This deployment example is designed for a single-node cluster. It is provided simply as a concise guide to help you if you need to refer to an installation and configuration of Samba.
This deployment example is not meant to be a precise guide as there are several alternate ways to install and configure Samba.
If you need to install Samba in any other configuration, refer to the general purpose procedures elsewhere in this manual.
The instructions within this deployment example assumes that you are using the Samba downloaded from http://www.samba.org and will configure Samba on a ZFS highly available local file system .
Samba will be configured as an Active Directory Member Server. You will need access to a Windows 2003 Enterprise Server configured as an Active Directory Server as within this deployment example the Samba server will join the Active Directory Server.
The cluster resource group will be configured to failover between the global zone and two non-global zones on a single node cluster.
The tasks you must perform to install and configure Samba in the global and non-global zones are as follows:
 Example: Preparing the Cluster for Samba
Example: Preparing the Cluster for SambaInstall and configure the cluster as instructed in Sun Cluster Software Installation Guide for Solaris OS.
Install the following cluster software components on node Vigor5.
Sun Cluster core software
Sun Cluster data service for Samba
Install the following utility software
Install the following utility software on node Vigor5.
wget
Sun Studio 11
Add the logical host name and ADS host name to /etc/hosts and /etc/inet/ipnodes
| Vigor5# egrep -e 'SMB1|ADS' /etc/hosts /etc/inet/ipnodes /etc/hosts:192.168.1.9 ADS#20 /etc/hosts:192.168.1.132 SMB1#20 /etc/inet/ipnodes:192.168.1.9 ADS#20 /etc/inet/ipnodes:192.168.1.132 SMB1#20 | 
Install and configure a Zettabyte File System
The following zpool definition represents a very basic configuration for deployment on a single-node cluster.
You should not consider this example for use within a productive deployment, instead it is a very basic configuration for testing or development purposes only.
 Example: Configuring the Non-Global Zones
Example: Configuring the Non-Global ZonesIn this task you will install two Solaris Containers on Vigor5.
On local cluster storage create a directory for the non-global zones root path.
| Vigor5# mkdir /zones | 
Create a temporary file for the whole root zone, for example /tmp/whole, and include the following entries:
| Vigor5# cat > /tmp/whole <<-EOF create -b set zonepath=/zones/whole EOF | 
Create a temporary file for the sparse root zone, for example /tmp/sparse, and include the following entries:
| Vigor5# cat > /tmp/sparse <<-EOF create set zonepath=/zones/sparse EOF | 
Configure the non-global zones, using the files you created.
| Vigor5# zonecfg -z whole -f /tmp/whole Vigor5# zonecfg -z sparse -f /tmp/sparse | 
Install the zones.
Open two windows and issue the following command in each window.
| Vigor5# zoneadm -z whole install Vigor5# zoneadm -z sparse install | 
Boot the zones.
| Vigor5# zoneadm -z whole boot Vigor5# zoneadm -z sparse boot | 
Log in to the zones and complete the zone system identification.
| Vigor5# zlogin -C whole Vigor5# zlogin -C sparse | 
Close the terminal windows and disconnect from the zone consoles.
After you have completed the zone system identification, disconnect from the two windows your previously opened.
| Vigo5# ~. | 
Create local mount points for the HA-ZFS file system with in the zones.
| Vigor5# zlogin whole mkdir /local Vigor5# zlogin sparse mkdir /local | 
 Example: Configuring Cluster Resources for Samba
Example: Configuring Cluster Resources for SambaRegister the necessary data types on the single node cluster
| Vigor5# clresourcetype register SUNW.gds SUNW.HAStoragePlus | 
Create the Samba resource group.
| Vigor5# clresourcegroup create -n Vigor5,Vigor5:whole,Vigor5:sparse samba-rg | 
Create the logical host.
| Vigor5# clreslogicalhostname create -g samba-rg -h SMB1 samba-lh | 
Create the HAStoragePlus resource in the samba-rg resource group.
| Vigor5# clresource create -g samba-rg -t SUNW.HAStoragePlus \ > -p Zpools=HAZpool sambaZFS-has | 
Enable the resource group.
| Vigor5# clresourcegroup online -M samba-rg | 
 Example: Download and Configure Samba from http://www.samba.org
Example: Download and Configure Samba from http://www.samba.orgSetup your PATH environment.
You PATH must contain the wget utility.
| Vigor5# PATH=/usr/cluster/bin:/opt/SUNWspro/bin:/usr/sfw/bin: \ > /usr/sbin:/usr/bin:/usr/ccs/bin Vigor5# export PATH | 
Setup install directories in the global zone
| Vigor5# cd /local/samba Vigor5# mkdir 3.2.22 software Vigor5# ln -s 3.0.22 latest Vigor5# ln -s /local/samba/latest /opt/samba | 
Setup install directories in the non-global zones
| Vigor5# zlogin whole ln -s /local/samba/latest /opt/samba Vigor5# zlogin sparse ln -s /local/samba/latest /opt/samba | 
Download, Extract and Install Kerberos.
| Vigor5# cd /local/samba/software Vigor5# wget http://web.mit.edu/kerberos/dist/krb5/1.4/krb5-1.4.3-signed.tar Vigor5# tar -xfBp krb5*tar Vigor5# gunzip -c krb5*.tar.gz | tar -xfBp - Vigor5# rm krb5*tar* Vigor5# cd krb5*/src Vigor5# CC=/opt/SUNWspro/bin/cc ./configure --prefix=/opt/samba \ > --enable-dns-for-realm Vigor5# make Vigor5# make install | 
Download, Extract and Install OpenLDAP.
You must obtain a fix for Bug ID: 6419029 which describes a problem when compiling OpenLDAP before proceeding with this step.
| Vigor5# cd /local/samba/software Vigor5# wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.3.24.tgz Vigor5# gunzip -c openldap-2.3.24.tgz | tar -xfBp - Vigor5# rm openldap-2.3.24.tgz Vigor5# cd openldap* Vigor5# CC=/opt/SUNWspro/bin/cc \ > CPPFLAGS="-I/opt/samba/include" \ > LDFLAGS="-L/opt/samba/lib -R/opt/samba/lib" ./configure --prefix=/opt/samba \ > --disable-slapd --disable-slurpd Vigor5# make depend Vigor5# make Vigor5# make install | 
Download, Extract and Install Samba.
| Vigor5# cd /local/samba/software Vigor5# wget http://us3.samba.org/samba/ftp/old-versions/samba-3.0.22.tar.gz Vigor5# gunzip -c samba-3.0.22.tar.gz | tar -xfBp - Vigor5# rm samba-3.0.22.tar.gz Vigor5# cd samba*/source Vigor5# CC=/opt/SUNWspro/bin/cc \ > CFLAGS=-I/opt/samba/include \ > LDFLAGS="-L/opt/samba/lib -R/opt/samba/lib" ./configure --prefix=/opt/samba \ > --with-ads --with-krb5=/opt/samba --with-shared-modules=idmap_rid Vigor5# make Vigor5# make install | 
Copy and symlink winbind files in the global zone.
| Vigor5# cd /local/samba/software Vigor5# cp nsswitch/libnss_winbind.so /usr/lib Vigor5# ln -s /usr/lib/libnss_winbind.so /usr/lib/libnss_winbind.so.1 Vigor5# ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.1 | 
Copy and symlink winbind files in the non-global zones.
The sparse zone inherits /usr/lib, so this step is only required for the whole zone.
| Vigor5# cd /local/samba/software Vigor5# cp nsswitch/libnss_winbind.so /zones/whole/root/usr/lib Vigor5# ln -s /usr/lib/libnss_winbind.so /zones/whole/root/usr/lib/libnss_winbind.so.1 Vigor5# ln -s /usr/lib/libnss_winbind.so /zones/whole/root/usr/lib/nss_winbind.so.1 | 
Setup and symlink the Kerberos krb5.conf file in the global zone.
| Vigor5# cat > /etc/krb5.conf <<-EOF
[libdefaults]
        default_realm = ADS.EXAMPLE.COM
[realms]
        ADS.EXAMPLE.COM = {
                kdc = 192.168.1.9
                admin_server = 192.168.1.9
        }
[domain_realm]
        .your.domain.name = ADS.EXAMPLE.COM
        your.domain.name = ADS.EXAMPLE.COM
EOF
Vigor5#
Vigor5# rm /etc/krb5/krb5.conf
Vigor5# ln -s /etc/krb5.conf /etc/krb5/krb5.conf
 | 
 Example: Create the Samba smb.conf Configuration File
Example: Create the Samba smb.conf Configuration FileCreate the Samba Configuration Directory.
| Vigor5# mkdir -p /local/samba/smb1 Vigor5# cd /local/samba/smb1 Vigor5# mkdir -p lib logs private shares var/locks | 
Create the Samba smb.conf Configuration File.
| Vigor5# cat > /local/samba/smb1/lib/smb.conf <<-EOF
[global]
        workgroup = ADS
        bind interfaces only = yes
        interfaces = SMB1/255.255.255.0
        netbios name = SMB1
        security = ADS
        realm = ADS.EXAMPLE.COM
        password server = ADS.EXAMPLE.COM
        server string = Samba (%v) domain (%h)
        pid directory = /local/samba/smb1/var/locks
        log file = /local/samba/smb1/logs/log.%m
        smb passwd file = /local/samba/smb1/private/smbpasswd
        private dir = /local/samba/smb1/private
        lock dir = /local/samba/smb1/var/locks
        winbind cache time = 30
        allow trusted domains = no
        idmap backend = rid:ADS=100000-200000
        idmap uid = 100000-200000
        idmap gid = 100000-200000
        winbind enum groups = yes
        winbind enum users = yes
        winbind use default domain = yes
[scmondir]
        comment = Monitor directory for Sun Cluster
        path = /tmp
        browseable = No
EOF
 | 
Test the Samba smb.conf Configuration File.
| Vigor5# /opt/samba/bin/testparm -s /local/samba/smb1/lib/smb.conf | 
Join the Active Directory Server .
| Vigor5# /opt/samba/bin/net -s /local/samba/smb1/lib/smb.conf ads join -U Administrator | 
 Example: Verify winbind and Samba
Example: Verify winbind and SambaStart winbind using the winbindd program.
| Vigor5# /opt/samba/sbin/winbindd -s /local/samba/smb1/lib/smb.conf Vigor5# getent passwd Vigor5# getent group Vigor5# getent passwd homer | 
Start Samba using the smbd program.
| Vigor5# /opt/samba/sbin/smbd -s /local/samba/smb1/lib/smb.conf -D | 
Connect to Samba using the smbclient program.
| Vigor5# /opt/samba/bin/smbclient -N -L SMB1 -s /local/samba/smb1/lib/smb.conf Vigor5# Vigor5# /opt/samba/bin/smbclient '\\SMB1\scmondir' -U homer -c 'pwd;exit' \ > -s /local/samba/smb1/lib/smb.conf | 
Stop Samba and winbind.
| Vigor5# pkill -TERM smbd Vigor5# pkill -TERM winbindd | 
 Example: Enabling the Samba Software to Run in the Cluster
Example: Enabling the Samba Software to Run in the ClusterCreate the Sun Cluster HA for Samba Configuration file for winbind
| Vigor5# cat > /var/tmp/winbind_config <<-EOF #+++ Resource Specific Parameters +++ RS=winbind RG=samba-rg RS_LH=samba-lh RS_HAS=sambaZFS-has SERVICES="winbindd" #+++ Common Parameters +++ BINDIR=/opt/samba/bin SBINDIR=/opt/samba/sbin CFGDIR=/local/samba/smb1 LDPATH=/opt/samba/lib FMUSER=homer #+++ SMBD & NMBD Specific Parameters (See Note 1) +++ SAMBA_LOGDIR= SAMBA_FMPASS= SAMBA_FMDOMAIN= #+++ WINBIND Specific Parameters (See Note 2) +++ WINBIND_DISCACHE=FALSE WINBIND_SINGLEMODE=FALSE #+++ Zone Specific Parameters (See Note 3) +++ RS_ZONE= LHOST= PROJECT=default TIMEOUT=30 EOF | 
Create the Sun Cluster HA for Samba Configuration file for Samba
| Vigor5# cat > /var/tmp/samba_config <<-EOF #+++ Resource Specific Parameters +++ RS=samba RG=samba-rg RS_LH=samba-lh RS_HAS=sambaZFS-has SERVICES="smbd" #+++ Common Parameters +++ BINDIR=/opt/samba/bin SBINDIR=/opt/samba/sbin CFGDIR=/local/samba/smb1 LDPATH=/opt/samba/lib FMUSER=homer #+++ SMBD & NMBD Specific Parameters (See Note 1) +++ SAMBA_LOGDIR=/local/samba/smb1/logs SAMBA_FMPASS=smb4#ads SAMBA_FMDOMAIN= #+++ WINBIND Specific Parameters (See Note 2) +++ WINBIND_DISCACHE= WINBIND_SINGLEMODE= #+++ Zone Specific Parameters (See Note 3) +++ RS_ZONE= LHOST= PROJECT=default TIMEOUT=30 EOF | 
Register the Sun Cluster HA for Samba data service for winbind and Samba
| Vigor5# /opt/SUNWscsmb/util/samba_register -f /var/tmp/winbind_config Vigor5# /opt/SUNWscsmb/util/samba_register -f /var/tmp/samba_config | 
Make the Samba resource dependent on winbind the resources.
| Vigor5# clresource set -p Resource_dependencies=winbind{local_node} samba
 | 
Enable the resources.
| Vigor5# clresource enable winbind Vigor5# clresource enable samba | 
 Example: Verify the Sun Cluster HA for Samba resource group
Example: Verify the Sun Cluster HA for Samba resource group