This appendix presents a complete example of how to install and configure the Samba application and data service in the global and non-global zone. It presents a simple node cluster configuration. If you need to install the application in any other configuration, refer to the general-purpose procedures presented elsewhere in this manual.
This example uses a single-node cluster with the following node and zone names:
The physical node, which owns the file system.
A whole root non-global zone named whole.
A sparse root non-global zone named sparse.
This deployment example uses the following software products and versions:
Solaris 10 6/06 software for SPARC or x86 platforms
Sun Cluster 3.2 core software
Sun Cluster HA for Samba data service
Sun Studio 11
wget program
Samba download from http://www.samba.org
This example assumes that you have already installed and established your cluster. It illustrates installation and configuration of the data service application only.
The instructions in this example were developed with the following assumptions:
Shell environment: All commands and the environment setup in this example are for the Korn shell environment. If you use a different shell, replace any Korn shell-specific information or instructions with the appropriate information for you preferred shell environment.
User login: Unless otherwise specified, perform all procedures as superuser or assume a role that provides solaris.cluster.admin, solaris.cluster.modify, and solaris.cluster.read RBAC authorization.
This deployment example is designed for a single-node cluster. It is provided simply as a concise guide to help you if you need to refer to an installation and configuration of Samba.
This deployment example is not meant to be a precise guide as there are several alternate ways to install and configure Samba.
If you need to install Samba in any other configuration, refer to the general purpose procedures elsewhere in this manual.
The instructions within this deployment example assumes that you are using the Samba downloaded from http://www.samba.org and will configure Samba on a ZFS highly available local file system .
Samba will be configured as an Active Directory Member Server. You will need access to a Windows 2003 Enterprise Server configured as an Active Directory Server as within this deployment example the Samba server will join the Active Directory Server.
The cluster resource group will be configured to failover between the global zone and two non-global zones on a single node cluster.
The tasks you must perform to install and configure Samba in the global and non-global zones are as follows:
Install and configure the cluster as instructed in Sun Cluster Software Installation Guide for Solaris OS.
Install the following cluster software components on node Vigor5.
Sun Cluster core software
Sun Cluster data service for Samba
Install the following utility software.
Install the following utility software on node Vigor5.
wget
Sun Studio 11
Add the logical host name and ADS host name to /etc/hosts and /etc/inet/ipnodes.
Vigor5# egrep -e 'SMB1|ADS' /etc/hosts /etc/inet/ipnodes /etc/hosts:192.168.1.9 ADS#20 /etc/hosts:192.168.1.132 SMB1#20 /etc/inet/ipnodes:192.168.1.9 ADS#20 /etc/inet/ipnodes:192.168.1.132 SMB1#20 |
Install and configure a Zettabyte File System.
The following zpool definition represents a very basic configuration for deployment on a single-node cluster.
You should not consider this example for use within a productive deployment, instead it is a very basic configuration for testing or development purposes only.
In this task you will install two Solaris Containers on Vigor5.
On local cluster storage create a directory for the non-global zones root path.
Vigor5# mkdir /zones |
Create a temporary file for the whole root zone, for example /tmp/whole, and include the following entries.
Vigor5# cat > /tmp/whole <<-EOF create -b set zonepath=/zones/whole EOF |
Create a temporary file for the sparse root zone, for example /tmp/sparse, and include the following entries.
Vigor5# cat > /tmp/sparse <<-EOF create set zonepath=/zones/sparse EOF |
Configure the non-global zones, using the files you created.
Vigor5# zonecfg -z whole -f /tmp/whole Vigor5# zonecfg -z sparse -f /tmp/sparse |
Install the zones.
Open two windows and issue the following command in each window.
Vigor5# zoneadm -z whole install Vigor5# zoneadm -z sparse install |
Boot the zones.
Vigor5# zoneadm -z whole boot Vigor5# zoneadm -z sparse boot |
Log in to the zones and complete the zone system identification.
Vigor5# zlogin -C whole Vigor5# zlogin -C sparse |
Close the terminal windows and disconnect from the zone consoles.
After you have completed the zone system identification, disconnect from the two windows your previously opened.
Vigo5# ~. |
Create local mount points for the HA-ZFS file system with in the zones.
Vigor5# zlogin whole mkdir /local Vigor5# zlogin sparse mkdir /local |
Register the necessary data types on the single node cluster.
Vigor5# clresourcetype register SUNW.gds SUNW.HAStoragePlus |
Create the Samba resource group.
Vigor5# clresourcegroup create -n Vigor5,Vigor5:whole,Vigor5:sparse samba-rg |
Create the logical host.
Vigor5# clreslogicalhostname create -g samba-rg -h SMB1 samba-lh |
Create the HAStoragePlus resource in the samba-rg resource group.
Vigor5# clresource create -g samba-rg -t SUNW.HAStoragePlus \ > -p Zpools=HAZpool sambaZFS-has |
Enable the resource group.
Vigor5# clresourcegroup online -M samba-rg |
Setup your PATH environment.
You PATH must contain the wget utility.
Vigor5# PATH=/usr/cluster/bin:/opt/SUNWspro/bin:/usr/sfw/bin: \ > /usr/sbin:/usr/bin:/usr/ccs/bin Vigor5# export PATH |
Setup install directories in the global zone.
Vigor5# cd /local/samba Vigor5# mkdir 3.2.22 software Vigor5# ln -s 3.0.22 latest Vigor5# ln -s /local/samba/latest /opt/samba |
Setup install directories in the non-global zones.
Vigor5# zlogin whole ln -s /local/samba/latest /opt/samba Vigor5# zlogin sparse ln -s /local/samba/latest /opt/samba |
Download, Extract and Install Kerberos.
Vigor5# cd /local/samba/software Vigor5# wget http://web.mit.edu/kerberos/dist/krb5/1.4/krb5-1.4.3-signed.tar Vigor5# tar -xfBp krb5*tar Vigor5# gunzip -c krb5*.tar.gz | tar -xfBp - Vigor5# rm krb5*tar* Vigor5# cd krb5*/src Vigor5# CC=/opt/SUNWspro/bin/cc ./configure --prefix=/opt/samba \ > --enable-dns-for-realm Vigor5# make Vigor5# make install |
Download, extract and install OpenLDAP.
You must obtain a fix for Bug ID: 6419029 which describes a problem when compiling OpenLDAP before proceeding with this step.
Vigor5# cd /local/samba/software Vigor5# wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.3.24.tgz Vigor5# gunzip -c openldap-2.3.24.tgz | tar -xfBp - Vigor5# rm openldap-2.3.24.tgz Vigor5# cd openldap* Vigor5# CC=/opt/SUNWspro/bin/cc \ > CPPFLAGS="-I/opt/samba/include" \ > LDFLAGS="-L/opt/samba/lib -R/opt/samba/lib" ./configure --prefix=/opt/samba \ > --disable-slapd --disable-slurpd Vigor5# make depend Vigor5# make Vigor5# make install |
Download, extract and install Samba.
Vigor5# cd /local/samba/software Vigor5# wget http://us3.samba.org/samba/ftp/old-versions/samba-3.0.22.tar.gz Vigor5# gunzip -c samba-3.0.22.tar.gz | tar -xfBp - Vigor5# rm samba-3.0.22.tar.gz Vigor5# cd samba*/source Vigor5# CC=/opt/SUNWspro/bin/cc \ > CFLAGS=-I/opt/samba/include \ > LDFLAGS="-L/opt/samba/lib -R/opt/samba/lib" ./configure --prefix=/opt/samba \ > --with-ads --with-krb5=/opt/samba --with-shared-modules=idmap_rid Vigor5# make Vigor5# make install |
Copy and symlink winbind files in the global zone.
Vigor5# cd /local/samba/software Vigor5# cp nsswitch/libnss_winbind.so /usr/lib Vigor5# ln -s /usr/lib/libnss_winbind.so /usr/lib/libnss_winbind.so.1 Vigor5# ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.1 |
Copy and symlink winbind files in the non-global zones.
The sparse zone inherits /usr/lib, so this step is only required for the whole zone.
Vigor5# cd /local/samba/software Vigor5# cp nsswitch/libnss_winbind.so /zones/whole/root/usr/lib Vigor5# ln -s /usr/lib/libnss_winbind.so /zones/whole/root/usr/lib/libnss_winbind.so.1 Vigor5# ln -s /usr/lib/libnss_winbind.so /zones/whole/root/usr/lib/nss_winbind.so.1 |
Setup and symlink the Kerberos krb5.conf file in the global zone.
Vigor5# cat > /etc/krb5.conf <<-EOF [libdefaults] default_realm = ADS.EXAMPLE.COM [realms] ADS.EXAMPLE.COM = { kdc = 192.168.1.9 admin_server = 192.168.1.9 } [domain_realm] .your.domain.name = ADS.EXAMPLE.COM your.domain.name = ADS.EXAMPLE.COM EOF Vigor5# Vigor5# rm /etc/krb5/krb5.conf Vigor5# ln -s /etc/krb5.conf /etc/krb5/krb5.conf |
Create the Samba Configuration Directory.
Vigor5# mkdir -p /local/samba/smb1 Vigor5# cd /local/samba/smb1 Vigor5# mkdir -p lib logs private shares var/locks |
Create the Samba smb.conf Configuration File.
Vigor5# cat > /local/samba/smb1/lib/smb.conf <<-EOF [global] workgroup = ADS bind interfaces only = yes interfaces = SMB1/255.255.255.0 netbios name = SMB1 security = ADS realm = ADS.EXAMPLE.COM password server = ADS.EXAMPLE.COM server string = Samba (%v) domain (%h) pid directory = /local/samba/smb1/var/locks log file = /local/samba/smb1/logs/log.%m smb passwd file = /local/samba/smb1/private/smbpasswd private dir = /local/samba/smb1/private lock dir = /local/samba/smb1/var/locks winbind cache time = 30 allow trusted domains = no idmap backend = rid:ADS=100000-200000 idmap uid = 100000-200000 idmap gid = 100000-200000 winbind enum groups = yes winbind enum users = yes winbind use default domain = yes [scmondir] comment = Monitor directory for Sun Cluster path = /tmp browseable = No EOF |
Test the Samba smb.conf Configuration File.
Vigor5# /opt/samba/bin/testparm -s /local/samba/smb1/lib/smb.conf |
Join the Active Directory Server.
Vigor5# /opt/samba/bin/net -s /local/samba/smb1/lib/smb.conf ads join -U Administrator |
Start winbind using the winbindd program.
Vigor5# /opt/samba/sbin/winbindd -s /local/samba/smb1/lib/smb.conf Vigor5# getent passwd Vigor5# getent group Vigor5# getent passwd homer |
Start Samba using the smbd program.
Vigor5# /opt/samba/sbin/smbd -s /local/samba/smb1/lib/smb.conf -D |
Connect to Samba using the smbclient program.
Vigor5# /opt/samba/bin/smbclient -N -L SMB1 -s /local/samba/smb1/lib/smb.conf Vigor5# Vigor5# /opt/samba/bin/smbclient '\\SMB1\scmondir' -U homer -c 'pwd;exit' \ > -s /local/samba/smb1/lib/smb.conf |
Stop Samba and winbind.
Vigor5# pkill -TERM smbd Vigor5# pkill -TERM winbindd |
Create the Sun Cluster HA for Samba Configuration file for winbind.
Vigor5# cat > /var/tmp/winbind_config <<-EOF #+++ Resource Specific Parameters +++ RS=winbind RG=samba-rg RS_LH=samba-lh RS_HAS=sambaZFS-has SERVICES="winbindd" #+++ Common Parameters +++ BINDIR=/opt/samba/bin SBINDIR=/opt/samba/sbin CFGDIR=/local/samba/smb1 LDPATH=/opt/samba/lib FMUSER=homer #+++ SMBD & NMBD Specific Parameters (See Note 1) +++ SAMBA_LOGDIR= SAMBA_FMPASS= SAMBA_FMDOMAIN= #+++ WINBIND Specific Parameters (See Note 2) +++ WINBIND_DISCACHE=FALSE WINBIND_SINGLEMODE=FALSE #+++ Zone Specific Parameters (See Note 3) +++ RS_ZONE= LHOST= PROJECT=default TIMEOUT=30 EOF |
Create the Sun Cluster HA for Samba Configuration file for Samba.
Vigor5# cat > /var/tmp/samba_config <<-EOF #+++ Resource Specific Parameters +++ RS=samba RG=samba-rg RS_LH=samba-lh RS_HAS=sambaZFS-has SERVICES="smbd" #+++ Common Parameters +++ BINDIR=/opt/samba/bin SBINDIR=/opt/samba/sbin CFGDIR=/local/samba/smb1 LDPATH=/opt/samba/lib FMUSER=homer #+++ SMBD & NMBD Specific Parameters (See Note 1) +++ SAMBA_LOGDIR=/local/samba/smb1/logs SAMBA_FMPASS=smb4#ads SAMBA_FMDOMAIN= #+++ WINBIND Specific Parameters (See Note 2) +++ WINBIND_DISCACHE= WINBIND_SINGLEMODE= #+++ Zone Specific Parameters (See Note 3) +++ RS_ZONE= LHOST= PROJECT=default TIMEOUT=30 EOF |
Register the Sun Cluster HA for Samba data service for winbind and Samba.
Vigor5# /opt/SUNWscsmb/util/samba_register -f /var/tmp/winbind_config Vigor5# /opt/SUNWscsmb/util/samba_register -f /var/tmp/samba_config |
Make the Samba resource dependent on winbind the resources.
Vigor5# clresource set -p Resource_dependencies=winbind{local_node} samba |
Enable the resources.
Vigor5# clresource enable winbind Vigor5# clresource enable samba |