Configuring Samba

The source distribution of Samba 2.0 and above doesn’t initially have a makefile. Instead, one is generated through a GNU configure script, which is located in the samba-2.0.x /source/ directory. The configure script, which must be run as root, takes care of the machine-specific issues of building Samba. However, you still may want to decide on some global options. Global options can be set by passing options on the command-line:

# ./configure --with-ssl

For example, this will configure the Samba makefile with support for the Secure Sockets Layer (SSL) encryption protocol. If you would like a complete list of options, type the following:

#./configure --help

Each of these options enable or disable various features. You typically enable a feature by specifying the --with- feature option, which will cause the feature to be compiled and installed. Likewise, if you specify a --without- feature option, the feature will be disabled. As of Samba 2.0.5, each of the following features is disabled by default:

--with-smbwrapper

Include SMB wrapper support, which allows executables on the Unix side to access SMB/CIFS filesystems as if they were regular Unix filesystems. We recommend using this option. However, at this time this book went to press, there were several incompatibilities between the smbwrapper package and the GNU libc version 2.1, and it would not compile on Red Hat 6.0. Look for more information on these incompatibilities on the Samba home page.

--with-afs

Include support of the Andrew Filesystem from Carnegie Mellon University. If you’re going to serve AFS files via Samba, we recommend compiling Samba once first without enabling this feature to ensure that everything runs smoothly. Once that version is working smoothly, recompile Samba with this feature enabled and compare any errors you might receive against the previous setup.

--with-dfs

Include support for DFS, a later version of AFS, used by OSF/1 (Digital Unix). Note that this is not the same as Microsoft DFS, which is an entirely different filesystem. Again, we recommend compiling Samba once first without this feature to ensure that everything runs smoothly, then recompile with this feature to compare any errors against the previous setup.

--with-krb4=base-directory

Include support for Kerberos version 4.0, explicitly specifying the base directory of the distribution. Kerberos is a network security protocol from MIT that uses private key cryptography to provide strong security between nodes. Incidentally, Microsoft has announced that Kerberos 5.0 will be the standard authentication mechanism for Microsoft Windows 2000 (NT 5.0). However, the Kerberos 5.0 authentication mechanisms are quite different from the Kerberos 4.0 security mechanisms. If you have Kerberos version 4 on your system, the Samba team recommends that you upgrade and use the --with-krb5 option (see the next item). You can find more information on Kerberos at http://web.mit.edu/kerberos/www.

--with-krb5=base-directory

Include support for Kerberos version 5.0, explicitly specifying the base directory of the distribution. Microsoft has announced that Kerberos 5.0 will be the standard authentication mechanism for Microsoft Windows 2000 (NT 5.0). However, there is no guarantee that Microsoft will not extend Kerberos for their own needs in the future. Currently, Samba’s Kerberos support only uses a plaintext password interface and not an encrypted one. You can find more information on Kerberos at its home page: http://web.mit.edu/kerberos/www.

--with-automount

Include support for automounter, a feature often used on sites that offer NFS.

--with-smbmount

Include smbmount support, which is for Linux only. This feature wasn’t being maintained at the time the book was written, so the Samba team made it an optional feature and provided smbwrapper instead. The smbwrapper feature works on more Unix platforms than smbmount, so you’ll usually want to use --with-smbwrapper instead of this option.

--with-pam

Include support for pluggable authentication modules (PAM), an authentication feature common in the Linux operating system.

--with-ldap

Include support for the Lightweight Directory Access Protocol (LDAP). A future version of LDAP will be used in the Windows 2000 (NT 5.0) operating system; this Samba support is experimental. LDAP is a flexible client-server directory protocol that can carry information such as certificates and group memberships.[11]

--with-nis

Include support for getting password-file information from NIS (network yellow pages).

--with-nisplus

Include support for obtaining password-file information from NIS+, the successor to NIS.

--with-ssl

Include experimental support for the Secure Sockets Layer (SSL), which is used to provide encrypted connections from client to server. Appendix A, describes setting up Samba with SSL support.

--with-nisplus-home

Include support for locating which server contains a particular user’s home directory and telling the client to connect to it. Requires --with-nis and, usually, --with-automounter.

--with-mmap

Include experimental memory mapping code. This is not required for fast locking, which already uses mmap or System V shared memory.

--with-syslog

Include support for using the SYSLOG utility for logging information generated from the Samba server. There are a couple of Samba configuration options that you can use to enable SYSLOG support; Chapter 4, discusses these options.

--with-netatalk

Include experimental support for interoperating with the (Macintosh) Netatalk file server.

--with-quotas

Include disk-quota support.

Because each of these options is disabled by default, none of these features are essential to Samba. However, you may want to come back and build a modified version of Samba if you discover that you need one at a later time.

In addition, Table 2.1 shows some other parameters that you can give the configure script if you wish to store parts of the Samba distribution in different places, perhaps to make use of multiple disks or partitions. Note that the defaults sometimes refer to a prefix specified earlier in the table.

Table 2-1. Additional Configure Options

Option

Meaning

Default

--prefix=directory

Install architecture-independent files at the base directory specified.

/usr/local/samba

--eprefix=directory

Install architecture-dependent files at the base directory specified.

/usr/local/samba

--bindir=directory

Install user executables in the directory specified.

eprefix /bin

--sbindir=directory

Install administrator executables in the directory specified.

eprefix /bin

--libexecdir=directory

Install program executables in the directory specified.

eprefix /libexec

--datadir=directory

Install read-only architecture independent data in the directory specified.

prefix /share

--libdir=directory

Install program libraries in the directory specified.

eprefix /lib

--includedir=directory

Install package include files in the directory specified.

prefix /include

--infodir=directory

Install additional information files in the directory specified.

prefix /info

--mandir=directory

Install manual pages in the directory specified.

prefix /man

Again, before running the configure script, it is important that you are the root user on the system. Otherwise, you may get a warning such as:

configure: warning: running as non-root will disable some tests

You don’t want any test to be disabled when the Samba makefile is being created; this leaves the potential for errors down the road when compiling or running Samba on your system.

Here is a sample execution of the configure script, which creates a Samba 2.0.4 makefile for the Linux platform. Note that you must run the configure script in the source directory, and that several lines from the middle of the excerpt have been omitted:

# cd samba-2.0.4b/source/
# ./configure | tee mylog

loading cache ./config.cache
checking for gcc... (cached) gcc
checking whether the C compiler (gcc -O ) works... yes
checking whether the C compiler (gcc -O ) is a cross-compiler... no
checking whether we are using GNU C... (cached) yes
checking whether gcc accepts -g... (cached) yes
checking for a BSD compatible install... (cached) /usr/bin/install -c

...(content omitted)...

checking configure summary
configure OK
creating ./config.status
creating include/stamp-h
creating Makefile
creating include/config.h

In general, any message from configure that doesn’t begin with the words checking or creating is an error; it often helps to redirect the output of the configure script to a file so you can quickly search for errors, as we did with the tee command above. If there was an error during configuration, more detailed information about it can be found in the config.log file, which is written to the local directory by the configure script.

If the configuration works, you’ll see a checking configure summary message followed by a configure OK message and four or five file creation messages. So far, so good.... Next step: compiling.



[11] By directory, we don’t mean a directory in a file system, but instead an indexed directory (such as a phone directory). Information is stored and can be easily retrieved in a public LDAP system.

Get Using Samba now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.