Difference between revisions of "Operating System Requirements"

(Face-lifting the page (structure, formattings, text changes, etc.))
(Split the package installation into AD/Member/PDC)
Line 20: Line 20:
  
  
=== Kernel support ===
+
=== Kernel Support ===
  
 
Ensure that your kernel has the following options enabled:
 
Ensure that your kernel has the following options enabled:
Line 44: Line 44:
  
  
=== Kernel support ===
+
=== Kernel Support ===
  
 
Ensure that your kernel has the following options enabled:
 
Ensure that your kernel has the following options enabled:
Line 62: Line 62:
  
  
=== Kernel support ===
+
=== Kernel Support ===
  
 
Ensure that your kernel has the following options enabled:
 
Ensure that your kernel has the following options enabled:
Line 70: Line 70:
  
  
== File Systems without xattr support ==
+
== File Systems Without xattr Support ==
  
 
'''Note: This is not recommended!!!'''
 
'''Note: This is not recommended!!!'''
Line 84: Line 84:
  
  
== Testing your filesystem ==
+
== Testing Your Filesystem ==
  
 
''Note: This is not required for [[#File_Systems_without_xattr_support|file systems without xattr support]].''
 
''Note: This is not required for [[#File_Systems_without_xattr_support|file systems without xattr support]].''
Line 131: Line 131:
  
  
= Required Libraries and programs =
+
= Required Libraries And Programs =
 +
 
 +
== OS Independent ==
  
 
Depending on your distribution, the package name of the following libraries and programs may differ. Typically they are labled with lib*-dev or lib*-devel. See [[#Distribution_specific_package_installation|Distribution specific package installation]].
 
Depending on your distribution, the package name of the following libraries and programs may differ. Typically they are labled with lib*-dev or lib*-devel. See [[#Distribution_specific_package_installation|Distribution specific package installation]].
Line 139: Line 141:
 
* python
 
* python
 
:A good portion of Samba is written using python, including the build system itself (waf).
 
:A good portion of Samba is written using python, including the build system itself (waf).
 +
 +
* perl
  
 
<u>(Recommended) Optional:</u>
 
<u>(Recommended) Optional:</u>
Line 171: Line 175:
  
  
== Distribution specific package installation ==
+
== Distribution Specific Package Installation ==
 +
 
 +
=== For An Samba Active Directory Domain Controller ===
  
 
The following examples will cover all of the required libraries and programs. It will also cover BIND, kerberos and file system tools. If you plan to use the internal DNS server, you do not need BIND, but you do still need the package that contains the „nsupdate“ binary.
 
The following examples will cover all of the required libraries and programs. It will also cover BIND, kerberos and file system tools. If you plan to use the internal DNS server, you do not need BIND, but you do still need the package that contains the „nsupdate“ binary.
Line 177: Line 183:
  
  
=== Debian / Ubuntu ===
+
==== Debian / Ubuntu ====
  
 
  # apt-get install build-essential libacl1-dev libattr1-dev \
 
  # apt-get install build-essential libacl1-dev libattr1-dev \
Line 186: Line 192:
  
  
=== Fedora ===
+
==== Fedora ====
  
 
  # yum install libacl-devel libblkid-devel gnutls-devel \
 
  # yum install libacl-devel libblkid-devel gnutls-devel \
Line 193: Line 199:
  
  
=== Red Hat Enterprise Linux / CentOS / Scientific Linux ===
+
==== Red Hat Enterprise Linux / CentOS / Scientific Linux ====
  
  # yum install gcc libacl-devel libblkid-devel gnutls-devel \
+
  # yum install perl gcc libacl-devel libblkid-devel gnutls-devel \
 
     readline-devel python-devel gdb pkgconfig krb5-workstation \
 
     readline-devel python-devel gdb pkgconfig krb5-workstation \
 
     zlib-devel setroubleshoot-server libaio-devel \
 
     zlib-devel setroubleshoot-server libaio-devel \
Line 206: Line 212:
  
  
=== openSUSE ===
+
==== openSUSE ====
  
 
  # zypper install libacl-devel python-selinux autoconf make \
 
  # zypper install libacl-devel python-selinux autoconf make \
Line 219: Line 225:
  
  
=== Gentoo ===
+
==== Gentoo ====
  
 
Please note that the following sections assume at least an intermediate understanding of the Gentoo packaging system.
 
Please note that the following sections assume at least an intermediate understanding of the Gentoo packaging system.
Line 225: Line 231:
  
  
==== Python ====
+
===== Python =====
  
 
Gentoo uses Python 3 as the default python interpreter, but at this time Samba requires Python 2 (2.4.2 or later). The following set of commands will install and set up Python 2 as the default python interpreter.
 
Gentoo uses Python 3 as the default python interpreter, but at this time Samba requires Python 2 (2.4.2 or later). The following set of commands will install and set up Python 2 as the default python interpreter.
Line 235: Line 241:
  
  
==== Kerberos ====
+
===== Kerberos =====
  
 
On Gentoo, you have two choices for a kerberos implementation, app-crypt/mit-krb5 and app-crypt/heimdal. Unfortunately the two implementations can not be installed at the same time. Currently, the Samba only supports app-crypt/heimdal. So you must first uninstall app-crypt/mit-krb5, if installed. Then install app-crypt/heimdal and rebuild any packages that were using the previous kerberos implementation.
 
On Gentoo, you have two choices for a kerberos implementation, app-crypt/mit-krb5 and app-crypt/heimdal. Unfortunately the two implementations can not be installed at the same time. Currently, the Samba only supports app-crypt/heimdal. So you must first uninstall app-crypt/mit-krb5, if installed. Then install app-crypt/heimdal and rebuild any packages that were using the previous kerberos implementation.
Line 245: Line 251:
  
  
==== Bind ====
+
===== Bind =====
  
 
To enable automatic zone management, net-dns/bind and net-dns/bind-tools should be emerged with the USE flags for berkdb, dlz and gssapi set. To enable them permanently, add the following to /etc/package.use:
 
To enable automatic zone management, net-dns/bind and net-dns/bind-tools should be emerged with the USE flags for berkdb, dlz and gssapi set. To enable them permanently, add the following to /etc/package.use:
Line 258: Line 264:
  
  
==== Samba-supplied Libraries (tdb/ldb/tevent) ====
+
===== Samba-supplied Libraries (tdb/ldb/tevent) =====
  
 
There are a few Samba libraries that need to be installed. Note that these packages might be keyworded as unstable,  so you might need to add the following to your /etc/package.keywords:
 
There are a few Samba libraries that need to be installed. Note that these packages might be keyworded as unstable,  so you might need to add the following to your /etc/package.keywords:
Line 282: Line 288:
  
  
==== Other Misc. Build/Run Dependencies ====
+
===== Other Misc. Build/Run Dependencies =====
  
 
To ensure a successful Samba 4 installation, there are a few other packages that should be installed, as shown below:
 
To ensure a successful Samba 4 installation, there are a few other packages that should be installed, as shown below:
Line 289: Line 295:
  
 
FIXME: Are dev-python/dnspython net-dns/libidn still required?
 
FIXME: Are dev-python/dnspython net-dns/libidn still required?
 +
 +
 +
 +
=== For An Samba Member Server ===
 +
 +
==== Red Hat Enterprise Linux / CentOS / Scientific Linux ====
 +
 +
# autoconf automake gcc gdb krb5-devel krb5-workstation openldap-devel make pam-devel python-devel docbook-style-xsl libacl-devel libattr-devel libxslt
 +
 +
 +
 +
=== For An Samba NT4 PDC ===
 +
 +
Please add content.

Revision as of 16:58, 27 September 2014

File System Support

To use the advanced features of Samba, you need a filesystem that supports both the "user" and "system" xattr namespace. You need this support on file systems that you will share through Samba.

For Samba Active Directory Domain Controllers, „samba-tool“ tests during the provisioning the xattr support for /usr/local/samba/var/locks/sysvol/.


ext3

fstab

For filesystems of that type shared by Samba, add the following options to your /etc/fstab:

/dev/...          /srv/samba/demo          ext3          user_xattr,acl,barrier=1          1 1

Note: The „barrier=1“ option ensures that tdb transactions are safe against unexpected power loss.

Please be careful modifying your fstab. It can lead into an unbootable system!


Kernel Support

Ensure that your kernel has the following options enabled:

CONFIG_EXT3_FS_XATTR=y
CONFIG_EXT3_FS_SECURITY=y
CONFIG_EXT3_FS_POSIX_ACL=y


ext4

fstab

For filesystems of that type shared by Samba, add the following options to your /etc/fstab:

/dev/...          /srv/samba/demo          ext4          user_xattr,acl,barrier=1          1 1

Note: The „barrier=1“ option ensures that tdb transactions are safe against unexpected power loss.

Please be careful modifying your fstab. It can lead into an unbootable system!


Kernel Support

Ensure that your kernel has the following options enabled:

CONFIG_EXT4_FS_XATTR=y
CONFIG_EXT4_FS_SECURITY=y
CONFIG_EXT4_FS_POSIX_ACL=y


XFS

fstab

No special mount options are required in your fstab.


Kernel Support

Ensure that your kernel has the following options enabled:

CONFIG_XFS_POSIX_ACL=y


File Systems Without xattr Support

Note: This is not recommended!!!

If you don't have a filesystem with xattr support, you can simulate it by adding the following line to your smb.conf:

  posix:eadb = /usr/local/samba/private/eadb.tdb

This will place all extra file attributes (NT ACLs, DOS EAs, streams, etc), in that tdb.

Note: Because it is not efficient and doesn't scale well it should not be used in production!


Testing Your Filesystem

Note: This is not required for file systems without xattr support.

Before you start testing, ensure, that you have the „attr“ package installed!

Run the following commands as root to test xattr support:

# touch test.txt
# setfattr -n user.test -v test test.txt
# setfattr -n security.test -v test2 test.txt

The following commands should return the shown output:

# getfattr -d test.txt
# file: test.txt
user.test="test"

# getfattr -n security.test -d test.txt
# file: test.txt
security.test="test2"

Run the following commands as root to test extended ACL support:

# touch test.txt
# setfacl -m g:adm:rwx test.txt

The following command should return the shown output:

# getfacl test.txt
# file: test.txt
# owner: root
# group: root
user::rw-
group::r--
group:adm:rwx
mask::rwx
other::r--

Note: Getting an "Operation not supported" error means your kernel is not configured correctly or your filesystem is not mounted with the correct options.

Note: Getting an "Operation not permitted" error means you didn't run the commands as user „root“.



Required Libraries And Programs

OS Independent

Depending on your distribution, the package name of the following libraries and programs may differ. Typically they are labled with lib*-dev or lib*-devel. See Distribution specific package installation.

Required:

  • python
A good portion of Samba is written using python, including the build system itself (waf).
  • perl

(Recommended) Optional:

  • acl
Required for a successfull Samba AD DC deployment! On Member Servers it is required to use the complete set of Windows ACLs.
  • xattr
Required for a successfull Samba AD DC deployment! On Member Servers it is required to use the complete set of Windows ACLs.
  • blkid
  • gnutls
  • readline
  • cups
Required for CUPS printer sharing support.
  • bsd or setproctitle
Required for process title updating support.
  • xsltproc
Required for building man pages and other documentation.
  • docbook
Required for building man pages and other documentation.
  • openldap
Required to build the Samba NT4-style PDC components with LDAP support and Active Directory Member Server support. Also required for the Samba classicupgrade.


Distribution Specific Package Installation

For An Samba Active Directory Domain Controller

The following examples will cover all of the required libraries and programs. It will also cover BIND, kerberos and file system tools. If you plan to use the internal DNS server, you do not need BIND, but you do still need the package that contains the „nsupdate“ binary.


Debian / Ubuntu

# apt-get install build-essential libacl1-dev libattr1-dev \
   libblkid-dev libgnutls-dev libreadline-dev python-dev libpam0g-dev \
   python-dnspython gdb pkg-config libpopt-dev libldap2-dev \
   dnsutils libbsd-dev attr krb5-user docbook-xsl libcups2-dev acl


Fedora

# yum install libacl-devel libblkid-devel gnutls-devel \
   readline-devel python-devel gdb pkgconfig libattr-devel \
   krb5-workstation


Red Hat Enterprise Linux / CentOS / Scientific Linux

# yum install perl gcc libacl-devel libblkid-devel gnutls-devel \
   readline-devel python-devel gdb pkgconfig krb5-workstation \
   zlib-devel setroubleshoot-server libaio-devel \
   setroubleshoot-plugins policycoreutils-python \
   libsemanage-python setools-libs-python setools-libs \
   popt-devel libpcap-devel sqlite-devel libidn-devel \
   libxml2-devel libacl-devel libsepol-devel libattr-devel \
   keyutils-libs-devel cyrus-sasl-devel cups-devel bind-utils


openSUSE

# zypper install libacl-devel python-selinux autoconf make \
    python-devel gdb sqlite3-devel libgnutls-devel binutils \
    policycoreutils-python setools-libs selinux-policy \
    setools-libs popt-devel libpcap-devel keyutils-devel \
    libidn-devel libxml2-devel libacl-devel libsepol-devel \
    libattr-devel zlib-devel cyrus-sasl-devel gcc \
    krb5-client openldap2-devel libopenssl-devel\
    bind-utils bind-lib


Gentoo

Please note that the following sections assume at least an intermediate understanding of the Gentoo packaging system.


Python

Gentoo uses Python 3 as the default python interpreter, but at this time Samba requires Python 2 (2.4.2 or later). The following set of commands will install and set up Python 2 as the default python interpreter.

# emerge --ask --noreplace '<dev-lang/python-3'
# eselect python set python2.7
# python-updater


Kerberos

On Gentoo, you have two choices for a kerberos implementation, app-crypt/mit-krb5 and app-crypt/heimdal. Unfortunately the two implementations can not be installed at the same time. Currently, the Samba only supports app-crypt/heimdal. So you must first uninstall app-crypt/mit-krb5, if installed. Then install app-crypt/heimdal and rebuild any packages that were using the previous kerberos implementation.

# emerge --unmerge --ask app-crypt/mit-krb5
# emerge --ask app-crypt/heimdal
# revdep-rebuild -- -ask


Bind

To enable automatic zone management, net-dns/bind and net-dns/bind-tools should be emerged with the USE flags for berkdb, dlz and gssapi set. To enable them permanently, add the following to /etc/package.use:

net-dns/bind berkdb dlz gssapi
net-dns/bind-tools gssapi

Then, emerge net-dns/bind:

# emerge --ask  net-dns/bind net-dns/bind-tools


Samba-supplied Libraries (tdb/ldb/tevent)

There are a few Samba libraries that need to be installed. Note that these packages might be keyworded as unstable, so you might need to add the following to your /etc/package.keywords:

~sys-libs/tevent-0.9.17
~sys-libs/tdb-1.2.10
~sys-libs/ldb-1.1.12
~sys-libs/talloc-2.0.7

Additionally, Samba requires sys-libs/tdb and sys-libs/talloc to be emerged with the USE flag python set. To enable this permanently, add the following to /etc/package.use:

sys-libs/tdb python
sys-libs/talloc python

Note: In new(er) installations of Gentoo, the above files will be located in /etc/portage/, i.e. /etc/portage/package.keywords and /etc/portage/package.use. They may be symlinked to /etc for backward compatibility.

Now, emerge the packages:

# emerge --ask '=sys-libs/talloc-2.0.7' '=sys-libs/tdb-1.2.10' '=sys-libs/tevent-0.9.17' '=sys-libs/ldb-1.1.12'

Note that ebuilds for the required versions of the above packages might not be availiable in the portage tree. In this case, check Gentoo's Bugzilla for updated ebuilds.


Other Misc. Build/Run Dependencies

To ensure a successful Samba 4 installation, there are a few other packages that should be installed, as shown below:

# emerge --ask net-libs/gnutls sys-apps/acl dev-libs/cyrus-sasl dev-python/subunit dev-python/dnspython net-dns/libidn 

FIXME: Are dev-python/dnspython net-dns/libidn still required?


For An Samba Member Server

Red Hat Enterprise Linux / CentOS / Scientific Linux

# autoconf automake gcc gdb krb5-devel krb5-workstation openldap-devel make pam-devel python-devel docbook-style-xsl libacl-devel libattr-devel libxslt 


For An Samba NT4 PDC

Please add content.