[Samba] Building Samba 356 on Solaris 10

Neil Newman Neil.Newman at dartford.gov.uk
Thu May 19 04:49:20 MDT 2011

Just in case this helps anyone, please find below the steps I took to compile Samba version 356 on our Sun Solaris servers:

Setting Up A Sun Solaris Server To Integrate With Samba 356 AD

Download the latest stable SOURCE version of Kerberos from http://web.mit.edu/kerberos/dist/

Run mkdir /usr/local/sambaAD358


cd krb5*/src
./configure --prefix=/usr/local/sambaAD358 --enable-dns-for-realm
make install

From  http://www.openldap.org/download the latest source
Run gunzip openldap?????.tgz to uncompress
This will create a tar file
Run tar xvf openldap?????.tar to uncompress

cd openldap????

LDFLAGS="-L/usr/local/sambaAD358/lib -R/usr/local/sambaAD358/lib"
export LDFLAGS

./configure --prefix=/usr/local/sambaAD358 --disable-slapd --disable-slurpd    --without-tls

make depend
make install

Install packages:
Ensure libreadline is installed


set path=(/usr/sbin /bin /usr/bin /usr/ucb /etc /usr/etc /usr/local/bin  $OPENWINHOME/bin . /usr/ccs/bin  /usr/sadm/bin )

setenv LD_LIBRARY_PATH $OPENWINHOME/lib:/usr/dt/lib:/usr/local/lib:/usr/local/include:/usr/ucblib:/usr/local/sambaAD358/lib

setenv CC /usr/local/bin/gcc


LDFLAGS="-L/usr/local/sambaAD358/lib -R/usr/local/sambaAD358/lib -L/usr/local/lib -R/usr/local/lib -L/usr/local/krb5/lib -L/usr/local/cyrus-sasl/lib -L/usr/local/libiconv/lib -R/usr/local/krb5/lib -R/usr/local/cyrus-sasl/lib -R/usr/local/libiconv/lib"
export LDFLAGS


./configure --prefix=/usr/local/sambaAD358 --with-ads --with-ldap --with-winbind --with-krb5=/usr/local/sambaAD358 --with-acl-support --with-shared-modules=idmap_ad,vfs_zfsacl

/usr/local/bin/make install

create the file krb5.conf under /etc and put something like this in it:
# Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
# ident "@(#)krb5.conf 1.3 04/03/25 SMI"

# krb5.conf template
# In order to complete this configuration file
# you will need to replace the __<name>__ placeholders
# with appropriate values for your network.
        default_realm = {DOMAIN}.GOV.UK

        DARTFORD.GOV.UK = {
                kdc = {server}.{domain}.gov.uk
                kdc = {server}.{domin}.gov.uk

        .{domain}.gov.uk = {DOMAIN}.GOV.UK

        default = FILE:/var/krb5/kdc.log
        kdc = FILE:/var/krb5/kdc.log
        kdc_rotate = {
                period = 1d
                versions = 10

        kinit = {
                renewable = true
                forwardable= true
        gkadmin = {
#               help_url = http://docs.sun.com:80/ab2/coll.384.1/SEAM/@AB2PageVi

ln -s /etc/krb5.conf /etc/krb5/krb5.conf

Create a smb.conf file under /usr/local/samba???/lib containing something like:
        workgroup = {DOMAIN}
        bind interfaces only = yes
        netbios name = {server_name}
        security = ADS
        realm = {DOMAIN}.GOV.UK
        server string = Samba (%v) domain (%h)
        encrypt passwords = yes
        preferred master = no
        pid directory = /usr/local/sambaAD358/var/locks
        log level = 5
        log file = /usr/local/sambaAD358/logs/log.%m
        smb passwd file = /usr/local/sambaAD358/private/smbpasswd
        private dir = /usr/local/sambaAD358/private
        lock dir = /usr/local/sambaAD358/var/locks
        winbind cache time = 300
        allow trusted domains = yes
        idmap backend = rid:ADS=100000-200000
        idmap uid = 100000-200000
        idmap gid = 100000-200000
        winbind enum groups = yes
        winbind enum users = yes
        enhanced browsing = yes
        winbind use default domain = yes
        load printers = no
        restrict anonymous = 1
        smb ports = 445 139
        client use spnego = yes
        browseable = yes
        comment = Access to Pcclients
        path = /pcclients
        public = no
        guest ok = no
        writeable = yes
        valid users = @"{DOMAIN}\everyone" {DOMAIN}\cccam
        force user = nobody
        force group = nobody
        force create mode = 0777
        create mask = 0777

Run the following command to test the smb.conf file content:
cd /usr/local/samba???/bin
testparm -s ../lib/smb.conf

mkdir /usr/local/samba????/logs

If all looks OK attach the server to the AD using:
cd /usr/local/samba????/bin
./net ads join -U Administrator

NB: this may take a number of hours to sync across the network

Create a Samba startup file to be placed in /etc/rc3.d containing something like this:
# Copyright (c) 2001 by Sun Microsystems, Inc
# All rights reserved.
#ident "@(#)samba 1.1 01/09/24 SMI"

export PATH

case "$1" in
 [ -f /usr/local/samba???/lib/smb.conf ] || exit 0

 /usr/local/samba???/sbin/smbd -D
 /usr/local/samba???/sbin/nmbd -D
 /usr/local/samba???/sbin/winbindd -D
 pkill smbd
 pkill nmbd
 pkill winbindd
 echo "Usage: $0 { start | stop }"
 exit 1
exit 0

Edit /etc/nsswitch.conf and change the following two lines to match:
passwd:     files winbind
group:      files winbind

Add user accounts to the /etc/passwd file for the users that need to access the server via Samba and add any groups such as everyone to the /etc/group file, place all the Samba users into the everyone group, for this task I use a shell script to sync the Unix password file with AD.
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom
they are addressed.
If you have received this email in error please notify the
originator of the message. This footer also confirms that this
email message has been scanned for the presence of computer viruses.

Any views expressed in this message are those of the individual
sender, except where the sender specifies and with authority,
states them to be the views of Dartford Borough Council.

Dartford Borough Council - Rated a good Council by the Audit Commission.
See www.dartford.gov.uk to find out more.

More information about the samba mailing list