Operating System Requirements
File System Support
To use the advanced features of Samba, you need a filesystem that supports both the "user" and "system" xattr namespace. You need this support on file systems that you will share through Samba.
For Samba Active Directory Domain Controllers, „samba-tool“ tests during the provisioning the xattr support for /usr/local/samba/var/locks/sysvol/.
ext3
fstab
For filesystems of that type shared by Samba, add the following options to your /etc/fstab:
/dev/... /srv/samba/demo ext3 user_xattr,acl,barrier=1 1 1
Note: The „barrier=1“ option ensures that tdb transactions are safe against unexpected power loss.
Please be careful modifying your fstab. It can lead into an unbootable system!
Kernel Support
Ensure that your kernel has the following options enabled:
CONFIG_EXT3_FS_XATTR=y CONFIG_EXT3_FS_SECURITY=y CONFIG_EXT3_FS_POSIX_ACL=y
ext4
fstab
For filesystems of that type shared by Samba, add the following options to your /etc/fstab:
/dev/... /srv/samba/demo ext4 user_xattr,acl,barrier=1 1 1
Note: The „barrier=1“ option ensures that tdb transactions are safe against unexpected power loss.
Please be careful modifying your fstab. It can lead into an unbootable system!
Kernel Support
Ensure that your kernel has the following options enabled:
CONFIG_EXT4_FS_XATTR=y CONFIG_EXT4_FS_SECURITY=y CONFIG_EXT4_FS_POSIX_ACL=y
XFS
fstab
No special mount options are required in your fstab.
Kernel Support
Ensure that your kernel has the following options enabled:
CONFIG_XFS_POSIX_ACL=y
File Systems Without xattr Support
Note: This is not recommended!!!
If you don't have a filesystem with xattr support, you can simulate it by adding the following line to your smb.conf:
posix:eadb = /usr/local/samba/private/eadb.tdb
This will place all extra file attributes (NT ACLs, DOS EAs, streams, etc), in that tdb.
Note: Because it is not efficient and doesn't scale well it should not be used in production!
Testing Your Filesystem
Note: This is not required for file systems without xattr support.
Before you start testing, ensure, that you have the „attr“ package installed!
Run the following commands as root to test xattr support:
# touch test.txt # setfattr -n user.test -v test test.txt # setfattr -n security.test -v test2 test.txt
The following commands should return the shown output:
# getfattr -d test.txt # file: test.txt user.test="test" # getfattr -n security.test -d test.txt # file: test.txt security.test="test2"
Run the following commands as root to test extended ACL support:
# touch test.txt # setfacl -m g:adm:rwx test.txt
The following command should return the shown output:
# getfacl test.txt # file: test.txt # owner: root # group: root user::rw- group::r-- group:adm:rwx mask::rwx other::r--
Note: Getting an "Operation not supported" error means your kernel is not configured correctly or your filesystem is not mounted with the correct options.
Note: Getting an "Operation not permitted" error means you didn't run the commands as user „root“.
Required Libraries And Programs
OS Independent
Depending on your distribution, the package name of the following libraries and programs may differ. Typically they are labled with lib*-dev or lib*-devel. See Distribution specific package installation.
Required:
- python
- A good portion of Samba is written using python, including the build system itself (waf).
- perl
(Recommended) Optional:
- acl
- Required for a successfull Samba AD DC deployment! On Member Servers it is required to use the complete set of Windows ACLs.
- xattr
- Required for a successfull Samba AD DC deployment! On Member Servers it is required to use the complete set of Windows ACLs.
- blkid
- gnutls
- readline
- cups
- Required for CUPS printer sharing support.
- bsd or setproctitle
- Required for process title updating support.
- xsltproc
- Required for building man pages and other documentation.
- docbook
- Required for building man pages and other documentation.
- openldap
- Required to build the Samba NT4-style PDC components with LDAP support and Active Directory Member Server support. Also required for the Samba classicupgrade.
Distribution Specific Package Installation
For An Samba Active Directory Domain Controller
The following examples will cover all of the required libraries and programs. It will also cover BIND, kerberos and file system tools. If you plan to use the internal DNS server, you do not need BIND, but you do still need the package that contains the „nsupdate“ binary.
Debian / Ubuntu
# apt-get install build-essential libacl1-dev libattr1-dev \ libblkid-dev libgnutls-dev libreadline-dev python-dev libpam0g-dev \ python-dnspython gdb pkg-config libpopt-dev libldap2-dev \ dnsutils libbsd-dev attr krb5-user docbook-xsl libcups2-dev acl
Fedora
# yum install libacl-devel libblkid-devel gnutls-devel \ readline-devel python-devel gdb pkgconfig libattr-devel \ krb5-workstation
Red Hat Enterprise Linux / CentOS / Scientific Linux
# yum install perl gcc libacl-devel libblkid-devel gnutls-devel \ readline-devel python-devel gdb pkgconfig krb5-workstation \ zlib-devel setroubleshoot-server libaio-devel \ setroubleshoot-plugins policycoreutils-python \ libsemanage-python setools-libs-python setools-libs \ popt-devel libpcap-devel sqlite-devel libidn-devel \ libxml2-devel libacl-devel libsepol-devel libattr-devel \ keyutils-libs-devel cyrus-sasl-devel cups-devel bind-utils \ libxslt docbook-style-xsl openldap-devel gnutls-devel
openSUSE
# zypper install libacl-devel python-selinux autoconf make \ python-devel gdb sqlite3-devel libgnutls-devel binutils \ policycoreutils-python setools-libs selinux-policy \ setools-libs popt-devel libpcap-devel keyutils-devel \ libidn-devel libxml2-devel libacl-devel libsepol-devel \ libattr-devel zlib-devel cyrus-sasl-devel gcc \ krb5-client openldap2-devel libopenssl-devel\ bind-utils bind-lib
Gentoo
Please note that the following sections assume at least an intermediate understanding of the Gentoo packaging system.
Python
Gentoo uses Python 3 as the default python interpreter, but at this time Samba requires Python 2 (2.4.2 or later). The following set of commands will install and set up Python 2 as the default python interpreter.
# emerge --ask --noreplace '<dev-lang/python-3' # eselect python set python2.7 # python-updater
Kerberos
On Gentoo, you have two choices for a kerberos implementation, app-crypt/mit-krb5 and app-crypt/heimdal. Unfortunately the two implementations can not be installed at the same time. Currently, the Samba only supports app-crypt/heimdal. So you must first uninstall app-crypt/mit-krb5, if installed. Then install app-crypt/heimdal and rebuild any packages that were using the previous kerberos implementation.
# emerge --unmerge --ask app-crypt/mit-krb5 # emerge --ask app-crypt/heimdal # revdep-rebuild -- -ask
Bind
To enable automatic zone management, net-dns/bind and net-dns/bind-tools should be emerged with the USE flags for berkdb, dlz and gssapi set. To enable them permanently, add the following to /etc/package.use:
net-dns/bind berkdb dlz gssapi net-dns/bind-tools gssapi
Then, emerge net-dns/bind:
# emerge --ask net-dns/bind net-dns/bind-tools
Samba-supplied Libraries (tdb/ldb/tevent)
There are a few Samba libraries that need to be installed. Note that these packages might be keyworded as unstable, so you might need to add the following to your /etc/package.keywords:
~sys-libs/tevent-0.9.17 ~sys-libs/tdb-1.2.10 ~sys-libs/ldb-1.1.12 ~sys-libs/talloc-2.0.7
Additionally, Samba requires sys-libs/tdb and sys-libs/talloc to be emerged with the USE flag python set. To enable this permanently, add the following to /etc/package.use:
sys-libs/tdb python sys-libs/talloc python
Note: In new(er) installations of Gentoo, the above files will be located in /etc/portage/, i.e. /etc/portage/package.keywords and /etc/portage/package.use. They may be symlinked to /etc for backward compatibility.
Now, emerge the packages:
# emerge --ask '=sys-libs/talloc-2.0.7' '=sys-libs/tdb-1.2.10' '=sys-libs/tevent-0.9.17' '=sys-libs/ldb-1.1.12'
Note that ebuilds for the required versions of the above packages might not be availiable in the portage tree. In this case, check Gentoo's Bugzilla for updated ebuilds.
Other Misc. Build/Run Dependencies
To ensure a successful Samba 4 installation, there are a few other packages that should be installed, as shown below:
# emerge --ask net-libs/gnutls sys-apps/acl dev-libs/cyrus-sasl dev-python/subunit dev-python/dnspython net-dns/libidn
FIXME: Are dev-python/dnspython net-dns/libidn still required?
For A Samba Member Server
Red Hat Enterprise Linux / CentOS / Scientific Linux
# yum install autoconf automake gcc gdb krb5-devel krb5-workstation openldap-devel make pam-devel python-devel docbook-style-xsl libacl-devel libattr-devel libxslt
For A Samba NT4 PDC
Please add content.