[Samba] [HowTo] Installing Samba and sssd on Debian Wheezy (with manual backport)

George jorgito1412 at gmail.com
Sat Jul 19 00:59:54 MDT 2014


Hi everyone,

A couple of weeks ago I wanted to install Samba and sssd on a Debian
Wheezy server. The Samba version from the wheezy-backports repo looks
and feels fairly well packaged by now and is updated to the upstream
version, so in my opinion that's the way to go. As regards sssd, I
wanted a version supporting the AD backend (the one in the Wheezy
repos doesn't), so I backported it manually from Jessie (or sid). The
main advantage from using backports is that whenever there is an
official updated package or you dist-upgrade to Jessie, your package
will get transparently and seamlessly upgraded. The procedure had some
caveats, so here is how to make it work. I understand that this would
probably be a better suit on Debian or sssd lists, but sssd
integration with Samba is a recurring topic on this list.

This procedure is based on a stock Debian Wheezy install, with the
wheezy-backports repo added to the APT sources. I suggest not to use
an existing server for this, but a stock VM. Once built, you can take
your DEBs wherever you want. All this was tested under the amd64
architechture. All comands run as root (or sudo'ed as necessary). The
general backport creating info can be found at
https://wiki.debian.org/SimpleBackportCreation

# -------------------
# Install general build dependencies
apt-get install devscripts build-essential debian-keyring

# If you haven't done this before, you will have to initialize gpg
gpg -k

# First we need to backport the libpwquality package:

# Download source package for libpwquality. You can get the link from
https://packages.debian.org/jessie/libpam-pwquality (or the sid
equivalent)
dget -x http://ftp.de.debian.org/debian/pool/main/libp/libpwquality/libpwquality_1.2.3-1.dsc

# Install build dependencies for libpwquality
apt-get install libcrack2-dev libpam0g-dev python-all-dev gnome-pkg-tools

cd libpwquality-1.2.3/

# Check for additional missing dependencies and install them if necessary
dpkg-checkbuilddeps

# Modify changelog
dch --local ~bpo70+ --distribution wheezy-backports "Rebuild for
wheezy-backports."

# If you build right now, it will most likely fail with:
# dh_python2:145: extension for python2.6 is missing. Build extensions
for all supported Python
# versions (`pyversions -vr`) or adjust X-Python-Version field or pass
--no-guessing-versions to dh_python2
#
# You will need to add the following to the debian/rules file:
#
# override_dh_python2:
#     dh_python2 --no-guessing-versions
#

# Build the package
dpkg-buildpackage -us -uc

# -------------------
# Now let's go with sssd:

# Download sssd source package. You can get the link from
https://packages.debian.org/jessie/sssd
dget -x http://ftp.de.debian.org/debian/pool/main/s/sssd/sssd_1.11.3-1.dsc

# Install build dependencies for sssd. We need the already officially
backported samba-dev an some libraries
apt-get install samba-dev libtevent-dev libldb-dev libtalloc-dev
libtdb-dev -t wheezy-backports

apt-get install quilt dh-autoreconf libpopt-dev libdbus-1-dev
libkeyutils-dev libldap2-dev libnl-3-dev libnl-route-3-dev libnss3-dev
libnspr4-dev libpcre3-dev libselinux1-dev libsasl2-dev libltdl-dev
docbook-xsl docbook-xml libxml2-utils xsltproc krb5-config libkrb5-dev
libc-ares-dev libsemanage1-dev libdhash-dev libcollection-dev
libini-config-dev dh-apparmor libglib2.0-dev dh-systemd

cd sssd-1.11.3/

# Check for additional missing dependencies and install them if necessary
dpkg-checkbuilddeps

# Modify changelog
dch --local ~bpo70+ --distribution wheezy-backports "Rebuild for
wheezy-backports."

# Build the package
dpkg-buildpackage -us -uc

# -------------------
# Now, on the target computer:

# Install samba (and smbclient if needed) from wheezy-backports
apt-get install samba smbclient -t wheezy-backports

# Install additional needed software
apt-get install krb5-user acl

# Install additional needed dependencies for libpwquality
apt-get install libcrack2

# Install libpwquality. Development libraries are usually not needed
dpkg -i libpam-pwquality*.deb libpwquality1*.deb
libpwquality-common*.deb libpwquality-tools*.deb python-pwquality*.deb

# Install additional needed dependencies for sssd
apt-get install libnspr4 libdhash1 libnss3 libc-ares2 libcollection2
libglib2.0-0 libnl-3-200 libnl-route-3-200 init-system-helpers
libini-config2

# VERY IMPORTANT! Although it is not listed as a dependency, you need
libsasl2-modules-gssapi-mit, otherwise authentication against LDAP/AD
won't work
apt-get install libsasl2-modules-gssapi-mit

# Install sssd. We don't really need all built packages. This is what
the metapackage "sssd" would install
dpkg -i libipa-hbac0*.deb libsss-idmap0*.deb libsss-nss-idmap0*.deb
python-sss*.deb sssd*.deb sssd-ad*.deb sssd-ad-common*.deb
sssd-common*.deb sssd-ipa*.deb sssd-krb5*.deb sssd-krb5-common*.deb
sssd-ldap*.deb sssd-proxy*.deb

# You probably also want libnss-sss, libpam-sss, libsss-sudo,
sssd-tools and some additional Python libraries
dpkg -i libnss-sss*.deb libpam-sss*.deb libsss-sudo*.deb
sssd-tools*.deb python-libipa-hbac*.deb python-libsss-nss-idmap*.deb

echo Enjoy!


More information about the samba mailing list