba-tool|g' /etc/init.d/samba-ad-dc<br />
<br />
3) Make the init script executable<br />
<br />
Make the init script executable by running:<br />
<br />
$ chmod 755 /etc/init.d/samba-ad-dc<br />
<br />
4) Enable the script at startup<br />
<br />
$ update-rc.d samba-ad-dc defaults<br />
<br />
== Upstart Systems (such as Ubuntu) ==<br />
<br />
Ubuntu uses the upstart system. To retrieve the upstart config file, run:<br />
<br />
$ wget -O /etc/init/samba-ad-dc.conf 'http://anonscm.debian.org/gitweb/?p=pkg-samba/samba.git;a=blob_plain;f=debian/samba-ad-dc.upstart;hb=HEAD'<br />
<br />
The following init script will start a source installed NON AD samba server. i.e 'classic' mode:<br />
<br />
#!/bin/sh<br />
<br />
### BEGIN INIT INFO<br />
# Provides: samba<br />
# Required-Start: $network $local_fs $remote_fs<br />
# Required-Stop: $network $local_fs $remote_fs<br />
# Default-Start: 2 3 4 5<br />
# Default-Stop: 0 1 6<br />
# Should-Start: slapd<br />
# Should-Stop: slapd<br />
# Short-Description: start Samba daemons (nmbd and smbd)<br />
### END INIT INFO<br />
<br />
# Description of this script:<br />
# <br />
# This script comes initially from a Debian Squeeze machine on<br />
# which samba 3.x was installed with "apt-get install samba". The script<br />
# was modified/adjusted so it points to the correct paths of a default<br />
# samba4 installation (/usr/local/samba).<br />
#<br />
# Installation instructions:<br />
# (1) copy the content of this script into your clipboard or download it<br />
# (2) save the content into /etc/init.d/samba of your samba4 host.<br />
# (3) execute "chmod +x /etc/init.d/samba" to have the script executable<br />
# (4) execute "update-rc.d samba defaults" to install auto-start function.<br />
# smbd+nmbd will automatically being started after earch system start/reboot<br />
# <br />
# Modified by local@#samba~irc.freenode.net at 06th March 2013<br />
# The script was successfully tested on Debian GNU/Linux Squeeze+Wheezy<br />
<br />
# Defaults<br />
RUN_MODE="daemons"<br />
<br />
# Reads config file (will override defaults above)<br />
[ -r /etc/default/samba ] && . /etc/default/samba<br />
<br />
PIDDIR=/usr/local/samba/var/run<br />
NMBDPID=$PIDDIR/nmbd.pid<br />
SMBDPID=$PIDDIR/smbd.pid<br />
<br />
# clear conflicting settings from the environment<br />
unset TMPDIR<br />
<br />
# See if the daemons are there<br />
test -x /usr/local/samba/sbin/nmbd -a -x /usr/local/samba/sbin/smbd || exit 0<br />
<br />
. /lib/lsb/init-functions<br />
<br />
case "$1" in<br />
start)<br />
log_daemon_msg "Starting Samba daemons"<br />
# Make sure we have our PIDDIR, even if it's on a tmpfs<br />
install -o root -g root -m 755 -d $PIDDIR<br />
<br />
NMBD_DISABLED=`testparm -s --parameter-name='disable netbios' 2>/dev/null`<br />
if [ "$NMBD_DISABLED" != 'Yes' ]; then<br />
log_progress_msg "nmbd"<br />
if ! start-stop-daemon --start --quiet --oknodo --exec /usr/local/samba/sbin/nmbd -- -D<br />
then<br />
log_end_msg 1<br />
exit 1<br />
fi<br />
fi<br />
<br />
if [ "$RUN_MODE" != "inetd" ]; then<br />
log_progress_msg "smbd"<br />
if ! start-stop-daemon --start --quiet --oknodo --exec /usr/local/samba/sbin/smbd -- -D; then<br />
log_end_msg 1<br />
exit 1<br />
fi<br />
fi<br />
<br />
log_end_msg 0<br />
;;<br />
stop)<br />
log_daemon_msg "Stopping Samba daemons"<br />
log_progress_msg "nmbd"<br />
<br />
start-stop-daemon --stop --quiet --pidfile $NMBDPID<br />
# Wait a little and remove stale PID file<br />
sleep 1<br />
if [ -f $NMBDPID ] && ! ps h `cat $NMBDPID` > /dev/null<br />
then<br />
# Stale PID file (nmbd was succesfully stopped),<br />
# remove it (should be removed by nmbd itself IMHO.)<br />
rm -f $NMBDPID<br />
fi <br />
<br />
if [ "$RUN_MODE" != "inetd" ]; then<br />
log_progress_msg "smbd"<br />
start-stop-daemon --stop --quiet --pidfile $SMBDPID<br />
# Wait a little and remove stale PID file<br />
sleep 1<br />
if [ -f $SMBDPID ] && ! ps h `cat $SMBDPID` > /dev/null<br />
then<br />
# Stale PID file (nmbd was succesfully stopped),<br />
# remove it (should be removed by smbd itself IMHO.)<br />
rm -f $SMBDPID<br />
fi<br />
fi<br />
<br />
log_end_msg 0<br />
<br />
;;<br />
<br />
reload)<br />
log_daemon_msg "Reloading /usr/local/samba/etc/smb.conf" "smbd only"<br />
<br />
start-stop-daemon --stop --signal HUP --pidfile $SMBDPID<br />
<br />
log_end_msg 0<br />
;;<br />
restart|force-reload)<br />
$0 stop<br />
sleep 1<br />
$0 start<br />
;;<br />
status)<br />
status="0"<br />
NMBD_DISABLED=`testparm -s --parameter-name='disable netbios' 2>/dev/null`<br />
if [ "$NMBD_DISABLED" != "Yes" ]; then<br />
status_of_proc -p $NMBDPID /usr/local/samba/sbin/nmbd nmbd || status=$?<br />
fi<br />
if [ "$RUN_MODE" != "inetd" ]; then<br />
status_of_proc -p $SMBDPID /usr/local/samba/sbin/smbd smbd || status=$?<br />
fi<br />
if [ "$NMBD_DISABLED" = "Yes" -a "$RUN_MODE" = "inetd" ]; then<br />
status="4"<br />
fi<br />
exit $status<br />
;;<br />
*)<br />
echo "Usage: /etc/init.d/samba {start|stop|reload|restart|force-reload|status}"<br />
exit 1<br />
;;<br />
esac<br />
<br />
exit 0</div>MarcAntohttps://wiki.samba.org/index.php?title=Using_BIND_DLZ_backend_with_secured_/_signed_DNS_updates&diff=10314Using BIND DLZ backend with secured / signed DNS updates2015-06-24T11:18:57Z<p>MarcAnto: /* Debian / Ubuntu + clones - Build New ISC Bind 9.9 / 9.10 */</p>
<hr />
<div>= Introduction =<br />
<br />
In the default configuration of Distributed ISC Bind in many Distributions you will find that the secured updates do not work with Samba 4. You will receive errors in /var/log/messages indicating update '<name of client>' denied.<br />
<br />
This is because the rpm/deb/pkg has been compiled with the 'disable-isc-spnego' flag and/or without bind-dlz support at all.<br />
In order to fix this you will need to recompile/rebuild the distribution rpm / deb / pkg.<br />
<br />
= Common Bind9 Compile flags for BIND DLZ for bind 9.9 =<br />
<br />
Samba4 and up require for BIND DLZ at least --with-dlz-ldap , --with-dlz-filesystem=yes<br />
<br />
Common used configure flags for BIND9.8.6 and up:<br />
<br />
<pre><br />
CONFIGURE_OPTIONS="\<br />
...<br />
--with-openssl \<br />
--enable-threads \<br />
--with-gssapi=yes \<br />
--with-libtool \<br />
--with-libxml2 \<br />
--with-dlopen=yes \<br />
--with-dlz-mysql \<br />
--with-dlz-bdb \<br />
--with-dlz-ldap \<br />
--with-dlz-filesystem=yes \<br />
--with-dlz-bdb=yes \<br />
--enable-filter-aaaa \<br />
--enable-rrl \<br />
--with-ecdsa \<br />
--enable-threads \<br />
--with-idnlib='-L/usr/lib -R/usr/lib -lidn -lidn2' \<br />
...<br />
</pre><br />
<br />
The parameters for "-L" "-R" can differ from Distribution needs.<br />
<br />
... we ask herein i386 / x64_64 and Child Distribution Maintainers Members to update the package specs <br />
for Bind 9.8.5 and up to cover this for Samba4 in permanent.<br />
<br />
= RHEL / CENTOS / FC + clones - ReBuild Distributed ISC Bind RPM =<br />
<br />
First make sure you have your RPM build environment setup and then install the source rpm for bind. The instructions that follow are for CENTOS 6.4 with 9.8.2-0.17.rc1.el6_4.6 being the latest version at the time of writing:<br />
<br />
rpm -i http://vault.centos.org/6.4/updates/Source/SPackages/bind-9.8.2-0.17.rc1.el6_4.6.src.rpm<br />
<br />
Then locate and edit the SPEC file, if your rpm build directory is ~/rpmbuild then it will be ~/rpmbuild/SPECS/bind.spec<br />
<br />
Now locate and remove the line that reads:<br />
<br />
--disable-isc-spnego<br />
<br />
On the example rpm provided it is line 361.<br />
<br />
Now recompile your rpm:<br />
<br />
rpmbuild -bb ~/rpmbuild/SPECS/bind.spec<br />
<br />
Once finished you should find the replacement rpms in the RPMS/{arch} path of your build root. Replace {arch} with the relevant architecture of your machine (e.g. x86_64 or i686). Install them over the top of your existing rpms and updates should all be working again. Remember if you update with yum it may replace your copy of bind so you will either want to exclude bind* in your yum configuration or use priorities and add these rpms to a local repository.<br />
<br />
= OpenSuSE using ISC BIND backend =<br />
<br />
In the default configuration of Bind in the OpenSuSE distribution you will find that the secured updates do not work with Samba 4.1 and up. <br />
In order to fix this, you will need to recompile the https://build.opensuse.org/package/show/openSUSE:Factory/bind.<br />
<br />
[[User:Remsnet]] Published https://github.com/remsnet/OpenSuSE-Samba-DC/blob/master/bind-9.9.4-P1.spec<br />
<br />
with Build Instructions at https://github.com/remsnet/OpenSuSE-Samba-DC/blob/master/Samba4-DC-DLZ.Readme<br />
<br />
= RHEL/CENTOS/FC + clones - RPM Build New ISC Bind 9.9 / 9.10 =<br />
<br />
Benjamin Kraft publishes on his [http://bkraft.fr/blog/bind_9_10_1_and_bind_9_9_6_and_bind_9_8_8/] Bind9 Security Fixes Page.<br />
Cleanly Patching Bind9 has almost been a task for experts ...<br />
<br />
[[User:Remsnet]] Published https://github.com/remsnet/CentOS-Bind-DLZ SPEC File for SRPMS to Build a Clean and updated Bind9 with DLZ .<br />
<br />
<br />
<br />
<br />
<br />
= Debian / Ubuntu + clones - Build New ISC Bind 9.9 / 9.10 =<br />
<br />
While following the official Samba4 HOWTO I found that bind would not start, giving me the following error (taken from my syslog):<br />
<br />
Loading ‘AD DNS Zone’ using driver dlopen<br />
unsupported DLZ database driver ‘dlopen’. AD DNS Zone not loaded.<br />
<br />
If you want some technical background as to what dlopen is, read this blog post, but in short, Samba4 needs some features only available in Bind 9.8 and above.<br />
If you get the error I described above, you either have an earlier version or your binary version of Bind 9.8.3 or above was not compiled with support for dlz drivers.<br />
<br />
* To fix it I backported Bind9 from SID on i386/x86_64.<br />
* To Fix it in debian RPi , you need to rebuild / recompile <br />
<br />
:'''Note''': when Bind 9.8 gets backported it will become much easier to install, you will only have to follow the steps described here. For now, follow the instructions below.<br />
Let’s remove the old version of bind first:<br />
<br />
$ sudo apt-get remove bind9<br />
<br />
Install required packages(wheezy):<br />
<br />
$ apt-get update<br />
$ sudo apt-get install devscripts build-essential libkrb5-dev debhelper libssl-dev libtool bison libdb-dev libldap2-dev libxml2-dev libpcap2-dev hardening-wrapper libgeoip-dev dpkg-dev<br />
<br />
<br />
Download bind9 .dsc file (check here for the latest link to the .dsc file):<br />
<br />
$ mkdir -p /usr/src/BUILD/bind9<br />
$ cd /usr/src/BUILD/bind9<br />
<br />
$ dget -x http://ftp.de.debian.org/debian/pool/main/b/bind9/bind9_9.9.5.dfsg-7.dsc<br />
<br />
Now unpack bind, Configure and then compile Bind9 source code:<br />
<br />
$ tar xvzf bind9_9.9.5.dfsg.orig.tar.gz<br />
$ cd bind9-9.9.5.dfsg<br />
$ fakeroot ./configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info \<br />
--sysconfdir=/etc/bind --localstatedir=/var --enable-threads --enable-largefile --with-libtool \<br />
--enable-shared --enable-static --with-openssl=/usr --with-gssapi=/usr --with-gnu-ld \<br />
--with-dlz-postgres=no --with-dlz-mysql=no --with-dlz-bdb=yes --with-dlz-filesystem=yes \<br />
--with-dlz-ldap=yes --with-dlz-stub=yes --with-dlopen=yes \<br />
--with-geoip=/usr --enable-ipv6 CFLAGS=-fno-strict-aliasing <br />
<br />
:'''Note''': If you are using bind9 9.8.1 and below, you may find a compilation error which can be fixed with the patch described here. You can apply the patch manually: all you have to do is to edit the file contrib/dlz/drivers/sdlz_helper.c and to remove the “#ifdef DLZ” line and the “#endif” line at the end of the file.<br />
<br />
:'''Note''': If you are building Bind 9.8.0, you must use '--with-dlz-dlopen=yes' instead of '--with-dlopen=yes'.<br />
<br />
Now let’s compile and install bind9:<br />
<br />
$ make install<br />
<br />
Last step, we need to manually create the /var/cache/bind directory:<br />
<br />
$ sudo mkdir /var/cache/bind<br />
<br />
Verify Bind Compile Options with: <br />
<br />
$ named -V<br />
<br />
Start the service bind (wheezy):<br />
# /etc/init.d/bind9 start<br />
<br />
Start the service bind (jessie):<br />
# service bind9 start<br />
<br />
* Do NOT run bind chrooted with a samba AD DC and make sure every thing has the correct privileges ..<br />
* make sure you run the provisioning steps again with bind9 running.<br />
* bind9 should start just fine - server/bind logs should show that the samba-dlz zones loaded ok.</div>MarcAnto