source: branches/samba-3.3.x/docs/htmldocs/Samba3-HOWTO/install.html@ 342

Last change on this file since 342 was 274, checked in by Herwig Bauernfeind, 17 years ago

Update 3.3 branch to 3.3.5
File size: 36.8 KB
Line 
1<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 1. How to Install and Test SAMBA</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="index.html" title="The Official Samba 3.3.x HOWTO and Reference Guide"><link rel="up" href="introduction.html" title="Part I. General Installation"><link rel="prev" href="introduction.html" title="Part I. General Installation"><link rel="next" href="FastStart.html" title="Chapter 2. Fast Start: Cure for Impatience"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 1. How to Install and Test SAMBA</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="introduction.html">Prev</a> </td><th width="60%" align="center">Part I. General Installation</th><td width="20%" align="right"> <a accesskey="n" href="FastStart.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="install"></a>Chapter 1. How to Install and Test SAMBA</h2></div><div><div class="author"><h3 class="author"><span class="firstname">Andrew</span> <span class="orgname">Samba Team</span> <span class="surname">Tridgell</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><code class="email">&lt;<a class="email" href="mailto:[email protected]">[email protected]</a>&gt;</code></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Jelmer</span> <span class="othername">R.</span> <span class="orgname">The Samba Team</span> <span class="surname">Vernooij</span></h3><div class="affiliation"><span class="orgname">The Samba Team<br></span><div class="address"><p><code class="email">&lt;<a class="email" href="mailto:[email protected]">[email protected]</a>&gt;</code></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="orgname">Samba Team</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><code class="email">&lt;<a class="email" href="mailto:[email protected]">[email protected]</a>&gt;</code></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Karl</span> <span class="orgname">Samba Team</span> <span class="surname">Auer</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><code class="email">&lt;<a class="email" href="mailto:[email protected]">[email protected]</a>&gt;</code></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Dan</span> <span class="orgname">Samba Team</span> <span class="surname">Shearer</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><code class="email">&lt;<a class="email" href="mailto:[email protected]">[email protected]</a>&gt;</code></p></div></div></div></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="install.html#id2551936">Obtaining and Installing Samba</a></span></dt><dt><span class="sect1"><a href="install.html#id2551976">Configuring Samba (smb.conf)</a></span></dt><dd><dl><dt><span class="sect2"><a href="install.html#id2552018">Configuration File Syntax</a></span></dt><dt><span class="sect2"><a href="install.html#tdbdocs">TDB Database File Information</a></span></dt><dt><span class="sect2"><a href="install.html#id2552921">Starting Samba</a></span></dt><dt><span class="sect2"><a href="install.html#id2553100">Example Configuration</a></span></dt><dt><span class="sect2"><a href="install.html#id2553503">SWAT</a></span></dt></dl></dd><dt><span class="sect1"><a href="install.html#id2553562">List Shares Available on the Server</a></span></dt><dt><span class="sect1"><a href="install.html#id2553614">Connect with a UNIX Client</a></span></dt><dt><span class="sect1"><a href="install.html#id2553705">Connect from a Remote SMB Client</a></span></dt><dd><dl><dt><span class="sect2"><a href="install.html#id2553786">What If Things Don't Work?</a></span></dt><dt><span class="sect2"><a href="install.html#id2553827">Still Stuck?</a></span></dt></dl></dd><dt><span class="sect1"><a href="install.html#id2553859">Common Errors</a></span></dt><dd><dl><dt><span class="sect2"><a href="install.html#id2553870">Large Number of smbd Processes</a></span></dt><dt><span class="sect2"><a href="install.html#id2553957">Error Message: open_oplock_ipc</a></span></dt><dt><span class="sect2"><a href="install.html#id2553989">The network name cannot be found</a></span></dt></dl></dd></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2551936"></a>Obtaining and Installing Samba</h2></div></div></div><p>
2 <a class="indexterm" name="id2551944"></a>
3 Binary packages of Samba are included in almost any Linux or UNIX distribution. There are also some
4 packages available at <a class="ulink" href="http://samba.org/" target="_top">the Samba home page</a>. Refer to the manual of your
5 operating system for details on installing packages for your specific operating system.
6 </p><p>
7 <a class="indexterm" name="id2551962"></a>
8 If you need to compile Samba from source, check <a class="link" href="compiling.html" title="Chapter 42. How to Compile Samba">How to Compile Samba</a>.
9 </p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2551976"></a>Configuring Samba (smb.conf)</h2></div></div></div><p>
10 <a class="indexterm" name="id2551984"></a>
11 <a class="indexterm" name="id2551990"></a>
12 Samba's configuration is stored in the <code class="filename">smb.conf</code> file, which usually resides in
13 <code class="filename">/etc/samba/smb.conf</code> or <code class="filename">/usr/local/samba/lib/smb.conf</code>. You can either
14 edit this file yourself or do it using one of the many graphical tools that are available, such as the
15 Web-based interface SWAT, that is included with Samba.
16 </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552018"></a>Configuration File Syntax</h3></div></div></div><p>
17 <a class="indexterm" name="id2552026"></a>
18 The <code class="filename">smb.conf</code> file uses the same syntax as the various old <code class="filename">.ini</code> files in Windows
19 3.1: Each file consists of various sections, which are started by putting the section name between brackets
20 (<code class="literal">[]</code>) on a new line. Each contains zero or more key/value pairs separated by an equality
21 sign (<code class="literal">=</code>). The file is just a plaintext file, so you can open and edit it with your favorite
22 editing tool.
23 </p><p>
24 <a class="indexterm" name="id2552063"></a>
25 <a class="indexterm" name="id2552069"></a>
26 <a class="indexterm" name="id2552077"></a>
27 <a class="indexterm" name="id2552084"></a>
28 <a class="indexterm" name="id2552090"></a>
29 <a class="indexterm" name="id2552098"></a>
30 Each section in the <code class="filename">smb.conf</code> file represents either a share or a meta-service on the Samba server. The
31 section <code class="literal">[global]</code> is special, since it contains settings that apply to the whole Samba
32 server. Samba supports a number of meta-services, each of which serves its own purpose. For example, the
33 <code class="literal">[homes]</code> share is a meta-service that causes Samba to provide a personal home share for
34 each user. The <code class="literal">[printers]</code> share is a meta-service that establishes print queue support
35 and that specifies the location of the intermediate spool directory into which print jobs are received
36 from Windows clients prior to being dispatched to the UNIX/Linux print spooler.
37 </p><p>
38<a class="indexterm" name="id2552141"></a>
39<a class="indexterm" name="id2552148"></a>
40<a class="indexterm" name="id2552154"></a>
41<a class="indexterm" name="id2552160"></a>
42<a class="indexterm" name="id2552166"></a>
43<a class="indexterm" name="id2552173"></a>
44 The <code class="literal">printers</code> meta-service will cause every printer that is either specified in a
45 <code class="literal">printcap</code> file, via the <code class="literal">lpstat</code>, or via the CUPS API, to be
46 published as a shared print queue. The <code class="literal">printers</code> stanza in the <code class="filename">smb.conf</code> file can
47 be set as not browseable. If it is set to be browseable, then it will be visible as if it is a share.
48 That makes no sense given that this meta-service is responsible only for making UNIX system printers
49 available as Windows print queues. If a <code class="literal">comment</code> parameter is specified, the value
50 of it will be displayed as part of the printer name in Windows Explorer browse lists.
51 </p><p>
52 <a class="indexterm" name="id2552222"></a>
53 Each section of the <code class="filename">smb.conf</code> file that specifies a share, or a meta-service, is called a stanza.
54 The <code class="literal">global</code> stanza specifies settings that affect all the other stanzas in the
55 <code class="filename">smb.conf</code> file. Configuration parameters are documented in the <code class="filename">smb.conf</code> man page. Some parameters
56 can be used only in the <code class="literal">global</code> stanza, some only in share or meta-service stanzas,
57 and some can be used globally or just within a share or meta-service stanza.
58 </p><p>
59 <a class="indexterm" name="id2552265"></a>
60 <a class="link" href="install.html#smbconfminimal" title="Example 1.1. A minimal smb.conf">A minimal smb.conf</a> contains a very minimal <code class="filename">smb.conf</code>.
61 <a class="indexterm" name="id2552284"></a>
62 </p><div class="example"><a name="smbconfminimal"></a><p class="title"><b>Example 1.1. A minimal smb.conf</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2552312"></a><em class="parameter"><code>workgroup = WKG</code></em></td></tr><tr><td><a class="indexterm" name="id2552323"></a><em class="parameter"><code>netbios name = MYNAME</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[share1]</code></em></td></tr><tr><td><a class="indexterm" name="id2552341"></a><em class="parameter"><code>path = /tmp</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[share2]</code></em></td></tr><tr><td><a class="indexterm" name="id2552360"></a><em class="parameter"><code>path = /my_shared_folder</code></em></td></tr><tr><td><a class="indexterm" name="id2552371"></a><em class="parameter"><code>comment = Some random files</code></em></td></tr></table></div></div><br class="example-break"></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="tdbdocs"></a>TDB Database File Information</h3></div></div></div><p>
63 This section contains brief descriptions of the databases that are used by Samba-3.
64 </p><p>
65<a class="indexterm" name="id2552398"></a>
66 The directory in which Samba stores the tdb files is determined by compile-time directives. Samba-3 stores
67 tdb files in two locations. The best way to determine these locations is to execute the following
68 command:
69</p><pre class="screen">
70<code class="prompt">root# </code> smbd -b | grep PRIVATE_DIR
71 PRIVATE_DIR: /etc/samba/private
72</pre><p>
73 This means that the confidential tdb files are stored in the <code class="filename">/etc/samba/private</code>
74 directory. Samba-3 also uses a number of tdb files that contain more mundane data. The location of
75 these files can be found by executing:
76</p><pre class="screen">
77<code class="prompt">root# </code> smbd -b | grep LOCKDIR
78 LOCKDIR: /var/lib/samba
79</pre><p>
80 Therefore the remaining control files will, in the example shown, be stored in the
81 <code class="filename">/var/lib/samba</code> directory.
82 </p><p>
83<a class="indexterm" name="id2552450"></a>
84 The persistent tdb files are described in <a class="link" href="install.html#tdbpermfiledesc" title="Table 1.1. Persistent TDB File Descriptions">the Persistent TDB File
85 Descriptions table</a>. All persistent tdb files should be regularly backed up. Use the
86 <code class="literal">tdbbackup</code> utility to backup the tdb files. All persistent tdb files must be
87 preserved during machine migrations, updates and upgrades.
88 </p><p>
89 The temporary tdb files do not need to be backed up, nor do they need to be preseved across machine
90 migrations, updates or upgrades. The temporary tdb files are described in <a class="link" href="install.html#tdbtempfiledesc" title="Table 1.2. Temporary TDB File Descriptions">
91 the Temporary TDB File Descriptions</a>.
92 </p><div class="table"><a name="tdbpermfiledesc"></a><p class="title"><b>Table 1.1. Persistent TDB File Descriptions</b></p><div class="table-contents"><table summary="Persistent TDB File Descriptions" border="1"><colgroup><col align="left"><col align="justify"></colgroup><thead><tr><th align="left">Name</th><th align="justify">Description</th></tr></thead><tbody><tr><td align="left">account_policy</td><td align="justify"><p>Samba/NT account policy settings, includes password expiration settings.</p></td></tr><tr><td align="left">group_mapping</td><td align="justify"><p>Mapping table from Windows groups/SID to UNIX groups.</p></td></tr><tr><td align="left">ntdrivers</td><td align="justify"><p>Stores per-printer installed driver information.</p></td></tr><tr><td align="left">ntforms</td><td align="justify"><p>Stores per-printer installed forms information.</p></td></tr><tr><td align="left">ntprinters</td><td align="justify"><p>Stores the per-printer devmode configuration settings.</p></td></tr><tr><td align="left">passdb</td><td align="justify"><p>
93 Exists only when the tdbsam passwd backend is used. This file stores the
94 SambaSAMAccount information. Note: This file requires that user POSIX account information is
95 availble from either the /etc/passwd file, or from an alternative system source.
96 </p></td></tr><tr><td align="left">registry</td><td align="justify"><p>
97 Read-only Samba database of a Windows registry skeleton that provides support for exporting
98 various database tables via the winreg RPCs.
99 </p></td></tr><tr><td align="left">secrets</td><td align="justify"><p>
100 This file stores the Workgroup/Domain/Machine SID, the LDAP directory update password, and
101 a further collection of critical environmental data that is necessary for Samba to operate
102 correctly. This file contains very sensitive information that must be protected. It is stored
103 in the PRIVATE_DIR directory.
104 </p></td></tr><tr><td align="left">share_info</td><td align="justify"><p>Stores per-share ACL information.</p></td></tr><tr><td align="left">winbindd_idmap</td><td align="justify"><p>Winbindd's local IDMAP database.</p></td></tr></tbody></table></div></div><br class="table-break"><div class="table"><a name="tdbtempfiledesc"></a><p class="title"><b>Table 1.2. Temporary TDB File Descriptions</b></p><div class="table-contents"><table summary="Temporary TDB File Descriptions" border="1"><colgroup><col align="left"><col align="justify"><col align="left"></colgroup><thead><tr><th align="left">Name</th><th align="justify">Description</th><th align="center">Backup</th></tr></thead><tbody><tr><td align="left">brlock</td><td align="justify"><p>Byte-range locking information.</p></td><td align="left">No</td></tr><tr><td align="left">connections</td><td align="justify"><p>A temporary cache for current connection information used to enforce max connections.</p></td><td align="left">no</td></tr><tr><td align="left">eventlog/*tdb</td><td align="justify"><p>Records of eventlog entries. In most circumstances this is just a cache of system logs.</p></td><td align="left">no</td></tr><tr><td align="left">gencache</td><td align="justify"><p>Generic caching database for dead WINS servers and trusted domain data.</p></td><td align="left">no</td></tr><tr><td align="left">login_cache</td><td align="justify"><p>A temporary cache for login information, in particular bad password attempts.</p></td><td align="left">no</td></tr><tr><td align="left">messages</td><td align="justify"><p>Temporary storage of messages being processed by smbd.</p></td><td align="left">no</td></tr><tr><td align="left">netsamlogon_cache</td><td align="justify"><p>Caches user net_info_3 structure data from net_samlogon requests (as a domain member).</p></td><td align="left">no</td></tr><tr><td align="left">perfmon/*.tdb</td><td align="justify"><p>Performance counter information.</p></td><td align="left">no</td></tr><tr><td align="left">printing/*.tdb</td><td align="justify"><p>Cached output from lpq command created on a per-print-service basis.</p></td><td align="left">no</td></tr><tr><td align="left">schannel_store</td><td align="justify"><p>
105 A confidential file, stored in the PRIVATE_DIR, containing crytographic connection
106 information so that clients that have temporarily disconnected can reconnect without
107 needing to renegotiate the connection setup process.
108 </p></td><td align="left">no</td></tr><tr><td align="left">sessionid</td><td align="justify"><p>Temporary cache for miscellaneous session information and for utmp handling.</p></td><td align="left">no</td></tr><tr><td align="left">unexpected</td><td align="justify"><p>Stores packets received for which no process is actively listening.</p></td><td align="left">no</td></tr><tr><td align="left">winbindd_cache</td><td align="justify"><p>Cache of Identity information received from an NT4 domain or from ADS. Includes user
109 lists, etc.</p></td><td align="left">yes</td></tr></tbody></table></div></div><br class="table-break"></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552921"></a>Starting Samba</h3></div></div></div><p>
110 <a class="indexterm" name="id2552928"></a>
111 Samba essentially consists of two or three daemons. A daemon is a UNIX application that runs in the background and provides services.
112 An example of a service is the Apache Web server for which the daemon is called <code class="literal">httpd</code>. In the case of Samba there
113 are three daemons, two of which are needed as a minimum.
114 </p><p>
115 The Samba server is made up of the following daemons:
116 </p><div class="variablelist"><dl><dt><span class="term">nmbd</span></dt><dd><p>
117 <a class="indexterm" name="id2552960"></a>
118 <a class="indexterm" name="id2552966"></a>
119 This daemon handles all name registration and resolution requests. It is the primary vehicle involved
120 in network browsing. It handles all UDP-based protocols. The <code class="literal">nmbd</code> daemon should
121 be the first command started as part of the Samba startup process.
122 </p></dd><dt><span class="term">smbd</span></dt><dd><p>
123 <a class="indexterm" name="id2552994"></a>
124 <a class="indexterm" name="id2553000"></a>
125 This daemon handles all TCP/IP-based connection services for file- and print-based operations. It also
126 manages local authentication. It should be started immediately following the startup of <code class="literal">nmbd</code>.
127 </p></dd><dt><span class="term">winbindd</span></dt><dd><p>
128 <a class="indexterm" name="id2553027"></a>
129 <a class="indexterm" name="id2553033"></a>
130 This daemon should be started when Samba is a member of a Windows NT4 or ADS domain. It is also needed when
131 Samba has trust relationships with another domain. The <code class="literal">winbindd</code> daemon will check the
132 <code class="filename">smb.conf</code> file for the presence of the <em class="parameter"><code>idmap uid</code></em> and <em class="parameter"><code>idmap gid</code></em>
133 parameters. If they are are found, <code class="literal">winbindd</code> will use the values specified for
134 for UID and GID allocation. If these parameters are not specified, <code class="literal">winbindd</code>
135 will start but it will not be able to allocate UIDs or GIDs.
136 </p></dd></dl></div><p>
137 <a class="indexterm" name="id2553084"></a>
138 When Samba has been packaged by an operating system vendor, the startup process is typically a custom feature of its
139 integration into the platform as a whole. Please refer to your operating system platform administration manuals for
140 specific information pertaining to correct management of Samba startup.
141 </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553100"></a>Example Configuration</h3></div></div></div><p>
142 <a class="indexterm" name="id2553108"></a>
143 <a class="indexterm" name="id2553114"></a>
144 <a class="indexterm" name="id2553120"></a>
145 <a class="indexterm" name="id2553126"></a>
146 <a class="indexterm" name="id2553133"></a>
147 There are sample configuration files in the examples subdirectory in the source code distribution tarball
148 package. It is suggested you read them carefully so you can see how the options go together in practice. See
149 the man page for all the options. It might be worthwhile to start out with the
150 <code class="filename">smb.conf.default</code> configuration file and adapt it to your needs. It contains plenty of comments.
151 </p><p>
152 <a class="indexterm" name="id2553154"></a>
153 The simplest useful configuration file would contain something like that shown in
154 <a class="link" href="install.html#simple-example" title="Example 1.2. Another simple smb.conf File">Another simple smb.conf File</a>.
155 <a class="indexterm" name="id2553170"></a>
156 </p><div class="example"><a name="simple-example"></a><p class="title"><b>Example 1.2. Another simple smb.conf File</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2553199"></a><em class="parameter"><code>workgroup = MIDEARTH</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id2553218"></a><em class="parameter"><code>guest ok = no</code></em></td></tr><tr><td><a class="indexterm" name="id2553228"></a><em class="parameter"><code>read only = no</code></em></td></tr></table></div></div><br class="example-break"><p>
157 <a class="indexterm" name="id2553242"></a>
158 <a class="indexterm" name="id2553248"></a>
159 <a class="indexterm" name="id2553254"></a>
160 <a class="indexterm" name="id2553260"></a>
161 This will allow connections by anyone with an account on the server, using either
162 their login name or <em class="parameter"><code>homes</code></em> as the service name.
163 (Note: The workgroup that Samba should appear in must also be set. The default
164 workgroup name is WORKGROUP.)
165 </p><p>
166 <a class="indexterm" name="id2553279"></a>
167 Make sure you put the <code class="filename">smb.conf</code> file in the correct place. Note, the correct location of this file
168 depends on how the binary files were built. You can discover the correct location by executing from
169 the directory that contains the <code class="literal">smbd</code> command file:
170</p><pre class="screen">
171<code class="prompt">root# </code> smbd -b | grep smb.conf
172</pre><p>
173 </p><p>
174 <a class="indexterm" name="id2553313"></a>
175 For more information about security settings for the <em class="parameter"><code>[homes]</code></em> share, please refer to
176 <a class="link" href="securing-samba.html" title="Chapter 18. Securing Samba">Securing Samba</a>.