Difference between revisions of "Samba4 Development"

From SME Server
Jump to navigationJump to search
Line 12: Line 12:
 
===/etc/smb.conf===
 
===/etc/smb.conf===
 
Complete rewrite of all template fragments
 
Complete rewrite of all template fragments
 +
 +
===smb.conf Considerations===
 +
 +
'''Server Services:''' This parameter is not very well documented, but from what I could find thefollow services can be provided by the Samba daemon: s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, ntp_signd, kcc, dnsupdate, dns, smb, nmb, winbind.  The default for this parameter is: server services = s3fs rpc nbt wrepl ldap cldap kdc drepl winbind ntp_signd kcc dnsupdate dns. Services can be added/remove from the default by a +/- and the service to add/remove.  Example
 +
server services = -s3fs (remove) +smb (add).  Note that the smb, nmb, and windbind services are services equivalent to the older, Samba 3, type services (stand alone daemons).  Of specific interest to SME 9 may be the use of the nmb service for WINS support.  As we begin testing we may need to enable this service and possibly smb for simple share access.
 +
 +
'''Server Role:'''' Samba 4 currently only supports the active directory domain controller server role.  For now, we'll force Samba config into DC server role, but provide a fragment for expansion later.  There is a long explaintion behind this, but for now, restriction doesn't hurt us.  SME as a DC will provide auth for both domain membership and simple shares by either joining the domain or logging into the server every time.
  
 
===/etc/raddb/radius.conf===
 
===/etc/raddb/radius.conf===
Line 24: Line 31:
 
etc/raddb/radiusd.conf/65authorization40default:        ( $ldap{Authentication} || 'disabled' ) eq 'enabled' ? 'ldap' : 'smbpasswd';
 
etc/raddb/radiusd.conf/65authorization40default:        ( $ldap{Authentication} || 'disabled' ) eq 'enabled' ? 'ldap' : 'smbpasswd';
  
==smb.conf Considerations==
+
===/etc/krb5.conf===
 
+
Create based new template fragments for this configuration file
'''Server Services:''' This parameter is not very well documented, but from what I could find thefollow services can be provided by the Samba daemon: s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, ntp_signd, kcc, dnsupdate, dns, smb, nmb, winbind.  The default for this parameter is: server services = s3fs rpc nbt wrepl ldap cldap kdc drepl winbind ntp_signd kcc dnsupdate dns. Services can be added/remove from the default by a +/- and the service to add/remove.  Example
 
server services = -s3fs (remove) +smb (add).  Note that the smb, nmb, and windbind services are services equivalent to the older, Samba 3, type services (stand alone daemons).  Of specific interest to SME 9 may be the use of the nmb service for WINS support.  As we begin testing we may need to enable this service and possibly smb for simple share access.
 
 
 
'''Server Role:'''' Samba 4 currently only supports the active directory domain controller server role.  For now, we'll force Samba config into DC server role, but provide a fragment for expansion later.  There is a long explaintion behind this, but for now, restriction doesn't hurt us.  SME as a DC will provide auth for both domain membership and simple shares by either joining the domain or logging into the server every time.
 
  
 
==Configuration Database Parameters to Modify==
 
==Configuration Database Parameters to Modify==

Revision as of 05:56, 26 October 2014

Introduction

This wiki page will be used to track the integration effort of Samba 4 into SME 9+

G.Zartman Note: At this point, I'm just going to randomly ramble on this wiki page as I work on Samba 4. Once I get some workable pieces, I'll go back and format this page so that it makes more sense.

Samba 4 Packages

General Development Notes

Template Fragments to Modify

/etc/smb.conf

Complete rewrite of all template fragments

smb.conf Considerations

Server Services: This parameter is not very well documented, but from what I could find thefollow services can be provided by the Samba daemon: s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, ntp_signd, kcc, dnsupdate, dns, smb, nmb, winbind. The default for this parameter is: server services = s3fs rpc nbt wrepl ldap cldap kdc drepl winbind ntp_signd kcc dnsupdate dns. Services can be added/remove from the default by a +/- and the service to add/remove. Example server services = -s3fs (remove) +smb (add). Note that the smb, nmb, and windbind services are services equivalent to the older, Samba 3, type services (stand alone daemons). Of specific interest to SME 9 may be the use of the nmb service for WINS support. As we begin testing we may need to enable this service and possibly smb for simple share access.

Server Role:' Samba 4 currently only supports the active directory domain controller server role. For now, we'll force Samba config into DC server role, but provide a fragment for expansion later. There is a long explaintion behind this, but for now, restriction doesn't hurt us. SME as a DC will provide auth for both domain membership and simple shares by either joining the domain or logging into the server every time.

/etc/raddb/radius.conf

etc/raddb/radiusd.conf/25modules30smbpasswd: # An example configuration for using /etc/samba/smbpasswd. etc/raddb/radiusd.conf/25modules30smbpasswd:} passwd smbpasswd \{ etc/raddb/radiusd.conf/25modules30smbpasswd: filename = /etc/samba/smbpasswd etc/raddb/radiusd.conf/25modules25mschap: # reading from /etc/smbpasswd. etc/raddb/radiusd.conf/25modules25mschap: # If you are using /etc/smbpasswd, see the 'passwd' etc/raddb/radiusd.conf/25modules25mschap: # module for an example of how to use /etc/smbpasswd etc/raddb/radiusd.conf/65authorization40default: # If you are using /etc/smbpasswd, and are also doing etc/raddb/radiusd.conf/65authorization40default: # configure the 'smbpasswd' module, above. etc/raddb/radiusd.conf/65authorization40default: ( $ldap{Authentication} || 'disabled' ) eq 'enabled' ? 'ldap' : 'smbpasswd';

/etc/krb5.conf

Create based new template fragments for this configuration file

Configuration Database Parameters to Modify

SMBD : Delete

NMBD : Delete

SMB : In general, all of the template fragments have been redesigned to allow dbase parameters to override many Samba defaults. Specific parameters that need to be defined or modified are as follows:

    • ServerRole: Redefine with the following:
      • SA: Stand Alone Server Mode
      • BD: Backup Domain Controller/Member
      • DC: Domain Controller (Current default. See server role explanation)
    • UnixCharSet: Delete
    • KernelOplocks: Add and set to enabled
    • Level2Oplocks: Add and set to enabled
    • OSLevel: Redefine to 65
    • dnsForwarder: New parameter that could be defined to forward DNS requests from the Samba DNS to another DNS.

Services to Modify

smbd : Remove nmbd : Remove samba: Create new daemontools service using smbd as a template

Status