Managing the Samba AD DC Service Using an Init Script: Difference between revisions
m (Quote wget URL) |
m (/* added debian init.d script, old link nolonger worked.) |
||
(12 intermediate revisions by 5 users not shown) | |||
Line 1: | Line 1: | ||
= Introduction = |
|||
This is a topic which pops every so often -- ''where are the Init scripts for Samba4?'' The problem is that init scripts are very distribution specific. The HOWTO states, "Samba4 alpha13 doesn't yet have init scripts included for each platform, but making one for your platform should not be difficult." Well, they may not be rocket science, but not everyone knows how to build a robust startup script and then integrate it with their particular startup infrastructure. This gets even more weird when distributions like Fedora radically overhaul their approach to init. (SysV to "systemd") |
|||
The following describes how to use an init script to manage the Samba Active Directory (AD) domain controller (DC) service. Depending on your operating system, the location of the init script, its content, and the procedures how to manage the service can be different. For details, see your operating system's documentation. |
|||
The intent of this page is to provide a sample of at least a few init scripts, listed by their distribution family (eg., Debian based systems and Red Hat/Fedora). |
|||
{{Imbox |
|||
== Red Hat/Fedora based systems == |
|||
| type = important |
|||
For SysV style service init scripts, Red Hat puts the init scripts in the /etc/rc.d/init.d directory, and then links to these scripts from the various run level directories (eg, link in /etc/rc3.d/S80samba4 -> ../rc.d/init.d/samba4) |
|||
| text = If you operating system uses a different system to manage services, such as <code>systemd</code>, see [[Managing_the_Samba_AD_DC_Service|Managing the Samba AD DC Service]]. |
|||
}} |
|||
Fedora has gone to a systemd based startup for Init. You can still use SysV style scripts such as this one, and configure the automatic startup of the Samba4 server ad different run levels through the "chkconfig" tool. |
|||
= Creating the Init Script = |
|||
== Red Hat Enterprise Linux 6 == |
|||
{{Imbox |
|||
| type = note |
|||
| text = On Red Hat Enterprise Linux later than version 6, use <code>systemd</code> to manage the Samba service. For details, see [[Managing_the_Samba_AD_DC_Service_Using_Systemd|Managing the Samba AD DC Service Using Systemd]]. |
|||
}} |
|||
* Create the <code>/etc/init.d/samba-ad-dc</code> file with the following content: |
|||
#!/bin/bash |
#!/bin/bash |
||
# |
# |
||
# |
# samba-ad-dc This shell script takes care of starting and stopping |
||
# |
# samba AD daemons. |
||
# |
# |
||
# chkconfig: - 58 74 |
# chkconfig: - 58 74 |
||
# description: Samba |
# description: Samba Active Directory Domain Controller |
||
# and incorporates all the technology found in both the Samba4 alpha |
|||
# series and the stable 3.x series. The primary additional features |
|||
# over Samba 3.6 are support for the Active Directory logon protocols |
|||
# used by Windows 2000 and above. |
|||
### BEGIN INIT INFO |
### BEGIN INIT INFO |
||
# Provides: |
# Provides: samba-ad-dc |
||
# Required-Start: $network $local_fs $remote_fs |
# Required-Start: $network $local_fs $remote_fs |
||
# Required-Stop: $network $local_fs $remote_fs |
# Required-Stop: $network $local_fs $remote_fs |
||
# Should-Start: $syslog $named |
# Should-Start: $syslog $named |
||
# Should-Stop: $syslog $named |
# Should-Stop: $syslog $named |
||
# Short-Description: start and stop |
# Short-Description: start and stop samba-ad-dc |
||
# Description: Samba |
# Description: Samba Active Directory Domain Controller |
||
# and incorporates all the technology found in both the Samba4 alpha |
|||
# series and the stable 3.x series. The primary additional features |
|||
# over Samba 3.6 are support for the Active Directory logon protocols |
|||
# used by Windows 2000 and above. |
|||
### END INIT INFO |
### END INIT INFO |
||
# Source function library. |
# Source function library. |
||
. /etc/init.d/functions |
. /etc/init.d/functions |
||
# Source networking configuration. |
# Source networking configuration. |
||
. /etc/sysconfig/network |
. /etc/sysconfig/network |
||
prog=samba |
prog=samba |
||
prog_dir=/usr/local/samba/sbin/ |
prog_dir=/usr/local/samba/sbin/ |
||
lockfile=/var/lock/subsys/$prog |
lockfile=/var/lock/subsys/$prog |
||
start() { |
start() { |
||
[ "$NETWORKING" = "no" ] && exit 1 |
|||
echo -n $"Starting Samba AD DC: " |
|||
# [ -x /usr/sbin/ntpd ] || exit 5 |
|||
daemon $prog_dir/$prog -D |
|||
RETVAL=$? |
|||
# Start daemons. |
|||
echo |
|||
echo -n $"Starting samba4: " |
|||
[ $RETVAL -eq 0 ] && touch $lockfile |
|||
daemon $prog_dir/$prog -D |
|||
return $RETVAL |
|||
echo |
|||
[ $RETVAL -eq 0 ] && touch $lockfile |
|||
return $RETVAL |
|||
} |
} |
||
stop() { |
|||
[ "$EUID" != "0" ] && exit 4 |
|||
stop() { |
|||
echo -n $"Shutting down Samba AD DC: " |
|||
[ "$EUID" != "0" ] && exit 4 |
|||
killproc $prog_dir/$prog |
|||
echo -n $"Shutting down samba4: " |
|||
RETVAL=$? |
|||
killproc $prog_dir/$prog |
|||
echo |
|||
RETVAL=$? |
|||
[ $RETVAL -eq 0 ] && rm -f $lockfile |
|||
return $RETVAL |
|||
[ $RETVAL -eq 0 ] && rm -f $lockfile |
|||
return $RETVAL |
|||
} |
} |
||
# See how we were called. |
|||
case "$1" in |
case "$1" in |
||
start) |
start) |
||
start |
|||
;; |
|||
stop) |
stop) |
||
stop |
|||
;; |
|||
status) |
status) |
||
status $prog |
|||
;; |
|||
restart) |
restart) |
||
stop |
|||
start |
|||
;; |
|||
reload) |
|||
echo "Not implemented yet." |
|||
exit 3 |
|||
;; |
|||
*) |
*) |
||
echo $"Usage: $0 {start|stop|status|restart}" |
|||
exit 2 |
|||
esac |
esac |
||
== Debian Systems == |
|||
1) Retrieve the init script |
|||
* Make the script executeable: |
|||
# chmod 755 /etc/init.d/samba-ad-dc |
|||
$ wget "http://anonscm.debian.org/gitweb/?p=pkg-samba/samba.git;a=blob_plain;f=debian/samba.samba-ad-dc.init;h=3132d2e367675f822342a5b7bc2e50c046aa3b8f;hb=HEAD" -O /etc/init.d/samba-ad-dc |
|||
2) (Optional) Update the paths where Samba is installed |
|||
The Debian package assumes that Samba is installed in /usr. If you've installed it in the default location (/usr/local/samba) instead, run: |
|||
== Debian == |
|||
$ sed -i 's|/usr/sbin|/usr/local/samba/sbin|g' /etc/init.d/samba-ad-dc |
|||
* Create the <code>/etc/init.d/samba-ad-dc</code> file with the following content: |
|||
Likewise the Debian package assumes you'll use /etc/samba/smb.conf for the configuration file. If you're using the default location and build run: |
|||
$ sed -i 's|/etc/samba|/usr/local/samba/etc|g' /etc/init.d/samba-ad-dc |
|||
3) Make the init script executable |
|||
Make the init script executable by running: |
|||
$ chmod 755 /etc/init.d/samba4 |
|||
4) Enable the script at startup |
|||
$ update-rc.d samba4 defaults |
|||
== Upstart Systems (such as Ubuntu) == |
|||
Ubuntu uses the upstart system. To retrieve the upstart config file, run: |
|||
$ wget -O /etc/init/samba-ad-dc.conf 'http://anonscm.debian.org/gitweb/?p=pkg-samba/samba.git;a=blob_plain;f=debian/samba-ad-dc.upstart;hb=HEAD' |
|||
The following init script will start the samba a source installed samba NON AD server: |
|||
#!/bin/sh |
#!/bin/sh |
||
### BEGIN INIT INFO |
### BEGIN INIT INFO |
||
# Provides: samba |
# Provides: samba-ad-dc |
||
# Required-Start: $network $local_fs $remote_fs |
# Required-Start: $network $local_fs $remote_fs |
||
# Required-Stop: $network $local_fs $remote_fs |
# Required-Stop: $network $local_fs $remote_fs |
||
# Default-Start: 2 3 4 5 |
# Default-Start: 2 3 4 5 |
||
# Default-Stop: 0 1 6 |
# Default-Stop: 0 1 6 |
||
# Short-Description: start Samba daemons for the AD DC |
|||
# Should-Start: slapd |
|||
# Should-Stop: slapd |
|||
# Short-Description: start Samba daemons (nmbd and smbd) |
|||
### END INIT INFO |
### END INIT INFO |
||
# Description of this script: |
|||
# |
|||
# This script comes initially from a Debian Squeeze machine on |
|||
# which samba 3.x was installed with "apt-get install samba". The script |
|||
# was modified/adjusted so it points to the correct paths of a default |
|||
# samba4 installation (/usr/local/samba). |
|||
# |
# |
||
# Start/stops the Samba daemon (samba). |
|||
# Installation instructions: |
|||
# Adapted from the Samba 3 packages. |
|||
# (1) copy the content of this script into your clipboard or download it |
|||
# |
|||
# (2) save the content into /etc/init.d/samba of your samba4 host. |
|||
# (3) execute "chmod +x /etc/init.d/samba" to have the script executable |
|||
# (4) execute "update-rc.d samba defaults" to install auto-start function. |
|||
# smbd+nmbd will automatically being started after earch system start/reboot |
|||
# |
|||
# Modified by local@#samba~irc.freenode.net at 06th March 2013 |
|||
# The script was successfully tested on Debian GNU/Linux Squeeze+Wheezy |
|||
# Defaults |
|||
RUN_MODE="daemons" |
|||
PATH=/usr/local/samba/sbin:/usr/local/samba/bin:$PATH |
|||
# Reads config file (will override defaults above) |
|||
[ -r /etc/default/samba ] && . /etc/default/samba |
|||
PIDDIR=/usr/local/samba/var/run |
PIDDIR=/usr/local/samba/var/run |
||
SAMBAPID=$PIDDIR/samba.pid |
|||
SMBDPID=$PIDDIR/smbd.pid |
|||
# clear conflicting settings from the environment |
# clear conflicting settings from the environment |
||
unset TMPDIR |
unset TMPDIR |
||
# See if the |
# See if the daemon and the config file are there |
||
test -x /usr/local/samba/sbin/ |
test -x /usr/local/samba/sbin/samba -a -r /usr/local/samba/etc/smb.conf || exit 0 |
||
. /lib/lsb/init-functions |
. /lib/lsb/init-functions |
||
Line 187: | Line 131: | ||
case "$1" in |
case "$1" in |
||
start) |
start) |
||
SERVER_ROLE=`samba-tool testparm --parameter-name="server role" 2>/dev/null | tail -1` |
|||
log_daemon_msg "Starting Samba daemons" |
|||
if [ "$SERVER_ROLE" != "active directory domain controller" ]; then |
|||
exit 0 |
|||
NMBD_DISABLED=`testparm -s --parameter-name='disable netbios' 2>/dev/null` |
|||
if [ "$NMBD_DISABLED" != 'Yes' ]; then |
|||
log_progress_msg "nmbd" |
|||
if ! start-stop-daemon --start --quiet --oknodo --exec /usr/local/samba/sbin/nmbd -- -D |
|||
then |
|||
log_end_msg 1 |
|||
exit 1 |
|||
fi |
|||
fi |
fi |
||
# CVE-2013-4475 |
|||
KEYFILE=/usr/local/samba/private/tls/key.pem |
|||
if [ -e $KEYFILE ]; then |
|||
KEYPERMS=`stat -c %a $KEYFILE` |
|||
if [ "$KEYPERMS" != "600" ]; then |
|||
echo "wrong permission on $KEYFILE, must be 600" |
|||
echo "samba will not start (CVE-2013-4475)" |
|||
echo "Removing all tls .pem files will cause an auto-regeneration with the correct permissions." |
|||
exit 1 |
|||
i |
|||
fi |
|||
log_daemon_msg "Starting Samba AD DC daemon" "samba" |
|||
# Make sure we have our PIDDIR, even if it's on a tmpfs |
|||
install -o root -g root -m 755 -d $PIDDIR |
|||
stop) |
|||
log_daemon_msg "Stopping Samba daemons" |
|||
if ! start-stop-daemon --start --quiet --oknodo --exec /usr/local/samba/sbin/samba -- -D; then |
|||
log_progress_msg "nmbd" |
|||
log_end_msg 1 |
|||
exit 1 |
|||
fi |
|||
log_end_msg 0 |
|||
;; |
|||
stop) |
|||
log_daemon_msg "Stopping Samba AD DC daemon" "samba" |
|||
then |
|||
# Stale PID file (nmbd was succesfully stopped), |
|||
# remove it (should be removed by nmbd itself IMHO.) |
|||
rm -f $NMBDPID |
|||
fi |
|||
start-stop-daemon --stop --quiet --pidfile $SAMBAPID |
|||
# Wait a little and remove stale PID file |
|||
sleep 1 |
|||
if [ -f $SAMBAPID ] && ! ps h `cat $SAMBAPID` > /dev/null |
|||
then |
|||
# Stale PID file (samba was succesfully stopped), |
|||
# remove it (should be removed by samba itself IMHO.) |
|||
rm -f $SAMBAPID |
|||
fi |
|||
# remove it (should be removed by smbd itself IMHO.) |
|||
rm -f $SMBDPID |
|||
fi |
|||
fi |
|||
log_end_msg 0 |
|||
;; |
|||
restart|force-reload) |
|||
$0 stop |
|||
sleep 1 |
|||
log_daemon_msg "Reloading /usr/local/samba/etc/smb.conf" "smbd only" |
|||
$0 start |
|||
;; |
|||
status) |
|||
status_of_proc -p $SAMBAPID /usr/local/samba/sbin/samba samba |
|||
exit $? |
|||
;; |
|||
*) |
|||
echo "Usage: /etc/init.d/samba-ad-dc {start|stop|restart|force-reload|status}" |
|||
sleep 1 |
|||
exit 1 |
|||
;; |
|||
status) |
|||
status="0" |
|||
NMBD_DISABLED=`testparm -s --parameter-name='disable netbios' 2>/dev/null` |
|||
if [ "$NMBD_DISABLED" != "Yes" ]; then |
|||
status_of_proc -p $NMBDPID /usr/local/samba/sbin/nmbd nmbd || status=$? |
|||
fi |
|||
if [ "$RUN_MODE" != "inetd" ]; then |
|||
status_of_proc -p $SMBDPID /usr/local/samba/sbin/smbd smbd || status=$? |
|||
fi |
|||
if [ "$NMBD_DISABLED" = "Yes" -a "$RUN_MODE" = "inetd" ]; then |
|||
status="4" |
|||
fi |
|||
exit $status |
|||
;; |
|||
*) |
|||
echo "Usage: /etc/init.d/samba {start|stop|reload|restart|force-reload|status}" |
|||
exit 1 |
|||
;; |
|||
esac |
esac |
||
exit 0 |
exit 0 |
||
* If necessary, update the locations to the <code>samba</code> service, the <code>samba-tool</code> utility, and the <code>smb.conf</code> file in the <code>/etc/init.d/samba-ad-dc</code> file. |
|||
* Make the script executeable: |
|||
# chmod 755 /etc/init.d/samba-ad-dc |
|||
= Managing the Samba AD DC Service = |
|||
The following assumes that the Samba Active Directory (AD) domain controller (DC) service is managed by the <code>/etc/init.d/samba-ad-dc</code> init script. If you have not created the script manually, see your operating system's documentation for the name of the Samba AD DC service. |
|||
{{Imbox |
|||
| type = note |
|||
| text = Depending on your operating system, there can be different ways to enable or disable a service. See your operating system's documentation for details. |
|||
}} |
|||
== Enabling and Disabling the Samba AD DC Service == |
|||
To enable the Samba Active Directory (AD) domain controller (DC) service to start automatically when the system boots, enter: |
|||
== Red Hat Enterprise Linux 6 == |
|||
# chkconfig samba-ad-dc enable |
|||
To disable the automatic start of the Samba AD DC service, enter: |
|||
# chkconfig samba-ad-dc disable |
|||
== Debian == |
|||
# update-rc.d samba-ad-dc defaults |
|||
To disable the automatic start of the Samba AD DC service, enter: |
|||
# update-rc.d -f samba-ad-dc remove |
|||
== Manually Starting and Stopping the Samba AD DC Service == |
|||
To manually start the Samba Active Directory (AD) domain controller (DC) service, enter: |
|||
# service start samba-ad-dc |
|||
To manually stop the Samba AD DC service, enter: |
|||
# service stop samba-ad-dc |
Revision as of 17:57, 23 September 2018
Introduction
The following describes how to use an init script to manage the Samba Active Directory (AD) domain controller (DC) service. Depending on your operating system, the location of the init script, its content, and the procedures how to manage the service can be different. For details, see your operating system's documentation.
If you operating system uses a different system to manage services, such as systemd , see Managing the Samba AD DC Service. |
Creating the Init Script
Red Hat Enterprise Linux 6
On Red Hat Enterprise Linux later than version 6, use systemd to manage the Samba service. For details, see Managing the Samba AD DC Service Using Systemd. |
- Create the
/etc/init.d/samba-ad-dc
file with the following content:
#!/bin/bash # # samba-ad-dc This shell script takes care of starting and stopping # samba AD daemons. # # chkconfig: - 58 74 # description: Samba Active Directory Domain Controller ### BEGIN INIT INFO # Provides: samba-ad-dc # Required-Start: $network $local_fs $remote_fs # Required-Stop: $network $local_fs $remote_fs # Should-Start: $syslog $named # Should-Stop: $syslog $named # Short-Description: start and stop samba-ad-dc # Description: Samba Active Directory Domain Controller ### END INIT INFO # Source function library. . /etc/init.d/functions # Source networking configuration. . /etc/sysconfig/network prog=samba prog_dir=/usr/local/samba/sbin/ lockfile=/var/lock/subsys/$prog start() { [ "$NETWORKING" = "no" ] && exit 1 echo -n $"Starting Samba AD DC: " daemon $prog_dir/$prog -D RETVAL=$? echo [ $RETVAL -eq 0 ] && touch $lockfile return $RETVAL } stop() { [ "$EUID" != "0" ] && exit 4 echo -n $"Shutting down Samba AD DC: " killproc $prog_dir/$prog RETVAL=$? echo [ $RETVAL -eq 0 ] && rm -f $lockfile return $RETVAL } case "$1" in start) start ;; stop) stop ;; status) status $prog ;; restart) stop start ;; *) echo $"Usage: $0 {start|stop|status|restart}" exit 2 esac
- Make the script executeable:
# chmod 755 /etc/init.d/samba-ad-dc
Debian
- Create the
/etc/init.d/samba-ad-dc
file with the following content:
#!/bin/sh ### BEGIN INIT INFO # Provides: samba-ad-dc # Required-Start: $network $local_fs $remote_fs # Required-Stop: $network $local_fs $remote_fs # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: start Samba daemons for the AD DC ### END INIT INFO # # Start/stops the Samba daemon (samba). # Adapted from the Samba 3 packages. # PATH=/usr/local/samba/sbin:/usr/local/samba/bin:$PATH PIDDIR=/usr/local/samba/var/run SAMBAPID=$PIDDIR/samba.pid # clear conflicting settings from the environment unset TMPDIR # See if the daemon and the config file are there test -x /usr/local/samba/sbin/samba -a -r /usr/local/samba/etc/smb.conf || exit 0 . /lib/lsb/init-functions case "$1" in start) SERVER_ROLE=`samba-tool testparm --parameter-name="server role" 2>/dev/null | tail -1` if [ "$SERVER_ROLE" != "active directory domain controller" ]; then exit 0 fi # CVE-2013-4475 KEYFILE=/usr/local/samba/private/tls/key.pem if [ -e $KEYFILE ]; then KEYPERMS=`stat -c %a $KEYFILE` if [ "$KEYPERMS" != "600" ]; then echo "wrong permission on $KEYFILE, must be 600" echo "samba will not start (CVE-2013-4475)" echo "Removing all tls .pem files will cause an auto-regeneration with the correct permissions." exit 1 i fi log_daemon_msg "Starting Samba AD DC daemon" "samba" # Make sure we have our PIDDIR, even if it's on a tmpfs install -o root -g root -m 755 -d $PIDDIR if ! start-stop-daemon --start --quiet --oknodo --exec /usr/local/samba/sbin/samba -- -D; then log_end_msg 1 exit 1 fi log_end_msg 0 ;; stop) log_daemon_msg "Stopping Samba AD DC daemon" "samba" start-stop-daemon --stop --quiet --pidfile $SAMBAPID # Wait a little and remove stale PID file sleep 1 if [ -f $SAMBAPID ] && ! ps h `cat $SAMBAPID` > /dev/null then # Stale PID file (samba was succesfully stopped), # remove it (should be removed by samba itself IMHO.) rm -f $SAMBAPID fi log_end_msg 0 ;; restart|force-reload) $0 stop sleep 1 $0 start ;; status) status_of_proc -p $SAMBAPID /usr/local/samba/sbin/samba samba exit $? ;; *) echo "Usage: /etc/init.d/samba-ad-dc {start|stop|restart|force-reload|status}" exit 1 ;; esac exit 0
- If necessary, update the locations to the
samba
service, thesamba-tool
utility, and thesmb.conf
file in the/etc/init.d/samba-ad-dc
file.
- Make the script executeable:
# chmod 755 /etc/init.d/samba-ad-dc
Managing the Samba AD DC Service
The following assumes that the Samba Active Directory (AD) domain controller (DC) service is managed by the /etc/init.d/samba-ad-dc
init script. If you have not created the script manually, see your operating system's documentation for the name of the Samba AD DC service.
Depending on your operating system, there can be different ways to enable or disable a service. See your operating system's documentation for details. |
Enabling and Disabling the Samba AD DC Service
To enable the Samba Active Directory (AD) domain controller (DC) service to start automatically when the system boots, enter:
Red Hat Enterprise Linux 6
# chkconfig samba-ad-dc enable
To disable the automatic start of the Samba AD DC service, enter:
# chkconfig samba-ad-dc disable
Debian
# update-rc.d samba-ad-dc defaults
To disable the automatic start of the Samba AD DC service, enter:
# update-rc.d -f samba-ad-dc remove
Manually Starting and Stopping the Samba AD DC Service
To manually start the Samba Active Directory (AD) domain controller (DC) service, enter:
# service start samba-ad-dc
To manually stop the Samba AD DC service, enter:
# service stop samba-ad-dc