Operating System Requirements: Difference between revisions

From SambaWiki
No edit summary
No edit summary
Line 69: Line 69:
include the option "user_xattr" in your /etc/fstab. For example:
include the option "user_xattr" in your /etc/fstab. For example:


/dev/hda3 /home ext3 user_xattr 1 1
/dev/hda3 /home ext3 user_xattr 1 1


You also need to compile your kernel with the XATTR and SECURITY
You also need to compile your kernel with the XATTR and SECURITY
Line 83: Line 83:
=== ext4 File System ===
=== ext4 File System ===


An /etc/fstab entry for ext4 may look something like:
Placeholder for ext4 info

/dev/hda3 /home ext4 acl 1 1


=== File Systems without xattr support ===
=== File Systems without xattr support ===

Revision as of 02:37, 30 July 2012

Development libraries

Required :

These packages are required for a successful build of samba 4

  • Python -- A good portion of Samba is written using python, including the build system itself (waf).

Recommended optional development libraries:

In most distributions these libraries will be labeled with a lib*-dev or lib*-devel, for example for the Debian or Ubuntu acl would be libacl1-dev, but in Fedora, RHEL, CentOS, and openSUSE its named libacl-devel.

  • acl -- Required for a successful AD DC deployment. If this library is not included, samba will build successfully, however you will not be able to change ACL's from the windows frontend. You will receive and error when you provision and if you manually create the smb.conf with +s3fs, you will get Access is denied. from windows on any attempt to change ACL's.
  • xattr
  • blkid
  • gnutls
  • readline
  • openldap -- Required to build the Samba3 components with LDAP support. Lacking this library the build will complete but attempts to provision (via upgrade) an Active Directory domain from an existing Samba3 LDAP backend will fail. Also see samba-tool domain classicupgrade

Distribution Setup

The examples following will cover all of these libraries. It will also cover bind, kerberos, and file system tools. If you plan to use the internal DNS server, you do not need bind, but you do still need the package that contains the nsupdate binary.

Debian or Ubuntu

# apt-get install build-essential libacl1-dev libattr1-dev \
   libblkid-dev libgnutls-dev libreadline-dev python-dev \
   python-dnspython gdb pkg-config libpopt-dev libldap2-dev \
   dnsutils

Fedora

# yum install libacl-devel libblkid-devel gnutls-devel \
   readline-devel python-devel gdb pkgconfig libattr-devel \
   krb5-workstation

Red Hat Enterprise Linux or CentOS

# yum install libacl-devel libblkid-devel gnutls-devel \
   readline-devel python-devel gdb pkgconfig krb5-workstation \ 
   zlib-devel setroubleshoot-server \
   setroubleshoot-plugins policycoreutils-python \
   libsemanage-python setools-libs-python setools-libs \
   popt-devel libpcap-devel sqlite-devel libidn-devel \
   libxml2-devel libacl-devel libsepol-devel libattr-devel \
   keyutils-libs-devel cyrus-sasl-devel

openSUSE

# zypper install libacl-devel python-selinux autoconf make \
    python-devel gdb sqlite3-devel libgnutls-devel binutils \
    policycoreutils-python setools-libs selinux-policy \
    setools-libs popt-devel libpcap-devel keyutils-devel \
    libidn-devel libxml2-devel libacl-devel libsepol-devel \
    libattr-devel zlib-devel cyrus-sasl-devel gcc \
    krb5-client openldap2-devel libopenssl-devel\
    bind-utils bind-lib

Gentoo

# USE="dlz python gssapi" emerge cyrus-sasl heimdal bind bind-tools gnutls dnspython gdb libidn subunit
# ACCEPT_KEYWORDS="~amd64" USE="python" emerge =sys-libs/tdb-1.2.10 =sys-libs/tevent-0.9.15 =sys-libs/ldb-1.1.6

Obviously that would be ~x86 instead of ~amd64 on a x86 arch, also don't forget to

# eselect python set 1

where 1 is python 2.X (3.X is not yet supported) if you don't know which version you are using, eselect python list will give you a list of available ones.

File System Support

To use the advanced features of Samba4 you need a filesystem that supports both the "user" and "system" xattr namespaces.

ext3 File System

If you run Linux with a 2.6 kernel and ext3 this means you need to include the option "user_xattr" in your /etc/fstab. For example:

/dev/hda3               /home                   ext3    user_xattr     1 1

You also need to compile your kernel with the XATTR and SECURITY options for your filesystem. For ext3 that means you need:

  CONFIG_EXT3_FS_XATTR=y
  CONFIG_EXT3_FS_SECURITY=y

If you are running a Linux 2.6 kernel with CONFIG_IKCONFIG_PROC defined you can check this with the following command:

  $ zgrep CONFIG_EXT3_FS /proc/config.gz

ext4 File System

An /etc/fstab entry for ext4 may look something like:

/dev/hda3               /home                   ext4    acl     1 1

File Systems without xattr support

If you don't have a filesystem with xattr support, then you can simulate it by adding the following line to your smb.conf:

  posix:eadb = /usr/local/samba/eadb.tdb

that will place all extra file attributes (NT ACLs, DOS EAs, streams etc), in that tdb. It is not efficient, and doesn't scale well, but at least it gives you a choice when you don't have a modern filesystem.

Testing your filesystem

To test your filesystem support, install the 'attr' package and run the following 4 commands as root:

 # touch test.txt
 # setfattr -n user.test -v test test.txt
 # setfattr -n security.test -v test2 test.txt
 # getfattr -d test.txt
 # getfattr -n security.test -d test.txt

You should see output like this:

 # file: test.txt
 user.test="test"
 # file: test.txt
 security.test="test2"

If you get any "Operation not supported" errors then it means your kernel is not configured correctly, or your filesystem is not mounted with the right options.

If you get any "Operation not permitted" errors then it probably means you didn't try the test as root.

If you are using the posix:eadb option then you don't need to test your filesystem in this manner.