Operating System Requirements: Difference between revisions

From SambaWiki
m (Updated link)
 
(55 intermediate revisions by 16 users not shown)
Line 1: Line 1:
* [[Package Dependencies Required to Build Samba]]
== Development libraries ==
* [[File_System_Support|File System Support]]
=== Required : ===
These packages are required for a successful build of samba 4
* Python -- A good portion of Samba is written using python, including the build system itself (waf).

=== Recommended optional development libraries: ===
In most distributions these libraries will be labeled with a lib*-dev or lib*-devel, for example for the Debian or Ubuntu acl would be libacl1-dev, but in Fedora, RHEL, CentOS, and openSUSE its named libacl-devel.
* acl -- Required for a successful AD DC deployment. If this library is not included, samba will build successfully, however you will not be able to change ACL's from the windows frontend. You will receive and error when you provision and if you manually create the smb.conf with +s3fs, you will get '''Access is denied.''' from windows on any attempt to change ACL's.
* xattr
* blkid
* gnutls
* readline
* openldap -- Required to build the Samba3 components with LDAP support. Lacking this library the build will complete but attempts to provision (via upgrade) an Active Directory domain from an existing Samba3 LDAP backend will fail. Also see [[Samba4/samba-tool/domain/classicupgrade/HOWTO|samba-tool domain classicupgrade]]

== Distribution Setup ==
The examples following will cover all of these libraries. It will also cover bind, kerberos, and file system tools. If you plan to use the internal DNS server, you do not need bind, but you do still need the package that contains the nsupdate binary.

=== Debian or Ubuntu ===
# apt-get install build-essential libacl1-dev libattr1-dev \
libblkid-dev libgnutls-dev libreadline-dev python-dev \
python-dnspython gdb pkg-config libpopt-dev libldap2-dev \
dnsutils

=== Fedora ===

# yum install libacl-devel libblkid-devel gnutls-devel \
readline-devel python-devel gdb pkgconfig libattr-devel \
krb5-workstation

=== Red Hat Enterprise Linux or CentOS ===

# yum install libacl-devel libblkid-devel gnutls-devel \
readline-devel python-devel gdb pkgconfig krb5-workstation \
zlib-devel setroubleshoot-server \
setroubleshoot-plugins policycoreutils-python \
libsemanage-python setools-libs-python setools-libs \
popt-devel libpcap-devel sqlite-devel libidn-devel \
libxml2-devel libacl-devel libsepol-devel libattr-devel \
keyutils-libs-devel cyrus-sasl-devel

=== openSUSE ===

# zypper install libacl-devel python-selinux autoconf make \
python-devel gdb sqlite3-devel libgnutls-devel binutils \
policycoreutils-python setools-libs selinux-policy \
setools-libs popt-devel libpcap-devel keyutils-devel \
libidn-devel libxml2-devel libacl-devel libsepol-devel \
libattr-devel zlib-devel cyrus-sasl-devel gcc \
krb5-client openldap2-devel libopenssl-devel\
bind-utils bind-lib

=== Gentoo ===
Please note that the following sections assume at least an intermediate understanding of the Gentoo packaging system.

==== Python ====
Gentoo uses python-3 as the default python interpreter, but at this time Samba requires python-2 (2.4.2 or greater) The following set of commands will install and set up python-2 as the default python interpreter.

# emerge --ask --noreplace '<dev-lang/python-3'
# eselect python set python2.7
# python-updater

==== Kerberos ====
On Gentoo, you have two choices for a kerberos implementation, '''app-crypt/mit-krb5''' and '''app-crypt/heimdal'''. Unfortunately the two implementations can not be installed at the same time. Currently, the Samba developers recommend using '''app-crypt/heimdal'''. So you must first uninstall '''app-crypt/mit-krb5''' (if installed,) then install '''app-crypt/heimdal''' and rebuild any packages that were using the old kerberos implementation.

# emerge --unmerge --ask app-crypt/mit-krb5
# emerge --ask app-crypt/heimdal
# revdep-rebuild -- -ask

==== Bind ====
To enable automatic zone management, '''net-dns/bind''' and '''net-dns/bind-tools''' should be emerged with the USE flags for '''berkdb''', '''dlz''' and '''gssapi''' set. To enable them permanently, add the following to '''/etc/package.use''':

net-dns/bind berkdb dlz gssapi
net-dns/bind-tools gssapi

Then, emerge '''net-dns/bind''':

# emerge --ask net-dns/bind net-dns/bind-tools

Note that if you have problems with samba's gssapi updates to bind, try using the alternate kerberos implementation of app-crypt/mit-krb5.

==== Other Misc. Build/Run Dependencies ====
To ensure a successful Samba-4 installation, there are a few other packages that should be installed, as shown below:

# emerge --ask dev-libs/cyrus-sasl net-libs/gnutls dev-python/dnspython net-dns/libidn dev-python/subunit

==== Samba-supplied Libraries (tdb/ldb/tevent) ====
There are a few Samba libraries that need to be installed, note that at this time these packages are keyworded as unstable, so you will need to add the following to your '''/etc/package.keywords''':

~sys-libs/tevent-0.9.17
~sys-libs/tdb-1.2.10
~sys-libs/ldb-1.1.12

Additionally, Samba requires '''sys-libs/tdb''' to be emerged with the USE flag '''python''' set. To enable this permanently, add the following to '''/etc/package.use''':

sys-libs/tdb python

Now, emerge the packages:

# emerge --ask '=sys-libs/tdb-1.2.10' '=sys-libs/tevent-0.9.17' '=sys-libs/ldb-1.1.12'

Note that ebuilds for the required versions of the above packages might not be availiable in the portage tree. In this case, check [https://bugs.gentoo.org/ Gentoo's Bugzilla] for updated ebuilds.

== File System Support ==


To use the advanced features of Samba4 you need a filesystem that
supports both the "user" and "system" xattr namespaces.

=== ext3/ext4 File System ===

If you are using either ext3 or ext4 for your file system you will need to
include the options "user_xattr" and "acl" in your /etc/fstab. For example:

/dev/hda3 /home ext3 user_xattr,acl 1 1

Simply change ext3 to ext4 if you are using it. Normally you will want to just modify the existing line to add those options. Please use caution when modifying your fstab as it can lead to an un-bootable system if the wrong thing is modified.

You also need to compile your kernel with the XATTR, SECURITY, and POSIX_ACL
options for your filesystem. For ext3 (change the 3 to a 4 for ext4) that means you need:

CONFIG_EXT3_FS_XATTR=y
CONFIG_EXT3_FS_SECURITY=y
CONFIG_EXT3_FS_POSIX_ACL=y

If you are running a Linux 2.6 kernel with CONFIG_IKCONFIG_PROC
defined you can check this with the following command:

$ zgrep CONFIG_EXT3_FS /proc/config.gz

=== File Systems without xattr support ===

If you don't have a filesystem with xattr support, then you can
simulate it by adding the following line to your smb.conf:

posix:eadb = /usr/local/samba/eadb.tdb

that will place all extra file attributes (NT ACLs, DOS EAs, streams
etc), in that tdb. It is not efficient, and doesn't scale well, but at
least it gives you a choice when you don't have a modern filesystem.

=== Testing your filesystem ===

To test your filesystem support, install the 'attr' package and run
the following 4 commands as root:

# touch test.txt
# setfattr -n user.test -v test test.txt
# setfattr -n security.test -v test2 test.txt
# getfattr -d test.txt
# getfattr -n security.test -d test.txt

You should see output like this:

# file: test.txt
user.test="test"

# file: test.txt
security.test="test2"

If you get any "Operation not supported" errors then it means your
kernel is not configured correctly, or your filesystem is not mounted
with the right options.

If you get any "Operation not permitted" errors then it probably means
you didn't try the test as root.

If you are using the posix:eadb option then you don't need to test your filesystem in this manner.

Latest revision as of 16:33, 27 April 2017