Sun Cluster Data Service for Samba Guide for Solaris OS

Installing and Configuring Samba

This section contains the procedures you need to install and configure Samba.

How to Install and Configure Samba

This section contains the procedures you need to install and configure Samba.

Determine how many Samba instances will be used.

Refer to Restriction for multiple Samba instances that require winbind for more information.

Determine which Solaris zone to use.

Refer to Determine which Solaris Zone Samba will run use for more information.

If a zone will be used, create the non-global zone or failover zone.

Refer to System Administration Guide: Solaris Containers-Resource Management and Solaris Zones for complete information about installing and configuring a Solaris Container.

Refer to Sun Cluster Data Service for Solaris Containers Guide for complete information about creating a failover zone.

Create a cluster file system or highly available local file system for the Samba files.

Refer to Restriction for the Location of Samba files for more information.

Refer to Sun Cluster Data Services Planning and Administration Guide for Solaris OS for more information about creating a cluster file system or highly available local file system.

Note –
You may also want to consider allocating additional space if you install Samba from http://www.samba.org.

Install Samba onto a cluster file system or highly available local file system.

Note –
Sun provides support for Samba that is packaged with Solaris 9 or 10, but does not offer support for Samba that has been downloaded and compiled from http://www.samba.org.
- Check Samba is installed on Solaris 9 or 10.
  
  Refer to How to Check Samba is installed with Solaris 9 or 10 for more information.
- Download and compile Samba from http://www.samba.org.
  
  Refer to How to Install and Configure Samba downloaded from http://www.samba.org for more information.

How to Check Samba is installed with Solaris 9 or 10

Samba is already installed and configured with Solaris 9 or 10 and included in the following packages SUNWsmbac, SUNWsmbar, SUNWsmbau, and SUNWsfman. Refer to the Freeware Features within the book Solaris 10 What's New to check if new features have been added to Samba packaged with Solaris 10.

Check the package information to verify that Samba is installed on every node.

# for i in SUNWsmbac SUNWsmbar SUNWsmbau SUNWsfman
> do
> pkginfo $i
> done
system      SUNWsmbac samba - A Windows SMB/CIFS fileserver for UNIX (client)
system      SUNWsmbar samba - A Windows SMB/CIFS fileserver for UNIX (Root)
system      SUNWsmbau samba - A Windows SMB/CIFS fileserver for UNIX (Usr)
system      SUNWsfman GNU and open source man pages

Check what Samba version is installed on every node.

# pkginfo -l SUNWsmbac
   PKGINST:  SUNWsmbac
      NAME:  samba - A Windows SMB/CIFS fileserver for UNIX (client)
  CATEGORY:  system
      ARCH:  i386
   VERSION:  11.10.0,REV=2005.01.08.01.09
   BASEDIR:  /
    VENDOR:  Sun Microsystems, Inc.
      DESC:  samba - A Windows SMB/CIFS fileserver for UNIX (client) 3.0.11
    PSTAMP:  sfw10-patch-x20050420163529
  INSTDATE:  Oct 03 2005 09:23
   HOTLINE:  Please contact your local service provider
    STATUS:  completely installed
     FILES:       13 installed pathnames
                   3 shared pathnames
                   3 directories
                  10 executables
               10937 blocks used (approx)

Next Steps

See How to Prepare Samba for Sun Cluster HA for Samba.

How to Install and Configure Samba downloaded from http://www.samba.org

If a newer version of Samba is required you can download and compile Samba from http://www.samba.org.

(Optional) Mount the highly available local file system.

It is recommended that you download and install Samba onto a cluster file system or highly available local file system. Doing so will allow you to have Samba installed in one location. You will also be able to mount the file system in Solaris zones.

If multiple Samba instances will be deployed you should use a cluster file system for the Samba binaries and either a cluster file system or highly available local file system for the Samba files.

Refer to Example 2 in Restriction for the Samba smb.conf files for an example of download and compiling Samba onto a cluster file system and using a highly available local file system for the Samba files for each Samba instance.

Alternatively, you can download and compile Samba onto local file system for each Solaris zone.

Note –
If a cluster file system is being used, the file system should already be mounted at boot as a global file system.
# mount samba-highly-available-local-file-system

Download and compile Samba from http://www.samba.org

Here Kerberos, OpenLDAP, and Samba will be downloaded and compiled.

Samba will use the idmap_rid facility to map a single ADS domain SIDs to Solaris UIDs and GIDs. You should determine what idmap is suitable for your installation.

Within this example the samba-highly-available-local-file-system is /local/samba, where the software is installed into /local/samba/software and compiled into /opt/samba.

For more information using these filenames refer to the following deployment example in Appendix B, Deployment Example: Installing Samba from http://www.samba.org where these commands have been has been taken.

Download, Extract and Install Kerberos.

Vigor5# cd /local/samba/software
Vigor5# wget http://web.mit.edu/kerberos/dist/krb5/1.4/krb5-1.4.3-signed.tar
Vigor5# tar -xfBp krb5*tar
Vigor5# gunzip -c krb5*.tar.gz | tar -xfBp -
Vigor5# rm krb5*tar*
Vigor5# cd krb5*/src
Vigor5# CC=/opt/SUNWspro/bin/cc ./configure --prefix=/opt/samba \
> --enable-dns-for-realm
Vigor5# make
Vigor5# make install

Download, Extract and Install OpenLDAP.

Note –

You must obtain a fix for Bug ID: 6419029 which describes a problem when compiling OpenLDAP before proceeding with this step.

Vigor5# cd /local/samba/software
Vigor5# wget \
> ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.3.24.tgz
Vigor5# gunzip -c openldap-2.3.24.tgz | tar -xfBp -
Vigor5# rm openldap-2.3.24.tgz
Vigor5# cd openldap*
Vigor5# CC=/opt/SUNWspro/bin/cc \
> CPPFLAGS="-I/opt/samba/include" \
> LDFLAGS="-L/opt/samba/lib -R/opt/samba/lib" ./configure --prefix=/opt/samba \
> --disable-slapd --disable-slurpd
Vigor5# make depend
Vigor5# make
Vigor5# make install

Download, Extract and Install Samba.

Vigor5# cd /local/samba/software
Vigor5# wget http://us3.samba.org/samba/ftp/old-versions/samba-3.0.22.tar.gz
Vigor5# gunzip -c samba-3.0.22.tar.gz | tar -xfBp -
Vigor5# rm samba-3.0.22.tar.gz
Vigor5# cd samba*/source
Vigor5# CC=/opt/SUNWspro/bin/cc \
> CFLAGS=-I/opt/samba/include \
> LDFLAGS="-L/opt/samba/lib -R/opt/samba/lib" ./configure --prefix=/opt/samba \
> --with-ads --with-krb5=/opt/samba --with-shared-modules=idmap_rid
Vigor5# make
Vigor5# make install

Copy winbind libnss_winbind.so to /usr/lib

# cd /local/samba/software/samba*/source
#
# cp nsswitch/libnss_winbind.so /usr/lib
# ln -s /usr/lib/libnss_winbind.so /usr/lib/libnss_winbind.so.1
# ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.1

Next Steps

See How to Prepare Samba for Sun Cluster HA for Samba.

How to Prepare Samba for Sun Cluster HA for Samba

This section contains the steps to prepare Samba for use with the Sun Cluster HA for Samba data service.

Some steps require that you use Samba commands, refer to the Docs and Books section with http://www.samba.org for the relevant man pages for more information of these Samba commands.

Perform this procedure on one node of the cluster, unless a specific step indicates otherwise.

If a non-global zone or failover zone is being used, ensure the zone is booted.

Repeat this step on all nodes on the cluster.
# zoneadm list -v
Boot the zone if it is not running.
# zoneadm -z zonename boot

Create the fault monitor user
1. If winbind is being used.
  
  Create the fault monitor user on the NT PDC or ADS server with no home directory, no user profile and no logon script. Set the Password never expire parameter to true and User cannot change password parameter to true.
2. If winbind is not being used.
  
  Repeat this step on all nodes or zones on the cluster.
  1. If the global zone is being used for Samba.
    # groupadd -g 1000 samba-fault-monitor-group # useradd -u 1000 -g 1000 -s /bin/false samba-fault-monitor-user
  2. If a non-global zone or failover zone is being used for Samba.
    
    Create the fault monitor user in the zone.
    # zlogin zonename groupadd -g 1000 samba-fault-monitor-group # zlogin zonename useradd -u 1000 -g 1000 -s /bin/false samba-fault-monitor-user
Note –
A local Samba fmuser also requires a local password. The settings in the smb.conf specify which password will be used.

If winbind is used, add winbind as a name service on all nodes with Sun Cluster

Repeat this step on all nodes or zones on the cluster.

Edit /etc/nsswitch.conf in the zones being used for Samba and add winbind to the passwd: and group: entries, for example:
# grep winbind /etc/nsswitch.conf passwd: files winbind group: files winbind

If winbind is used, disable the Name Service Cache Daemon on all nodes with Sun Cluster

Repeat this step on all nodes or zones on the cluster.
1. If running Solaris 9
  # /etc/init.d/nscd stop
2. If running Solaris 10
  1. If the global zone is being used for Samba.
    # svcadm disable name-service-cache
  2. If a non-global zone or failover zone is being used for Samba.
    # zlogin zonename svcadm disable name-service-cache

Create a cluster file system or highly available local file system

Perform this step on all nodes of the cluster.

You must create a cluster file system or highly available local file system for some Samba files. Refer to Restriction for the Location of Samba files for more information on what is meant by Samba files.

Refer to Sun Cluster Data Services Planning and Administration Guide for Solaris OS for more information about how to create a cluster file system or highly available local file system.

Mount the cluster file system or highly available local file system

Perform this step on one node of the cluster.
1. If the global zone is being used for Samba.
  # mount samba-highly-available-local-file-system
2. If a non-global zone or failover zone is being used for Samba.
  
  Create the mount point on all zones of the cluster that are being used for Samba.
  
  Mount the cluster file system or highly available local file system on one of the zones being used by Samba.
  # zlogin zonename mkdir samba-highly-available-local-file-system # # mount -F lofs samba-highly-available-local-file-system \ > /zonepath/root/samba-highly-available-local-file-system

Create the Samba configuration directory.

Repeat this step for each Samba or winbind instance on one node of the cluster.

Create the Samba configuration directory within the samba-highly-available-local-file-system.
# mkdir -p samba-configuration-directory # cd samba-configuration-directory # mkdir -p lib logs private shares var/locks
The following deployment example has been taken from Appendix A, Deployment Example: Installing Samba packaged with Solaris 10 where /local is the highly available local file system and /local/samba/smb1 is the samba-configuration-directory.
Vigor5# mkdir -p /local/samba/smb1 Vigor5# cd /local/samba/smb1 Vigor5# mkdir -p lib logs private shares var/locks

Create the smb.conf file within the configuration directory.

Repeat this step for each Samba or winbind instance on one node of the cluster.

Create a smb.conf file within the configuration directory that reflects the instance.

Refer to Required parameters for the Samba smb.conf file and the smb.conf[5] man page for an explanation of the required parameters.

The following deployment example has been taken from Appendix B, Deployment Example: Installing Samba from http://www.samba.org.

Vigor5# cat > /local/samba/smb1/lib/smb.conf <<-EOF
[global]
        workgroup = ADS
        bind interfaces only = yes
        interfaces = SMB1/255.255.255.0
        netbios name = SMB1
        security = ADS
        realm = ADS.EXAMPLE.COM
        password server = ADS.EXAMPLE.COM
        server string = Samba (%v) domain (%h)
        pid directory = /local/samba/smb1/var/locks
        log file = /local/samba/smb1/logs/log.%m
        smb passwd file = /local/samba/smb1/private/smbpasswd
        private dir = /local/samba/smb1/private
        lock dir = /local/samba/smb1/var/locks

        winbind cache time = 30
        allow trusted domains = no
        idmap backend = rid:ADS=100000-200000
        idmap uid = 100000-200000
        idmap gid = 100000-200000
        winbind enum groups = yes
        winbind enum users = yes
        winbind use default domain = yes

[scmondir]
        comment = Monitor directory for Sun Cluster
        path = /tmp
        browseable = No
EOF

Note –

If security = share is required then you must include guest only = yes within [scmondir].

Add the NetBIOS name entry to /etc/hosts and /etc/inet/ipnodes

Repeat this step on all nodes or zones on the cluster.

Edit /etc/hosts and /etc/inet/ipnodes in the zones being used for Samba and add the NetBIOS name entries, for example:

# egrep -e "SMB1|ADS" /etc/hosts /etc/inet/ipnodes
/etc/hosts:192.168.1.132	SMB1#20
/etc/hosts:192.168.1.9  	ADS.EXAMPLE.COM#20
/etc/inet/ipnodes:192.168.1.132	SMB1#20
/etc/inet/ipnodes:192.168.1.9  	ADS.EXAMPLE.COM#20

Note –

The name resolve order parameter in the smb.conf file will determine what naming service to use and in what order to resolve host names to IP addresses. Refer to the smb.conf[5] for more information.

The interfaces, netbios name and password server all require host name to IP address resolution.

If Samba will operate as an Active Directory Domain Member Server, create the Kerberos krb5.conf file.

Repeat this step on all nodes or zones on the cluster.

Create the /etc/krb5.conf file in the zones being used for Samba, that reflects the ADS realm. Refer to http://www.samba.org for complete information about installing and configuring Samba as a ADS domain member.

The following deployment example has been taken from Appendix B, Deployment Example: Installing Samba from http://www.samba.org.

Vigor5# cat > /etc/krb5.conf <<-EOF
[libdefaults]
        default_realm = ADS.EXAMPLE.COM

[realms]
        ADS.EXAMPLE.COM = {
                kdc = 192.168.1.9
                admin_server = 192.168.1.9
        }

[domain_realm]
        .your.domain.name = ADS.EXAMPLE.COM
        your.domain.name = ADS.EXAMPLE.COM
EOF
Vigor5#
Vigor5# rm /etc/krb5/krb5.conf
Vigor5# ln -s /etc/krb5.conf /etc/krb5/krb5.conf

Configure the logical host

Perform this step on one node of the cluster.

The samba-logical-host should be the value you specified for the interfaces parameter when you created the smb.conf file in Step 8.
1. If the global zone only is being used for Samba.
  # ifconfig interface addif samba-logical-host up
2. If a non-global zone or failover zone is being used for Samba.
  
  Configure the logical host within the zone.
  # ifconfig interface addif samba-logical-host up zone zonename

Test the smb.conf file

Perform this step on one node or zone of the cluster.

If the global zone is being used for Samba.

# samba-bin-directory/testparm \
> samba-configuration-directory/lib/smb.conf