Use this procedure to install and configure Samba.
Determine how Samba will be deployed in Sun Cluster – Here you need to determine how Samba will be deployed.
Determine how many Samba instances will be deployed.
Determine if Winbind will be deployed.
Determine which Cluster File System will be used by each Samba instance and Winbind Instance, if deployed.
Mount the Samba Cluster File Systems – Once you have determined how Samba and Winbind will be deployed within Sun Cluster, you must ensure the Cluster File Systems are mounted.
If Failover File Systems will be used by the Samba instance, you must mount these manually.
Install Samba onto all nodes within Sun Cluster – It is recommended that Samba be installed onto a Global File System, however for a discussion of the advantages and disadvantages of installing the software on local versus cluster files systems, see “Determining the Location of the Application Binaries” on page 3 of the Sun Cluster Data Services Installation and Configuration Guide.
Download Samba from http://www.samba.org — Ensure that /usr/local/samba is a Cluster File System or has a symbolic link to a Cluster File System. However, if you intend to use local disks for the Samba software, you will need to repeat this step on all nodes within Sun Cluster.
The following example shows the Samba installation with winbind after it has been download, unzipped and extracted.
# cd <samba_install_directory>/source # # ./configure --with-winbind --with-pam # # make # # make install |
Alternatively, install Samba from the Solaris 9 CD — The following packages must be installed onto all nodes within Sun Cluster that will run the Samba service.
SUNWsmbac
SUNWsmbar
SUNWsmbau
SUNWsfman
Create an entry for the fault monitor user
If winbind is not being used
Create an entry in /etc/group on all nodes with Sun Cluster.
# groupadd -g 1000 <fmgroup> |
Create an entry in /etc/passwd on all nodes within Sun Cluster. This user should have a locked password, no shell and no home directory.
# useradd -u 1000 -g 1000 -s /bin/false <fmuser> |
If winbind is being used
Create the fault monitor user on the NT PDC with no home directory, no user profiles and no logon script. Also set the Password never expire parameter to true and User cannot change password parameter to true.
Create some required directories for your Samba Instance(s) – If you are deploying multiple instances of Samba, you will need to repeat this step for each Samba instance, ie each samba-configuration-directory. Furthermore a directory for any shares should be created, although this directory name can be a name of your choice.
# cd <samba-configuration-directory> # # mkdir -p lib logs private shares var/locks |
Refer back to Configuration Restrictions for a description of the <samba-configuration-directory> and to Installing and Configuring Samba for a list of common pathnames used from the examples in Configuration Restrictions and in the further example below.
The following example shows two Samba instances named SAMBA1 and SAMBA2. Samba has been installed from http://www.samba.org and /usr/local/samba has been symbolically linked to /global/samba which is mounted as a Global File System. The samba-configuration-directory for SAMBA 1 is /global/samba/SAMBA1 and the samba-configuration-directory for SAMBA2 is /global/samba/SAMBA2.
# ls -l /usr/local/samba lrwxrwxrwx 1 root other 13 Oct 11 11:20 /usr/local/samba -> /global/samba # # cd /global/samba # # ls -l total 18 drwxr-xr-x 2 root other 512 Oct 11 15:00 bin drwxr-xr-x 3 root other 512 Oct 14 13:49 lib drwxr-xr-x 6 root other 512 Oct 11 15:00 man drwxr-xr-x 2 root other 512 Oct 14 10:05 private drwxr-xr-x 7 root other 512 Oct 14 13:39 SAMBA1 drwxr-xr-x 7 root other 512 Oct 14 13:40 SAMBA2 drwxr-xr-x 6 root other 512 Oct 11 15:01 swat drwxr-xr-x 3 root other 512 Oct 14 10:45 var drwxr-xr-x 2 root other 512 Jan 17 09:28 winbind # # cd SAMBA1 # # mkdir -p lib logs private shares var/locks # # cd ../SAMBA2 # # mkdir -p lib logs private shares var/locks |
Create the Samba smb.conf file according to your requirements — The Sun Cluster HA for Samba data service provides a sample smb.conf file for Samba.
If the Sun Cluster HA for Samba package (SUNWscsmb) was not installed during your initial Sun Cluster installation, you should proceed to Installing the Sun Cluster HA for Samba Packages to install it. Afterwards, return back here to continue the Installation and Configuration of Samba.
The contents of /opt/SUNWscsmb/samba/etc/smb.conf_sample provides a sample Samba configuration file that you can use to create your Samba instance <samba-configuration-directory>/lib/smb.conf. However, note that you must still edit that file to reflect your configuration values.
# cp /opt/SUNWscsmb/samba/etc/smb.conf_sample \ <samba-configuration-directory>/lib/smb.conf |
If the Winbind component is being installed, then after smb.conf_sample has been copied, you will need to add the following entries into the global section of <samba-configuration-directory>/lib/smb.conf. Be aware that these values shown below are the default values taken from the smb.conf[5] man page.
winbind uid = 10000-20000 winbind gid = 10000-20000 winbind enum users = yes winbind enum groups = yes |
pid directory must point to <samba-configuration-directory>/var/locks, as specified within smb.conf_sample .
Test the Samba smb.conf file — Once the Samba smb.conf file has been created you should test the configuration before proceeding.
# <samba-bin-directory>/testparm \ <samba-configuration-directory>/lib/smb.conf |
If configured as an NT Domain Member, join the domain
# <samba-bin-directory>/smbpasswd \ -c <samba-configuration-directory>/lib/smb.conf \ -j <DOMAIN> -r <PDC >\ -U <Administrator on the PDC> |
If successful, you will receive the following message.
# smbpasswd: Joined domain <DOMAIN> |
If configured as an NT PDC or with security = user, add the fault monitor user
# <samba-bin-directory>/smbpasswd \ -c <samba-configuration-directory>/lib/smb.conf \ -a <fmuser> |
With Samba v2.2.2, currently packaged with Solaris 9, the smbpasswd program will not recognize the -c parameter and subsequently will try to look for the smb.conf file in /etc/sfw. To workaround this, create a symbolic link from /etc/sfw/smb.conf to <samba-configuration-directory>/lib/smb.conf. If multiple Samba instances are being deployed, you will need to delete the symbolic link and repeat the process for each Samba instance.
Create some required directories for your Winbind Instance – The remaining steps are only required if the Winbind component will be used. Otherwise you can skip the remaining steps and proceed to Verifying the Installation and Configuration of Samba.
If you are deploying Winbind, you will need to create the following directories and symbolic link within the winbind-configuration-directory.
# cd <winbind-configuration-directory> # # mkdir -p lib locks private var # mkdir -p /var/winbind/pid # ln -s /var/winbind/pid var/locks |
Refer back to Configuration Restrictions for a description of the <winbind-configuration-directory> and to Installing and Configuring Samba for a list of common pathnames used from the examples in Configuration Restrictions and in the further example below.
The following example shows the Winbind instance. Samba has been installed from http://www.samba.org and /usr/local/samba has been symbolically linked to /global/samba which is mounted as a Global File System. The winbind-configuration-directory for Winbind is /global/samba/winbind.
# ls -l /usr/local/samba lrwxrwxrwx 1 root other 13 Oct 11 11:20 /usr/local/samba -> /global/samba # # cd /global/samba # # ls -l total 18 drwxr-xr-x 2 root other 512 Oct 11 15:00 bin drwxr-xr-x 3 root other 512 Oct 14 13:49 lib drwxr-xr-x 6 root other 512 Oct 11 15:00 man drwxr-xr-x 2 root other 512 Oct 14 10:05 private drwxr-xr-x 7 root other 512 Oct 14 13:39 SAMBA1 drwxr-xr-x 7 root other 512 Oct 14 13:40 SAMBA2 drwxr-xr-x 6 root other 512 Oct 11 15:01 swat drwxr-xr-x 3 root other 512 Oct 14 10:45 var drwxr-xr-x 2 root other 512 Jan 17 09:28 winbind # # cd winbind # # mkdir -p lib locks private var # mkdir -p /var/winbind/pid # ln -s /var/winbind/pid var/locks |
Create the Winbind smb.conf file according to your requirements (if required) — The Sun Cluster HA for Samba data service provides a sample smb.conf file for Winbind.
If the Sun Cluster HA for Samba package (SUNWscsmb) was not installed during your initial Sun Cluster installation, you should proceed to Installing the Sun Cluster HA for Samba Packages to install it. Afterwards, return back here to continue the Installation and Configuration of Samba.
The contents of /opt/SUNWscsmb/winbind/etc/smb.conf_sample provides a sample Winbind configuration file that you can use to create your Winbind instance <winbind-configuration-directory>/lib/smb.conf. However, note that you must still edit that file to reflect your configuration values. In addition the following entry needs to be added to the [global] section within the smb.conf file.
# cp /opt/SUNWscsmb/winbind/etc/smb.conf_sample \ <winbind-configuration-directory>/lib/smb.conf |
After smb.conf_sample has been copied, you will need to add the following entries into the [global] section of <winbind-configuration-directory>/lib/smb.conf.
smb passwd file = <winbind-configuration-directory>/private lock directory = <winbind-configuration-directory>/locks pid directory = <winbind-configuration-directory>/var/locks |
If the Winbind component will operate as a scalable service then the Winbind configuration directory must be mounted as a Global File System. See the winbindd(8) man page for a discussion on Name and ID Resolution being stored in a database under the lock directory.
pid directory must point to configuration directory /var/locks. In addition, ensure that configuration directory /var/locks is a symbolic link to a local file system ie /var/winbind/pid.
Add winbind as a name service — Add winbind as a name service to /etc/nsswitch.conf for passwd and group , on all nodes that will run the Sun Cluster HA for Samba data service.
# grep winbind /etc/nsswitch.conf passwd: files winbind group: files winbind |
Copy and create some symbolic links — Some files and symbolic links need to be setup for winbind on all nodes that will run the Sun Cluster HA for Samba data service.
# cd <samba-install-directory> # # cp source/nsswitch/libnss_winbind.so /usr/lib # # ln -s /usr/lib/libnss_winbind.so /usr/lib/libnss_winbind.so.1 # # ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.1 |
On one node start winbind
Depending on how Samba was installed, the winbind program maybe located within the <samba-bin-directory> or <samba-sbin-directory>
# <samba-[s]bin-directory>/winbindd & |
Populate the secrets.tdb database
# getent passwd # getent group |
Shutdown winbindd
# pkill -TERM winbindd |