Installing and Configuring Samba

This section contains the procedures you need to install and configure Samba.

Throughout the next sections, references will be made to certain directories for Samba or Winbind. The following list shows common pathnames for these references as shown in previous examples. Refer to Configuration Restrictions where these examples appear.

• Samba installed from http://www.samba.org on a Global File System, with Samba instances and Winbind on a Global File System (Example 1–1)

  • Samba-bin-directory — /global/samba/bin

  • Samba-sbin-directory — /global/samba/sbin or

    /global/samba/bin if Samba was installed with default settings.

  • Samba-configuration-directory — /global/samba/SAMBA1

  • Winbind-configuration-directory — /global/samba/winbind

• Samba installed from Solaris 9 on a Local File System, with Samba instances on a Failover File System (Example 1–2)

  • Samba-bin-directory — /usr/sfw/bin

  • Samba-sbin-directory — /usr/sfw/sbin

  • Samba-configuration-directory — /local/samba/SMB1

How to Install and Configure Samba

1. Determine how Samba will be deployed in Sun Cluster.

   • Determine how many Samba instances will be deployed.

   • Determine whether Winbind will be deployed.

   • Determine which Cluster File System will be used by each Samba instance and Winbind Instance, if deployed.

2. Mount the Samba Cluster File Systems .

   ---

   Note –

   If Failover File Systems will be used by the Samba instance, you must mount these manually.

   ---

3. Install Samba onto all nodes within Sun Cluster.

   It is recommended that you install Samba onto a Global File System. For a discussion of the advantages and disadvantages of installing the software on local versus cluster files systems, see “Determining the Location of the Application Binaries” of the Sun Cluster Data Services Installation and Configuration Guide.

   • Download Samba from http://www.samba.org.

     Ensure that /usr/local/samba is a Cluster File System or has a symbolic link to a Cluster File System. If you intend to use local disks for the Samba software, repeat this step on all nodes within Sun Cluster.

     Example 1–4 shows the Samba installation with winbind for 2.2.8a after it has been download, unzipped, and extracted. Read the Samba documents for building Samba 3 with ADS (Active Directory Support) support.

     ---

     Example 1–4 Samba installation from http://www.samba.org

     
     

     # cd <samba_install_directory>/source # # ./configure --with-winbind --with-pam # # make # # make install

     ---

   • Alternatively, install Samba from the Solaris 9 CD.

     You must install the following packages onto all nodes within Sun Cluster that will run the Samba service.

     • SUNWsmbac

     • SUNWsmbar

     • SUNWsmbau

     • SUNWsfman

4. Create an entry for the fault monitor user.

   • If winbind is not being used:

     Create an entry in /etc/group on all nodes with Sun Cluster.

     # groupadd -g 1000 <fmgroup>

     Create an entry in /etc/passwd on all nodes within Sun Cluster. This user should have a locked password, no shell and no home directory.

     # useradd -u 1000 -g 1000 -s /bin/false <fmuser>

   • If winbind is being used:

     Create the fault monitor user on the NT PDC/ Windows 200x server with no home directory, no user profiles and no logon script. Set the Password never expire parameter to true and User cannot change password parameter to true.

5. Create required directories for your Samba Instance(s):

   If you are deploying multiple instances of Samba, repeat this step for each Samba instance, that is each samba-configuration-directory. Create a directory for any shares, although this directory name can be a name of your choice.

   # cd <samba-configuration-directory> # # mkdir -p lib logs private shares var/locks

   ---

   Note –

   Refer back to Configuration Restrictions for a description of the <samba-configuration-directory> and to Installing and Configuring Samba for a list of common pathnames used from the examples.

   ---

   Example 1–5 shows two Samba instances named SAMBA1 and SAMBA2. Samba has been installed from http://www.samba.org and /usr/local/samba has been symbolically linked to /global/samba which is mounted as a Global File System. The samba-configuration-directory for SAMBA 1 is /global/samba/SAMBA1 and the samba-configuration-directory for SAMBA2 is /global/samba/SAMBA2.

   ---

   Example 1–5 Directories for Samba instances named SAMBA1 and SAMBA2

   
   

   # ls -l /usr/local/samba lrwxrwxrwx 1 root other 13 Oct 11 11:20 /usr/local/samba -> /global/samba # # cd /global/samba # # ls -l total 18 drwxr-xr-x 2 root other 512 Oct 11 15:00 bin drwxr-xr-x 3 root other 512 Oct 14 13:49 lib drwxr-xr-x 6 root other 512 Oct 11 15:00 man drwxr-xr-x 2 root other 512 Oct 14 10:05 private drwxr-xr-x 7 root other 512 Oct 14 13:39 SAMBA1 drwxr-xr-x 7 root other 512 Oct 14 13:40 SAMBA2 drwxr-xr-x 6 root other 512 Oct 11 15:01 swat drwxr-xr-x 3 root other 512 Oct 14 10:45 var drwxr-xr-x 2 root other 512 Jan 17 09:28 winbind # # cd SAMBA1 # # mkdir -p lib logs private shares var/locks # # cd ../SAMBA2 # # mkdir -p lib logs private shares var/locks

   ---

6. Create the Samba smb.conf file according to your requirements.

   The Sun Cluster HA for Samba data service provides a sample smb.conf file for Samba.

   ---

   Note –

   If the Sun Cluster HA for Samba package (SUNWscsmb) was not installed during Sun Cluster installation, proceed to Installing the Sun Cluster HA for Samba Packages. Return back here to continue the installation and configuration of Samba.

   ---

   The contents of /opt/SUNWscsmb/samba/etc/smb.conf_sample provide a sample Samba configuration file that you can use to create your Samba instance <samba-configuration-directory>/lib/smb.conf. You must still edit that file to reflect your configuration values.

   # cp /opt/SUNWscsmb/samba/etc/smb.conf_sample \ <samba-configuration-directory>/lib/smb.conf

   If you are installing the Winbind component , then after smb.conf_sample has been copied, add the following entries into the global section of <samba-configuration-directory>/lib/smb.conf. The values shown below are the default values taken from the smb.conf[5] man page.

   winbind uid = 10000-20000 winbind gid = 10000-20000 winbind enum users = yes winbind enum groups = yes

   ---

   Note –

   pid directory must point to <samba-configuration-directory>/var/locks, as specified within smb.conf_sample.

   ---

7. Test the Samba smb.conf file.

   # <samba-bin-directory>/testparm \ <samba-configuration-directory>/lib/smb.conf

8. If configured as an NT Domain Member and using Samba 2.2.x , join the domain

   # <samba-bin-directory>/smbpasswd \ -c <samba-configuration-directory>/lib/smb.conf \ -j <DOMAIN> -r <PDC >\ -U <Administrator on the PDC>

   If successful, you will receive the following message.

   # smbpasswd: Joined domain <DOMAIN>

9. If configured as an NT Domain Member and using Samba 3.0.x , join the domain

   # <samba-bin-directory>/net \ -s <samba-configuration-directory>/lib/smb.conf \ RPC JOIN -U <Administrator on the PDC>

   If successful, you will receive the following message.

   # Joined domain <DOMAIN>

10. If configured as an Windows 200x Domain Member with ADS support, join the domain

    # <samba-bin-directory>/net \ -s <samba-configuration-directory>/lib/smb.conf \ ADS JOIN \ -U <Administrator on the Windows 200x Domain>

    If successful, you will receive the following message.

    # Joined <NETBIOS> to realm <REALM>

11. If configured as an PDC or with security = user, add the fault monitor user

    # <samba-bin-directory>/smbpasswd \ -c <samba-configuration-directory>/lib/smb.conf \ -a <fmuser>

    ---

    Note –

    With Samba v2.2.2, packaged with Solaris 9, the smbpasswd program will not recognize the -c parameter and will look for the smb.conf file in /etc/sfw. To workaround this, create a symbolic link from /etc/sfw/smb.conf to <samba-configuration-directory>/lib/smb.conf. If multiple Samba instances are being deployed, you will need to delete the symbolic link and repeat the process for each Samba instance.

    If patch 114684–01 or later is installed then smbpasswd will reconize the -c parameter.

    If Samba 3.0.x is being used, you can use pdbedit to add users to other password backends. Read the Samba documents for the usage of pdbedit and other password backends

    ---

12. Create required directories for your Winbind Instance.

    The remaining steps are required only if the Winbind component. Otherwise, you can skip the remaining steps and proceed to Verifying the Installation and Configuration of Samba.

    If you are deploying Winbind, create the following directories and symbolic link within the winbind-configuration-directory.

    # cd <winbind-configuration-directory> # # mkdir -p lib locks private var # mkdir -p /var/winbind/pid # ln -s /var/winbind/pid var/locks

    ---

    Note –

    Refer to Configuration Restrictions for a description of the <winbind-configuration-directory> and to Installing and Configuring Samba for a list of common pathnames used from the examples.

    ---

    Example 1–6 shows the Winbind instance. Samba has been installed from http://www.samba.org, and /usr/local/samba has been symbolically linked to /global/samba, which is mounted as a Global File System. The winbind-configuration-directory for Winbind is /global/samba/winbind.

    ---

    Example 1–6 Directories for Winbind instance named winbind

    
    

    # ls -l /usr/local/samba lrwxrwxrwx 1 root other 13 Oct 11 11:20 /usr/local/samba -> /global/samba # # cd /global/samba # # ls -l total 18 drwxr-xr-x 2 root other 512 Oct 11 15:00 bin drwxr-xr-x 3 root other 512 Oct 14 13:49 lib drwxr-xr-x 6 root other 512 Oct 11 15:00 man drwxr-xr-x 2 root other 512 Oct 14 10:05 private drwxr-xr-x 7 root other 512 Oct 14 13:39 SAMBA1 drwxr-xr-x 7 root other 512 Oct 14 13:40 SAMBA2 drwxr-xr-x 6 root other 512 Oct 11 15:01 swat drwxr-xr-x 3 root other 512 Oct 14 10:45 var drwxr-xr-x 2 root other 512 Jan 17 09:28 winbind # # cd winbind # # mkdir -p lib locks private var # mkdir -p /var/winbind/pid # ln -s /var/winbind/pid var/locks

    ---

13. Create the Winbind smb.conf file according to your requirements.

    The Sun Cluster HA for Samba data service provides a sample smb.conf file for Winbind.

    ---

    Note –

    If the Sun Cluster HA for Samba package (SUNWscsmb) was not installed during your Sun Cluster installation, proceed to Installing the Sun Cluster HA for Samba Packages. Return here to continue the Installation and Configuration of Samba.

    If the winbind resource will not run as a scalable resource, you can use the same configuration directory as Samba and update the smb.conf file with winbind parameters.

    ---

    The contents of /opt/SUNWscsmb/winbind/etc/smb.conf_sample provide a sample Winbind configuration file that you can use to create your Winbind instance <winbind-configuration-directory>/lib/smb.conf. You must edit that file to reflect your configuration values. In addition, you need to add the following entry to the [global] section within the smb.conf file.

    # cp /opt/SUNWscsmb/winbind/etc/smb.conf_sample \ <winbind-configuration-directory>/lib/smb.conf

    After smb.conf_sample has been copied, add the following entries into the [global] section of <winbind-configuration-directory>/lib/smb.conf.

    smb passwd file = <winbind-configuration-directory>/private lock directory = <winbind-configuration-directory>/locks pid directory = <winbind-configuration-directory>/var/locks

    ---

    Note –

    If the Winbind component will operate as a scalable service, then you must mount the Winbind configuration directory as a Global File System. See the winbindd(8) man page for a discussion on Name and ID Resolution being stored in a database under the lock directory.

    pid directory must point to configuration directory /var/locks. In addition, ensure that configuration directory /var/locks is a symbolic link to a local file system ie /var/winbind/pid.

    ---

14. Add winbind as a name service to /etc/nsswitch.conf for passwd and group on all nodes that will run the Sun Cluster HA for Samba data service.

    # grep winbind /etc/nsswitch.conf passwd: files winbind group: files winbind

15. Copy and create some symbolic links.

    You must setup some files and symbolic links for winbind on all nodes that will run the Sun Cluster HA for Samba data service.

    # cd <samba-install-directory> # # cp source/nsswitch/libnss_winbind.so /usr/lib # # ln -s /usr/lib/libnss_winbind.so /usr/lib/libnss_winbind.so.1 # # ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.1

16. On one node start winbind.

    ---

    Note –

    Depending on how Samba was installed, the winbind program may be located within the <samba-bin-directory> or <samba-sbin-directory>.

    ---

    # <samba-[s]bin-directory>/winbindd -s <winbind-configuration-directory>/lib/smb.conf

17. Populate the winbind database.

    # getent passwd # getent group

18. Shutdown winbindd.

    # pkill -TERM winbindd