Difference between revisions of "Build Samba from Source"

m (Applying a Patch)
m
 
Line 270: Line 270:
  
 
  $ smbd -b
 
  $ smbd -b
 +
 +
 +
 +
 +
 +
= Using an init script to manage the Samba AD DC Service =
 +
 +
{{:Managing the Samba AD DC Service Using an Init Script}}
 +
 +
 +
 +
 +
= Using systemd to manage the Samba AD DC Service =
 +
 +
{{:Managing the Samba AD DC Service Using Systemd}}

Latest revision as of 08:55, 22 September 2020

Introduction

Most users are running packages shipped with their distribution or from 3rd parties, such as SerNet (Samba+/Enterprise). However, in some situations you decide to compile Samba yourself, like

  • outdated packages are shipped with your distribution
  • no packages are available for your distribution or OS
  • you want to apply a patch from a developer to fix a problem before a new version is released

Compiling Samba requires only a few steps:

./configure
make
sudo make install

You can run most of the required steps in this documentation without root privileges. If root permissions are required, the command is prefixed with sudo. Please see the sudo (8) manual page and your distribution documentation how to set up sudo.

The following documentation is valid for every type of Samba installation, like an Active Directory (AD) domain controller (DC), a domain member (AD and NT4 domain), an NT4 PDC, and standalone server.



Samba Operating System Requirements

To build Samba, install all required libraries and tools first. See Operating System Requirements.



Obtaining Samba

Stable Version (Recommended)

Always download the latest version of Samba from https://www.samba.org/.

Samba maintains three series of minor versions. For a maximum of security and stability, the Samba team recommends that you only install the latest available version of a series. Older versions do not contain the latest bug and security fixes. For further information, see Samba Release Planning.

To download, use a tool like wget. For example:

$ wget https://download.samba.org/pub/samba/stable/samba-x.y.z.tar.gz


Development Versions

Do not use a development version in production!

To download a development version, use git to clone the repository. For details, see Using Git for Samba Development.

Before a new major version is released, the Samba team publishes release candidates for testing purposes. You can download release candidates from https://download.samba.org/pub/samba/rc/




Extracting the Source Package

To extract the downloaded source package, run:

$ tar -zxf samba-x.y.z.tar.gz



configure

Change into the directory with the extracted sources:

$ cd samba-x.y.z/

The configure script is located in the root of the sources directory. The main purpose of the script is to create a Makefile which is used by the command make. The configure script enables you to set various options, like installation paths. If you do not want to customize any paths, and enable or disable parts of Samba, run the following command without any option:

$ ./configure

If the command fails, read the error message and fix the problem. One common problem are missing dependencies. For details, see Operating System Requirements.

The following example shows the output, if the configure script cannot find the GnuTLS headers:

Checking for gnutls >= 1.4.0 and broken versions : not found
/usr/src/samba-x.y.z/source4/lib/tls/wscript:37: error: Building the AD DC requires
GnuTLS (eg libgnutls-dev, gnutls-devel) for ldaps:// support and for the BackupKey protocol

If the configure script exits without an error, you see the following output:

'configure' finished successfully (1m2.432s)

Continue with the make step, if no error has occurred.


Python

If full python development headers are not installed you may see

Checking for header Python.h   : Distutils not installed? Broken python installation? Get python-config now! 
The configuration failed

Here you have three choices:

  • Add the following build settings to './configure':
--disable-python --without-ad-dc

This does mean that you will not be able to provision Samba as an AD DC.

  • (for Samba 4.10) build with python2 with
PYTHON=python2 ./configure
PYTHON=python2 make -j
  • install the Python 3.x development package for your system (eg python3-devel, python36-devel or python3-dev)


Customizing the Configure Options

While running the configure script without any options is sufficient to build Samba, you can customize installation paths and enable or disable features. To display the list of options, run:

$ ./configure --help

The output shows two major kind of options:


enable/disable/with/without Options

The configure script provides several --enable-* / -disable-* and --with-* / --without-* options. They allow you to enable and disable features. Each option you can turn to its opposite if you use --enable instead of --disable, --with instead of --without, and the other way around.

  • Example 1: Disable CUPS support (enabled by default):
--enable-cups
          Build with cups support (default=yes)
If you do not require CUPS support, disable the feature passing the --disable-cups option to the configure command:
$ ./configure ... --disable-cups
  • Example 2: Compile Samba without AD DC capabilities:
--without-ad-dc
          disable AD DC functionality (enables Samba 4 client and Samba 3 code base).
If you build Samba for a host that should not act as an AD DC, you can disable this feature passing the --without-ad-dc option to the configure command:
$ ./configure ... --without-ad-dc
  • Example 3: Build Samba with debug information:
$ ./configure ... --enable-debug 


Warning: Do not enable or disable features if you have not fully understood the cause of the option! Changing options can prevent your Samba installation from working as expected!


Installation Directories

If you use the default settings, the binaries, configuration files, libraries, and other files are installed in the /usr/local/samba/ directory. This enables you to keep the complete Samba installation in one location. However, you can specify individual paths. For example:

  • To install the daemon binaries like smbd and samba in the /sbin/ directory instead of /usr/local/samba/sbin/, run:
$ ./configure ... --sbindir=/sbin/
  • To set the default path to the smb.conf file to /etc/samba/ instead of /usr/local/samba/etc/, run:
$ ./configure ... --sysconfdir=/etc/samba/
  • To store the Samba man pages in the /usr/share/man/ directory, run:
$ ./configure ... --mandir=/usr/share/man/


make

To start the compilation, run

$ make

The make command is able to run multiple jobs in parallel. For example, to run 2 make sub-tasks at the same time, run:

$ make -j 2

If the compilation exits without an error, you see the following output:

Waf: Leaving directory `/usr/src/samba-x.y.z/bin'
'build' finished successfully (9m3.667s)



make test (Optional)

This optional step runs the Samba self test suite.

$ make test




make install

To install the compiled software, you require root permissions to write to the destination directories and set the correct permissions.

To install Samba, run:

$ sudo make install 

If the installation exits without an error, you see the following output:

Waf: Leaving directory `/usr/src/samba-x.y.z/bin'
'install' finished successfully (18.243s)



Adding Samba Commands to the $PATH Variable

If you built Samba, add the directories containing the commands to the beginning of your $PATH variable. For example:

export PATH=/usr/local/samba/bin/:/usr/local/samba/sbin/:$PATH

To permanently update your $PATH, see your distribution's documentation.



Upgrading a Self-compiled Samba Installation

To update a self-compiled Samba installation, run the same steps like for a new installation while using the same configure options.



Applying a Patch

Some situations require that you apply a patch to Samba. For example, a bug has been fixed and you you cannot wait until the new Samba version is released. To apply the patch to the Samba sources, run:

  • Change into the Samba sources directory.
$ cd samba-x.y.z/
  • Download the patch. For example:
$ wget -O /tmp/patch.txt https://bugzilla.samba.org/attachment.cgi?id=...
  • Apply the patch to the sources:
$ patch -p 1 < /tmp/patch.txt

Additional information

Viewing Built Options of an Existing Installation

To display the options used to built Samba, run

$ smbd -b



Using an init script to manage the Samba AD DC Service

Creating the Init Script

Red Hat Enterprise Linux 6

  • Create the /etc/init.d/samba-ad-dc file with the following content:
#!/bin/bash
#
# samba-ad-dc	This shell script takes care of starting and stopping
# 		samba AD daemons.
#
# chkconfig: - 58 74
# description: Samba Active Directory Domain Controller

### BEGIN INIT INFO
# Provides: samba-ad-dc
# Required-Start: $network $local_fs $remote_fs
# Required-Stop: $network $local_fs $remote_fs
# Should-Start: $syslog $named
# Should-Stop: $syslog $named
# Short-Description: start and stop samba-ad-dc
# Description: Samba Active Directory Domain Controller
### END INIT INFO

# Source function library.
. /etc/init.d/functions
 
# Source networking configuration.
. /etc/sysconfig/network
 
prog=samba
prog_dir=/usr/local/samba/sbin/
lockfile=/var/lock/subsys/$prog
 
start() {
	[ "$NETWORKING" = "no" ] && exit 1
	echo -n $"Starting Samba AD DC: "
	daemon $prog_dir/$prog -D
	RETVAL=$?
	echo
	[ $RETVAL -eq 0 ] && touch $lockfile
	return $RETVAL
}

 stop() {
	[ "$EUID" != "0" ] && exit 4
	echo -n $"Shutting down Samba AD DC: "
	killproc $prog_dir/$prog
	RETVAL=$?
	echo
	[ $RETVAL -eq 0 ] && rm -f $lockfile
	return $RETVAL
}
 
case "$1" in
start)
	start
	;;
stop)
	stop
	;;
status)
	status $prog
	;;
restart)
	stop
	start
	;;
*)
	echo $"Usage: $0 {start|stop|status|restart}"
	exit 2
esac
  • Make the script executeable:
# chmod 755 /etc/init.d/samba-ad-dc


Debian

  • Create the /etc/init.d/samba-ad-dc file with the following content:
#!/bin/sh

### BEGIN INIT INFO
# Provides:          samba-ad-dc
# Required-Start:    $network $local_fs $remote_fs
# Required-Stop:     $network $local_fs $remote_fs
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: start Samba daemons for the AD DC
### END INIT INFO

#
# Start/stops the Samba daemon (samba).
# Adapted from the Samba 3 packages.
#

PATH=/usr/local/samba/sbin:/usr/local/samba/bin:$PATH

PIDDIR=/usr/local/samba/var/run
SAMBAPID=$PIDDIR/samba.pid

# clear conflicting settings from the environment
unset TMPDIR

# See if the daemon and the config file are there
test -x /usr/local/samba/sbin/samba -a -r /usr/local/samba/etc/smb.conf || exit 0

. /lib/lsb/init-functions

case "$1" in
        start)
                SERVER_ROLE=`samba-tool testparm --parameter-name="server role"  2>/dev/null | tail -1`
                if [ "$SERVER_ROLE" != "active directory domain controller" ]; then
                    exit 0
                fi

                # CVE-2013-4475
                KEYFILE=/usr/local/samba/private/tls/key.pem
                if [ -e $KEYFILE ]; then
                    KEYPERMS=`stat -c %a $KEYFILE`
                    if [ "$KEYPERMS" != "600" ]; then
                        echo "wrong permission on $KEYFILE, must be 600"
                        echo "samba will not start (CVE-2013-4475)"
                        echo "Removing all tls .pem files will cause an auto-regeneration with the correct permissions."
                        exit 1
                    fi
               fi

               log_daemon_msg "Starting Samba AD DC daemon" "samba"
               # Make sure we have our PIDDIR, even if it's on a tmpfs
               install -o root -g root -m 755 -d $PIDDIR
 
               if ! start-stop-daemon --start --quiet --oknodo --exec /usr/local/samba/sbin/samba -- -D; then
                   log_end_msg 1
                   exit 1
               fi

               log_end_msg 0
               ;;
       stop)
               log_daemon_msg "Stopping Samba AD DC daemon" "samba"

              start-stop-daemon --stop --quiet --pidfile $SAMBAPID
               # Wait a little and remove stale PID file
               sleep 1
               if [ -f $SAMBAPID ] && ! ps h `cat $SAMBAPID` > /dev/null
               then
                   # Stale PID file (samba was succesfully stopped),
                   # remove it (should be removed by samba itself IMHO.)
                   rm -f $SAMBAPID
               fi

              log_end_msg 0

               ;;
       restart|force-reload)
               $0 stop
               sleep 1
               $0 start
               ;;
       status)
               status_of_proc -p $SAMBAPID /usr/local/samba/sbin/samba samba
               exit $?
               ;;
       *)
               echo "Usage: /etc/init.d/samba-ad-dc {start|stop|restart|force-reload|status}"
               exit 1
               ;;
esac

exit 0


  • If necessary, update the locations to the samba service, the samba-tool utility, and the smb.conf file in the /etc/init.d/samba-ad-dc file.
  • Make the script executeable:
# chmod 755 /etc/init.d/samba-ad-dc



Managing the Samba AD DC Service

The following assumes that the Samba Active Directory (AD) domain controller (DC) service is managed by the /etc/init.d/samba-ad-dc init script. If you have not created the script manually, see your operating system's documentation for the name of the Samba AD DC service.


Enabling and Disabling the Samba AD DC Service

To enable the Samba Active Directory (AD) domain controller (DC) service to start automatically when the system boots, enter:

Red Hat Enterprise Linux 6

# chkconfig samba-ad-dc enable

To disable the automatic start of the Samba AD DC service, enter:

# chkconfig samba-ad-dc disable


Debian

# update-rc.d samba-ad-dc defaults

To disable the automatic start of the Samba AD DC service, enter:

# update-rc.d -f samba-ad-dc remove


Manually Starting and Stopping the Samba AD DC Service

To manually start the Samba Active Directory (AD) domain controller (DC) service, enter:

# service start samba-ad-dc

To manually stop the Samba AD DC service, enter:

# service stop samba-ad-dc



Using systemd to manage the Samba AD DC Service

The samba Service

On a DC, the /usr/local/samba/sbin/samba service automatically starts the required smbd and winbindd service as sub-processes. If you start them manually, the Samba DC fails to work as expected. If your package provider created additional Samba service files, disable and mask them to prevent that other services re-enable them. For example:

# systemctl mask smbd nmbd winbind
# systemctl disable smbd nmbd winbind

For further details about permanently disabling services, see the systemd documentation.

Creating the systemd Service File

Samba does not provide a systemd service file. When you built the Samba Active Directory (AD) domain controller (DC) from the sources, you must manually create the service file to enable systemd to manage the Samba AD DC service:

  • Create the /etc/systemd/system/samba-ad-dc.service file with the following content:
[Unit]
Description=Samba Active Directory Domain Controller
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
ExecStart=/usr/local/samba/sbin/samba -D
PIDFile=/usr/local/samba/var/run/samba.pid
ExecReload=/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target
For further details, see the systemd.service(5) man page.
  • Reload the systemd configuration:
# systemctl daemon-reload



Managing the Samba AD DC Service

The following assumes that the Samba Active Directory (AD) domain controller (DC) service is managed by the samba-ad-dc service file. If you have not created the service file manually, see your operating system's documentation for the name of the Samba AD DC service.


Enabling and Disabling the Samba AD DC Service

To enable the Samba Active Directory (AD) domain controller (DC) service to start automatically when the system boots, enter:

# systemctl enable samba-ad-dc

To disable the automatic start of the Samba AD DC service, enter:

# systemctl disable samba-ad-dc


Manually Starting and Stopping the Samba AD DC Service

To manually start the Samba Active Directory (AD) domain controller (DC) service, enter:

# systemctl start samba-ad-dc

To manually stop the Samba AD DC service, enter:

# systemctl stop samba-ad-dc