Operating System Requirements: Difference between revisions

From SambaWiki
(→‎Debian / Ubuntu: update Ubuntu package list based on experience with 14.04)
m (Updated link)
 
(8 intermediate revisions by 3 users not shown)
Line 1: Line 1:
* [[Package Dependencies Required to Build Samba]]
= File System Support =
* [[File_System_Support|File System Support]]

To use the advanced features of Samba, you need a filesystem that supports both the "user" and "system" xattr namespace. You need this support on file systems that you will share through Samba.

For Samba Active Directory Domain Controllers, „samba-tool“ tests during the provisioning the xattr support for /usr/local/samba/var/locks/sysvol/.


== ext3 ==

=== fstab ===

For filesystems of that type shared by Samba, add the following options to your /etc/fstab:

/dev/... /srv/samba/demo ext3 <u>user_xattr,acl,barrier=1</u> 1 1

Note: The „barrier=1“ option ensures that tdb transactions are safe against unexpected power loss.

Please be careful modifying your fstab. It can lead into an unbootable system!



=== Kernel Support ===

Ensure that your kernel has the following options enabled:

CONFIG_EXT3_FS_XATTR=y
CONFIG_EXT3_FS_SECURITY=y
CONFIG_EXT3_FS_POSIX_ACL=y



== ext4 ==

=== fstab ===

For filesystems of that type shared by Samba, add the following options to your /etc/fstab:

/dev/... /srv/samba/demo ext4 <u>defaults,barrier=1</u> 1 1

Note: The „barrier=1“ option ensures that tdb transactions are safe against unexpected power loss.

Please be careful modifying your fstab. It can lead into an unbootable system!

=== Kernel Support ===

Ensure that your kernel has the following options enabled:

CONFIG_EXT4_FS_XATTR=y
CONFIG_EXT4_FS_SECURITY=y
CONFIG_EXT4_FS_POSIX_ACL=y



== XFS ==

=== fstab ===

No special mount options are required in your fstab.



=== Kernel Support ===

Ensure that your kernel has the following options enabled:

CONFIG_XFS_POSIX_ACL=y



== File Systems Without xattr Support ==

'''Note: This is not recommended!!!'''

If you don't have a filesystem with xattr support, you can simulate it by adding the following line to your smb.conf:

posix:eadb = /usr/local/samba/private/eadb.tdb

This will place all extra file attributes (NT ACLs, DOS EAs, streams, etc), in that tdb.

'''Note: Because it is not efficient and doesn't scale well it should not be used in production!'''



== Testing Your Filesystem ==

''Note: This is not required for [[#File_Systems_without_xattr_support|file systems without xattr support]].''

Before you start testing, ensure, that you have the „attr“ package installed!

Run the following commands as root to test xattr support:

# touch test.txt
# setfattr -n user.test -v test test.txt
# setfattr -n security.test -v test2 test.txt

The following commands should return the shown output:

# getfattr -d test.txt
# file: test.txt
user.test="test"
# getfattr -n security.test -d test.txt
# file: test.txt
security.test="test2"

Run the following commands as root to test extended ACL support:

# touch test.txt
# setfacl -m g:adm:rwx test.txt

The following command should return the shown output:

# getfacl test.txt
# file: test.txt
# owner: root
# group: root
user::rw-
group::r--
group:adm:rwx
mask::rwx
other::r--

Note: Getting an "Operation not supported" error means your kernel is not configured correctly or your filesystem is not mounted with the correct options.

Note: Getting an "Operation not permitted" error means you didn't run the commands as user „root“.





= Required Libraries And Programs =

== OS Independent ==

Depending on your distribution, the package name of the following libraries and programs may differ. Typically they are labled with lib*-dev or lib*-devel. See [[#Distribution_specific_package_installation|Distribution specific package installation]].

<u>Required:</u>

* python
:A good portion of Samba is written using python, including the build system itself (waf).

* perl

<u>(Recommended) Optional:</u>

* acl
:Required for a successfull Samba AD DC deployment! On Member Servers it is required to use the complete set of Windows ACLs.

* xattr
:Required for a successfull Samba AD DC deployment! On Member Servers it is required to use the complete set of Windows ACLs.

* blkid

* gnutls

* readline

* cups
:Required for CUPS printer sharing support.

* bsd or setproctitle
:Required for process title updating support.

* xsltproc
:Required for building man pages and other documentation.

* docbook
:Required for building man pages and other documentation.

* openldap
:Required to build the Samba NT4-style PDC components with LDAP support and Active Directory Member Server support. Also required for the [[Samba_Classic_Upgrade_(NT4-style_domain_to_AD)|Samba classicupgrade]].



== Distribution Specific Package Installation ==

=== For An Samba Active Directory Domain Controller ===

The following examples will cover all of the required libraries and programs. It will also cover BIND, kerberos and file system tools. If you plan to use the internal DNS server, you do not need BIND, but you do still need the package that contains the „nsupdate“ binary.



==== Debian / Ubuntu ====

# apt-get install acl attr autoconf bison build-essential \
debhelper dnsutils docbook-xml docbook-xsl flex gdb krb5-user \
libacl1-dev libaio-dev libattr1-dev libblkid-dev libbsd-dev \
libcap-dev libcups2-dev libgnutls-dev libjson-perl \
libldap2-dev libncurses5-dev libpam0g-dev libparse-yapp-perl \
libpopt-dev libreadline-dev perl perl-modules pkg-config \
python-all-dev python-dev python-dnspython python-novaclient \
xsltproc zlib1g-dev

==== Fedora ====

# yum install libacl-devel libblkid-devel gnutls-devel \
readline-devel python-devel gdb pkgconfig libattr-devel \
krb5-workstation



==== Red Hat Enterprise Linux / CentOS / Scientific Linux ====

# yum install perl gcc attr libacl-devel libblkid-devel \
gnutls-devel readline-devel python-devel gdb pkgconfig \
krb5-workstation zlib-devel setroubleshoot-server libaio-devel \
setroubleshoot-plugins policycoreutils-python \
libsemanage-python perl-ExtUtils-MakeMaker perl-Parse-Yapp \
perl-Test-Base popt-devel libxml2-devel libattr-devel \
keyutils-libs-devel cups-devel bind-utils libxslt \
docbook-style-xsl openldap-devel autoconf

==== openSUSE ====

# zypper install libacl-devel python-selinux autoconf make \
python-devel gdb sqlite3-devel libgnutls-devel binutils \
policycoreutils-python setools-libs selinux-policy \
setools-libs popt-devel libpcap-devel keyutils-devel \
libidn-devel libxml2-devel libacl-devel libsepol-devel \
libattr-devel zlib-devel cyrus-sasl-devel gcc \
krb5-client openldap2-devel libopenssl-devel\
bind-utils bind-lib



==== Gentoo ====

Please note that the following sections assume at least an intermediate understanding of the Gentoo packaging system.



===== Python =====

Gentoo uses Python 3 as the default python interpreter, but at this time Samba requires Python 2 (2.4.2 or later). The following set of commands will install and set up Python 2 as the default python interpreter.

# emerge --ask --noreplace '<dev-lang/python-3'
# eselect python set python2.7
# python-updater



===== Kerberos =====

On Gentoo, you have two choices for a kerberos implementation, app-crypt/mit-krb5 and app-crypt/heimdal. Unfortunately the two implementations can not be installed at the same time. Currently, the Samba only supports app-crypt/heimdal. So you must first uninstall app-crypt/mit-krb5, if installed. Then install app-crypt/heimdal and rebuild any packages that were using the previous kerberos implementation.

# emerge --unmerge --ask app-crypt/mit-krb5
# emerge --ask app-crypt/heimdal
# revdep-rebuild -- -ask



===== Bind =====

To enable automatic zone management, net-dns/bind and net-dns/bind-tools should be emerged with the USE flags for berkdb, dlz and gssapi set. To enable them permanently, add the following to /etc/package.use:

net-dns/bind berkdb dlz gssapi
net-dns/bind-tools gssapi

Then, emerge net-dns/bind:

# emerge --ask net-dns/bind net-dns/bind-tools



===== Samba-supplied Libraries (tdb/ldb/tevent) =====

There are a few Samba libraries that need to be installed. Note that these packages might be keyworded as unstable, so you might need to add the following to your /etc/package.keywords:

~sys-libs/tevent-0.9.17
~sys-libs/tdb-1.2.10
~sys-libs/ldb-1.1.12
~sys-libs/talloc-2.0.7

Additionally, Samba requires sys-libs/tdb and sys-libs/talloc to be emerged with the USE flag python set. To enable this permanently, add the following to /etc/package.use:

sys-libs/tdb python
sys-libs/talloc python

Note: In new(er) installations of Gentoo, the above files will be located in /etc/portage/, i.e. /etc/portage/package.keywords and /etc/portage/package.use. They may be symlinked to /etc for backward compatibility.

Now, emerge the packages:

# emerge --ask '=sys-libs/talloc-2.0.7' '=sys-libs/tdb-1.2.10' '=sys-libs/tevent-0.9.17' '=sys-libs/ldb-1.1.12'

Note that ebuilds for the required versions of the above packages might not be availiable in the portage tree. In this case, check [https://bugs.gentoo.org/ Gentoo's Bugzilla] for updated ebuilds.



===== Other Misc. Build/Run Dependencies =====

To ensure a successful Samba 4 installation, there are a few other packages that should be installed, as shown below:

# emerge --ask net-libs/gnutls sys-apps/acl dev-libs/cyrus-sasl dev-python/subunit dev-python/dnspython net-dns/libidn

FIXME: Are dev-python/dnspython net-dns/libidn still required?



=== For A Samba Member Server ===

==== Red Hat Enterprise Linux / CentOS / Scientific Linux ====

# yum install autoconf automake gcc gdb krb5-devel krb5-workstation openldap-devel make pam-devel python-devel docbook-style-xsl libacl-devel libattr-devel libxslt



=== For A Samba NT4 PDC ===

Please add content.

Latest revision as of 16:33, 27 April 2017