Build Samba from Source: Difference between revisions

From SambaWiki
m (Replaced ..... with ... :-))
(use bootstrap scripts part of source to install dependencies rather than referring to dependency pages)
 
(22 intermediate revisions by 4 users not shown)
Line 1: Line 1:
= Introduction =
= Introduction =


Usually most users run [[Distribution_specific_package_installation|packages shipped with their distribution]] or created by 3rd parties, like SerNet ([http://www.samba.plus/older-packages/ Enterprise]/[http://www.samba.plus Samba+]), there are those out there, who want/need to compile Samba themselves. Common reasons are that the packages shipped with the distribution are old or not available for your platform, or you have [https://bugzilla.samba.org/ reported a bug] and got a patch from a developer to test, before it is included in the next official release. There are many reasons why users compile Samba. This documentation should still users fears about compiling Samba. Basically it's done with a few steps:
Most users are running [[Distribution-specific_Package_Installation|packages shipped with their distribution]] or from 3rd parties, such as SerNet ([http://www.samba.plus Samba+]/[http://www.samba.plus/older-packages/ Enterprise]). However, in some situations you may decide to compile Samba yourself, for reasons such as:
* outdated packages are shipped with your distribution
* no packages are available for your distribution or OS
* you want to apply a patch from a developer to fix a problem before a new version is released


{{Imbox
* Install all [[Operating_system_requirements/Dependencies_-_Libraries_and_programs|dependencies (e. g. libraries)]] via the package manager of your distribution
| type = warning
| text = Please read the above. Most users should never need to compile Samba themselves, they should use the Samba packages provided by their distro. If you do decide to compile Samba yourself, then you should be aware that you will need to maintain the required links (PATH, winbind nss links, startup scripts etc). You will also have to, like using distro Samba packages, configure Samba for the required use. This may require you to create a smb.conf file (provisioning a domain or joining a new DC to an existing domain will create a smb.conf file for you).
}}


Compiling Samba requires only a few steps:
* Download the sources from [https://www.samba.org samba.org]
* Download the sources from [https://www.samba.org samba.org]
* Extract the source package
* Extract the source package
* Install all dependencies. Scripts included with the source.
* Run
* Run
:./configure
:<code>./configure</code>
:make
:<code>make</code>
:sudo make install
:<code>sudo make install</code>


You can run most of the required steps in this documentation without root privileges. If root permissions are required, the command is prefixed with <code>sudo</code>. Please see the <code>sudo (8)</code> manual page and your distribution documentation how to set up <code>sudo</code>.
Even if there are a few more things to mention and to know, you will see that compiling Samba is not sorcery. ;-)


The following documentation is valid for every type of Samba installation, like an Active Directory (AD) domain controller (DC), a domain member (AD and NT4 domain), an NT4 PDC, and standalone server.
All the steps in this documentation should be run without root privileges, except where mentioned, in which case they are prefixed with sudo. You should consult other documentation on setting up sudo.


The following is suitable for any kind of Samba installation: Samba Active Directory Domain Controller, Member Server (AD + NT4 domain), Samba NT4 PDC, etc.








= Obtaining Samba =


== Stable Version (Recommended) ==
= Samba operating system requirements =


Always download the latest version of Samba from https://www.samba.org/.
Samba requires libraries and other software to compile and run. The first task is to install all these [[Operating system requirements|requirements]].


Samba maintains three series of minor versions. For a maximum of security and stability, the Samba team recommends that you only install the latest available version of a series. Older versions do not contain the latest bug and security fixes. For further information, see [[Samba_Release_Planning|Samba Release Planning]].


{{Imbox
| type = note
| text = In case if you are asking for help on the [https://lists.samba.org/mailman/listinfo/samba Samba Mailing List] and not running the latest version, the list members usually advice you to update your installation first to verify that the bug has not been fixed in the meantime.
}}


To download, use a tool like <code>wget</code>. For example:


$ wget <nowiki>https://download.samba.org/pub/samba/stable/samba-x.y.z.tar.gz</nowiki>


Alternatively you may want to use git like in Development_Versions below, checking out a release branch.
= Obtaining Samba =

== Stable version (recommended) ==

Download the latest version of Samba from https://www.samba.org/. It is always recommended to install the latest version of the [[Samba_Release_Planning#Current_Stable_Release|current stable release]]. If you need to use a previous series, always choose the last version from the [[Samba_Release_Planning#Maintenance_Mode|maintainance mode series]] or at least from the [[Samba_Release_Planning#Security_Fixes_Only_Mode|security-fixes-only mode]]. Older versions may not contain all improvements, bug and security fixes. If you ask for help, e. g. on the [https://lists.samba.org/mailman/listinfo/samba Samba Mailing List], you will typically be told to try a recent version, to ensure that you didn't hit a bug, that has been fixed in the meantime. Further information about the Samba release planning and supported release lifetime, can be found on the [[Samba_Release_Planning|Samba release planning]] page.

Download example:

$ wget <nowiki>https://download.samba.org/pub/samba/stable/samba-x.y.z.tar.gz</nowiki>


== Development Versions ==


'''Do not use a development version in production!'''


To download a development version, use <code>git clone https://gitlab.com/samba-team/devel/samba.git</code> to clone the repository. For details, see [[Using Git for Samba Development]].
== Development version ==


Before a new major version is released, the Samba team publishes release candidates for testing purposes. You can download release candidates from https://download.samba.org/pub/samba/rc/
'''Not recommended for production usage!'''


See [[Obtaining_a_Samba_development_version|Obtaining a Samba development version]].




Line 51: Line 61:




= Extracting the source package =
= Extracting the Source Package =


Extract the downloaded source package into the current directory:
To extract the downloaded source package, run:


$ tar -zxf samba-x.y.z.tar.gz
$ tar -zxf samba-x.y.z.tar.gz
Line 59: Line 69:




= Install Dependencies =


Scripts installing all required dependencies are included with the source.
$ cd <samba-source-dir>/bootstrap/generated-dists/<distrowithversion>
$ ./bootstrap.sh
$ cd ../../../..


= configure =
= configure =


Step into the directory with the extracted sources:
Change into the directory with the extracted sources:


$ cd samba-x.y.z/
$ cd samba-x.y.z/


The <code>configure</code> script is located in the root of the sources directory. The main purpose of the script is to create a <code>Makefile</code> which is used by the command <code>make</code>. The <code>configure</code> script enables you to set various options, like installation paths. If you do not want to [[#Customizing_the_Configure_Options|customize]] any paths, and enable or disable parts of Samba, run the following command without any option:

Here you need to run the "configure" script. Its main purpose is to create a "Makefile", that is used by "make" for compilation, but it also allows you to set various parameters, like paths where the binaries should be installed. If you don't want to [[#Customize_configure_options|customize]] any paths or enable/disable parts of Samba that should be build, it's sufficient to run the command without any options:


$ ./configure
$ ./configure


If the command fails, read the error message and fix the problem. One common problem are missing dependencies. For details, see [[Operating_System_Requirements|Operating System Requirements]].


The following example shows the output, if the <code>configure</code> script cannot find the GnuTLS headers:
If anything fails - usually because of missing [[Operating system requirements|dependencies]] - read the error message and fix the problem. The following example error indicates, that the GnuTLS headers are are not found:


Checking for gnutls >= 1.4.0 and broken versions : not found
Checking for gnutls >= 1.4.0 and broken versions : not found
Line 79: Line 95:
GnuTLS (eg libgnutls-dev, gnutls-devel) for ldaps:// support and for the BackupKey protocol
GnuTLS (eg libgnutls-dev, gnutls-devel) for ldaps:// support and for the BackupKey protocol


If the <code>configure</code> script exits without an error, you see the following output:

If all checks are done and nothing is missing, "configure" finishes with an appropriate message:


'configure' finished successfully (1m2.432s)
'configure' finished successfully (1m2.432s)


In this case, continue with the next step: [[#make|make]]
Continue with the <code>[[#make|make]]</code> step, if no error has occurred.






==Python==
== Customizing configure options ==
If full python development headers are not installed you may see


Checking for header Python.h : Distutils not installed? Broken python installation? Get python-config now!
Even if running "./configure" without any options is sufficient, you may want to adapt some of the paths or enable/disable features. For that, first make yourself familiar with the list of possible options:
The configuration failed


Here you have three choices:
$ ./configure --help
* Add the following build settings to './configure':
--disable-python --without-ad-dc


This does mean that you will not be able to provision Samba as an AD DC.
The output is quite long, but there are mainly two important parts of options:

* (for Samba 4.10) build with python2 with
PYTHON=python2 ./configure
PYTHON=python2 make -j
* install the Python 3.x development package for your system (eg python3-devel, python36-devel or python3-dev)



== Customizing the Configure Options ==

While running the <code>configure</code> script without any options is sufficient to build Samba, you can customize installation paths and enable or disable features. To display the list of options, run:

$ ./configure --help


The output shows two major kind of options:
* [[#enable.2Fdisable.2Fwith.2Fwithout_options|--enable/--disable and --with/--without options]]
* [[#Installation_directories|installation directories]]




=== enable/disable/with/without options ===


=== enable/disable/with/without Options ===
There are many "--enable-*/--disable-*", as well as "--with-*/--without-*" options. They allow you to turn on features that should be build, and to turn off for those that shouldn't. Each of the options can be turned to its opposite, by switching "enable" to "disable" and "with" to "without" and vice versa. Here are some examples:


The <code>configure</code> script provides several <code>--enable-*</code> / <code>-disable-*</code> and <code>--with-*</code> / <code>--without-*</code> options. They allow you to enable and disable features. Each option you can turn to its opposite if you use <code>--enable</code> instead of <code>--disable</code>, <code>--with</code> instead of <code>--without</code>, and the other way around.


* <u>Example 1:</u> Disable CUPS support (enabled by default):
* <u>Example 1:</u> Disable CUPS support (enabled by default):
Line 108: Line 143:
Build with cups support (default=yes)
Build with cups support (default=yes)


:If you don't require support for CUPS, you can disable it by adding "--disable-cups" to the configure command:
:If you do not require CUPS support, disable the feature passing the <code>--disable-cups</code> option to the <code>configure</code> command:


$ ./configure ... --disable-cups
$ ./configure ... --disable-cups


* <u>Example 2:</u> Compile Samba without AD DC capabilities:

* <u>Example 2:</u> Compile Samba without Active Directory Domain Controller capabilities:


--without-ad-dc
--without-ad-dc
disable AD DC functionality (enables Samba 4 client and Samba 3 code base).
disable AD DC functionality (enables Samba 4 client and Samba 3 code base).


: If you build Samba for a host that shouldn't be an AD DC, you can disable this function, by adding "--without-ad-dc" to the configure command:
: If you build Samba for a host that should not act as an AD DC, you can disable this feature passing the <code>--without-ad-dc</code> option to the <code>configure</code> command:


$ ./configure ... --without-ad-dc
$ ./configure ... --without-ad-dc


* <u>Example 3:</u> Build Samba with debug information:

* <u>Example 3:</u> Build with debug information, that may help to diagnose in case of failure:


$ ./configure ... --enable-debug
$ ./configure ... --enable-debug




'''Warning: Don't enable/disable features unless you know what you're doing! Changing options may prevent your Samba installation from working as expected!'''
'''Warning: Do not enable or disable features if you have not fully understood the cause of the option! Changing options can prevent your Samba installation from working as expected!'''






=== Installation directories ===
=== Installation Directories ===


By default, your whole Samba installation, including databases, smb.conf, etc., will be in /usr/local/samba/ (value of "--prefix="). This is good if you want to keep everything in one place, but you can also change some paths. Here are some examples:
If you use the default settings, the binaries, configuration files, libraries, and other files are installed in the <code>/usr/local/samba/</code> directory. This enables you to keep the complete Samba installation in one location. However, you can specify individual paths. For example:


* To install the daemon binaries like <code>smbd</code> and <code>samba</code> in the <code>/sbin/</code> directory instead of </code>/usr/local/samba/sbin/</code>, run:
$ ./configure ... --sbindir=/sbin/


* Install daemon binaries (smbd, samba, etc.) in /sbin/ instead of /usr/local/samba/sbin/
* To set the default path to the </code>smb.conf</code> file to <code>/etc/samba/</code> instead of </code>/usr/local/samba/etc/</code>, run:
# ./configure ... --with-sbindir=/sbin/
$ ./configure ... --sysconfdir=/etc/samba/


* Set the default path for smb.conf to /etc/samba/ instead of /usr/local/samba/etc/
# ./configure ... --with-sysconfdir=/etc/samba/


* Place the Samba man pages into a directory that is part of the systems manpath
# ./configure ... --mandir=/usr/share/man/



* To store the Samba man pages in the <code>/usr/share/man/</code> directory, run:
$ ./configure ... --mandir=/usr/share/man/




Line 154: Line 182:
= make =
= make =


The next step is quite simple. To start the compile process, run
To start the compilation, run


$ make
$ make


Depending of your number of CPU cores, you can run multiple jobs parallel (2 in the following example):
The <code>make</code> command is able to run multiple jobs in parallel. For example, to run 2 <code>make</code> sub-tasks at the same time, run:


$ make -j 2
$ make -j 2


If the compilation exits without an error, you see the following output:
If everything is successfully compiled, "make" finishes with an appropriate message:


Waf: Leaving directory `/usr/src/samba-x.y.z/bin'
Waf: Leaving directory `/usr/src/samba-x.y.z/bin'
'build' finished successfully (9m3.667s)
'build' finished successfully (9m3.667s)


In this case, continue with the next step: [[#make_install|make install]]








= make test (Optional) =


This optional step runs the Samba self test suite.
= make test (optional) =


$ make test
This step is optional and usually only interesting for developers.


{{Imbox
# make test
| type = note
| text = You can only run the self test suite, if you built Samba using the <code>--enable-selftest</code> option.
}}


runs the Samba selftest suite. It requires that Samba was built with --enable-selftest.




Line 187: Line 217:
= make install =
= make install =


The last step - the installation - needs to be run as "root" or via "sudo", to allow writing to the destination directories and setting permissions.
To install the compiled software, you require <code>root</code> permissions to write to the destination directories and set the correct permissions.


# make install
To install Samba, run:
$ sudo make install
Or if not running as root
# sudo make install


If the installation exits without an error, you see the following output:
If everything is successfully installed, "make install" finishes with an appropriate message:


Waf: Leaving directory `/usr/src/samba-x.y.z/bin'
Waf: Leaving directory `/usr/src/samba-x.y.z/bin'
Line 204: Line 232:




= Adding Samba Commands to the $PATH Variable =
= Upgrading a source version =


If you built Samba, add the directories containing the commands to the beginning of your <code>$PATH</code> variable. For example:
The steps are the same as for a new installation. For further information, see [[Updating_Samba|Updating Samba]].


export PATH=/usr/local/samba/bin/:/usr/local/samba/sbin/:$PATH


To permanently update your <code>$PATH</code>, see your distribution's documentation.



Once you have built and installed Samba, you will need to configure it according to your needs, this could be as a:

* Active Directory DC
* Domain member
* Standalone server



= Upgrading a Self-compiled Samba Installation =

To update a self-compiled Samba installation, run the same steps like for a new installation while using the same <code>configure</code> options.





= Applying a Patch =

Some situations require that you apply a patch to Samba. For example, a bug has been fixed and you you cannot wait until the new Samba version is released. To apply the patch to the Samba sources, run:

* Change into the Samba sources directory.
$ cd samba-x.y.z/

* Download the patch. For example:
$ wget -O /tmp/patch.txt <nowiki>https://bugzilla.samba.org/attachment.cgi?id=...</nowiki>

* Apply the patch to the sources:
$ patch -p 1 < /tmp/patch.txt

* Recompile and install Samba. See [[Updating Samba]].


= Additional information =
= Additional information =


== Viewing build options of existing installations ==
== Viewing Built Options of an Existing Installation ==


To display the options used to built Samba, run
If you already have Samba installed and want to see what options were used at build time, run the following command:


$ smbd -b
$ smbd -b





= Using an init script to manage the Samba AD DC Service =

{{:Managing the Samba AD DC Service Using an Init Script}}




= Using systemd to manage the Samba AD DC Service =

{{:Managing the Samba AD DC Service Using Systemd}}

Latest revision as of 10:41, 4 August 2023

Introduction

Most users are running packages shipped with their distribution or from 3rd parties, such as SerNet (Samba+/Enterprise). However, in some situations you may decide to compile Samba yourself, for reasons such as:

  • outdated packages are shipped with your distribution
  • no packages are available for your distribution or OS
  • you want to apply a patch from a developer to fix a problem before a new version is released


Compiling Samba requires only a few steps:

  • Download the sources from samba.org
  • Extract the source package
  • Install all dependencies. Scripts included with the source.
  • Run
./configure
make
sudo make install

You can run most of the required steps in this documentation without root privileges. If root permissions are required, the command is prefixed with sudo. Please see the sudo (8) manual page and your distribution documentation how to set up sudo.

The following documentation is valid for every type of Samba installation, like an Active Directory (AD) domain controller (DC), a domain member (AD and NT4 domain), an NT4 PDC, and standalone server.



Obtaining Samba

Stable Version (Recommended)

Always download the latest version of Samba from https://www.samba.org/.

Samba maintains three series of minor versions. For a maximum of security and stability, the Samba team recommends that you only install the latest available version of a series. Older versions do not contain the latest bug and security fixes. For further information, see Samba Release Planning.

To download, use a tool like wget. For example:

$ wget https://download.samba.org/pub/samba/stable/samba-x.y.z.tar.gz

Alternatively you may want to use git like in Development_Versions below, checking out a release branch.

Development Versions

Do not use a development version in production!

To download a development version, use git clone https://gitlab.com/samba-team/devel/samba.git to clone the repository. For details, see Using Git for Samba Development.

Before a new major version is released, the Samba team publishes release candidates for testing purposes. You can download release candidates from https://download.samba.org/pub/samba/rc/




Extracting the Source Package

To extract the downloaded source package, run:

$ tar -zxf samba-x.y.z.tar.gz


Install Dependencies

Scripts installing all required dependencies are included with the source.

$ cd <samba-source-dir>/bootstrap/generated-dists/<distrowithversion>
$ ./bootstrap.sh
$ cd ../../../..

configure

Change into the directory with the extracted sources:

$ cd samba-x.y.z/

The configure script is located in the root of the sources directory. The main purpose of the script is to create a Makefile which is used by the command make. The configure script enables you to set various options, like installation paths. If you do not want to customize any paths, and enable or disable parts of Samba, run the following command without any option:

$ ./configure

If the command fails, read the error message and fix the problem. One common problem are missing dependencies. For details, see Operating System Requirements.

The following example shows the output, if the configure script cannot find the GnuTLS headers:

Checking for gnutls >= 1.4.0 and broken versions : not found
/usr/src/samba-x.y.z/source4/lib/tls/wscript:37: error: Building the AD DC requires
GnuTLS (eg libgnutls-dev, gnutls-devel) for ldaps:// support and for the BackupKey protocol

If the configure script exits without an error, you see the following output:

'configure' finished successfully (1m2.432s)

Continue with the make step, if no error has occurred.


Python

If full python development headers are not installed you may see

Checking for header Python.h   : Distutils not installed? Broken python installation? Get python-config now! 
The configuration failed

Here you have three choices:

  • Add the following build settings to './configure':
--disable-python --without-ad-dc

This does mean that you will not be able to provision Samba as an AD DC.

  • (for Samba 4.10) build with python2 with
PYTHON=python2 ./configure
PYTHON=python2 make -j
  • install the Python 3.x development package for your system (eg python3-devel, python36-devel or python3-dev)


Customizing the Configure Options

While running the configure script without any options is sufficient to build Samba, you can customize installation paths and enable or disable features. To display the list of options, run:

$ ./configure --help

The output shows two major kind of options:


enable/disable/with/without Options

The configure script provides several --enable-* / -disable-* and --with-* / --without-* options. They allow you to enable and disable features. Each option you can turn to its opposite if you use --enable instead of --disable, --with instead of --without, and the other way around.

  • Example 1: Disable CUPS support (enabled by default):
--enable-cups
          Build with cups support (default=yes)
If you do not require CUPS support, disable the feature passing the --disable-cups option to the configure command:
$ ./configure ... --disable-cups
  • Example 2: Compile Samba without AD DC capabilities:
--without-ad-dc
          disable AD DC functionality (enables Samba 4 client and Samba 3 code base).
If you build Samba for a host that should not act as an AD DC, you can disable this feature passing the --without-ad-dc option to the configure command:
$ ./configure ... --without-ad-dc
  • Example 3: Build Samba with debug information:
$ ./configure ... --enable-debug 


Warning: Do not enable or disable features if you have not fully understood the cause of the option! Changing options can prevent your Samba installation from working as expected!


Installation Directories

If you use the default settings, the binaries, configuration files, libraries, and other files are installed in the /usr/local/samba/ directory. This enables you to keep the complete Samba installation in one location. However, you can specify individual paths. For example:

  • To install the daemon binaries like smbd and samba in the /sbin/ directory instead of /usr/local/samba/sbin/, run:
$ ./configure ... --sbindir=/sbin/
  • To set the default path to the smb.conf file to /etc/samba/ instead of /usr/local/samba/etc/, run:
$ ./configure ... --sysconfdir=/etc/samba/
  • To store the Samba man pages in the /usr/share/man/ directory, run:
$ ./configure ... --mandir=/usr/share/man/


make

To start the compilation, run

$ make

The make command is able to run multiple jobs in parallel. For example, to run 2 make sub-tasks at the same time, run:

$ make -j 2

If the compilation exits without an error, you see the following output:

Waf: Leaving directory `/usr/src/samba-x.y.z/bin'
'build' finished successfully (9m3.667s)



make test (Optional)

This optional step runs the Samba self test suite.

$ make test




make install

To install the compiled software, you require root permissions to write to the destination directories and set the correct permissions.

To install Samba, run:

$ sudo make install 

If the installation exits without an error, you see the following output:

Waf: Leaving directory `/usr/src/samba-x.y.z/bin'
'install' finished successfully (18.243s)



Adding Samba Commands to the $PATH Variable

If you built Samba, add the directories containing the commands to the beginning of your $PATH variable. For example:

export PATH=/usr/local/samba/bin/:/usr/local/samba/sbin/:$PATH

To permanently update your $PATH, see your distribution's documentation.


Once you have built and installed Samba, you will need to configure it according to your needs, this could be as a:

  • Active Directory DC
  • Domain member
  • Standalone server


Upgrading a Self-compiled Samba Installation

To update a self-compiled Samba installation, run the same steps like for a new installation while using the same configure options.



Applying a Patch

Some situations require that you apply a patch to Samba. For example, a bug has been fixed and you you cannot wait until the new Samba version is released. To apply the patch to the Samba sources, run:

  • Change into the Samba sources directory.
$ cd samba-x.y.z/
  • Download the patch. For example:
$ wget -O /tmp/patch.txt https://bugzilla.samba.org/attachment.cgi?id=...
  • Apply the patch to the sources:
$ patch -p 1 < /tmp/patch.txt

Additional information

Viewing Built Options of an Existing Installation

To display the options used to built Samba, run

$ smbd -b



Using an init script to manage the Samba AD DC Service

Creating the Init Script

Red Hat Enterprise Linux 6

  • Create the /etc/init.d/samba-ad-dc file with the following content:
#!/bin/bash
#
# samba-ad-dc	This shell script takes care of starting and stopping
# 		samba AD daemons.
#
# chkconfig: - 58 74
# description: Samba Active Directory Domain Controller

### BEGIN INIT INFO
# Provides: samba-ad-dc
# Required-Start: $network $local_fs $remote_fs
# Required-Stop: $network $local_fs $remote_fs
# Should-Start: $syslog $named
# Should-Stop: $syslog $named
# Short-Description: start and stop samba-ad-dc
# Description: Samba Active Directory Domain Controller
### END INIT INFO

# Source function library.
. /etc/init.d/functions
 
# Source networking configuration.
. /etc/sysconfig/network
 
prog=samba
prog_dir=/usr/local/samba/sbin/
lockfile=/var/lock/subsys/$prog
 
start() {
	[ "$NETWORKING" = "no" ] && exit 1
	echo -n $"Starting Samba AD DC: "
	daemon $prog_dir/$prog -D
	RETVAL=$?
	echo
	[ $RETVAL -eq 0 ] && touch $lockfile
	return $RETVAL
}

 stop() {
	[ "$EUID" != "0" ] && exit 4
	echo -n $"Shutting down Samba AD DC: "
	killproc $prog_dir/$prog
	RETVAL=$?
	echo
	[ $RETVAL -eq 0 ] && rm -f $lockfile
	return $RETVAL
}
 
case "$1" in
start)
	start
	;;
stop)
	stop
	;;
status)
	status $prog
	;;
restart)
	stop
	start
	;;
*)
	echo $"Usage: $0 {start|stop|status|restart}"
	exit 2
esac
  • Make the script executeable:
# chmod 755 /etc/init.d/samba-ad-dc


Debian

  • Create the /etc/init.d/samba-ad-dc file with the following content:
#!/bin/sh

### BEGIN INIT INFO
# Provides:          samba-ad-dc
# Required-Start:    $network $local_fs $remote_fs
# Required-Stop:     $network $local_fs $remote_fs
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: start Samba daemons for the AD DC
### END INIT INFO

#
# Start/stops the Samba daemon (samba).
# Adapted from the Samba 3 packages.
#

PATH=/usr/local/samba/sbin:/usr/local/samba/bin:$PATH

PIDDIR=/usr/local/samba/var/run
SAMBAPID=$PIDDIR/samba.pid

# clear conflicting settings from the environment
unset TMPDIR

# See if the daemon and the config file are there
test -x /usr/local/samba/sbin/samba -a -r /usr/local/samba/etc/smb.conf || exit 0

. /lib/lsb/init-functions

case "$1" in
        start)
                SERVER_ROLE=`samba-tool testparm --parameter-name="server role"  2>/dev/null | tail -1`
                if [ "$SERVER_ROLE" != "active directory domain controller" ]; then
                    exit 0
                fi

                # CVE-2013-4475
                KEYFILE=/usr/local/samba/private/tls/key.pem
                if [ -e $KEYFILE ]; then
                    KEYPERMS=`stat -c %a $KEYFILE`
                    if [ "$KEYPERMS" != "600" ]; then
                        echo "wrong permission on $KEYFILE, must be 600"
                        echo "samba will not start (CVE-2013-4475)"
                        echo "Removing all tls .pem files will cause an auto-regeneration with the correct permissions."
                        exit 1
                    fi
               fi

               log_daemon_msg "Starting Samba AD DC daemon" "samba"
               # Make sure we have our PIDDIR, even if it's on a tmpfs
               install -o root -g root -m 755 -d $PIDDIR
 
               if ! start-stop-daemon --start --quiet --oknodo --exec /usr/local/samba/sbin/samba -- -D; then
                   log_end_msg 1
                   exit 1
               fi

               log_end_msg 0
               ;;
       stop)
               log_daemon_msg "Stopping Samba AD DC daemon" "samba"

              start-stop-daemon --stop --quiet --pidfile $SAMBAPID
               # Wait a little and remove stale PID file
               sleep 1
               if [ -f $SAMBAPID ] && ! ps h `cat $SAMBAPID` > /dev/null
               then
                   # Stale PID file (samba was succesfully stopped),
                   # remove it (should be removed by samba itself IMHO.)
                   rm -f $SAMBAPID
               fi

              log_end_msg 0

               ;;
       restart|force-reload)
               $0 stop
               sleep 1
               $0 start
               ;;
       status)
               status_of_proc -p $SAMBAPID /usr/local/samba/sbin/samba samba
               exit $?
               ;;
       *)
               echo "Usage: /etc/init.d/samba-ad-dc {start|stop|restart|force-reload|status}"
               exit 1
               ;;
esac

exit 0


  • If necessary, update the locations to the samba service, the samba-tool utility, and the smb.conf file in the /etc/init.d/samba-ad-dc file.
  • Make the script executeable:
# chmod 755 /etc/init.d/samba-ad-dc



Managing the Samba AD DC Service

The following assumes that the Samba Active Directory (AD) domain controller (DC) service is managed by the /etc/init.d/samba-ad-dc init script. If you have not created the script manually, see your operating system's documentation for the name of the Samba AD DC service.


Enabling and Disabling the Samba AD DC Service

To enable the Samba Active Directory (AD) domain controller (DC) service to start automatically when the system boots, enter:

Red Hat Enterprise Linux 6

# chkconfig samba-ad-dc enable

To disable the automatic start of the Samba AD DC service, enter:

# chkconfig samba-ad-dc disable


Debian

# update-rc.d samba-ad-dc defaults

To disable the automatic start of the Samba AD DC service, enter:

# update-rc.d -f samba-ad-dc remove


Manually Starting and Stopping the Samba AD DC Service

To manually start the Samba Active Directory (AD) domain controller (DC) service, enter:

# service start samba-ad-dc

To manually stop the Samba AD DC service, enter:

# service stop samba-ad-dc



Using systemd to manage the Samba AD DC Service

The samba Service

On a DC, the /usr/local/samba/sbin/samba service automatically starts the required smbd and winbindd service as sub-processes. If you start them manually, the Samba DC fails to work as expected. If your package provider created additional Samba service files, disable and mask them to prevent that other services re-enable them. For example:

# systemctl mask smbd nmbd winbind
# systemctl disable smbd nmbd winbind

For further details about permanently disabling services, see the systemd documentation.

Creating the systemd Service File

Samba does not provide a systemd service file. When you built the Samba Active Directory (AD) domain controller (DC) from the sources, you must manually create the service file to enable systemd to manage the Samba AD DC service:

  • Create the /etc/systemd/system/samba-ad-dc.service file with the following content:
[Unit]
Description=Samba Active Directory Domain Controller
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
ExecStart=/usr/local/samba/sbin/samba -D
PIDFile=/usr/local/samba/var/run/samba.pid
ExecReload=/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target
For further details, see the systemd.service(5) man page.
  • Reload the systemd configuration:
# systemctl daemon-reload



Managing the Samba AD DC Service

The following assumes that the Samba Active Directory (AD) domain controller (DC) service is managed by the samba-ad-dc service file. If you have not created the service file manually, see your operating system's documentation for the name of the Samba AD DC service.


Enabling and Disabling the Samba AD DC Service

To enable the Samba Active Directory (AD) domain controller (DC) service to start automatically when the system boots, enter:

# systemctl enable samba-ad-dc

To disable the automatic start of the Samba AD DC service, enter:

# systemctl disable samba-ad-dc


Manually Starting and Stopping the Samba AD DC Service

To manually start the Samba Active Directory (AD) domain controller (DC) service, enter:

# systemctl start samba-ad-dc

To manually stop the Samba AD DC service, enter:

# systemctl stop samba-ad-dc