1. Installing and Configuring HA for Samba
Overview of Installing and Configuring HA for Samba
Planning the HA for Samba Installation and Configuration
Restriction for the supported configurations of Samba
Restriction for the Location of Samba files
Restriction for the Samba smb.conf files
Restriction for multiple Samba instances that require winbind
Determine which Solaris Zone Samba will run use
Dependencies Between HA for Samba Components
Required parameters for the Samba smb.conf file
Installing and Configuring Samba
How to Install and Configure Samba
How to Check Samba is installed with Solaris 9 or 10
How to Install and Configure Samba downloaded from http://www.samba.org
Verifying the Installation and Configuration of Samba
How to Verify the Installation and Configuration of Samba
Installing the HA for Samba Packages
How to Install the HA for Samba Packages
Registering and Configuring HA for Samba
How to Register and Configure HA for Samba
How to Register and Configure HA for Samba in a failover resource group
How to Register and Configure HA for Samba in an HA Container
Verifying the HA for Samba Installation and Configuration
How to Verify the HA for Samba Installation and Configuration
How to Migrate Existing Resources to a New Version of HA for Samba
Understanding the HA for Samba Fault Monitor
Probing Algorithm and Functionality
Operations of the winbind probe
How to turn on debug for HA for Samba
A. Deployment Example: Installing Samba packaged with Solaris 10
B. Deployment Example: Installing Samba from http://www.samba.org
This section contains the procedures you need to install and configure Samba.
This section contains the procedures you need to install and configure Samba.
Refer to Restriction for multiple Samba instances that require winbind for more information.
Refer to Determine which Solaris Zone Samba will run use for more information.
Refer to System Administration Guide: Oracle Solaris Containers-Resource Management and Oracle Solaris Zones for complete information about installing and configuring a Solaris Container.
Refer to Oracle Solaris Cluster Data Service for Solaris Containers Guide for complete information about creating an HA container.
Refer to Restriction for the Location of Samba files for more information.
Refer to Oracle Solaris Cluster Data Services Planning and Administration Guide for more information about creating a cluster file system or highly available local file system.
Note - You may also want to consider allocating additional space if you install Samba from http://www.samba.org.
Note - Sun provides support for Samba that is packaged with Solaris 9 or 10, but does not offer support for Samba that has been downloaded and compiled from http://www.samba.org.
Refer to How to Check Samba is installed with Solaris 9 or 10 for more information.
Refer to How to Install and Configure Samba downloaded from http://www.samba.org for more information.
Samba is already installed and configured with Solaris 9 or 10 and included in the following packages SUNWsmbac, SUNWsmbar, SUNWsmbau, and SUNWsfman. Refer to the Freeware Features within the book Solaris 10 What's New to check if new features have been added to Samba packaged with Solaris 10.
# for i in SUNWsmbac SUNWsmbar SUNWsmbau SUNWsfman > do > pkginfo $i > done system SUNWsmbac samba - A Windows SMB/CIFS fileserver for UNIX (client) system SUNWsmbar samba - A Windows SMB/CIFS fileserver for UNIX (Root) system SUNWsmbau samba - A Windows SMB/CIFS fileserver for UNIX (Usr) system SUNWsfman GNU and open source man pages
# pkginfo -l SUNWsmbac PKGINST: SUNWsmbac NAME: samba - A Windows SMB/CIFS fileserver for UNIX (client) CATEGORY: system ARCH: i386 VERSION: 11.10.0,REV=2005.01.08.01.09 BASEDIR: / VENDOR: Sun Microsystems, Inc. DESC: samba - A Windows SMB/CIFS fileserver for UNIX (client) 3.0.11 PSTAMP: sfw10-patch-x20050420163529 INSTDATE: Oct 03 2005 09:23 HOTLINE: Please contact your local service provider STATUS: completely installed FILES: 13 installed pathnames 3 shared pathnames 3 directories 10 executables 10937 blocks used (approx)
Next Steps
See How to Prepare Samba for HA for Samba.
If a newer version of Samba is required you can download and compile Samba from http://www.samba.org.
It is recommended that you download and install Samba onto a cluster file system or highly available local file system. Doing so will allow you to have Samba installed in one location. You will also be able to mount the file system in Solaris zones.
If multiple Samba instances will be deployed you should use a cluster file system for the Samba binaries and either a cluster file system or highly available local file system for the Samba files.
Refer to Example 1-2 in Restriction for the Samba smb.conf files for an example of download and compiling Samba onto a cluster file system and using a highly available local file system for the Samba files for each Samba instance.
Alternatively, you can download and compile Samba onto local file system for each Solaris zone.
Note - If a cluster file system is being used, the file system should already be mounted at boot as a global file system.
# mount samba-highly-available-local-file-system
Here Kerberos, OpenLDAP, and Samba will be downloaded and compiled.
Samba will use the idmap_rid facility to map a single ADS domain SIDs to Solaris UIDs and GIDs. You should determine what idmap is suitable for your installation.
Within this example the samba-highly-available-local-file-system is /local/samba, where the software is installed into /local/samba/software and compiled into /opt/samba.
For more information using these filenames refer to the following deployment example in Appendix B, Deployment Example: Installing Samba from http://www.samba.org where these commands have been has been taken.
Vigor5# cd /local/samba/software Vigor5# wget http://web.mit.edu/kerberos/dist/krb5/1.4/krb5-1.4.3-signed.tar Vigor5# tar -xfBp krb5*tar Vigor5# gunzip -c krb5*.tar.gz | tar -xfBp - Vigor5# rm krb5*tar* Vigor5# cd krb5*/src Vigor5# CC=/opt/SUNWspro/bin/cc ./configure --prefix=/opt/samba \ > --enable-dns-for-realm Vigor5# make Vigor5# make install
Note - You must obtain a fix for Bug ID: 6419029 which describes a problem when compiling OpenLDAP before proceeding with this step.
Vigor5# cd /local/samba/software Vigor5# wget \ > ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.3.24.tgz Vigor5# gunzip -c openldap-2.3.24.tgz | tar -xfBp - Vigor5# rm openldap-2.3.24.tgz Vigor5# cd openldap* Vigor5# CC=/opt/SUNWspro/bin/cc \ > CPPFLAGS="-I/opt/samba/include" \ > LDFLAGS="-L/opt/samba/lib -R/opt/samba/lib" ./configure --prefix=/opt/samba \ > --disable-slapd --disable-slurpd Vigor5# make depend Vigor5# make Vigor5# make install
Vigor5# cd /local/samba/software Vigor5# wget http://us3.samba.org/samba/ftp/old-versions/samba-3.0.22.tar.gz Vigor5# gunzip -c samba-3.0.22.tar.gz | tar -xfBp - Vigor5# rm samba-3.0.22.tar.gz Vigor5# cd samba*/source Vigor5# CC=/opt/SUNWspro/bin/cc \ > CFLAGS=-I/opt/samba/include \ > LDFLAGS="-L/opt/samba/lib -R/opt/samba/lib" ./configure --prefix=/opt/samba \ > --with-ads --with-krb5=/opt/samba --with-shared-modules=idmap_rid Vigor5# make Vigor5# make install
# cd /local/samba/software/samba*/source # # cp nsswitch/libnss_winbind.so /usr/lib # ln -s /usr/lib/libnss_winbind.so /usr/lib/libnss_winbind.so.1 # ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.1
Next Steps
See How to Prepare Samba for HA for Samba.
This section contains the steps to prepare Samba for use with the HA for Samba data service.
Some steps require that you use Samba commands, refer to the Docs and Books section with http://www.samba.org for the relevant man pages for more information of these Samba commands.
Perform this procedure on one node of the cluster, unless a specific step indicates otherwise.
Repeat this step on all nodes on the cluster.
# zoneadm list -v
Boot the zone if it is not running.
# zoneadm -z zonename boot
Create the fault monitor user on the NT PDC or ADS server with no home directory, no user profile and no logon script. Set the Password never expire parameter to true and User cannot change password parameter to true.
Repeat this step on all nodes or zones on the cluster.
# groupadd -g 1000 samba-fault-monitor-group # useradd -u 1000 -g 1000 -s /bin/false samba-fault-monitor-user
Create the fault monitor user in the zone.
# zlogin zonename groupadd -g 1000 samba-fault-monitor-group # zlogin zonename useradd -u 1000 -g 1000 -s /bin/false samba-fault-monitor-user
Note - A local Samba fmuser also requires a local password. The settings in the smb.conf specify which password will be used.
Repeat this step on all nodes or zones on the cluster.
Edit /etc/nsswitch.conf in the zones being used for Samba and add winbind to the passwd: and group: entries, for example:
# grep winbind /etc/nsswitch.conf passwd: files winbind group: files winbind
Repeat this step on all nodes or zones on the cluster.
# /etc/init.d/nscd stop
# svcadm disable name-service-cache
# zlogin zonename svcadm disable name-service-cache
Perform this step on all nodes of the cluster.
You must create a cluster file system or highly available local file system for some Samba files. Refer to Restriction for the Location of Samba files for more information on what is meant by Samba files.
Refer to Oracle Solaris Cluster Data Services Planning and Administration Guide for more information about how to create a cluster file system or highly available local file system.
Perform this step on one node of the cluster.
# mount samba-highly-available-local-file-system
Create the mount point on all zones of the cluster that are being used for Samba.
Mount the cluster file system or highly available local file system on one of the zones being used by Samba.
# zlogin zonename mkdir samba-highly-available-local-file-system # # mount -F lofs samba-highly-available-local-file-system \ > /zonepath/root/samba-highly-available-local-file-system
Repeat this step for each Samba or winbind instance on one node of the cluster.
Create the Samba configuration directory within the samba-highly-available-local-file-system.
# mkdir -p samba-configuration-directory # cd samba-configuration-directory # mkdir -p lib logs private shares var/locks
The following deployment example has been taken from Appendix A, Deployment Example: Installing Samba packaged with Solaris 10 where /local is the highly available local file system and /local/samba/smb1 is the samba-configuration-directory.
Vigor5# mkdir -p /local/samba/smb1 Vigor5# cd /local/samba/smb1 Vigor5# mkdir -p lib logs private shares var/locks
Repeat this step for each Samba or winbind instance on one node of the cluster.
Create a smb.conf file within the configuration directory that reflects the instance.
Refer to Required parameters for the Samba smb.conf file and the smb.conf[5] man page for an explanation of the required parameters.
The following deployment example has been taken from Appendix B, Deployment Example: Installing Samba from http://www.samba.org.
Vigor5# cat > /local/samba/smb1/lib/smb.conf <<-EOF [global] workgroup = ADS bind interfaces only = yes interfaces = SMB1/255.255.255.0 netbios name = SMB1 security = ADS realm = ADS.EXAMPLE.COM password server = ADS.EXAMPLE.COM server string = Samba (%v) domain (%h) pid directory = /local/samba/smb1/var/locks log file = /local/samba/smb1/logs/log.%m smb passwd file = /local/samba/smb1/private/smbpasswd private dir = /local/samba/smb1/private lock dir = /local/samba/smb1/var/locks winbind cache time = 30 allow trusted domains = no idmap backend = rid:ADS=100000-200000 idmap uid = 100000-200000 idmap gid = 100000-200000 winbind enum groups = yes winbind enum users = yes winbind use default domain = yes [scmondir] comment = Monitor directory for Sun Cluster path = /tmp browseable = No EOF
Note - If security = share is required then you must include guest only = yes within [scmondir].
Repeat this step on all nodes or zones on the cluster.
Edit /etc/hosts and /etc/inet/ipnodes in the zones being used for Samba and add the NetBIOS name entries, for example:
# egrep -e "SMB1|ADS" /etc/hosts /etc/inet/ipnodes /etc/hosts:192.168.1.132 SMB1#20 /etc/hosts:192.168.1.9 ADS.EXAMPLE.COM#20 /etc/inet/ipnodes:192.168.1.132 SMB1#20 /etc/inet/ipnodes:192.168.1.9 ADS.EXAMPLE.COM#20
Note - The name resolve order parameter in the smb.conf file will determine what naming service to use and in what order to resolve host names to IP addresses. Refer to the smb.conf[5] for more information.
The interfaces, netbios name and password server all require host name to IP address resolution.
Repeat this step on all nodes or zones on the cluster.
Create the /etc/krb5.conf file in the zones being used for Samba, that reflects the ADS realm. Refer to http://www.samba.org for complete information about installing and configuring Samba as a ADS domain member.
The following deployment example has been taken from Appendix B, Deployment Example: Installing Samba from http://www.samba.org.
Vigor5# cat > /etc/krb5.conf <<-EOF [libdefaults] default_realm = ADS.EXAMPLE.COM [realms] ADS.EXAMPLE.COM = { kdc = 192.168.1.9 admin_server = 192.168.1.9 } [domain_realm] .your.domain.name = ADS.EXAMPLE.COM your.domain.name = ADS.EXAMPLE.COM EOF Vigor5# Vigor5# rm /etc/krb5/krb5.conf Vigor5# ln -s /etc/krb5.conf /etc/krb5/krb5.conf
Perform this step on one node of the cluster.
The samba-logical-host should be the value you specified for the interfaces parameter when you created the smb.conf file in Step 8.
# ifconfig interface addif samba-logical-host up
Configure the logical host within the zone.
# ifconfig interface addif samba-logical-host up zone zonename
Perform this step on one node or zone of the cluster.
# samba-bin-directory/testparm \ > samba-configuration-directory/lib/smb.conf
# zlogin zonename samba-bin-directory/testparm \ > samba-configuration-directory/lib/smb.conf
Perform this step on one node or zone of the cluster.
# samba-bin-directory/smbpasswd \ > -c samba-configuration-directory/lib/smb.comf \ > -j domain -r PDC \ > -U Administrator-on-the-PDC
# zlogin zonename samba-bin-directory/smbpasswd \ > -c samba-configuration-directory/lib/smb.comf \ > -j domain -r PDC \ > -U Administrator-on-the-PDC
Perform this step on one node or zone of the cluster.
# samba-bin-directory/net \ > -s samba-configuration-directory/lib/smb.comf \ > RPC JOIN \ > -U Administrator-on-the-PDC
# zlogin zonename samba-bin-directory/net \ > -s samba-configuration-directory/lib/smb.comf \ > RPC JOIN \ > -U Administrator-on-the-PDC
Perform this step on one node or zone of the cluster.
# samba-bin-directory/net \ > -s samba-configuration-directory/lib/smb.comf \ > ADS JOIN \ > -U Administrator-on-the-ADS
# zlogin zonename samba-bin-directory/net \ > -s samba-configuration-directory/lib/smb.comf \ > ADS JOIN \ > -U Administrator-on-the-ADS
Perform this step on one node or zone of the cluster.
# samba-bin-directory/smbpasswd \ > -c samba-configuration-directory/lib/smb.comf \ > -a samba-fault-monitor-user
# zlogin zonename samba-bin-directory/smbpasswd \ > -c samba-configuration-directory/lib/smb.comf \ > -a samba-fault-monitor-user
Ensure guest only = yes is coded within the [scmondir] section of your smb.conf file.