As of Solaris 11.1 Samba 4 is still not in Oracle’s official IPS repo, only Samba 3 is.
Here’s how to build, install and integrate Samba4 into Solaris 11.
In this posting I’m starting out with a newly installed zone. The zone’s sole purpose is to host Samba. The only reason I do it like this is that I like each of my zones only to have one purpose.
The OS is Solaris 11.1.
The Samba version used here is 4.1.8.
Preparing the host
Install compiler and other tools:
pkg install pkg://solaris/archiver/gnu-tar \ pkg://solaris/developer/build/gnu-make \ pkg://solaris/developer/build/make \ pkg://solaris/developer/gcc-45 \ pkg://solaris/system/header
Please see these posts for best practice as to that to always install on a Solaris 11 host:
Following these posts will save you lots of trouble later on, not just with Samba4.
Obtaining and unpacking sources
Get Samba sources by doing:
Then unpack and untar:
gtar -zxf samba-latest.tar.gz
(Note how I use
gtar instead of
tar. Take my advice: you might as well make it a habit always to use
gtar instead of
Building and installing
Build by doing
./configure MAKE=gmake gmake
(as is the typical case with
configure your software will be installed in
/usr/local unless you specify otherwise with the
Install by doing:
MAKE=gmake gmake install
(Note how I use
gmake instead of
make. Take my advice: you might as well make it a habit always to use
gmake instead of
make when using makefiles that was possibly only tested with GNU make.)
A note about ACLs
If you are on Solaris 11 then most certainly your file system is ZFS.
Samba 4 by default uses POSIX-style ACLs. This is a problem because ZFS uses NFSv4 style ACLs.
POSIX-style ACLs are the old kind, from a time when the requirements where a lot more simple. NFSv4 style ACLs can express a hell of a lot more and are much more like the ACLs used on NTFS. In my mind NFSv4 is the new world and POSIX-style ACLs is the old world. Moreso when NFSv4-style ACLs are a lot more comparable to NTFS-style ACLs. I guess the reason why Samba focuses on POSIX-style ACLs is its Linux heritage.
Fortunately there’s good news. You just have to remember to add
--use-ntvfs when you provision your Samba domain controller as per this wiki document.
So when you provision you’ll do something like this:
/usr/local/samba/bin/samba-tool domain provision --use-rfc2307 --interactive --use-ntvfs
Starting and stopping using SMF
You really should be using SMF to start and stop Samba and make sure it starts on boot.
Here’s a commented SMF manifest you can use:
<?xml version="1.0"?> <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1"> <!-- ********************************************************************** SMF Service definition for Samba 4. For Solaris 10 or Solaris 11. ********************************************************************** --> <service_bundle type='manifest' name='Samba'> <service name='network/samba4' type='service' version='1'> <create_default_instance enabled='false' /> <!-- Only allow Samba to be running once. --> <single_instance /> <!-- Dependencies. Samba can start when network and local file system is up. --> <dependency name='net-loopback' grouping='require_any' restart_on='none' type='service'> <service_fmri value='svc:/network/loopback'/> </dependency> <dependency name='net-service' grouping='require_all' restart_on='none' type='service'> <service_fmri value='svc:/network/service'/> </dependency> <dependency name='net-physical' grouping='require_all' restart_on='none' type='service'> <service_fmri value='svc:/network/physical'/> </dependency> <dependency name='filesystem-local' grouping='require_all' restart_on='none' type='service'> <service_fmri value='svc:/system/filesystem/local'/> </dependency> <!-- Define how to start Samba. stop: we use the ":kill" special value, which means that we leave it to SMF exactly how to kill Samba. SMF's default method for stopping a service is to issue a kill on the contract. (If you are unfamiliar with the concept of contracts - which is heavily used by SMF - then just think of this action as the equivalent of issuing a kill command on the Samba master process. SMF works in a way so we never again have to think of storing pid files for later kill ops. Nice.) restart: we do not explicitly define how to restart Samba but let SMF use its default method (which is to execute the stop action followed by the start action). --> <exec_method type='method' name='start' exec='/usr/local/samba/sbin/samba --daemon' timeout_seconds='180'> </exec_method> <exec_method type='method' name='stop' exec=':kill' timeout_seconds='60' > </exec_method> <!-- OPTIONAL Delegation: The properties below means that anyone who has been assigned the 'com.mycompany.smf.manage.samba' authorization attribute (either through a role, a profile or directly) can do just about anything to this service. --> <property_group name='general' type='framework'> <propval name='action_authorization' type='astring' value='com.mycompany.smf.manage.samba' /> <propval name='value_authorization' type='astring' value='com.mycompany.smf.manage.samba' /> </property_group> <template> <common_name> <loctext xml:lang='C'> Samba 4 - Domain Controller, SMB server, etc </loctext> </common_name> </template> </service> </service_bundle>
Copy and paste the above manifest into a file named
Execute the following commands to import the manifest:
svccfg validate /lib/svc/manifest/network/samba4.xml svccfg import /lib/svc/manifest/network/samba4.xml
Now start the Samba4 service by doing:
svcadm enable samba4
That’s all. As with any other SMF enabled service Samba4 can now be stopped and started with the
svcadm command. SMF will make sure Samba4 is started at the right time during the boot sequence. Furthermore SMF will make sure to restart Samba if it crashes .. which of course it won’t. Finally SMF will also ensure that you can only ever start Samba4 once, no risk of starting it by mistake if it is already started and alive.