Samba 4 on Solaris 11

As of Solaris 11.1 Samba 4 is still not in Oracle’s official IPS repo, only Samba 3 is.

Here’s how to build, install and integrate Samba4 into Solaris 11.

In this posting I’m starting out with a newly installed zone. The zone’s sole purpose is to host Samba. The only reason I do it like this is that I like each of my zones only to have one purpose.

The OS is Solaris 11.1.
The Samba version used here is 4.1.8.

 

Preparing the host

Install compiler and other tools:

pkg install pkg://solaris/archiver/gnu-tar \
            pkg://solaris/developer/build/gnu-make \
            pkg://solaris/developer/build/make \
            pkg://solaris/developer/gcc-45 \
            pkg://solaris/system/header

Please see these posts for best practice as to that to always install on a Solaris 11 host:

Following these posts will save you lots of trouble later on, not just with Samba4.

 

Obtaining and unpacking sources

Get Samba sources by doing:

wget http://www.samba.org/samba/ftp/samba-latest.tar.gz

Then unpack and untar:

gtar -zxf samba-latest.tar.gz

(Note how I use gtar instead of tar. Take my advice: you might as well make it a habit always to use gtar instead of tar.)

 

Building and installing

Build by doing

./configure
MAKE=gmake gmake

(as is the typical case with configure your software will be installed in /usr/local unless you specify otherwise with the --prefix option)

Install by doing:

MAKE=gmake gmake install

(Note how I use gmake instead of make. Take my advice: you might as well make it a habit always to use gmake instead of make when using makefiles that was possibly only tested with GNU make.)

 

A note about ACLs

If you are on Solaris 11 then most certainly your file system is ZFS.

Samba 4 by default  uses POSIX-style ACLs. This is a problem because ZFS uses NFSv4 style ACLs.

POSIX-style ACLs are the old kind, from a time when the requirements where a lot more simple. NFSv4 style ACLs can express a hell of a lot more and are much more like the ACLs used on NTFS. In my mind NFSv4 is the new world and POSIX-style ACLs is the old world. Moreso when NFSv4-style ACLs are a lot more comparable to NTFS-style ACLs. I guess the reason why Samba focuses on POSIX-style ACLs is its Linux heritage.

Fortunately there’s good news. You just have to remember to add --use-ntvfs when you provision your Samba domain controller as per this wiki document.

So when you provision you’ll do something like this:

/usr/local/samba/bin/samba-tool domain provision --use-rfc2307 --interactive --use-ntvfs

 

 

Starting and stopping using SMF

You really should be using SMF to start and stop Samba and make sure it starts on boot.

Here’s a commented SMF manifest you can use:

<?xml version="1.0"?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<!--
**********************************************************************

SMF Service definition for Samba 4.

For Solaris 10 or Solaris 11.

**********************************************************************
-->

<service_bundle type='manifest' name='Samba'>
  <service name='network/samba4' type='service' version='1'>

    <create_default_instance enabled='false' />

    <!-- Only allow Samba to be running once.    -->
    <single_instance />

    <!-- Dependencies. Samba can start when network and local file system is up. -->
    <dependency name='net-loopback' grouping='require_any' restart_on='none' type='service'>
      <service_fmri value='svc:/network/loopback'/>
    </dependency>
    <dependency name='net-service' grouping='require_all' restart_on='none' type='service'>
      <service_fmri value='svc:/network/service'/>
    </dependency>
    <dependency name='net-physical' grouping='require_all' restart_on='none' type='service'>
      <service_fmri value='svc:/network/physical'/>
    </dependency>
    <dependency name='filesystem-local' grouping='require_all' restart_on='none' type='service'>
      <service_fmri value='svc:/system/filesystem/local'/>
    </dependency>

    <!-- Define how to start Samba.
         stop: we use the ":kill" special value, which means that we leave it
               to SMF exactly how to kill Samba. SMF's default method for stopping
               a service is to issue a kill on the contract. (If you are unfamiliar with
               the concept of contracts - which is heavily used by SMF - then just think of
               this action as the equivalent of issuing a kill command on the Samba
               master process. SMF works in a way so we never again have to think of storing
               pid files for later kill ops. Nice.)
         restart: we do not explicitly define how to restart Samba but let
               SMF use its default method (which is to execute the stop action
               followed by the start action).
    -->

    <exec_method
      type='method'
      name='start'
      exec='/usr/local/samba/sbin/samba --daemon'
      timeout_seconds='180'>
    </exec_method>

    <exec_method
      type='method'
      name='stop'
      exec=':kill'
      timeout_seconds='60' >
    </exec_method>

    <!--  OPTIONAL
          Delegation: The properties below means that anyone who has been assigned the
          'com.mycompany.smf.manage.samba' authorization attribute (either through
          a role, a profile or directly) can do just about anything to this service.   -->
    <property_group name='general' type='framework'>
      <propval name='action_authorization' type='astring' value='com.mycompany.smf.manage.samba' />
      <propval name='value_authorization' type='astring' value='com.mycompany.smf.manage.samba' />
    </property_group>

    <template>
      <common_name>
        <loctext xml:lang='C'>
          Samba 4 - Domain Controller, SMB server, etc
        </loctext>
      </common_name>
    </template>

  </service>
</service_bundle>

 

Copy and paste the above manifest into a file named samba4.xml in /lib/svc/manifest/network/.
Execute the following commands to import the manifest:

svccfg validate /lib/svc/manifest/network/samba4.xml
svccfg import /lib/svc/manifest/network/samba4.xml

Now start the Samba4 service by doing:

svcadm enable samba4

That’s all. As with any other SMF enabled service Samba4 can now be stopped and started with the svcadm command. SMF will make sure Samba4 is started at the right time during the boot sequence. Furthermore SMF will make sure to restart Samba if it crashes .. which of course it won’t. Finally SMF will also ensure that you can only ever start Samba4 once, no risk of starting it by mistake if it is already started and alive.

Advertisements
Posted in Uncategorized

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: