Hi everybody! Today's post about Installing latest Samba (on time of writing this) on FreeBSD
8.0 (I've installed it in 2010, and didn't want to update yet). I've just added a new 2tb disk to the box and I want Windows users to write there. Domain controllers are Windows Server 2008 machines.
All commands i run from superuser (root), but you can sudo them if you installed sudo port and configured it properly.
My Windows users are Russian, so charsets in config files are tuned to display Cyrillic letters.
First of all I read this HowTo and began with
Now I have samba4 port, let's go there:
And there was a problem in some dependent package about ZONEINFO so i added to /etc/scr.conf
Now time to write some configs and start scripts.
smb.conf in Samba4 is in /usr/local/etc/smb4.conf After all experiments I ended up with:
There is 1 share that located in /mnt/2tb/ff folder that can be accessed as \\gate\ff from Windows explorer. (gate is FreeBSD box's name)
Copied this onto /usr/local/etc/krb5.conf
OK, we are ready to join domain:
Now libnss_winbind.so. I spent a lot of time to get it work, but you're lucky to read this. I searched if that library already in system:
My /etc/nsswitch.conf now looks like:
If you feel okay with your configs start the daemons:
Now try
If you are here without errors - you almost done. Check your share from windows, create folders, files, etc.
And last but not least - start daemons at boot time. If you try to use /usr/local/etc/rc.d/samba4 by adding samba4_enable="yes" to your rc.conf you'll get warning mesage saying that this script is for Domain Controller role, and you must start daemons by hand. 'This is very sad', I thought, and started to search ready scripts to start daemons from rc.conf. After few hours of search I decided to create it myself, but I never did that kind of things... Eventually I combined script from samba 3.6 and samba4. So now I have this in /usr/local/etc/rc.d/samba (I left file name 'samba' without '4' to keep samba4 too):
Thanks for reading my first article here, feel free to comment. Вопросы можно задать и на русском языке.
All commands i run from superuser (root), but you can sudo them if you installed sudo port and configured it properly.
My Windows users are Russian, so charsets in config files are tuned to display Cyrillic letters.
First of all I read this HowTo and began with
# portsnap fetch updateIt took a while, cause I haven't updated it since Nov 2010...
Now I have samba4 port, let's go there:
# cd /usr/ports/net/samba4It's version 4.0.4 for the date. Ok, let's make it happen:
# make install cleanOn options dialog I selected some and my /var/db/ports/samba4/options is:
# This file is auto-generated by 'make config'. # Options for samba4-4.0.4 _OPTIONS_READ=samba4-4.0.4 _FILE_COMPLETE_OPTIONS_LIST=ACL_SUPPORT ADS AIO_SUPPORT AVAHI CUPS DEBUG DEVELOPER \ DNSUPDATE EXP_MODULES FAM_SUPPORT LDAP MANPAGES PAM_SMBPASS PTHREADPOOL QUOTAS SWAT \ SYSLOG UTMP WINBIND NSUPDATE BIND98 BIND99 OPTIONS_FILE_SET+=ACL_SUPPORT OPTIONS_FILE_SET+=ADS OPTIONS_FILE_SET+=AIO_SUPPORT OPTIONS_FILE_UNSET+=AVAHI OPTIONS_FILE_UNSET+=CUPS OPTIONS_FILE_SET+=DEBUG OPTIONS_FILE_UNSET+=DEVELOPER OPTIONS_FILE_SET+=DNSUPDATE OPTIONS_FILE_UNSET+=EXP_MODULES OPTIONS_FILE_SET+=FAM_SUPPORT OPTIONS_FILE_SET+=LDAP OPTIONS_FILE_SET+=MANPAGES OPTIONS_FILE_SET+=PAM_SMBPASS OPTIONS_FILE_SET+=PTHREADPOOL OPTIONS_FILE_SET+=QUOTAS OPTIONS_FILE_SET+=SWAT OPTIONS_FILE_SET+=SYSLOG OPTIONS_FILE_SET+=UTMP OPTIONS_FILE_SET+=WINBIND OPTIONS_FILE_SET+=NSUPDATE OPTIONS_FILE_UNSET+=BIND98 OPTIONS_FILE_UNSET+=BIND99Several packages were in conflict with already installed, so I had to remove them with make uninstall or pkg_delete -f
And there was a problem in some dependent package about ZONEINFO so i added to /etc/scr.conf
WITHOUT_ZONEINFO=yesOkay Samba is there.
Now time to write some configs and start scripts.
smb.conf in Samba4 is in /usr/local/etc/smb4.conf After all experiments I ended up with:
[global] workgroup = DOMAIN_NAME interfaces = 192.168.1.0/24 security = ADS realm = DOMAIN_NAME.LOCAL server string = gate encrypt passwords = yes dos charset = cp866 unix charset = CP1251 idmap config *:backend = tdb idmap config *:range = 70001-80000 idmap config DSK:backend = ad idmap config DSK:schema_mode = rfc2307 idmap config DSK:range = 500-40000 winbind nss info = rfc2307 winbind trusted domains only = no winbind use default domain = yes winbind enum users = yes winbind enum groups = yes [ff] path = /mnt/2tb/ff comment = Share_Comment guest ok = yes read only = noSome comments: as I use the box as a gateway to Internet, I set interfaces= to allow access to samba shares only from LAN.
There is 1 share that located in /mnt/2tb/ff folder that can be accessed as \\gate\ff from Windows explorer. (gate is FreeBSD box's name)
Copied this onto /usr/local/etc/krb5.conf
[logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = DOMAIN_NAME.LOCAL dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h forwardable = yes [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false }Now we can test our config:
$ testparm Load smb config files from /usr/local/etc/smb4.conf Processing section "[ff]" Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] dos charset = cp866 unix charset = CP1251 workgroup = DOMAIN_NAME realm = domain_name.local server string = gate interfaces = 192.168.1.0/24 security = ADS winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind nss info = rfc2307 idmap config DSK:range = 500-40000 idmap config DSK:schema_mode = rfc2307 idmap config DSK:backend = ad idmap config *:range = 70001-80000 idmap config * : backend = tdb [ff] comment = Share_Comment path = /mnt/2tb/ff read only = No guest ok = YesIf you want to see all active parameters use testparm -v
OK, we are ready to join domain:
# net ads join -U administratorWhere administrator is your domain admin name, of course. If it says that domain controllers not found, check /etc/resolv.conf - it must have domain controller IP:
search DOMAIN_NAME.LOCAL domain domain_name.local nameserver 192.168.1.100And check that DC resolves DNS names:
# nslookup ds Server: 192.168.1.100 Address: 192.168.1.100#53 Name: ds.domain_name.local Address: 192.168.1.100Change "ds" to the hostname of your DC.
Now libnss_winbind.so. I spent a lot of time to get it work, but you're lucky to read this. I searched if that library already in system:
# locate nss_winbind /usr/local/lib/nss_winbind.so.1Ok, we got one. I copied that file to /lib/libnss_winbind.so (note filename change) and made link to /lib/libnss_winbind.so.2
My /etc/nsswitch.conf now looks like:
# # nsswitch.conf(5) - name service switch configuration file # $FreeBSD: src/etc/nsswitch.conf,v 1.1.10.1.2.1 2009/10/25 01:10:29 kensmith Exp $ # group: files nis winbind #group: compat #group_compat: nis hosts: files dns networks: files passwd: files nis winbind #passwd: compat winbind #passwd_compat: nis shells: files services: compat services_compat: nis protocols: files rpc: filesNote commented (#) lines - that was there before.
If you feel okay with your configs start the daemons:
# smbd # nmbd # winbinddI had no errors in output, so we can test further:
# wbinfo -u # wbinfo -gShould list domain's users and groups.
Now try
# id DomainUserIf it outputs errors check DC availability and nsswitch.conf again.
If you are here without errors - you almost done. Check your share from windows, create folders, files, etc.
And last but not least - start daemons at boot time. If you try to use /usr/local/etc/rc.d/samba4 by adding samba4_enable="yes" to your rc.conf you'll get warning mesage saying that this script is for Domain Controller role, and you must start daemons by hand. 'This is very sad', I thought, and started to search ready scripts to start daemons from rc.conf. After few hours of search I decided to create it myself, but I never did that kind of things... Eventually I combined script from samba 3.6 and samba4. So now I have this in /usr/local/etc/rc.d/samba (I left file name 'samba' without '4' to keep samba4 too):
#!/bin/sh # # $FreeBSD: net/samba36/files/samba.in 311317 2013-01-31 15:59:44Z timur $ # # PROVIDE: nmbd smbd # PROVIDE: winbindd # REQUIRE: NETWORKING SERVERS DAEMON ldconfig resolv # BEFORE: LOGIN # KEYWORD: shutdown # # Add the following lines to /etc/rc.conf.local or /etc/rc.conf # to enable this service: # #samba_enable="YES" # You can disable/enable any of the Samba daemons by specifying: #nmbd_enable="NO" #smbd_enable="NO" # You need to enable winbindd separately, by adding: #winbindd_enable="YES" # # Configuration file can be set with: #samba_config="/usr/local/etc/smb4.conf" # . /etc/rc.subr name="samba" rcvar=samba_enable # Custom commands extra_commands="reload status" start_precmd="samba_start_precmd" start_cmd="samba_cmd" stop_cmd="samba_cmd" status_cmd="samba_cmd" restart_precmd="samba_checkconfig" reload_precmd="samba_checkconfig" reload_cmd="samba_reload_cmd" rcvar_cmd="samba_rcvar_cmd" # Defaults samba_flags=${samba_flags=--daemon} samba_config_default="/usr/local/etc/smb4.conf" samba_config=${samba_config=${samba_config_default}} samba_configfile_arg=${samba_config:+--configfile="${samba_config}"} #" testparm_command="/usr/local/bin/samba-tool testparm --suppress-prompt --verbose ${samba_configfile_arg}" # Fetch parameters from configuration file samba_role=$(${testparm_command} --parameter-name='server role' 2>/dev/null) samba_lockdir=$(${testparm_command} --parameter-name='lock directory' 2>/dev/null) samba_piddir=$(${testparm_command} --parameter-name='pid directory' 2>/dev/null) smbcontrol_command="/usr/local/bin/smbcontrol" samba_parm="${testparm_command} -s -v --parameter-name" pid_extra= # samba_daemons="nmbd smbd" samba_daemons="${samba_daemons} winbindd" samba_checkconfig() { echo -n "Performing sanity check on Samba configuration: " if ${testparm_command} -s ${samba_config:+"${samba_config}"} >/dev/null 2>&1; then #" echo "OK" else echo "FAILED" return 1 fi return 0 } samba_start_precmd() { # Make sure rundir exists if [ ! -d "/var/run/samba4" -a ! -e "/var/run/samba4" ]; then install -m 0755 -d "/var/run/samba4" fi # XXX: Never delete winbindd_idmap, winbindd_cache and group_mapping if [ -n "${samba_lockdir}" -a -d "${samba_lockdir}" ]; then echo -n "Removing stale Samba tdb files: " for file in brlock.tdb browse.dat connections.tdb gencache.tdb \ locking.tdb messages.tdb namelist.debug sessionid.tdb \ unexpected.tdb do rm "${samba_lockdir}/${file}" < /dev/null 2>/dev/null && echo -n '.' done echo " done" fi } samba_rcvar_cmd() { local name rcvar rcvar=${name}_enable # Prevent recursive calling unset "${rc_arg}_cmd" "${rc_arg}_precmd" "${rc_arg}_postcmd" # Check master variable run_rc_command "${_rc_prefix}${rc_arg}" ${rc_extra_args} # Check dependent variables for name in ${samba_daemons}; do # XXX rcvars=''; v='' rcvar=${name}_enable run_rc_command "${_rc_prefix}${rc_arg}" ${rc_extra_args} done } samba_reload_cmd() { local name rcvar command pidfile force_run # Prevent recursive calling unset "${rc_arg}_cmd" "${rc_arg}_precmd" "${rc_arg}_postcmd" # Ignore rcvar and run command if [ -n "${_rc_prefix}" -a "${_rc_prefix}" = "one" ] || [ -n "${rc_force}" ] || [ -n "${rc_fast}" ]; then force_run=yes fi # Apply to all daemons for name in ${samba_daemons}; do rcvar=${name}_enable command="/usr/local/sbin/${name}" pidfile="/var/run/samba4/${name}${pid_extra}.pid" # Daemon should be enabled and running if ( [ -n "${rcvar}" ] && checkyesno "${rcvar}" ) || [ -n "$force_run" ]; then if [ -n "$(check_pidfile "${pidfile}" "${command}")" ]; then debug "reloading ${name} configuration" echo "Reloading ${name}." # XXX: Hack with pid_extra ${smbcontrol_command} "${name}${pid_extra}" 'reload-config' ${command_args} >/dev/null 2>&1 fi fi done } samba_cmd() { local name rcvar rcvars v command pidfile samba_daemons result force_run # Prevent recursive calling unset "${rc_arg}_cmd" "${rc_arg}_precmd" "${rc_arg}_postcmd" # Stop processes in the reverse order if [ "${rc_arg}" = "stop" ] ; then samba_daemons=$(reverse_list ${samba_daemons}) fi # Ignore rcvar and run command if [ -n "${_rc_prefix}" -a "${_rc_prefix}" = "one" ] || [ -n "${rc_force}" ] || [ -n "${rc_fast}" ]; then force_run=yes fi # Assume success result=0 # Apply to all daemons for name in ${samba_daemons}; do # XXX rcvars=''; v='' rcvar=${name}_enable command="/usr/local/sbin/${name}" pidfile="/var/run/samba4/${name}${pid_extra}.pid" # Daemon should be enabled and running if ( [ -n "${rcvar}" ] && checkyesno "${rcvar}" ) || [ -n "$force_run" ]; then run_rc_command "${_rc_prefix}${rc_arg}" ${rc_extra_args} # If any of the commands failed, take it as a global result result=$((${result} || $?)) fi done return ${result} } samba_config_init() { local name # Load configuration load_rc_config "${name}" for name in ${samba_daemons}; do load_rc_config "${name}" done # Location of the config samba_config=${samba_config="${samba_config_default}"} #" # XXX: Hack to work around name change of pid file with non-default config if [ -n "${samba_config}" -a "${samba_config}" != "${samba_config_default}" ]; then pid_extra="-$(basename "${samba_config}")" fi # Setup dependent variables if [ -n "${rcvar}" ] && checkyesno "${rcvar}"; then nmbd_enable=${nmbd_enable=YES} smbd_enable=${smbd_enable=YES} fi # Defaults samba_enable=${samba_enable:=NO} nmbd_enable=${nmbd_enable:=NO} smbd_enable=${smbd_enable:=NO} # Winbindd if [ -z "${winbind_enable}" ]; then samba_idmap=$(${samba_parm} 'idmap uid' "${samba_config}" 2>/dev/null) # Check that winbindd is actually configured if [ -n "${samba_idmap}" ]; then winbindd_enable="YES" fi winbindd_enable=${winbindd_enable:=NO} fi } # Load configuration variables samba_config_init # Common flags command_args=${samba_config:+-s "${samba_config}"} #" nmbd_flags=${nmbd_flags="-D"} smbd_flags=${smbd_flags="-D"} winbindd_flags=${winbindd_flags=''} # Requirements required_files="${samba_config}" required_dirs="${samba_lockdir}" run_rc_command "$1"And here is /etc/rc.conf:
ifconfig_vr1="inet 192.168.1.14 netmask 255.255.255.0" ifconfig_vr0="inet XXX.XXX.XXX.XXX netmask 255.255.255.0" defaultrouter="XXX.XXX.XXX.XXX" named_enable="YES" ntpd_enable="YES" ntpd_flags="-p /var/run/ntpd.pid" gateway_enable="YES" firewall_enable="YES" natd_enable="YES" natd_interface="vr0" natd_flags="" squid_enable="YES" hostname="gate.domain_name.local" keymap="ru.cp1251" scrnmap="win2cpp866" font8x16=cp866b-8x16 font8x14=cp866-8x14 font8x8=cp866-8x8 moused_enable="YES" sshd_enable="YES" inetd_enable="YES" samba_enable="YES" winbindd_enable="YES"Now reboot and test everything again.
Thanks for reading my first article here, feel free to comment. Вопросы можно задать и на русском языке.
Ошибка в файле /usr/local/etc/rc.d/samba на 83 строке - отсутствует символ ">". В результате при запуске зачем-то сносится устройство /dev/null
ОтветитьУдалитьВаша правда, видимо при вставке текста редактор принял "</" за закрывающий тэг. Добавил пробел, теперь должно быть ОК. Спасибо за замечание!
Удалить