Go to main content

Oracle® Solaris Cluster Data Service for Samba Guide

Exit Print View

Updated: September 2015
 
 

How to Configure Samba Software

This section contains the steps to prepare Samba for use with the HA for Samba data service. Some steps require that you use Samba commands. Refer to the Docs and Books section under Learn Samba on the https://www.samba.org website for the relevant Samba man pages.

Perform this procedure on one node of the cluster, unless a specific step indicates otherwise.

Before You Begin

Ensure that the same version of Samba software is installed on all nodes that you will configure with HA for Samba.

  1. Create the fault monitor user.
    • If winbind is used, create the fault monitor user on the NT PDC or ADS server.

      • Use no home directory, no user profile. and no login script.

      • Set the Password never expire parameter to true.

      • Set the User cannot change password parameter to true.

    • If winbind is not used, perform the following commands on all nodes in the cluster. 
      phys-schost-N# groupadd -g 1000 samba-fault-monitor-group
phys-schost-N# useradd -u 1000 -g 1000 -s /bin/false samba-fault-monitor-user
    Note -  A local Samba fmuser also requires a local password. The settings in the smb.conf file specify which password is used.
  2. If winbind is used, activate the PAM configuration file on all nodes in the cluster. 
    phys-schost-N# cp -p /etc/pam.conf /etc/pam.conf.orig
phys-schost-N# cp /etc/pam.conf-winbind /etc/pam.conf
  3. If winbind is used, configure the name service switch to resolve user and group from winbind on all nodes in the cluster. 
    phys-schost-N# svccfg -s name-service/switch setprop config/password = \"files winbind\"
phys-schost-N# svccfg -s name-service/switch setprop config/group = \"files winbind\"
phys-schost-N# svcadm refresh name-service/switch
  4. If winbind is used, disable the name service cache daemon on all nodes in the cluster. 
    phys-schost-N# svcadm disable name-service-cache
  5. On one node of the cluster, create the Samba configuration directory.

    Perform this step for each Samba or winbind instance. Create the Samba configuration directory within the cluster file system or highly available local file system that is used for Samba files.

    phys-schost-1# mkdir -p samba-configuration-directory
phys-schost-1# cd samba-configuration-directory
phys-schost-1# mkdir -p lib logs private shares var/locks
  6. On one node of the cluster, create the smb.conf file within the configuration directory that reflects the instance.

    Perform this step for each Samba or winbind instance.

    Note -  If security = share is required, you must include guest only = yes within [scmondir].

    See Required Parameters for the Samba smb.conf File and the smb.conf(5) man page that is provided with the Samba software for an explanation of the required parameters.

  7. Add the NetBIOS name entry to the /etc/inet/hosts and /etc/inet/ipnodes files.

    Perform this step on each node that is used for Samba.

    phys-schost-N# egrep -e "SMB1|ADS" /etc/inet/hosts /etc/inet/ipnodes
/etc/inet/hosts:192.168.1.132	SMB1#20
/etc/inet/hosts:192.168.1.9  	ADS.EXAMPLE.COM#20
/etc/inet/ipnodes:192.168.1.132	SMB1#20
/etc/inet/ipnodes:192.168.1.9  	ADS.EXAMPLE.COM#20
    Note -  The name resolve order parameter in the smb.conf file determines what naming service to use and in what order to resolve host names to IP addresses. Refer to the smb.conf[5] for more information.

    The interfaces, netbios name, and password server parameters all require host name-to-IP address resolution.

  8. If Samba will operate as an Active Directory domain member server, create the Kerberos krb5.conf file.

    Perform this step on all nodes or zones that are used for Samba and that reflect the ADS realm. Refer to https://www.samba.org for complete information about installing and configuring Samba as a ADS domain member.

  9. On one node, test the smb.conf file. 
    phys-schost-1# samba-bin-directory/testparm \
samba-configuration-directory/lib/smb.conf
  10. If Samba is configured as an NT domain member, join the domain.

    Perform this step from one node of the cluster.

    phys-schost-1# samba-bin-directory/net -s samba-configuration-directory/lib/smb.comf \
RPC JOIN -U Administrator-on-the-PDC
  11. If Samba is configured as a Windows 2003 domain member server with ADS, join the domain.

    Perform this step from one node of the cluster.

    phys-schost-1# samba-bin-directory/net -s samba-configuration-directory/lib/smb.comf \
ADS JOIN -U Administrator-on-the-ADS
  12. If Samba is configured as a PDC or with security = user, add the fault monitor user.

    Perform this step from one node of the cluster.

    phys-schost-1# samba-bin-directory/smbpasswd \
-c samba-configuration-directory/lib/smb.comf \
-a samba-fault-monitor-user
  13. If configured with security = share, verify that the guest only parameter is set to yes.

    Inspect the smb.conf file to verify that guest only = yes is coded within the [scmondir] section.

Next Steps

Go to How to Verify the Configuration of Samba Software.

Copyright © 2000, 2015, Oracle and/or its affiliates. All rights reserved. 
Previous
Next