Difference between revisions of "Managing the Samba AD DC Service Using an Init Script"

m (Upstart Systems (such as Ubuntu))
m (/* added debian init.d script, old link nolonger worked.)
(18 intermediate revisions by 10 users not shown)
Line 1: Line 1:
This is a topic which pops every so often -- ''where are the Init scripts for Samba4?''  The problem is that init scripts are very distribution specific.  The HOWTO states, "Samba4 alpha13 doesn't yet have init scripts included for each platform, but making one for your platform should not be difficult."  Well, they may not be rocket science, but not everyone knows how to build a robust startup script and then integrate it with their particular startup infrastructure.  This gets even more weird when distributions like Fedora radically overhaul their approach to init.  (SysV to "systemd")
+
= Introduction =
  
The intent of this page is to provide a sample of at least a few init scripts, listed by their distribution family (eg., Debian based systems and Red Hat/Fedora).
+
The following describes how to use an init script to manage the Samba Active Directory (AD) domain controller (DC) service. Depending on your operating system, the location of the init script, its content, and the procedures how to manage the service can be different. For details, see your operating system's documentation.
  
== Red Hat/Fedora based systems ==
+
{{Imbox
For SysV style service init scripts, Red Hat puts the init scripts in the /etc/rc.d/init.d directory, and then links to these scripts from the various run level directories (eg, link in /etc/rc3.d/S80samba4 -> ../rc.d/init.d/samba4)
+
| type = important
 +
| text = If you operating system uses a different system to manage services, such as <code>systemd</code>, see [[Managing_the_Samba_AD_DC_Service|Managing the Samba AD DC Service]].
 +
}}
  
Fedora has gone to a systemd based startup for Init.  You can still use SysV style scripts such as this one, and configure the automatic startup of the Samba4 server ad different run levels through the "chkconfig" tool.
 
  
  #! /bin/bash
+
 
  #
+
 
  # samba4      Bring up/down samba4 service
+
 
  #
+
= Creating the Init Script =
  # chkconfig: - 90 10
+
 
  # description: Activates/Deactivates all samba4 interfaces configured to \
+
== Red Hat Enterprise Linux 6 ==
  #              start at boot time.
+
 
  #
+
{{Imbox
  ### BEGIN INIT INFO
+
| type = note
  # Provides:  
+
| text = On Red Hat Enterprise Linux later than version 6, use <code>systemd</code> to manage the Samba service. For details, see [[Managing_the_Samba_AD_DC_Service_Using_Systemd|Managing the Samba AD DC Service Using Systemd]].
  # Should-Start:  
+
}}
  # Short-Description: Bring up/down samba4
+
 
  # Description: Bring up/down samba4
+
* Create the <code>/etc/init.d/samba-ad-dc</code> file with the following content:
  ### END INIT INFO
+
 
  # Source function library.
+
#!/bin/bash
  . /etc/init.d/functions
+
#
 +
# samba-ad-dc This shell script takes care of starting and stopping
 +
# samba AD daemons.
 +
#
 +
# chkconfig: - 58 74
 +
# description: Samba Active Directory Domain Controller
 +
 +
### BEGIN INIT INFO
 +
# Provides: samba-ad-dc
 +
# Required-Start: $network $local_fs $remote_fs
 +
# Required-Stop: $network $local_fs $remote_fs
 +
# Should-Start: $syslog $named
 +
# Should-Stop: $syslog $named
 +
# Short-Description: start and stop samba-ad-dc
 +
# Description: Samba Active Directory Domain Controller
 +
### END INIT INFO
 +
 +
# Source function library.
 +
. /etc/init.d/functions
 
    
 
    
  if [ -f /etc/sysconfig/samba4 ]; then
+
# Source networking configuration.
  . /etc/sysconfig/samba4
+
. /etc/sysconfig/network
  fi
 
 
    
 
    
  CWD=$(pwd)
+
prog=samba
  prog="samba4"
+
prog_dir=/usr/local/samba/sbin/
 +
lockfile=/var/lock/subsys/$prog
 
    
 
    
  start() {
+
start() {
        # Attach irda device
+
[ "$NETWORKING" = "no" ] && exit 1
        echo -n $"Starting $prog: "
+
echo -n $"Starting Samba AD DC: "
  /usr/local/samba/sbin/samba
+
daemon $prog_dir/$prog -D
  sleep 2
+
RETVAL=$?
  if ps ax | grep -v "grep" | grep -q /samba/sbin/samba ; then success $"samba4 startup"; else failure $"samba4 startup"; fi
+
echo
        echo
+
[ $RETVAL -eq 0 ] && touch $lockfile
  }
+
return $RETVAL
 +
}
 +
 
   stop() {
 
   stop() {
        # Stop service.
+
[ "$EUID" != "0" ] && exit 4
        echo -n $"Shutting down $prog: "
+
echo -n $"Shutting down Samba AD DC: "
  killall samba
+
killproc $prog_dir/$prog
  sleep 2
+
RETVAL=$?
  if ps ax | grep -v "grep" | grep -q /samba/sbin/samba ; then failure $"samba4 shutdown"; else success $"samba4 shutdown"; fi
+
echo
        echo
+
[ $RETVAL -eq 0 ] && rm -f $lockfile
  }
+
return $RETVAL
  status() {
+
}
  /usr/local/samba/sbin/samba --show-build
 
  }
 
 
    
 
    
  # See how we were called.
+
case "$1" in
  case "$1" in
+
start)
  start)
+
start
  start
+
;;
        ;;
+
stop)
  stop)
+
stop
  stop
+
;;
        ;;
+
status)
  status)
+
status $prog
  status irattach
+
;;
  ;;
+
restart)
  restart|reload)
+
stop
  stop
+
start
  start
+
;;
  ;;
+
*)
  *)
+
echo $"Usage: $0 {start|stop|status|restart}"
        echo $"Usage: $0 {start|stop|restart|status}"
+
exit 2
        exit 1
+
esac
  esac
+
 
 +
* Make the script executeable:
 +
 
 +
# chmod 755 /etc/init.d/samba-ad-dc
 +
 
 +
 
 +
 
 +
== Debian ==
 +
 
 +
* Create the <code>/etc/init.d/samba-ad-dc</code> file with the following content:
 +
 
 +
#!/bin/sh
 +
 +
### BEGIN INIT INFO
 +
# Provides:          samba-ad-dc
 +
# Required-Start:    $network $local_fs $remote_fs
 +
# Required-Stop:    $network $local_fs $remote_fs
 +
# Default-Start:    2 3 4 5
 +
# Default-Stop:      0 1 6
 +
# Short-Description: start Samba daemons for the AD DC
 +
### END INIT INFO
 +
 +
#
 +
# Start/stops the Samba daemon (samba).
 +
# Adapted from the Samba 3 packages.
 +
#
 +
 +
PATH=/usr/local/samba/sbin:/usr/local/samba/bin:$PATH
 +
 +
PIDDIR=/usr/local/samba/var/run
 +
SAMBAPID=$PIDDIR/samba.pid
 +
 +
# clear conflicting settings from the environment
 +
unset TMPDIR
 +
 +
# See if the daemon and the config file are there
 +
test -x /usr/local/samba/sbin/samba -a -r /usr/local/samba/etc/smb.conf || exit 0
 +
 +
. /lib/lsb/init-functions
 +
 +
case "$1" in
 +
        start)
 +
                SERVER_ROLE=`samba-tool testparm --parameter-name="server role"  2>/dev/null | tail -1`
 +
                if [ "$SERVER_ROLE" != "active directory domain controller" ]; then
 +
                    exit 0
 +
                fi
 +
 +
                # CVE-2013-4475
 +
                KEYFILE=/usr/local/samba/private/tls/key.pem
 +
                if [ -e $KEYFILE ]; then
 +
                    KEYPERMS=`stat -c %a $KEYFILE`
 +
                    if [ "$KEYPERMS" != "600" ]; then
 +
                        echo "wrong permission on $KEYFILE, must be 600"
 +
                        echo "samba will not start (CVE-2013-4475)"
 +
                        echo "Removing all tls .pem files will cause an auto-regeneration with the correct permissions."
 +
                        exit 1
 +
                    i
 +
                fi
 +
 +
                log_daemon_msg "Starting Samba AD DC daemon" "samba"
 +
                # Make sure we have our PIDDIR, even if it's on a tmpfs
 +
                install -o root -g root -m 755 -d $PIDDIR
 
    
 
    
  exit 0
+
                if ! start-stop-daemon --start --quiet --oknodo --exec /usr/local/samba/sbin/samba -- -D; then
 +
                    log_end_msg 1
 +
                    exit 1
 +
                fi
 +
 +
                log_end_msg 0
 +
                ;;
 +
        stop)
 +
                log_daemon_msg "Stopping Samba AD DC daemon" "samba"
 +
 +
              start-stop-daemon --stop --quiet --pidfile $SAMBAPID
 +
                # Wait a little and remove stale PID file
 +
                sleep 1
 +
                if [ -f $SAMBAPID ] && ! ps h `cat $SAMBAPID` > /dev/null
 +
                then
 +
                    # Stale PID file (samba was succesfully stopped),
 +
                    # remove it (should be removed by samba itself IMHO.)
 +
                    rm -f $SAMBAPID
 +
                fi
 +
 +
              log_end_msg 0
 +
 +
                ;;
 +
        restart|force-reload)
 +
                $0 stop
 +
                sleep 1
 +
                $0 start
 +
                ;;
 +
        status)
 +
                status_of_proc -p $SAMBAPID /usr/local/samba/sbin/samba samba
 +
                exit $?
 +
                ;;
 +
        *)
 +
                echo "Usage: /etc/init.d/samba-ad-dc {start|stop|restart|force-reload|status}"
 +
                exit 1
 +
                ;;
 +
esac
 +
 +
exit 0
 +
 
 +
 
 +
* If necessary, update the locations to the <code>samba</code> service, the <code>samba-tool</code> utility, and the <code>smb.conf</code> file in the <code>/etc/init.d/samba-ad-dc</code> file.
 +
 
 +
* Make the script executeable:
 +
 
 +
# chmod 755 /etc/init.d/samba-ad-dc
 +
 
 +
 
 +
 
 +
 
 +
 
 +
= Managing the Samba AD DC Service =
 +
 
 +
The following assumes that the Samba Active Directory (AD) domain controller (DC) service is managed by the <code>/etc/init.d/samba-ad-dc</code> init script. If you have not created the script manually, see your operating system's documentation for the name of the Samba AD DC service.
 +
 
 +
{{Imbox
 +
| type = note
 +
| text = Depending on your operating system, there can be different ways to enable or disable a service. See your operating system's documentation for details.
 +
}}
  
  
== Debian Systems ==
 
  
1) Retrieve the init script
+
== Enabling and Disabling the Samba AD DC Service ==
  
To retrieve the Debian init script, run either:
+
To enable the Samba Active Directory (AD) domain controller (DC) service to start automatically when the system boots, enter:
  
  $ bzr cat http://bzr.debian.org/bzr/pkg-samba/samba4/unstable/debian/samba4.init > /etc/init.d/samba4
+
== Red Hat Enterprise Linux 6 ==
  
Or if you don't have bzr:
+
# chkconfig samba-ad-dc enable
  
  $ wget http://anonscm.debian.org/loggerhead/pkg-samba/samba4/unstable/download/head:/1833%40fc4039ab-9d04-0410-8cac-899223bdd6b0:trunk%252Fsamba4:debian%252Fsamba4.init/samba4.init -O /etc/init.d/samba4
+
To disable the automatic start of the Samba AD DC service, enter:
  
2) (Optional) Update the path where Samba is installed
+
# chkconfig samba-ad-dc disable
  
The Debian package assumes that Samba is installed in /usr. If you've installed it in the default location (/usr/local/samba) instead, run:
 
  
  $ sed -i 's|/usr/sbin|/usr/local/samba/sbin|g' /etc/init.d/samba4
+
== Debian ==
  
3) Make the init script executable
+
# update-rc.d samba-ad-dc defaults
  
Make the init script executable by running:
+
To disable the automatic start of the Samba AD DC service, enter:
  
  $ chmod 755 /etc/init.d/samba4
+
# update-rc.d -f samba-ad-dc remove
  
4) Enable the script at startup
 
  
  $ update-rc.d samba4 defaults
 
  
== Upstart Systems (such as Ubuntu) ==
+
== Manually Starting and Stopping the Samba AD DC Service ==
  
Ubuntu uses the upstart system. To retrieve the upstart config file, run:
+
To manually start the Samba Active Directory (AD) domain controller (DC) service, enter:
  
  $ bzr cat http://bzr.debian.org/bzr/pkg-samba/samba4/unstable/debian/samba4.upstart > /etc/init/samba4.conf
+
# service start samba-ad-dc
  
The upstart file doesn't appear to be there any more...so here's one that appears to work.<br>
+
To manually stop the Samba AD DC service, enter:
It normally goes here: /etc/init/samba4.conf <br>
 
Change the exec line to point to where ever the samba executable is. By default it's here: /usr/local/samba/sbin/
 
  
  description "SMB/CIFS File and Active Directory Server"
+
  # service stop samba-ad-dc
author      "Jelmer Vernooij <jelmer@ubuntu.com>"
 
start on (local-filesystems and net-device-up)
 
stop on runlevel [!2345]
 
expect fork
 
normal exit 0
 
pre-start script
 
[ -r /etc/default/samba4 ] && . /etc/default/samba4
 
install -o root -g root -m 755 -d /var/run/samba
 
install -o root -g root -m 755 -d /var/log/samba
 
end script
 
exec /usr/local/samba/sbin/samba -D
 

Revision as of 17:57, 23 September 2018

Introduction

The following describes how to use an init script to manage the Samba Active Directory (AD) domain controller (DC) service. Depending on your operating system, the location of the init script, its content, and the procedures how to manage the service can be different. For details, see your operating system's documentation.



Creating the Init Script

Red Hat Enterprise Linux 6

  • Create the /etc/init.d/samba-ad-dc file with the following content:
#!/bin/bash
#
# samba-ad-dc	This shell script takes care of starting and stopping
# 		samba AD daemons.
#
# chkconfig: - 58 74
# description: Samba Active Directory Domain Controller

### BEGIN INIT INFO
# Provides: samba-ad-dc
# Required-Start: $network $local_fs $remote_fs
# Required-Stop: $network $local_fs $remote_fs
# Should-Start: $syslog $named
# Should-Stop: $syslog $named
# Short-Description: start and stop samba-ad-dc
# Description: Samba Active Directory Domain Controller
### END INIT INFO

# Source function library.
. /etc/init.d/functions
 
# Source networking configuration.
. /etc/sysconfig/network
 
prog=samba
prog_dir=/usr/local/samba/sbin/
lockfile=/var/lock/subsys/$prog
 
start() {
	[ "$NETWORKING" = "no" ] && exit 1
	echo -n $"Starting Samba AD DC: "
	daemon $prog_dir/$prog -D
	RETVAL=$?
	echo
	[ $RETVAL -eq 0 ] && touch $lockfile
	return $RETVAL
}

 stop() {
	[ "$EUID" != "0" ] && exit 4
	echo -n $"Shutting down Samba AD DC: "
	killproc $prog_dir/$prog
	RETVAL=$?
	echo
	[ $RETVAL -eq 0 ] && rm -f $lockfile
	return $RETVAL
}
 
case "$1" in
start)
	start
	;;
stop)
	stop
	;;
status)
	status $prog
	;;
restart)
	stop
	start
	;;
*)
	echo $"Usage: $0 {start|stop|status|restart}"
	exit 2
esac
  • Make the script executeable:
# chmod 755 /etc/init.d/samba-ad-dc


Debian

  • Create the /etc/init.d/samba-ad-dc file with the following content:
#!/bin/sh

### BEGIN INIT INFO
# Provides:          samba-ad-dc
# Required-Start:    $network $local_fs $remote_fs
# Required-Stop:     $network $local_fs $remote_fs
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: start Samba daemons for the AD DC
### END INIT INFO

#
# Start/stops the Samba daemon (samba).
# Adapted from the Samba 3 packages.
#

PATH=/usr/local/samba/sbin:/usr/local/samba/bin:$PATH

PIDDIR=/usr/local/samba/var/run
SAMBAPID=$PIDDIR/samba.pid

# clear conflicting settings from the environment
unset TMPDIR

# See if the daemon and the config file are there
test -x /usr/local/samba/sbin/samba -a -r /usr/local/samba/etc/smb.conf || exit 0

. /lib/lsb/init-functions

case "$1" in
        start)
                SERVER_ROLE=`samba-tool testparm --parameter-name="server role"  2>/dev/null | tail -1`
                if [ "$SERVER_ROLE" != "active directory domain controller" ]; then
                    exit 0
                fi

                # CVE-2013-4475
                KEYFILE=/usr/local/samba/private/tls/key.pem
                if [ -e $KEYFILE ]; then
                    KEYPERMS=`stat -c %a $KEYFILE`
                    if [ "$KEYPERMS" != "600" ]; then
                        echo "wrong permission on $KEYFILE, must be 600"
                        echo "samba will not start (CVE-2013-4475)"
                        echo "Removing all tls .pem files will cause an auto-regeneration with the correct permissions."
                        exit 1
                    i
               fi

               log_daemon_msg "Starting Samba AD DC daemon" "samba"
               # Make sure we have our PIDDIR, even if it's on a tmpfs
               install -o root -g root -m 755 -d $PIDDIR
 
               if ! start-stop-daemon --start --quiet --oknodo --exec /usr/local/samba/sbin/samba -- -D; then
                   log_end_msg 1
                   exit 1
               fi

               log_end_msg 0
               ;;
       stop)
               log_daemon_msg "Stopping Samba AD DC daemon" "samba"

              start-stop-daemon --stop --quiet --pidfile $SAMBAPID
               # Wait a little and remove stale PID file
               sleep 1
               if [ -f $SAMBAPID ] && ! ps h `cat $SAMBAPID` > /dev/null
               then
                   # Stale PID file (samba was succesfully stopped),
                   # remove it (should be removed by samba itself IMHO.)
                   rm -f $SAMBAPID
               fi

              log_end_msg 0

               ;;
       restart|force-reload)
               $0 stop
               sleep 1
               $0 start
               ;;
       status)
               status_of_proc -p $SAMBAPID /usr/local/samba/sbin/samba samba
               exit $?
               ;;
       *)
               echo "Usage: /etc/init.d/samba-ad-dc {start|stop|restart|force-reload|status}"
               exit 1
               ;;
esac

exit 0


  • If necessary, update the locations to the samba service, the samba-tool utility, and the smb.conf file in the /etc/init.d/samba-ad-dc file.
  • Make the script executeable:
# chmod 755 /etc/init.d/samba-ad-dc



Managing the Samba AD DC Service

The following assumes that the Samba Active Directory (AD) domain controller (DC) service is managed by the /etc/init.d/samba-ad-dc init script. If you have not created the script manually, see your operating system's documentation for the name of the Samba AD DC service.


Enabling and Disabling the Samba AD DC Service

To enable the Samba Active Directory (AD) domain controller (DC) service to start automatically when the system boots, enter:

Red Hat Enterprise Linux 6

# chkconfig samba-ad-dc enable

To disable the automatic start of the Samba AD DC service, enter:

# chkconfig samba-ad-dc disable


Debian

# update-rc.d samba-ad-dc defaults

To disable the automatic start of the Samba AD DC service, enter:

# update-rc.d -f samba-ad-dc remove


Manually Starting and Stopping the Samba AD DC Service

To manually start the Samba Active Directory (AD) domain controller (DC) service, enter:

# service start samba-ad-dc

To manually stop the Samba AD DC service, enter:

# service stop samba-ad-dc