The Unofficial Samba HOWTO
Prev   Next

2. Installing Samba

"All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use hammer." -- IBM maintenance manual, 1975

When installing Samba, you can either choose from a binary or source distribution. Binaries are usually pre-compiled and available from your Linux vendor's distribution CD. The disadvantage is that you're never certain how the binary was configured during the build. Additionally, such binaries tend to be optimized for older processors and not the modern Pentium-based ones. Building from scratch is perhaps the best way to gain experience in *NIX.

2.1 Download

To download both Samba and its PGP signature, you can use something like:

$ wget http://us1.samba.org/samba/ftp/samba-3.0.2a.tar.gz
$ wget http://us1.samba.org/samba/ftp/samba-3.0.2a.tar.asc

2.2 Verify

Verifying a file's PGP signature allows you to ensure that the file itself has not been tampered with. In these days of insecurity, it's an absolute must when building from scratch for any program. You'll need gpg or a similar program to do this.

First, we need to download the master Samba Signing Public Key and import it. Otherwise, we have no way to verify the two files we've just downloaded:

$ gpg --keyserver www.keyserver.net --recv-keys 0x2F87AF6F

Since only the tar verision of the file is signed, we need to gunzip(1) and verify it:

$ gunzip samba-3.0.2a.tar.gz
$ gpg --verify samba-3.0.2a.tar.asc

You should see something like the following (below). The warnings about "no ultimately trusted keys found" can be ignored since we only imported the Samba master signing key and have not ultimately trusted it.

gpg: Signature made Mon Dec 15 06:56:17 2003 PST using DSA key ID 2F87AF6F
gpg: Good signature from "Samba Distribution Verification Key <samba-bugs@samba.org>"
gpg: checking the trustdb
gpg: no ultimately trusted keys found
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 3275 F01D 6565 3A81 AE7B 320C D779 0A5F 2F87 AF6F

What you would not want to see would be something like:

gpg: Signature made Mon Dec 15 06:56:17 2003 PST using DSA key ID 2F87AF6F
gpg: BAD signature from "Samba Distribution Verification Key <samba-bugs@samba.org>"

Last but not least, we should finish uncompressing our Samba source file:

$ tar xf samba-3.0.2a.tar

2.3 Configure

To install Samba with these configuration options, use:

$ cd samba-3.0.2a/source
$ ./configure \
     --prefix=/usr \
     --localstatedir=/var \
     --with-configdir=/etc/samba \
     --with-privatedir=/etc/samba/private \
     --with-lockdir=/var/lock \
     --with-piddir=/var/run \
     --with-logfilebase=/var/log \
     --with-smbmount \
     --with-utmp \
     --with-syslog

The configuration options roughly translate to:

--prefix=/usr

Without this setting, Samba will be installed in /usr/local/samba, a location steeped in historical precedence. Developers tend to prefer to have everything in one place as they tend to "blow away" the directory several times during a day as part of development. However, it's useful to have Samba be installed in our system path.

--localstatedir=/var

Place all variable state data in /var rather than /usr/local/samba/var

--with-configdir=/etc

Place all system configuration files in /etc/samba rather than /usr/local/samba/conf

--with-privatedir=/etc/samba/private

Place the smbpasswd database, along with other private files, in /etc/samba/private rather than /usr/local/samba/conf/private

--with-lockdir=/var/lock

Place the lockfile in /var/lock rather than /usr/local/samba/var/locks

--with-piddir=/var/run

Place the runtime file in /var/run rather than /usr/local/samba/var/locks

--with-logfilebase=/var/log

Place the logfiles in /var/log rather than /usr/local/samba/var/log

--with-smbmount

If you plan to mount Windows shares on your Linux box, you'll need this command. Usually, your system's mount command requires no additional information about the type of filesystem you are attempting to mount. For a few types however (e.g., NFS, SMB/CIFS), additional code is necessary. Using this option automatically creates the smbmount and smbumount commands along with the file /sbin/mount.smbfs (which is actually just a soft link to smbmount).

--with-utmp

Tells Samba to generate user accounting statistcs in the system's utmp file.

--with-syslog

Enable experiemental logging directly via syslog.

2.4 Build

Next, we'll build Samba:

$ make

If space is an issue, you can remove any unneeded symbols from the compiled binaries and libraries to reduce the size of the program. As a result, our final Samba package will be approximately 19 MB in size instead of 41 MB. We have to be careful doing this as we don't want to remove any necessary symbols from our shared library file (libsmbclient.so). If this is something you really want to do, you can try:

$ strip --strip-debug bin/libsmbclient.so
$ mv bin/libsmbclient.so .
$ strip --strip-unneeded bin/*
$ mv libsmbclient.so bin/

Finally, we'll install the program:

# make install

2.5 SWAT

SWAT should really stand for "Single Worst Annoying Technology". Unless you really want to short-change your learning curve and/or have a need for this, you'll want to remove it. Those that configure the system by hand will be better off than their SWAT-dependent counterparts. To remove swat, simply run:

# rm -rf /usr/swat

2.6 Update the System

First, verify that your /etc/services file includes the following definitions (chances are that they're already defined). Don't be suprised if you see entries for 137/tcp and so forth; IANA typically includes both tcp and udp entries regardless of whether or not the protocol requires it. The following entries correspond to http://www.iana.org/assignments/port-numbers:

netbios-ns	137/udp		# NETBIOS Name Service
netbios-dgm	138/udp		# NETBIOS Datagram Service
netbios-ssn	139/tcp		# NETBIOS Session Service
microsoft-ds	445/tcp		# Microsoft-DS

2.7 Samba Configuration File

You'll need to create your initial smb.conf(5) file in /etc/samba/smb.conf. The following won't do much other than allow you to run Samba (it doesn't even list any shared yet); however you'll need this file in order to run Samba and continue configuring it.

[global] 
     netbios name = ServerName
     workgroup = WORKGROUP 
     security = user 
     log file = /var/log/samba.log 
     log level = 1 
     socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 
     wins support = yes 
     domain logons = yes 
     os level = 99 

2.8 Running Samba

To run the file sharing portion of the Samba server, use:

# /usr/sbin/smbd -D

To run the WINS portion of the Samba server, you'll also want to run:

# /usr/sbin/nmbd -D

To automatically start and stop Samba, you can use:

#!/bin/sh
# $Id: rc.samba,v 1.2 2004/02/03 11:15:11 davidrl Exp $
# chkconfig: 2345 24 48
# description: Script to start/stop/restart the Samba SMB file/print server.

samba_start() {
	if [ -f /etc/samba/smb.conf ]; then
	        if [ -x /usr/bin/smbd ]; then
			echo "Starting Samba (smbd)"
        	        /usr/bin/smbd -D
        	fi
        	if [ -x /usr/bin/nmbd ]; then
			echo "Starting Samba (nmbd)"
        	        /usr/bin/nmbd -D
	        fi
	fi
}

samba_stop() {
	echo "Stopping Samba..."
	if [ -f /var/locks/smbd.pid ]; then
        	kill `cat /var/locks/smbd.pid`
	fi
	if [ -f /var/locks/nmbd.pid ]; then
        	kill `cat /var/locks/nmbd.pid`
	fi
}

samba_restart() {
        samba_stop
        sleep 5
        samba_start
}

case "$1" in
'start')
        samba_start
        ;;
'stop')
        samba_stop
        ;;
'restart')
        samba_restart
        ;;
*)
        echo "Usage: $0 start|stop|restart"
esac

Prev Home Next
Introduction   Server Configuration