Difference between revisions of "Build Samba from Source"

m (Rename OS Requirements link)
m
 
(44 intermediate revisions by 7 users not shown)
Line 1: Line 1:
== Samba OS Requirements ==
+
= Introduction =
  
Because of the constantly changing and ever expanding nature of Linux, the [[OS_Requirements|OS Requirements]] page is now self contained.
+
Most users are running [[Distribution-specific_Package_Installation|packages shipped with their distribution]] or from 3rd parties, such as SerNet ([http://www.samba.plus Samba+]/[http://www.samba.plus/older-packages/ Enterprise]). However, in some situations you decide to compile Samba yourself, like
This page not only includes the required packages for a successful Samba AD DC deployment, but also the required file system features.  Please consider that page as a prerequisite to a successful Samba AD DC setup.
+
* outdated packages are shipped with your distribution
 +
* no packages are available for your distribution or OS
 +
* you want to apply a patch from a developer to fix a problem before a new version is released
  
== Step 1: Download Samba ==
+
Compiling Samba requires only a few steps:
 +
* Install all dependencies. See [[Package Dependencies Required to Build Samba]].
 +
* Download the sources from [https://www.samba.org samba.org]
 +
* Extract the source package
 +
* Run
 +
:<code>./configure</code>
 +
:<code>make</code>
 +
:<code>sudo make install</code>
  
Currently, there are two methods to download the current Samba sources, either as a tarball of the latest stable release, or a development version via git. If you hope to work with the team on a development version to resolve issues you may hit via code changes, we recommend using the git method for downloading Samba, as it makes getting updates easier, and also allows you to integrate test patches from Samba developers more easily in case of problems.  
+
You can run most of the required steps in this documentation without root privileges. If root permissions are required, the command is prefixed with <code>sudo</code>. Please see the <code>sudo (8)</code> manual page and your distribution documentation how to set up <code>sudo</code>.
  
In the following examples we will assume that your top-level source is named <tt>samba-master</tt>, <tt>samba-v4-0-stable</tt>, or <tt>samba-v4-0-test</tt> depending on which head you're downloading from.  If you downloaded a tarball this will instead be based on the name of the tarball downloaded (e.g.  <tt>samba-4.0.0</tt> for the tarball samba-4.0.0.tar.gz).  Also note that in the <tt>master</tt> branch the
+
The following documentation is valid for every type of Samba installation, like an Active Directory (AD) domain controller (DC), a domain member (AD and NT4 domain), an NT4 PDC, and standalone server.
Samba 4 code in our current git tree is now located in the top level directory.
 
  
=== Downloading a tarball ===
 
  
If you wish to use a released version of Samba 4.0, you can download the latest Samba 4.0 tarball from [http://ftp.samba.org/pub/samba/ the Samba website]
 
  
=== Downloading via git ===
 
  
Git allows you to download the source tree via either the <tt>git</tt> or <tt>http</tt> protocols.  In general, the <tt>git</tt> protocol is the preferred choice since it compresses the data being transferred.  To download the source tree via <tt>git</tt>, run the following command:
 
  
$ git clone git://git.samba.org/samba.git samba-master
+
= Samba Operating System Requirements =
  
Alternatively, if you prefer to use the <tt>http</tt> protocol, run the following command:
+
To build Samba, install all required libraries and tools first. See [[Operating_System_Requirements|Operating System Requirements]].
  
$ git clone http://gitweb.samba.org/samba.git samba-master
 
  
Either command will create a directory called <tt>samba-master</tt> in the current
 
directory. This holds a checkout of the 'master' development branch.
 
  
 +
 +
 +
= Obtaining Samba =
 +
 +
== Stable Version (Recommended) ==
 +
 +
Always download the latest version of Samba from https://www.samba.org/.
 +
 +
Samba maintains three series of minor versions. For a maximum of security and stability, the Samba team recommends that you only install the latest available version of a series. Older versions do not contain the latest bug and security fixes. For further information, see [[Samba_Release_Planning|Samba Release Planning]].
 +
 +
{{Imbox
 +
| type = note
 +
| text = In case if you are asking for help on the [https://lists.samba.org/mailman/listinfo/samba Samba Mailing List] and not running the latest version, the list members usually advice you to update your installation first to verify that the bug has not been fixed in the meantime.
 +
}}
 +
 +
To download, use a tool like <code>wget</code>. For example:
 +
 +
$ wget <nowiki>https://download.samba.org/pub/samba/stable/samba-x.y.z.tar.gz</nowiki>
 +
 +
 +
 +
== Development Versions ==
 +
 +
'''Do not use a development version in production!'''
 +
 +
To download a development version, use <code>git</code> to clone the repository. For details, see [[Using Git for Samba Development]].
 +
 +
Before a new major version is released, the Samba team publishes release candidates for testing purposes. You can download release candidates from https://download.samba.org/pub/samba/rc/
 +
 +
 +
 +
 +
 +
 +
= Extracting the Source Package =
 +
 +
To extract the downloaded source package, run:
 +
 +
$ tar -zxf samba-x.y.z.tar.gz
 +
 +
 +
 +
 +
 +
= configure =
 +
 +
Change into the directory with the extracted sources:
 +
 +
$ cd samba-x.y.z/
 +
 +
The <code>configure</code> script is located in the root of the sources directory. The main purpose of the script is to create a <code>Makefile</code> which is used by the command <code>make</code>. The <code>configure</code> script enables you to set various options, like installation paths. If you do not want to [[#Customizing_the_Configure_Options|customize]] any paths, and enable or disable parts of Samba, run the following command without any option:
 +
 +
$ ./configure
 +
 +
If the command fails, read the error message and fix the problem. One common problem are missing dependencies. For details, see [[Operating_System_Requirements|Operating System Requirements]].
 +
 +
The following example shows the output, if the <code>configure</code> script cannot find the GnuTLS headers:
 +
 +
Checking for gnutls >= 1.4.0 and broken versions : not found
 +
/usr/src/samba-x.y.z/source4/lib/tls/wscript:37: error: Building the AD DC requires
 +
GnuTLS (eg libgnutls-dev, gnutls-devel) for ldaps:// support and for the BackupKey protocol
 +
 +
If the <code>configure</code> script exits without an error, you see the following output:
 +
 +
'configure' finished successfully (1m2.432s)
 +
 +
Continue with the <code>[[#make|make]]</code> step, if no error has occurred.
 +
 +
 +
 +
==Python==
 +
If full python development headers are not installed you may see
 +
 +
Checking for header Python.h  : Distutils not installed? Broken python installation? Get python-config now!
 +
The configuration failed
 +
 +
Here you have three choices:
 +
* Add the following build settings to './configure':
 +
--disable-python --without-ad-dc
 +
 +
This does mean that you will not be able to provision Samba as an AD DC.
 +
 +
* (for Samba 4.10) build with python2 with
 +
PYTHON=python2 ./configure
 +
PYTHON=python2 make -j
 +
* install the Python 3.x development package for your system (eg python3-devel, python36-devel or python3-dev)
 +
 +
 +
 +
== Customizing the Configure Options ==
 +
 +
While running the <code>configure</code> script without any options is sufficient to build Samba, you can customize installation paths and enable or disable features. To display the list of options, run:
 +
 +
$ ./configure --help
 +
 +
The output shows two major kind of options:
 +
* [[#enable.2Fdisable.2Fwith.2Fwithout_options|--enable/--disable and --with/--without options]]
 +
* [[#Installation_directories|installation directories]]
 +
 +
 +
 +
=== enable/disable/with/without Options ===
 +
 +
The <code>configure</code> script provides several <code>--enable-*</code> / <code>-disable-*</code> and <code>--with-*</code> / <code>--without-*</code> options. They allow you to enable and disable features. Each option you can turn to its opposite if you use <code>--enable</code> instead of <code>--disable</code>, <code>--with</code> instead of <code>--without</code>, and the other way around.
 +
 +
* <u>Example 1:</u> Disable CUPS support (enabled by default):
 +
 +
--enable-cups
 +
          Build with cups support (default=yes)
 +
 +
:If you do not require CUPS support, disable the feature passing the <code>--disable-cups</code> option to the <code>configure</code> command:
 +
 +
$ ./configure ... --disable-cups
 +
 +
* <u>Example 2:</u> Compile Samba without AD DC capabilities:
 +
 +
--without-ad-dc
 +
          disable AD DC functionality (enables Samba 4 client and Samba 3 code base).
 +
 +
: If you build Samba for a host that should not act as an AD DC, you can disable this feature passing the <code>--without-ad-dc</code> option to the <code>configure</code> command:
 +
 +
$ ./configure ... --without-ad-dc
 +
 +
* <u>Example 3:</u> Build Samba with debug information:
 +
 +
$ ./configure ... --enable-debug
 +
 +
 +
'''Warning: Do not enable or disable features if you have not fully understood the cause of the option! Changing options can prevent your Samba installation from working as expected!'''
 +
 +
 +
 +
=== Installation Directories ===
 +
 +
If you use the default settings, the binaries, configuration files, libraries, and other files are installed in the <code>/usr/local/samba/</code> directory. This enables you to keep the complete Samba installation in one location. However, you can specify individual paths. For example:
 +
 +
* To install the daemon binaries like <code>smbd</code> and <code>samba</code> in the <code>/sbin/</code> directory instead of </code>/usr/local/samba/sbin/</code>, run:
 +
$ ./configure ... --sbindir=/sbin/
 +
 +
* To set the default path to the </code>smb.conf</code> file to <code>/etc/samba/</code> instead of </code>/usr/local/samba/etc/</code>, run:
 +
$ ./configure ... --sysconfdir=/etc/samba/
 +
 +
* To store the Samba man pages in the <code>/usr/share/man/</code> directory, run:
 +
$ ./configure ... --mandir=/usr/share/man/
 +
 +
 +
 +
= make =
 +
 +
To start the compilation, run
 +
 +
$ make
 +
 +
The <code>make</code> command is able to run multiple jobs in parallel. For example, to run 2 <code>make</code> sub-tasks at the same time, run:
 +
 +
$ make -j 2
 +
 +
If the compilation exits without an error, you see the following output:
 +
 +
Waf: Leaving directory `/usr/src/samba-x.y.z/bin'
 +
'build' finished successfully (9m3.667s)
 +
 +
 +
 +
 +
 +
= make test (Optional) =
 +
 +
This optional step runs the Samba self test suite.
 +
 +
$ make test
 +
 +
{{Imbox
 +
| type = note
 +
| text = You can only run the self test suite, if you built Samba using the <code>--enable-selftest</code> option.
 +
}}
 +
 +
 +
 +
 +
 +
 +
= make install =
 +
 +
To install the compiled software, you require <code>root</code> permissions to write to the destination directories and set the correct permissions.
 +
 +
To install Samba, run:
 
   
 
   
 +
$ sudo make install
 +
 +
If the installation exits without an error, you see the following output:
 +
 +
Waf: Leaving directory `/usr/src/samba-x.y.z/bin'
 +
'install' finished successfully (18.243s)
 +
 +
 +
 +
 +
 +
= Adding Samba Commands to the $PATH Variable =
 +
 +
If you built Samba, add the directories containing the commands to the beginning of your <code>$PATH</code> variable. For example:
 +
 +
export PATH=/usr/local/samba/bin/:/usr/local/samba/sbin/:$PATH
 +
 +
To permanently update your <code>$PATH</code>, see your distribution's documentation.
 +
 +
 +
  
'''If you are using the checkout for a production installation you should use the following git branches:'''
 
  
* 'v4-0-stable' (which contains the latest stable 4.0.x release)
+
= Upgrading a Self-compiled Samba Installation =
  
    $ git clone -b v4-0-stable git://git.samba.org/samba.git samba-v4-0-stable
+
To update a self-compiled Samba installation, run the same steps like for a new installation while using the same <code>configure</code> options.
  
'''or'''
 
  
* 'v4-0-test' (which contains the patches scheduled for the next stable 4.0.x release)
 
  
    $ git clone -b v4-0-test git://git.samba.org/samba.git samba-v4-0-test
 
  
==== Updating via git ====
 
  
If you already have downloaded the source tree via <tt>git</tt> and want to update the tree to the latest version, run the following command in your <tt>samba-master</tt> directory:
+
= Applying a Patch =
  
$ git pull
+
Some situations require that you apply a patch to Samba. For example, a bug has been fixed and you you cannot wait until the new Samba version is released. To apply the patch to the Samba sources, run:
  
If you get an error like this:
+
* Change into the Samba sources directory.
  fatal: Unable to create '[...]/samba_master/.git/index.lock': File exists.
+
  $ cd samba-x.y.z/
Run the command below to reset your tree.
 
  
If you are having trouble compiling the source, it may be due to stale filesYou can reset your <tt>git</tt> tree to correct these errors. To reset your <tt>git</tt> tree, run the following command in your <tt>samba-master</tt> directory:
+
* Download the patch. For example:
 +
  $ wget -O /tmp/patch.txt <nowiki>https://bugzilla.samba.org/attachment.cgi?id=...</nowiki>
  
  $ git clean -x -f -d
+
* Apply the patch to the sources:
 +
  $ patch -p 1 < /tmp/patch.txt
  
== Step 2: Compile Samba ==
+
* Recompile and install Samba. See [[Updating Samba]].
  
To build Samba, run the following command in your <tt>samba-master</tt> directory:
+
= Additional information =
  
  $ cd samba-master
+
== Viewing Built Options of an Existing Installation ==
  $ ./configure
 
  $ make
 
  
The above command will setup Samba to install in <tt>/usr/local/samba</tt>.
+
To display the options used to built Samba, run
  
* If you want Samba to install in a different directory, then you should use the <tt>--prefix</tt> option to <tt>configure</tt>.
+
$ smbd -b
  
* We recommend using <tt>--enable-debug --enable-selftest</tt> for Samba is that it will include extra debug information that will help us diagnose problems in case of failures, and will also allow you to run our selftest <tt>make test</tt> to validate that Samba can behave correctly on your platform.  Both of these are however, entirely '''optional'''.
 
  
== Step 3: Install Samba ==
 
  
To install Samba, run the following command in your <tt>samba-master</tt> directory:
 
  
  $ make install
 
  
Note that this must be run as a user who has permission to write to the install directory, which defaults to <tt>/usr/local/samba</tt>. See [[#Step 2: Compile Samba4|Step 2: Compile Samba ]] for instructions on how to change the install directory.
+
= Using an init script to manage the Samba AD DC Service =
  
== Upgrading a source version ==
+
{{:Managing the Samba AD DC Service Using an Init Script}}
  
To upgrade to the latest Samba version from a previous Samba release, you must first download the latest tarball, or use the git tree. If using git, you may either do a full download of the latest git tree as described in the [http://wiki.samba.org/index.php/Samba4/HOWTO#Downloading_via_git Downloading via git] section, or you may upgrade your current git tree as described in the [http://wiki.samba.org/index.php/Samba4/HOWTO#Updating_via_git Updating via git] section. Once you have obtained the latest version, simply run the following commands.
 
  
  $ cd samba-master
 
  $ ./configure
 
  $ make
 
  $ make install
 
  
* Note: Please use the same ./configure options as before to retain full functionality. The example above assumes that you source directory is named samba-master.
 
  
For more information on the commands above and their associated options, please refer to [http://wiki.samba.org/index.php/Samba4/HOWTO#Step_2:_Compile_Samba Step 2]
+
= Using systemd to manage the Samba AD DC Service =
  
If you are upgrading from a previous release of Samba 4.x, be sure to review all the release notes for the new version, as well as the notes for all the interim versions.
+
{{:Managing the Samba AD DC Service Using Systemd}}

Latest revision as of 08:55, 22 September 2020

Introduction

Most users are running packages shipped with their distribution or from 3rd parties, such as SerNet (Samba+/Enterprise). However, in some situations you decide to compile Samba yourself, like

  • outdated packages are shipped with your distribution
  • no packages are available for your distribution or OS
  • you want to apply a patch from a developer to fix a problem before a new version is released

Compiling Samba requires only a few steps:

./configure
make
sudo make install

You can run most of the required steps in this documentation without root privileges. If root permissions are required, the command is prefixed with sudo. Please see the sudo (8) manual page and your distribution documentation how to set up sudo.

The following documentation is valid for every type of Samba installation, like an Active Directory (AD) domain controller (DC), a domain member (AD and NT4 domain), an NT4 PDC, and standalone server.



Samba Operating System Requirements

To build Samba, install all required libraries and tools first. See Operating System Requirements.



Obtaining Samba

Stable Version (Recommended)

Always download the latest version of Samba from https://www.samba.org/.

Samba maintains three series of minor versions. For a maximum of security and stability, the Samba team recommends that you only install the latest available version of a series. Older versions do not contain the latest bug and security fixes. For further information, see Samba Release Planning.

To download, use a tool like wget. For example:

$ wget https://download.samba.org/pub/samba/stable/samba-x.y.z.tar.gz


Development Versions

Do not use a development version in production!

To download a development version, use git to clone the repository. For details, see Using Git for Samba Development.

Before a new major version is released, the Samba team publishes release candidates for testing purposes. You can download release candidates from https://download.samba.org/pub/samba/rc/




Extracting the Source Package

To extract the downloaded source package, run:

$ tar -zxf samba-x.y.z.tar.gz



configure

Change into the directory with the extracted sources:

$ cd samba-x.y.z/

The configure script is located in the root of the sources directory. The main purpose of the script is to create a Makefile which is used by the command make. The configure script enables you to set various options, like installation paths. If you do not want to customize any paths, and enable or disable parts of Samba, run the following command without any option:

$ ./configure

If the command fails, read the error message and fix the problem. One common problem are missing dependencies. For details, see Operating System Requirements.

The following example shows the output, if the configure script cannot find the GnuTLS headers:

Checking for gnutls >= 1.4.0 and broken versions : not found
/usr/src/samba-x.y.z/source4/lib/tls/wscript:37: error: Building the AD DC requires
GnuTLS (eg libgnutls-dev, gnutls-devel) for ldaps:// support and for the BackupKey protocol

If the configure script exits without an error, you see the following output:

'configure' finished successfully (1m2.432s)

Continue with the make step, if no error has occurred.


Python

If full python development headers are not installed you may see

Checking for header Python.h   : Distutils not installed? Broken python installation? Get python-config now! 
The configuration failed

Here you have three choices:

  • Add the following build settings to './configure':
--disable-python --without-ad-dc

This does mean that you will not be able to provision Samba as an AD DC.

  • (for Samba 4.10) build with python2 with
PYTHON=python2 ./configure
PYTHON=python2 make -j
  • install the Python 3.x development package for your system (eg python3-devel, python36-devel or python3-dev)


Customizing the Configure Options

While running the configure script without any options is sufficient to build Samba, you can customize installation paths and enable or disable features. To display the list of options, run:

$ ./configure --help

The output shows two major kind of options:


enable/disable/with/without Options

The configure script provides several --enable-* / -disable-* and --with-* / --without-* options. They allow you to enable and disable features. Each option you can turn to its opposite if you use --enable instead of --disable, --with instead of --without, and the other way around.

  • Example 1: Disable CUPS support (enabled by default):
--enable-cups
          Build with cups support (default=yes)
If you do not require CUPS support, disable the feature passing the --disable-cups option to the configure command:
$ ./configure ... --disable-cups
  • Example 2: Compile Samba without AD DC capabilities:
--without-ad-dc
          disable AD DC functionality (enables Samba 4 client and Samba 3 code base).
If you build Samba for a host that should not act as an AD DC, you can disable this feature passing the --without-ad-dc option to the configure command:
$ ./configure ... --without-ad-dc
  • Example 3: Build Samba with debug information:
$ ./configure ... --enable-debug 


Warning: Do not enable or disable features if you have not fully understood the cause of the option! Changing options can prevent your Samba installation from working as expected!


Installation Directories

If you use the default settings, the binaries, configuration files, libraries, and other files are installed in the /usr/local/samba/ directory. This enables you to keep the complete Samba installation in one location. However, you can specify individual paths. For example:

  • To install the daemon binaries like smbd and samba in the /sbin/ directory instead of /usr/local/samba/sbin/, run:
$ ./configure ... --sbindir=/sbin/
  • To set the default path to the smb.conf file to /etc/samba/ instead of /usr/local/samba/etc/, run:
$ ./configure ... --sysconfdir=/etc/samba/
  • To store the Samba man pages in the /usr/share/man/ directory, run:
$ ./configure ... --mandir=/usr/share/man/


make

To start the compilation, run

$ make

The make command is able to run multiple jobs in parallel. For example, to run 2 make sub-tasks at the same time, run:

$ make -j 2

If the compilation exits without an error, you see the following output:

Waf: Leaving directory `/usr/src/samba-x.y.z/bin'
'build' finished successfully (9m3.667s)



make test (Optional)

This optional step runs the Samba self test suite.

$ make test




make install

To install the compiled software, you require root permissions to write to the destination directories and set the correct permissions.

To install Samba, run:

$ sudo make install 

If the installation exits without an error, you see the following output:

Waf: Leaving directory `/usr/src/samba-x.y.z/bin'
'install' finished successfully (18.243s)



Adding Samba Commands to the $PATH Variable

If you built Samba, add the directories containing the commands to the beginning of your $PATH variable. For example:

export PATH=/usr/local/samba/bin/:/usr/local/samba/sbin/:$PATH

To permanently update your $PATH, see your distribution's documentation.



Upgrading a Self-compiled Samba Installation

To update a self-compiled Samba installation, run the same steps like for a new installation while using the same configure options.



Applying a Patch

Some situations require that you apply a patch to Samba. For example, a bug has been fixed and you you cannot wait until the new Samba version is released. To apply the patch to the Samba sources, run:

  • Change into the Samba sources directory.
$ cd samba-x.y.z/
  • Download the patch. For example:
$ wget -O /tmp/patch.txt https://bugzilla.samba.org/attachment.cgi?id=...
  • Apply the patch to the sources:
$ patch -p 1 < /tmp/patch.txt

Additional information

Viewing Built Options of an Existing Installation

To display the options used to built Samba, run

$ smbd -b



Using an init script to manage the Samba AD DC Service

Creating the Init Script

Red Hat Enterprise Linux 6

  • Create the /etc/init.d/samba-ad-dc file with the following content:
#!/bin/bash
#
# samba-ad-dc	This shell script takes care of starting and stopping
# 		samba AD daemons.
#
# chkconfig: - 58 74
# description: Samba Active Directory Domain Controller

### BEGIN INIT INFO
# Provides: samba-ad-dc
# Required-Start: $network $local_fs $remote_fs
# Required-Stop: $network $local_fs $remote_fs
# Should-Start: $syslog $named
# Should-Stop: $syslog $named
# Short-Description: start and stop samba-ad-dc
# Description: Samba Active Directory Domain Controller
### END INIT INFO

# Source function library.
. /etc/init.d/functions
 
# Source networking configuration.
. /etc/sysconfig/network
 
prog=samba
prog_dir=/usr/local/samba/sbin/
lockfile=/var/lock/subsys/$prog
 
start() {
	[ "$NETWORKING" = "no" ] && exit 1
	echo -n $"Starting Samba AD DC: "
	daemon $prog_dir/$prog -D
	RETVAL=$?
	echo
	[ $RETVAL -eq 0 ] && touch $lockfile
	return $RETVAL
}

 stop() {
	[ "$EUID" != "0" ] && exit 4
	echo -n $"Shutting down Samba AD DC: "
	killproc $prog_dir/$prog
	RETVAL=$?
	echo
	[ $RETVAL -eq 0 ] && rm -f $lockfile
	return $RETVAL
}
 
case "$1" in
start)
	start
	;;
stop)
	stop
	;;
status)
	status $prog
	;;
restart)
	stop
	start
	;;
*)
	echo $"Usage: $0 {start|stop|status|restart}"
	exit 2
esac
  • Make the script executeable:
# chmod 755 /etc/init.d/samba-ad-dc


Debian

  • Create the /etc/init.d/samba-ad-dc file with the following content:
#!/bin/sh

### BEGIN INIT INFO
# Provides:          samba-ad-dc
# Required-Start:    $network $local_fs $remote_fs
# Required-Stop:     $network $local_fs $remote_fs
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: start Samba daemons for the AD DC
### END INIT INFO

#
# Start/stops the Samba daemon (samba).
# Adapted from the Samba 3 packages.
#

PATH=/usr/local/samba/sbin:/usr/local/samba/bin:$PATH

PIDDIR=/usr/local/samba/var/run
SAMBAPID=$PIDDIR/samba.pid

# clear conflicting settings from the environment
unset TMPDIR

# See if the daemon and the config file are there
test -x /usr/local/samba/sbin/samba -a -r /usr/local/samba/etc/smb.conf || exit 0

. /lib/lsb/init-functions

case "$1" in
        start)
                SERVER_ROLE=`samba-tool testparm --parameter-name="server role"  2>/dev/null | tail -1`
                if [ "$SERVER_ROLE" != "active directory domain controller" ]; then
                    exit 0
                fi

                # CVE-2013-4475
                KEYFILE=/usr/local/samba/private/tls/key.pem
                if [ -e $KEYFILE ]; then
                    KEYPERMS=`stat -c %a $KEYFILE`
                    if [ "$KEYPERMS" != "600" ]; then
                        echo "wrong permission on $KEYFILE, must be 600"
                        echo "samba will not start (CVE-2013-4475)"
                        echo "Removing all tls .pem files will cause an auto-regeneration with the correct permissions."
                        exit 1
                    fi
               fi

               log_daemon_msg "Starting Samba AD DC daemon" "samba"
               # Make sure we have our PIDDIR, even if it's on a tmpfs
               install -o root -g root -m 755 -d $PIDDIR
 
               if ! start-stop-daemon --start --quiet --oknodo --exec /usr/local/samba/sbin/samba -- -D; then
                   log_end_msg 1
                   exit 1
               fi

               log_end_msg 0
               ;;
       stop)
               log_daemon_msg "Stopping Samba AD DC daemon" "samba"

              start-stop-daemon --stop --quiet --pidfile $SAMBAPID
               # Wait a little and remove stale PID file
               sleep 1
               if [ -f $SAMBAPID ] && ! ps h `cat $SAMBAPID` > /dev/null
               then
                   # Stale PID file (samba was succesfully stopped),
                   # remove it (should be removed by samba itself IMHO.)
                   rm -f $SAMBAPID
               fi

              log_end_msg 0

               ;;
       restart|force-reload)
               $0 stop
               sleep 1
               $0 start
               ;;
       status)
               status_of_proc -p $SAMBAPID /usr/local/samba/sbin/samba samba
               exit $?
               ;;
       *)
               echo "Usage: /etc/init.d/samba-ad-dc {start|stop|restart|force-reload|status}"
               exit 1
               ;;
esac

exit 0


  • If necessary, update the locations to the samba service, the samba-tool utility, and the smb.conf file in the /etc/init.d/samba-ad-dc file.
  • Make the script executeable:
# chmod 755 /etc/init.d/samba-ad-dc



Managing the Samba AD DC Service

The following assumes that the Samba Active Directory (AD) domain controller (DC) service is managed by the /etc/init.d/samba-ad-dc init script. If you have not created the script manually, see your operating system's documentation for the name of the Samba AD DC service.


Enabling and Disabling the Samba AD DC Service

To enable the Samba Active Directory (AD) domain controller (DC) service to start automatically when the system boots, enter:

Red Hat Enterprise Linux 6

# chkconfig samba-ad-dc enable

To disable the automatic start of the Samba AD DC service, enter:

# chkconfig samba-ad-dc disable


Debian

# update-rc.d samba-ad-dc defaults

To disable the automatic start of the Samba AD DC service, enter:

# update-rc.d -f samba-ad-dc remove


Manually Starting and Stopping the Samba AD DC Service

To manually start the Samba Active Directory (AD) domain controller (DC) service, enter:

# service start samba-ad-dc

To manually stop the Samba AD DC service, enter:

# service stop samba-ad-dc



Using systemd to manage the Samba AD DC Service

The samba Service

On a DC, the /usr/local/samba/sbin/samba service automatically starts the required smbd and winbindd service as sub-processes. If you start them manually, the Samba DC fails to work as expected. If your package provider created additional Samba service files, disable and mask them to prevent that other services re-enable them. For example:

# systemctl mask smbd nmbd winbind
# systemctl disable smbd nmbd winbind

For further details about permanently disabling services, see the systemd documentation.

Creating the systemd Service File

Samba does not provide a systemd service file. When you built the Samba Active Directory (AD) domain controller (DC) from the sources, you must manually create the service file to enable systemd to manage the Samba AD DC service:

  • Create the /etc/systemd/system/samba-ad-dc.service file with the following content:
[Unit]
Description=Samba Active Directory Domain Controller
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
ExecStart=/usr/local/samba/sbin/samba -D
PIDFile=/usr/local/samba/var/run/samba.pid
ExecReload=/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target
For further details, see the systemd.service(5) man page.
  • Reload the systemd configuration:
# systemctl daemon-reload



Managing the Samba AD DC Service

The following assumes that the Samba Active Directory (AD) domain controller (DC) service is managed by the samba-ad-dc service file. If you have not created the service file manually, see your operating system's documentation for the name of the Samba AD DC service.


Enabling and Disabling the Samba AD DC Service

To enable the Samba Active Directory (AD) domain controller (DC) service to start automatically when the system boots, enter:

# systemctl enable samba-ad-dc

To disable the automatic start of the Samba AD DC service, enter:

# systemctl disable samba-ad-dc


Manually Starting and Stopping the Samba AD DC Service

To manually start the Samba Active Directory (AD) domain controller (DC) service, enter:

# systemctl start samba-ad-dc

To manually stop the Samba AD DC service, enter:

# systemctl stop samba-ad-dc