Build Samba from Source: Difference between revisions
Mmuehlfeld (talk | contribs) (Be more concrete which commands need to be run as root) |
(→Python) |
||
(28 intermediate revisions by 6 users not shown) | |||
Line 1: | Line 1: | ||
= Introduction = |
= Introduction = |
||
Most users are running [[Distribution-specific_Package_Installation|packages shipped with their distribution]] or from 3rd parties, such as SerNet ([http://www.samba.plus Samba+]/[http://www.samba.plus/older-packages/ Enterprise]). However, in some situations you may decide to compile Samba yourself, for reasons such as: |
|||
* outdated packages are shipped with your distribution |
|||
* no packages are available for your distribution or OS |
|||
* you want to apply a patch from a developer to fix a problem before a new version is released |
|||
{{Imbox |
|||
* Install all [[Operating_system_requirements/Dependencies_-_Libraries_and_programs|dependencies (e. g. libraries)]] via the package manager of your distribution |
|||
| type = warning |
|||
| text = Please read the above. Most users should never need to compile Samba themselves, they should use the Samba packages provided by their distro. If you do decide to compile Samba yourself, then you should be aware that you will need to maintain the required links (PATH, winbind nss links, startup scripts etc). You will also have to, like using distro Samba packages, configure Samba for the required use. This may require you to create a smb.conf file (provisioning a domain or joining a new DC to an existing domain will create a smb.conf file for you). |
|||
}} |
|||
Compiling Samba requires only a few steps: |
|||
* Download the sources from [https://www.samba.org samba.org] |
* Download the sources from [https://www.samba.org samba.org] |
||
* Extract the source package |
* Extract the source package |
||
* Install all dependencies. Scripts included with the source. |
|||
* Run |
* Run |
||
:./configure |
:<code>./configure</code> |
||
:make |
:<code>make</code> |
||
:make install |
:<code>sudo make install</code> |
||
You can run most of the required steps in this documentation without root privileges. If root permissions are required, the command is prefixed with <code>sudo</code>. Please see the <code>sudo (8)</code> manual page and your distribution documentation how to set up <code>sudo</code>. |
|||
Even if there are a few more things to mention and to know, you will see that compiling Samba is no sorcery. ;-) |
|||
The following documentation is valid for every type of Samba installation, like an Active Directory (AD) domain controller (DC), a domain member (AD and NT4 domain), an NT4 PDC, and standalone server. |
|||
All steps in this documentation can run without root privileges, except something differnet has been mentioned. |
|||
The following is suitable for any kind of Samba installation: Samba Active Directory Domain Controller, Member Server (AD + NT4 domain), Samba NT4 PDC, etc. |
|||
= Obtaining Samba = |
|||
== Stable Version (Recommended) == |
|||
= Samba operating system requirements = |
|||
Always download the latest version of Samba from https://www.samba.org/. |
|||
Samba requires libraries and other software to compile and run. The first task is to install all these [[Operating system requirements|requirements]]. |
|||
Samba maintains three series of minor versions. For a maximum of security and stability, the Samba team recommends that you only install the latest available version of a series. Older versions do not contain the latest bug and security fixes. For further information, see [[Samba_Release_Planning|Samba Release Planning]]. |
|||
{{Imbox |
|||
| type = note |
|||
| text = In case if you are asking for help on the [https://lists.samba.org/mailman/listinfo/samba Samba Mailing List] and not running the latest version, the list members usually advice you to update your installation first to verify that the bug has not been fixed in the meantime. |
|||
}} |
|||
To download, use a tool like <code>wget</code>. For example: |
|||
$ wget <nowiki>https://download.samba.org/pub/samba/stable/samba-x.y.z.tar.gz</nowiki> |
|||
Alternatively you may want to use git like in Development_Versions below, checking out a release branch. |
|||
= Obtaining Samba = |
|||
== Stable version (recommended) == |
|||
Download the latest version of Samba from https://www.samba.org/. It is always recommended to install the latest version of the [[Samba_Release_Planning#Current_Stable_Release|current stable release]]. If you need to use a previous series, always choose the last version from the [[Samba_Release_Planning#Maintenance_Mode|maintainance mode series]] or at least from the [[Samba_Release_Planning#Security_Fixes_Only_Mode|security-fixes-only mode]]. Older versions may not contain all improvements, bug and security fixes. If you ask for help, e. g. on the [https://lists.samba.org/mailman/listinfo/samba Samba Mailing List], you will typically be told to try a recent version, to ensure that you didn't hit a bug, that has been fixed in the meantime. Further information about the Samba release planning and supported release lifetime, can be found on the [[Samba_Release_Planning|Samba release planning]] page. |
|||
Download example: |
|||
$ wget <nowiki>https://download.samba.org/pub/samba/stable/samba-x.y.z.tar.gz</nowiki> |
|||
== Development Versions == |
|||
'''Do not use a development version in production!''' |
|||
To download a development version, use <code>git clone https://gitlab.com/samba-team/devel/samba.git</code> to clone the repository. For details, see [[Using Git for Samba Development]]. |
|||
== Development version == |
|||
Before a new major version is released, the Samba team publishes release candidates for testing purposes. You can download release candidates from https://download.samba.org/pub/samba/rc/ |
|||
'''Not recommended for production usage!''' |
|||
See [[Obtaining_a_Samba_development_version|Obtaining a Samba development version]]. |
|||
Line 51: | Line 61: | ||
= Extracting the |
= Extracting the Source Package = |
||
To extract the downloaded source package, run: |
|||
$ tar -zxf samba-x.y.z.tar.gz |
$ tar -zxf samba-x.y.z.tar.gz |
||
Line 59: | Line 69: | ||
= Install Dependencies = |
|||
Scripts installing all required dependencies are included with the source. |
|||
$ cd <samba-source-dir>/bootstrap/generated-dists/<distrowithversion> |
|||
$ ./bootstrap.sh |
|||
$ cd ../../../.. |
|||
= configure = |
= configure = |
||
Change into the directory with the extracted sources: |
|||
$ cd samba-x.y.z/ |
$ cd samba-x.y.z/ |
||
The <code>configure</code> script is located in the root of the sources directory. The main purpose of the script is to create a <code>Makefile</code> which is used by the command <code>make</code>. The <code>configure</code> script enables you to set various options, like installation paths. If you do not want to [[#Customizing_the_Configure_Options|customize]] any paths, and enable or disable parts of Samba, run the following command without any option: |
|||
Here you need to run the "configure" script. Its main purpose is to create a "Makefile", that is used by "make" for compilation, but it also allows you to set various parameters, like paths where the binaries should be installed. If you don't want to [[#Customize_configure_options|customize]] any paths or enable/disable parts of Samba that should be build, it's sufficient to run the command without any options: |
|||
$ ./configure |
$ ./configure |
||
If the command fails, read the error message and fix the problem. One common problem are missing dependencies. For details, see [[Operating_System_Requirements|Operating System Requirements]]. |
|||
The following example shows the output, if the <code>configure</code> script cannot find the GnuTLS headers: |
|||
If anything fails - usually because of missing [[Operating system requirements|dependencies]] - read the error message and fix the problem. The following example error indicates, that the GnuTLS headers are are not found: |
|||
Checking for gnutls >= 1.4.0 and broken versions : not found |
Checking for gnutls >= 1.4.0 and broken versions : not found |
||
Line 79: | Line 95: | ||
GnuTLS (eg libgnutls-dev, gnutls-devel) for ldaps:// support and for the BackupKey protocol |
GnuTLS (eg libgnutls-dev, gnutls-devel) for ldaps:// support and for the BackupKey protocol |
||
If the <code>configure</code> script exits without an error, you see the following output: |
|||
If all checks are done and nothing is missing, "configure" finishes with an appropriate message: |
|||
'configure' finished successfully (1m2.432s) |
'configure' finished successfully (1m2.432s) |
||
Continue with the <code>[[#make|make]]</code> step, if no error has occurred. |
|||
==Python== |
|||
== Customizing configure options == |
|||
If full python development headers are not installed you may see |
|||
Checking for header Python.h : Distutils not installed? Broken python installation? Get python-config now! |
|||
Even if running "./configure" without any options is sufficient, you may want to adapt some of the paths or enable/disable features. For that, first make yourself familiar with the list of possible options: |
|||
The configuration failed |
|||
Here you have two choices: |
|||
$ ./configure --help |
|||
* Add the following build settings to './configure': |
|||
--disable-python --without-ad-dc |
|||
This does mean that you will not be able to provision Samba as an AD DC. |
|||
The output is quite long, but there are mainly two important parts of options: |
|||
* install the Python 3.x development package for your system (eg python3-devel, python36-devel or python3-dev) |
|||
== Customizing the Configure Options == |
|||
While running the <code>configure</code> script without any options is sufficient to build Samba, you can customize installation paths and enable or disable features. To display the list of options, run: |
|||
$ ./configure --help |
|||
The output shows two major kind of options: |
|||
* [[#enable.2Fdisable.2Fwith.2Fwithout_options|--enable/--disable and --with/--without options]] |
|||
* [[#Installation_directories|installation directories]] |
|||
=== enable/disable/with/without options === |
|||
=== enable/disable/with/without Options === |
|||
There are many "--enable-*/--disable-*", as well as "--with-*/--without-*" options. They allow you to turn on features that should be build, and to turn off for those that shouldn't. Each of the options can be turned to its opposite, by switching "enable" to "disable" and "with" to "without" and vice versa. Here are some examples: |
|||
The <code>configure</code> script provides several <code>--enable-*</code> / <code>-disable-*</code> and <code>--with-*</code> / <code>--without-*</code> options. They allow you to enable and disable features. Each option you can turn to its opposite if you use <code>--enable</code> instead of <code>--disable</code>, <code>--with</code> instead of <code>--without</code>, and the other way around. |
|||
* <u>Example 1:</u> Disable CUPS support (enabled by default): |
* <u>Example 1:</u> Disable CUPS support (enabled by default): |
||
Line 108: | Line 138: | ||
Build with cups support (default=yes) |
Build with cups support (default=yes) |
||
:If you |
:If you do not require CUPS support, disable the feature passing the <code>--disable-cups</code> option to the <code>configure</code> command: |
||
$ ./configure |
$ ./configure ... --disable-cups |
||
* <u>Example 2:</u> Compile Samba without AD DC capabilities: |
|||
* <u>Example 2:</u> Compile Samba without Active Directory Domain Controller capabilities: |
|||
--without-ad-dc |
--without-ad-dc |
||
disable AD DC functionality (enables Samba 4 client and Samba 3 code base). |
disable AD DC functionality (enables Samba 4 client and Samba 3 code base). |
||
: If you build Samba for a host that |
: If you build Samba for a host that should not act as an AD DC, you can disable this feature passing the <code>--without-ad-dc</code> option to the <code>configure</code> command: |
||
$ ./configure |
$ ./configure ... --without-ad-dc |
||
* <u>Example 3:</u> Build Samba with debug information: |
|||
$ ./configure ... --enable-debug |
|||
* <u>Example 3:</u> Build with debug information, that may help to diagnose in case of failure: |
|||
$ ./configure ..... --enable-debug |
|||
'''Warning: Do not enable or disable features if you have not fully understood the cause of the option! Changing options can prevent your Samba installation from working as expected!''' |
|||
'''Warning: Don't enable/disable features unless you know what you're doing! Changing options may prevent your Samba installation from working as expected!''' |
|||
=== Installation Directories === |
|||
If you use the default settings, the binaries, configuration files, libraries, and other files are installed in the <code>/usr/local/samba/</code> directory. This enables you to keep the complete Samba installation in one location. However, you can specify individual paths. For example: |
|||
=== Installation directories === |
|||
* To install the daemon binaries like <code>smbd</code> and <code>samba</code> in the <code>/sbin/</code> directory instead of </code>/usr/local/samba/sbin/</code>, run: |
|||
By default, your whole Samba installation, including databases, smb.conf, etc., will be in /usr/local/samba/ (value of "--prefix="). This is good if you want to keep everything in one place, but you can also change some paths. Here are some examples: |
|||
$ ./configure ... --sbindir=/sbin/ |
|||
* Install daemon binaries (smbd, samba, etc.) in /sbin/ instead of /usr/local/samba/sbin/ |
|||
# ./configure ..... --with-sbindir=/sbin/ |
|||
* Set the default path for smb.conf to /etc/samba/ instead of /usr/local/samba/etc/ |
|||
# ./configure ..... --with-sysconfdir=/etc/samba/ |
|||
* Place the Samba man pages into a directory that is part of the systems manpath |
|||
# ./configure ..... --mandir=/usr/share/man/ |
|||
* To set the default path to the </code>smb.conf</code> file to <code>/etc/samba/</code> instead of </code>/usr/local/samba/etc/</code>, run: |
|||
$ ./configure ... --sysconfdir=/etc/samba/ |
|||
* To store the Samba man pages in the <code>/usr/share/man/</code> directory, run: |
|||
$ ./configure ... --mandir=/usr/share/man/ |
|||
Line 154: | Line 177: | ||
= make = |
= make = |
||
To start the compilation, run |
|||
$ make |
$ make |
||
The <code>make</code> command is able to run multiple jobs in parallel. For example, to run 2 <code>make</code> sub-tasks at the same time, run: |
|||
$ make -j 2 |
$ make -j 2 |
||
If the compilation exits without an error, you see the following output: |
|||
If everything is successfully compiled, "make" finishes with an appropriate message: |
|||
Waf: Leaving directory `/usr/src/samba-x.y.z/bin' |
Waf: Leaving directory `/usr/src/samba-x.y.z/bin' |
||
'build' finished successfully (9m3.667s) |
'build' finished successfully (9m3.667s) |
||
In this case, continue with the next step: [[#make_install|make install]] |
|||
= make test (Optional) = |
|||
This optional step runs the Samba self test suite. |
|||
= make test (optional) = |
|||
$ make test |
|||
This step is optional and usually only interesting for developers. |
|||
{{Imbox |
|||
# make test |
|||
| type = note |
|||
| text = You can only run the self test suite, if you built Samba using the <code>--enable-selftest</code> option. |
|||
}} |
|||
runs the Samba selftest suite. It requires that Samba was built with --enable-selftest. |
|||
Line 187: | Line 212: | ||
= make install = |
= make install = |
||
To install the compiled software, you require <code>root</code> permissions to write to the destination directories and set the correct permissions. |
|||
To install Samba, run: |
|||
$ sudo make install |
|||
If the installation exits without an error, you see the following output: |
|||
If everything is successfully installed, "make install" finishes with an appropriate message: |
|||
Waf: Leaving directory `/usr/src/samba-x.y.z/bin' |
Waf: Leaving directory `/usr/src/samba-x.y.z/bin' |
||
Line 200: | Line 227: | ||
= Adding Samba Commands to the $PATH Variable = |
|||
= Upgrading a source version = |
|||
If you built Samba, add the directories containing the commands to the beginning of your <code>$PATH</code> variable. For example: |
|||
The steps are the same as for a new installation. For further information, see [[Updating_Samba|Updating Samba]]. |
|||
export PATH=/usr/local/samba/bin/:/usr/local/samba/sbin/:$PATH |
|||
To permanently update your <code>$PATH</code>, see your distribution's documentation. |
|||
Once you have built and installed Samba, you will need to configure it according to your needs, this could be as a: |
|||
* Active Directory DC |
|||
* Domain member |
|||
* Standalone server |
|||
= Upgrading a Self-compiled Samba Installation = |
|||
To update a self-compiled Samba installation, run the same steps like for a new installation while using the same <code>configure</code> options. |
|||
= Applying a Patch = |
|||
Some situations require that you apply a patch to Samba. For example, a bug has been fixed and you you cannot wait until the new Samba version is released. To apply the patch to the Samba sources, run: |
|||
* Change into the Samba sources directory. |
|||
$ cd samba-x.y.z/ |
|||
* Download the patch. For example: |
|||
$ wget -O /tmp/patch.txt <nowiki>https://bugzilla.samba.org/attachment.cgi?id=...</nowiki> |
|||
* Apply the patch to the sources: |
|||
$ patch -p 1 < /tmp/patch.txt |
|||
* Recompile and install Samba. See [[Updating Samba]]. |
|||
= Additional information = |
= Additional information = |
||
== Viewing |
== Viewing Built Options of an Existing Installation == |
||
To display the options used to built Samba, run |
|||
If you already have Samba installed and want to see what options were used at build time, run the following command: |
|||
$ smbd -b |
$ smbd -b |
||
= Using an init script to manage the Samba AD DC Service = |
|||
{{:Managing the Samba AD DC Service Using an Init Script}} |
|||
= Using systemd to manage the Samba AD DC Service = |
|||
{{:Managing the Samba AD DC Service Using Systemd}} |
Latest revision as of 20:56, 20 May 2024
Introduction
Most users are running packages shipped with their distribution or from 3rd parties, such as SerNet (Samba+/Enterprise). However, in some situations you may decide to compile Samba yourself, for reasons such as:
- outdated packages are shipped with your distribution
- no packages are available for your distribution or OS
- you want to apply a patch from a developer to fix a problem before a new version is released
Please read the above. Most users should never need to compile Samba themselves, they should use the Samba packages provided by their distro. If you do decide to compile Samba yourself, then you should be aware that you will need to maintain the required links (PATH, winbind nss links, startup scripts etc). You will also have to, like using distro Samba packages, configure Samba for the required use. This may require you to create a smb.conf file (provisioning a domain or joining a new DC to an existing domain will create a smb.conf file for you). |
Compiling Samba requires only a few steps:
- Download the sources from samba.org
- Extract the source package
- Install all dependencies. Scripts included with the source.
- Run
./configure
make
sudo make install
You can run most of the required steps in this documentation without root privileges. If root permissions are required, the command is prefixed with sudo
. Please see the sudo (8)
manual page and your distribution documentation how to set up sudo
.
The following documentation is valid for every type of Samba installation, like an Active Directory (AD) domain controller (DC), a domain member (AD and NT4 domain), an NT4 PDC, and standalone server.
Obtaining Samba
Stable Version (Recommended)
Always download the latest version of Samba from https://www.samba.org/.
Samba maintains three series of minor versions. For a maximum of security and stability, the Samba team recommends that you only install the latest available version of a series. Older versions do not contain the latest bug and security fixes. For further information, see Samba Release Planning.
In case if you are asking for help on the Samba Mailing List and not running the latest version, the list members usually advice you to update your installation first to verify that the bug has not been fixed in the meantime. |
To download, use a tool like wget
. For example:
$ wget https://download.samba.org/pub/samba/stable/samba-x.y.z.tar.gz
Alternatively you may want to use git like in Development_Versions below, checking out a release branch.
Development Versions
Do not use a development version in production!
To download a development version, use git clone https://gitlab.com/samba-team/devel/samba.git
to clone the repository. For details, see Using Git for Samba Development.
Before a new major version is released, the Samba team publishes release candidates for testing purposes. You can download release candidates from https://download.samba.org/pub/samba/rc/
Extracting the Source Package
To extract the downloaded source package, run:
$ tar -zxf samba-x.y.z.tar.gz
Install Dependencies
Scripts installing all required dependencies are included with the source.
$ cd <samba-source-dir>/bootstrap/generated-dists/<distrowithversion> $ ./bootstrap.sh $ cd ../../../..
configure
Change into the directory with the extracted sources:
$ cd samba-x.y.z/
The configure
script is located in the root of the sources directory. The main purpose of the script is to create a Makefile
which is used by the command make
. The configure
script enables you to set various options, like installation paths. If you do not want to customize any paths, and enable or disable parts of Samba, run the following command without any option:
$ ./configure
If the command fails, read the error message and fix the problem. One common problem are missing dependencies. For details, see Operating System Requirements.
The following example shows the output, if the configure
script cannot find the GnuTLS headers:
Checking for gnutls >= 1.4.0 and broken versions : not found /usr/src/samba-x.y.z/source4/lib/tls/wscript:37: error: Building the AD DC requires GnuTLS (eg libgnutls-dev, gnutls-devel) for ldaps:// support and for the BackupKey protocol
If the configure
script exits without an error, you see the following output:
'configure' finished successfully (1m2.432s)
Continue with the make
step, if no error has occurred.
Python
If full python development headers are not installed you may see
Checking for header Python.h : Distutils not installed? Broken python installation? Get python-config now! The configuration failed
Here you have two choices:
- Add the following build settings to './configure':
--disable-python --without-ad-dc
This does mean that you will not be able to provision Samba as an AD DC.
- install the Python 3.x development package for your system (eg python3-devel, python36-devel or python3-dev)
Customizing the Configure Options
While running the configure
script without any options is sufficient to build Samba, you can customize installation paths and enable or disable features. To display the list of options, run:
$ ./configure --help
The output shows two major kind of options:
enable/disable/with/without Options
The configure
script provides several --enable-*
/ -disable-*
and --with-*
/ --without-*
options. They allow you to enable and disable features. Each option you can turn to its opposite if you use --enable
instead of --disable
, --with
instead of --without
, and the other way around.
- Example 1: Disable CUPS support (enabled by default):
--enable-cups Build with cups support (default=yes)
- If you do not require CUPS support, disable the feature passing the
--disable-cups
option to theconfigure
command:
$ ./configure ... --disable-cups
- Example 2: Compile Samba without AD DC capabilities:
--without-ad-dc disable AD DC functionality (enables Samba 4 client and Samba 3 code base).
- If you build Samba for a host that should not act as an AD DC, you can disable this feature passing the
--without-ad-dc
option to theconfigure
command:
$ ./configure ... --without-ad-dc
- Example 3: Build Samba with debug information:
$ ./configure ... --enable-debug
Warning: Do not enable or disable features if you have not fully understood the cause of the option! Changing options can prevent your Samba installation from working as expected!
Installation Directories
If you use the default settings, the binaries, configuration files, libraries, and other files are installed in the /usr/local/samba/
directory. This enables you to keep the complete Samba installation in one location. However, you can specify individual paths. For example:
- To install the daemon binaries like
smbd
andsamba
in the/sbin/
directory instead of /usr/local/samba/sbin/, run:
$ ./configure ... --sbindir=/sbin/
- To set the default path to the smb.conf file to
/etc/samba/
instead of /usr/local/samba/etc/, run:
$ ./configure ... --sysconfdir=/etc/samba/
- To store the Samba man pages in the
/usr/share/man/
directory, run:
$ ./configure ... --mandir=/usr/share/man/
make
To start the compilation, run
$ make
The make
command is able to run multiple jobs in parallel. For example, to run 2 make
sub-tasks at the same time, run:
$ make -j 2
If the compilation exits without an error, you see the following output:
Waf: Leaving directory `/usr/src/samba-x.y.z/bin' 'build' finished successfully (9m3.667s)
make test (Optional)
This optional step runs the Samba self test suite.
$ make test
You can only run the self test suite, if you built Samba using the --enable-selftest option. |
make install
To install the compiled software, you require root
permissions to write to the destination directories and set the correct permissions.
To install Samba, run:
$ sudo make install
If the installation exits without an error, you see the following output:
Waf: Leaving directory `/usr/src/samba-x.y.z/bin' 'install' finished successfully (18.243s)
Adding Samba Commands to the $PATH Variable
If you built Samba, add the directories containing the commands to the beginning of your $PATH
variable. For example:
export PATH=/usr/local/samba/bin/:/usr/local/samba/sbin/:$PATH
To permanently update your $PATH
, see your distribution's documentation.
Once you have built and installed Samba, you will need to configure it according to your needs, this could be as a:
- Active Directory DC
- Domain member
- Standalone server
Upgrading a Self-compiled Samba Installation
To update a self-compiled Samba installation, run the same steps like for a new installation while using the same configure
options.
Applying a Patch
Some situations require that you apply a patch to Samba. For example, a bug has been fixed and you you cannot wait until the new Samba version is released. To apply the patch to the Samba sources, run:
- Change into the Samba sources directory.
$ cd samba-x.y.z/
- Download the patch. For example:
$ wget -O /tmp/patch.txt https://bugzilla.samba.org/attachment.cgi?id=...
- Apply the patch to the sources:
$ patch -p 1 < /tmp/patch.txt
- Recompile and install Samba. See Updating Samba.
Additional information
Viewing Built Options of an Existing Installation
To display the options used to built Samba, run
$ smbd -b
Using an init script to manage the Samba AD DC Service
Creating the Init Script
Red Hat Enterprise Linux 6
On Red Hat Enterprise Linux later than version 6, use systemd to manage the Samba service. For details, see Managing the Samba AD DC Service Using Systemd. |
- Create the
/etc/init.d/samba-ad-dc
file with the following content:
#!/bin/bash # # samba-ad-dc This shell script takes care of starting and stopping # samba AD daemons. # # chkconfig: - 58 74 # description: Samba Active Directory Domain Controller ### BEGIN INIT INFO # Provides: samba-ad-dc # Required-Start: $network $local_fs $remote_fs # Required-Stop: $network $local_fs $remote_fs # Should-Start: $syslog $named # Should-Stop: $syslog $named # Short-Description: start and stop samba-ad-dc # Description: Samba Active Directory Domain Controller ### END INIT INFO # Source function library. . /etc/init.d/functions # Source networking configuration. . /etc/sysconfig/network prog=samba prog_dir=/usr/local/samba/sbin/ lockfile=/var/lock/subsys/$prog start() { [ "$NETWORKING" = "no" ] && exit 1 echo -n $"Starting Samba AD DC: " daemon $prog_dir/$prog -D RETVAL=$? echo [ $RETVAL -eq 0 ] && touch $lockfile return $RETVAL } stop() { [ "$EUID" != "0" ] && exit 4 echo -n $"Shutting down Samba AD DC: " killproc $prog_dir/$prog RETVAL=$? echo [ $RETVAL -eq 0 ] && rm -f $lockfile return $RETVAL } case "$1" in start) start ;; stop) stop ;; status) status $prog ;; restart) stop start ;; *) echo $"Usage: $0 {start|stop|status|restart}" exit 2 esac
- Make the script executeable:
# chmod 755 /etc/init.d/samba-ad-dc
Debian
- Create the
/etc/init.d/samba-ad-dc
file with the following content:
#!/bin/sh ### BEGIN INIT INFO # Provides: samba-ad-dc # Required-Start: $network $local_fs $remote_fs # Required-Stop: $network $local_fs $remote_fs # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: start Samba daemons for the AD DC ### END INIT INFO # # Start/stops the Samba daemon (samba). # Adapted from the Samba 3 packages. # PATH=/usr/local/samba/sbin:/usr/local/samba/bin:$PATH PIDDIR=/usr/local/samba/var/run SAMBAPID=$PIDDIR/samba.pid # clear conflicting settings from the environment unset TMPDIR # See if the daemon and the config file are there test -x /usr/local/samba/sbin/samba -a -r /usr/local/samba/etc/smb.conf || exit 0 . /lib/lsb/init-functions case "$1" in start) SERVER_ROLE=`samba-tool testparm --parameter-name="server role" 2>/dev/null | tail -1` if [ "$SERVER_ROLE" != "active directory domain controller" ]; then exit 0 fi # CVE-2013-4475 KEYFILE=/usr/local/samba/private/tls/key.pem if [ -e $KEYFILE ]; then KEYPERMS=`stat -c %a $KEYFILE` if [ "$KEYPERMS" != "600" ]; then echo "wrong permission on $KEYFILE, must be 600" echo "samba will not start (CVE-2013-4475)" echo "Removing all tls .pem files will cause an auto-regeneration with the correct permissions." exit 1 fi fi log_daemon_msg "Starting Samba AD DC daemon" "samba" # Make sure we have our PIDDIR, even if it's on a tmpfs install -o root -g root -m 755 -d $PIDDIR if ! start-stop-daemon --start --quiet --oknodo --exec /usr/local/samba/sbin/samba -- -D; then log_end_msg 1 exit 1 fi log_end_msg 0 ;; stop) log_daemon_msg "Stopping Samba AD DC daemon" "samba" start-stop-daemon --stop --quiet --pidfile $SAMBAPID # Wait a little and remove stale PID file sleep 1 if [ -f $SAMBAPID ] && ! ps h `cat $SAMBAPID` > /dev/null then # Stale PID file (samba was succesfully stopped), # remove it (should be removed by samba itself IMHO.) rm -f $SAMBAPID fi log_end_msg 0 ;; restart|force-reload) $0 stop sleep 1 $0 start ;; status) status_of_proc -p $SAMBAPID /usr/local/samba/sbin/samba samba exit $? ;; *) echo "Usage: /etc/init.d/samba-ad-dc {start|stop|restart|force-reload|status}" exit 1 ;; esac exit 0
- If necessary, update the locations to the
samba
service, thesamba-tool
utility, and thesmb.conf
file in the/etc/init.d/samba-ad-dc
file.
- Make the script executeable:
# chmod 755 /etc/init.d/samba-ad-dc
Managing the Samba AD DC Service
The following assumes that the Samba Active Directory (AD) domain controller (DC) service is managed by the /etc/init.d/samba-ad-dc
init script. If you have not created the script manually, see your operating system's documentation for the name of the Samba AD DC service.
Depending on your operating system, there can be different ways to enable or disable a service. See your operating system's documentation for details. |
Enabling and Disabling the Samba AD DC Service
To enable the Samba Active Directory (AD) domain controller (DC) service to start automatically when the system boots, enter:
Red Hat Enterprise Linux 6
# chkconfig samba-ad-dc enable
To disable the automatic start of the Samba AD DC service, enter:
# chkconfig samba-ad-dc disable
Debian
# update-rc.d samba-ad-dc defaults
To disable the automatic start of the Samba AD DC service, enter:
# update-rc.d -f samba-ad-dc remove
Manually Starting and Stopping the Samba AD DC Service
To manually start the Samba Active Directory (AD) domain controller (DC) service, enter:
# service start samba-ad-dc
To manually stop the Samba AD DC service, enter:
# service stop samba-ad-dc
Using systemd to manage the Samba AD DC Service
The samba
Service
On a DC, the /usr/local/samba/sbin/samba
service automatically starts the required smbd
and winbindd
service as sub-processes. If you start them manually, the Samba DC fails to work as expected. If your package provider created additional Samba service files, disable and mask them to prevent that other services re-enable them. For example:
# systemctl mask smbd nmbd winbind # systemctl disable smbd nmbd winbind
For further details about permanently disabling services, see the systemd
documentation.
Creating the systemd
Service File
Samba does not provide a systemd
service file. When you built the Samba Active Directory (AD) domain controller (DC) from the sources, you must manually create the service file to enable systemd
to manage the Samba AD DC service:
- Create the
/etc/systemd/system/samba-ad-dc.service
file with the following content:
[Unit] Description=Samba Active Directory Domain Controller After=network.target remote-fs.target nss-lookup.target [Service] Type=forking ExecStart=/usr/local/samba/sbin/samba -D PIDFile=/usr/local/samba/var/run/samba.pid ExecReload=/bin/kill -HUP $MAINPID [Install] WantedBy=multi-user.target
- For further details, see the
systemd.service(5)
man page.
- Reload the
systemd
configuration:
# systemctl daemon-reload
Managing the Samba AD DC Service
The following assumes that the Samba Active Directory (AD) domain controller (DC) service is managed by the samba-ad-dc
service file. If you have not created the service file manually, see your operating system's documentation for the name of the Samba AD DC service.
Enabling and Disabling the Samba AD DC Service
To enable the Samba Active Directory (AD) domain controller (DC) service to start automatically when the system boots, enter:
# systemctl enable samba-ad-dc
To disable the automatic start of the Samba AD DC service, enter:
# systemctl disable samba-ad-dc
Manually Starting and Stopping the Samba AD DC Service
To manually start the Samba Active Directory (AD) domain controller (DC) service, enter:
# systemctl start samba-ad-dc
To manually stop the Samba AD DC service, enter:
# systemctl stop samba-ad-dc