[Samba] Building Samba 356 on Solaris 10
Neil Newman
Neil.Newman at dartford.gov.uk
Thu May 19 04:49:20 MDT 2011
Just in case this helps anyone, please find below the steps I took to compile Samba version 356 on our Sun Solaris servers:
Setting Up A Sun Solaris Server To Integrate With Samba 356 AD
Download the latest stable SOURCE version of Kerberos from http://web.mit.edu/kerberos/dist/
Run mkdir /usr/local/sambaAD358
krb5.1.7
cd krb5*/src
./configure --prefix=/usr/local/sambaAD358 --enable-dns-for-realm
make
make install
======================
From http://www.openldap.org/download the latest source
Run gunzip openldap?????.tgz to uncompress
This will create a tar file
Run tar xvf openldap?????.tar to uncompress
cd openldap????
bash
CPPFLAGS="-I/usr/local/samba358/include"
export CPPFLAGS
LDFLAGS="-L/usr/local/sambaAD358/lib -R/usr/local/sambaAD358/lib"
export LDFLAGS
./configure --prefix=/usr/local/sambaAD358 --disable-slapd --disable-slurpd --without-tls
make depend
make
make install
Install packages:
autoconf-2.68-sol10-sparc-local
perl-5.12.3-sol10-sparc-local
m4-1.4.16-sol10-sparc-local
libsigsegv-2.10-sol10-sparc-local
libiconv-1.13.1-sol10-sparc-local
gcc-3.4.6-sol10-sparc-local
make-3.82-sol10-sparc-local
libintl-3.4.0-sol10-sparc-local
Ensure libreadline is installed
/usr/local/lib/libreadline.a
/usr/local/lib/libreadline.so
/usr/local/lib/libreadline.so.4
/usr/local/lib/libreadline.so.5
set path=(/usr/sbin /bin /usr/bin /usr/ucb /etc /usr/etc /usr/local/bin $OPENWINHOME/bin . /usr/ccs/bin /usr/sadm/bin )
setenv LD_LIBRARY_PATH $OPENWINHOME/lib:/usr/dt/lib:/usr/local/lib:/usr/local/include:/usr/ucblib:/usr/local/sambaAD358/lib
setenv CC /usr/local/bin/gcc
bash
LDFLAGS="-L/usr/local/sambaAD358/lib -R/usr/local/sambaAD358/lib -L/usr/local/lib -R/usr/local/lib -L/usr/local/krb5/lib -L/usr/local/cyrus-sasl/lib -L/usr/local/libiconv/lib -R/usr/local/krb5/lib -R/usr/local/cyrus-sasl/lib -R/usr/local/libiconv/lib"
export LDFLAGS
./autogen.sh
./configure --prefix=/usr/local/sambaAD358 --with-ads --with-ldap --with-winbind --with-krb5=/usr/local/sambaAD358 --with-acl-support --with-shared-modules=idmap_ad,vfs_zfsacl
/usr/local/bin/make
/usr/local/bin/make install
create the file krb5.conf under /etc and put something like this in it:
#
# Copyright 2004 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# ident "@(#)krb5.conf 1.3 04/03/25 SMI"
#
# krb5.conf template
# In order to complete this configuration file
# you will need to replace the __<name>__ placeholders
# with appropriate values for your network.
#
[libdefaults]
default_realm = {DOMAIN}.GOV.UK
[realms]
DARTFORD.GOV.UK = {
kdc = {server}.{domain}.gov.uk
kdc = {server}.{domin}.gov.uk
}
[domain_realm]
.{domain}.gov.uk = {DOMAIN}.GOV.UK
[logging]
default = FILE:/var/krb5/kdc.log
kdc = FILE:/var/krb5/kdc.log
kdc_rotate = {
period = 1d
versions = 10
}
[appdefaults]
kinit = {
renewable = true
forwardable= true
}
gkadmin = {
# help_url = http://docs.sun.com:80/ab2/coll.384.1/SEAM/@AB2PageVi
ew/1195
}
Run:
ln -s /etc/krb5.conf /etc/krb5/krb5.conf
Create a smb.conf file under /usr/local/samba???/lib containing something like:
[global]
workgroup = {DOMAIN}
bind interfaces only = yes
netbios name = {server_name}
security = ADS
realm = {DOMAIN}.GOV.UK
server string = Samba (%v) domain (%h)
encrypt passwords = yes
preferred master = no
pid directory = /usr/local/sambaAD358/var/locks
log level = 5
log file = /usr/local/sambaAD358/logs/log.%m
smb passwd file = /usr/local/sambaAD358/private/smbpasswd
private dir = /usr/local/sambaAD358/private
lock dir = /usr/local/sambaAD358/var/locks
winbind cache time = 300
allow trusted domains = yes
idmap backend = rid:ADS=100000-200000
idmap uid = 100000-200000
idmap gid = 100000-200000
winbind enum groups = yes
winbind enum users = yes
enhanced browsing = yes
winbind use default domain = yes
load printers = no
restrict anonymous = 1
smb ports = 445 139
client use spnego = yes
[pcclients]
browseable = yes
comment = Access to Pcclients
path = /pcclients
public = no
guest ok = no
writeable = yes
valid users = @"{DOMAIN}\everyone" {DOMAIN}\cccam
force user = nobody
force group = nobody
force create mode = 0777
create mask = 0777
Run the following command to test the smb.conf file content:
cd /usr/local/samba???/bin
testparm -s ../lib/smb.conf
mkdir /usr/local/samba????/logs
If all looks OK attach the server to the AD using:
cd /usr/local/samba????/bin
./net ads join -U Administrator
NB: this may take a number of hours to sync across the network
Create a Samba startup file to be placed in /etc/rc3.d containing something like this:
#!/sbin/sh
#
# Copyright (c) 2001 by Sun Microsystems, Inc
# All rights reserved.
#
#ident "@(#)samba 1.1 01/09/24 SMI"
LD_LIBRARY_PATH=/usr/ucblib:/usr/dt/lib:/usr/local/include:/usr/local/lib:/usr/local/share:/usr/local/samba/lib:/usr/local/samba/include
export LD_LIBRARY_PATH
PATH=/usr/sbin:/bin:/usr/bin:/opt/SUNWspro/bin:/usr/ucb:/etc:/usr/etc:/networker:/usr/opt/SUNWmd/sbin:.:/usr/ccs/bin:/opt/SUNWss/bin:/bin/nsr:/usr/lib/nis:/usr/lib:/opt/SUNWns:/opt/Adobe/Acrobat7.0/bin:/usr/lib:/usr/local/bin:/usr/dt/appconfig/SUNWns:/opt/SUNWppro/bin:/usr/sadm/bin:/opt/sfw/bin:/usr/local/lib:/usr/local/include:/usr/sbin/nsr:/opt/rsc/bin:/usr/local/sbin:/usr/sfw/bin:/usr/ucblib
export PATH
case "$1" in
start)
[ -f /usr/local/samba???/lib/smb.conf ] || exit 0
/usr/local/samba???/sbin/smbd -D
/usr/local/samba???/sbin/nmbd -D
/usr/local/samba???/sbin/winbindd -D
;;
stop)
pkill smbd
pkill nmbd
pkill winbindd
;;
*)
echo "Usage: $0 { start | stop }"
exit 1
;;
esac
exit 0
Edit /etc/nsswitch.conf and change the following two lines to match:
passwd: files winbind
group: files winbind
Add user accounts to the /etc/passwd file for the users that need to access the server via Samba and add any groups such as everyone to the /etc/group file, place all the Samba users into the everyone group, for this task I use a shell script to sync the Unix password file with AD.
--------------------------------------------------------------------------------------------------------------------
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom
they are addressed.
If you have received this email in error please notify the
originator of the message. This footer also confirms that this
email message has been scanned for the presence of computer viruses.
Any views expressed in this message are those of the individual
sender, except where the sender specifies and with authority,
states them to be the views of Dartford Borough Council.
Dartford Borough Council - Rated a good Council by the Audit Commission.
See www.dartford.gov.uk to find out more.
More information about the samba
mailing list