Centos下编译安装Samba
centos编译samba
1. 安装依赖包
# 直接从源上安装
yum install python-devel gnutls-devel libacl-devel openldap-devel pam-devel python-tdb libtalloc-devel pytalloc-devel libtevent-devel pyldb-devel gpgme-devel popt-devel libtdb-devel redhat-lsb-core.x86_64
# 下载cmocka包
yum install libcmocka-1.1.3-1.el7.x86_64.rpm libcmocka-devel-1.1.3-1.el7.x86_64.rpm2. 编译start-stop-daemon
# 该工具是debian用户启动服务的程序
# 下载start-stop-daemon源码
gcc -o start-stop-daemon start-stop-daemon.c
cp start-stop-daemon /usr/sbin/
chmod 755 /usr/sbin/start-stop-daemon3. 编辑/lib/lsb/init-functions
# 启动samba服务时用到该脚本
# 加入以下内容
log_daemon_msg () {
if [ -z "${1:-}" ]; then
return 1
fi
log_daemon_msg_pre "$@"
if [ -z "${2:-}" ]; then
echo -n "$1:" || true
return
fi
echo -n "$1: $2" || true
log_daemon_msg_post "$@"
}
log_use_fancy_output () {
TPUT=/usr/bin/tput
EXPR=/usr/bin/expr
if [ -t 1 ] &&
[ "x${TERM:-}" != "x" ] &&
[ "x${TERM:-}" != "xdumb" ] &&
[ -x $TPUT ] && [ -x $EXPR ] &&
$TPUT hpa 60 >/dev/null 2>&1 &&
$TPUT setaf 1 >/dev/null 2>&1
then
[ -z $FANCYTTY ] && FANCYTTY=1 || true
else
FANCYTTY=0
fi
case "$FANCYTTY" in
1|Y|yes|true) true;;
*) false;;
esac
}
log_end_msg () {
# If no arguments were passed, return
if [ -z "${1:-}" ]; then
return 1
fi
local retval
retval=$1
log_end_msg_pre "$@"
# Only do the fancy stuff if we have an appropriate terminal
# and if /usr is already mounted
if log_use_fancy_output; then
RED=$( $TPUT setaf 1)
YELLOW=$( $TPUT setaf 3)
NORMAL=$( $TPUT op)
else
RED=''
YELLOW=''
NORMAL=''
fi
if [ $1 -eq 0 ]; then
echo "." || true
elif [ $1 -eq 255 ]; then
/bin/echo -e " ${YELLOW}(warning).${NORMAL}" || true
else
/bin/echo -e " ${RED}failed!${NORMAL}" || true
fi
log_end_msg_post "$@"
return $retval
}
pidofproc () {
local pidfile base status specified pid OPTIND
pidfile=
specified=
OPTIND=1
while getopts p: opt ; do
case "$opt" in
p) pidfile="$OPTARG"
specified="specified"
;;
esac
done
shift $(($OPTIND - 1))
if [ $# -ne 1 ]; then
echo "$0: invalid arguments" >&2
return 4
fi
base=${1##*/}
if [ ! "$specified" ]; then
pidfile="/var/run/$base.pid"
fi
if [ -n "${pidfile:-}" ]; then
if [ -e "$pidfile" ]; then
if [ -r "$pidfile" ]; then
read pid < "$pidfile"
if [ -n "${pid:-}" ]; then
if $(kill -0 "${pid:-}" 2> /dev/null); then
echo "$pid" || true
return 0
elif ps "${pid:-}" >/dev/null 2>&1; then
echo "$pid" || true
return 0 # program is running, but not owned by this user
else
return 1 # program is dead and /var/run pid file exists
fi
fi
else
return 4 # pid file not readable, hence status is unknown.
fi
else
# pid file doesn't exist, try to find the pid nevertheless
if [ -x /bin/pidof ] && [ ! "$specified" ]; then
status="0"
/bin/pidof -o %PPID -x $1 || status="$?"
if [ "$status" = 1 ]; then
return 3 # program is not running
fi
return 0
fi
return 3 # specified pid file doesn't exist, program probably stopped
fi
fi
if [ "$specified" ]; then
return 3 # almost certain it's not running
fi
return 4 # Unable to determine status
}
# Return LSB status
status_of_proc () {
local pidfile daemon name status OPTIND
pidfile=
OPTIND=1
while getopts p: opt ; do
case "$opt" in
p) pidfile="$OPTARG";;
esac
done
shift $(($OPTIND - 1))
if [ -n "$pidfile" ]; then
pidfile="-p $pidfile"
fi
daemon="$1"
name="$2"
status="0"
pidofproc $pidfile $daemon >/dev/null || status="$?"
if [ "$status" = 0 ]; then
log_success_msg "$name is running"
return 0
elif [ "$status" = 4 ]; then
log_failure_msg "could not access PID file for $name"
return $status
else
log_failure_msg "$name is not running"
return $status
fi
}
lib/lsb/init-functions.d/*
log_daemon_msg_pre () { :; }
log_daemon_msg_post () { :; }
log_begin_msg_pre () { :; }
log_begin_msg_post () { :; }
log_end_msg_pre () { :; }
log_end_msg_post () { :; }
log_action_msg_pre () { :; }
log_action_msg_post () { :; }
log_action_begin_msg_pre () { :; }
log_action_begin_msg_post () { :; }
log_action_end_msg_pre () { :; }
log_action_end_msg_post () { :; }
4. 编译安装samba
# 进入源码目录,创建文件auto_install.sh
vim auto_install.sh
# 加入以下内容
#!/bin/sh
# this script installs Samba on centos system
conf_args="--prefix=/usr \
--enable-fhs \
--sysconfdir=/etc \
--localstatedir=/var \
--libexecdir=/usr/lib/libexec \
--with-privatedir=/var/lib/samba/private \
--with-smbpasswd-file=/etc/samba/smbpasswd \
--with-piddir=/var/run/samba \
--with-pammodulesdir=/lib/security \
--with-pam \
--with-syslog \
--with-utmp \
--with-winbind \
--with-shared-modules=idmap_rid,idmap_ad,idmap_adex,idmap_hash,idmap_ldap,idmap_tdb2,vfs_dfs_samba4,auth_samba4 \
--with-automount \
--with-ldap \
--with-ads \
--with-dnsupdate \
--with-gpgme \
--libdir=/usr/lib64 \
--with-modulesdir=/usr/lib64/samba \
--datadir=/usr/share \
--with-lockdir=/var/run/samba \
--with-statedir=/var/lib/samba \
--with-cachedir=/var/cache/samba \
--enable-avahi \
--disable-rpath \
--disable-rpath-install \
--bundled-libraries=NONE,pytevent,iniparser,roken,replace,wind,hx509,asn1,heimbase,hcrypto,krb5,gssapi,heimntlm,hdb,kdc,com_err,compile_et,asn1_compile \
--builtin-libraries=ccan,samba-cluster-support \
--with-cluster-support \
--with-socketpath=/var/run/ctdb/ctdbd.socket \
--with-logdir=/var/log/ctdb \
--with-profiling-data \
--with-systemd"
./configure $conf_args
make -j8 && make install
# compile start-stop-daemon and install it
# gcc -o start-stop-daemon start-stop-daemon.c
# set startup script
# install -m755 ./start-stop-daemon /usr/sbin/start-stop-daemon
# install -m755 ./init-functions /lib/lsb/init-functions
# 该启动脚本是debian下的启动脚本,因为比较好用,所以拿过来了
# 启动脚本内容在第5步给出
install -m755 debian/samba.smbd.init /etc/init.d/smbd
install -m755 debian/samba.nmbd.init /etc/init.d/nmbd
install -m755 debian/winbind.init /etc/init.d/winbind
install -m755 debian/samba.samba-ad-dc.init /etc/init.d/samba-ad-dc
5.启动脚本
5.1 samba.smbd.init
#!/bin/sh
### BEGIN INIT INFO
# Provides: smbd
# Required-Start: $network $local_fs $remote_fs
# Required-Stop: $network $local_fs $remote_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Should-Start: slapd cups
# Should-Stop: slapd cups
# Short-Description: Samba SMB/CIFS daemon (smbd)
# Description: server to provide SMB/CIFS services to clients
### END INIT INFO
PIDDIR=/var/run/samba
SMBDPID=$PIDDIR/smbd.pid
# clear conflicting settings from the environment
unset TMPDIR
# See if the daemons are there
test -x /usr/sbin/smbd || exit 0
. /lib/lsb/init-functions
case $1 in
start)
SERVER_ROLE=`samba-tool testparm --parameter-name="server role" 2>/dev/null | tail -1`
if [ "$SERVER_ROLE" = "active directory domain controller" ]; then
exit 0
fi
log_daemon_msg "Starting SMB/CIFS daemon" smbd
# Make sure we have our PIDDIR, even if it's on a tmpfs
install -o root -g root -m 755 -d $PIDDIR
if ! start-stop-daemon --start --quiet --oknodo --exec /usr/sbin/smbd --pidfile $SMBDPID -- -D; then
log_end_msg 1
exit 1
fi
log_end_msg 0
;;
stop)
log_daemon_msg "Stopping SMB/CIFS daemon" smbd
start-stop-daemon --stop --quiet --pidfile $SMBDPID
# Wait a little and remove stale PID file
sleep 1
if [ -f $SMBDPID ] && ! ps h `cat $SMBDPID` > /dev/null
then
# Stale PID file, remove it (should be removed by
# smbd itself IMHO).
rm -f $SMBDPID
fi
log_end_msg 0
;;
reload)
log_daemon_msg "Reloading /etc/samba/smb.conf" smbd
start-stop-daemon --stop --quiet --signal HUP --pidfile $SMBDPID
log_end_msg 0
;;
restart|force-reload)
$0 stop
sleep 1
$0 start
;;
status)
status_of_proc -p $SMBDPID /usr/sbin/smbd smbd
exit $?
;;
*)
echo "Usage: /etc/init.d/smbd {start|stop|reload|restart|force-reload|status}"
exit 1
;;
esac
exit 0
5.2 samba.nmbd.init
#!/bin/sh
### BEGIN INIT INFO
# Provides: nmbd
# Required-Start: $network $local_fs $remote_fs
# Required-Stop: $network $local_fs $remote_fs
# X-Start-Before: smbd
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Samba NetBIOS nameserver (nmbd)
# Description: NetBIOS name server to provide NetBIOS over IP naming services
# to clients
### END INIT INFO
PIDDIR=/var/run/samba
NMBDPID=$PIDDIR/nmbd.pid
# clear conflicting settings from the environment
unset TMPDIR
# See if the daemons are there
test -x /usr/sbin/nmbd || exit 0
. /lib/lsb/init-functions
case $1 in
start)
SERVER_ROLE=`samba-tool testparm --parameter-name="server role" 2>/dev/null | tail -1`
if [ "$SERVER_ROLE" = "active directory domain controller" ]; then
exit 0
fi
if [ -n `which testparm` ]
then
NMBD_DISABLED=`testparm -s --parameter-name='disable netbios' 2>/dev/null`
fi
if [ "$NMBD_DISABLED" != Yes ]; then
log_daemon_msg "Starting NetBIOS name server" nmbd
# Make sure we have our PIDDIR, even if it's on a tmpfs
install -o root -g root -m 755 -d $PIDDIR
if ! start-stop-daemon --start --quiet --oknodo --exec /usr/sbin/nmbd --pidfile $NMBDPID -- -D
then
log_end_msg 1
exit 1
fi
log_end_msg 0
fi
;;
stop)
log_daemon_msg "Stopping NetBIOS name server" nmbd
start-stop-daemon --stop --quiet --pidfile $NMBDPID
# Wait a little and remove stale PID file
sleep 1
if [ -f $NMBDPID ] && ! ps h `cat $NMBDPID` > /dev/null
then
# Stale PID file (nmbd was succesfully stopped),
# remove it (should be removed by nmbd itself IMHO.)
rm -f $NMBDPID
fi
log_end_msg 0
;;
restart|force-reload)
$0 stop
sleep 1
$0 start
;;
status)
status_of_proc -p $NMBDPID /usr/sbin/nmbd nmbd
exit $?
;;
*)
echo "Usage: /etc/init.d/nmbd {start|stop|restart|force-reload|status}"
exit 1
;;
esac
exit 0
5.3 winbind.init
#!/bin/sh
### BEGIN INIT INFO
# Provides: winbind
# Required-Start: $network $remote_fs $syslog
# Required-Stop: $network $remote_fs $syslog
# Should-Start: samba
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Samba Winbind daemon
# Description: Name Service Switch daemon for resolving names from NT servers
### END INIT INFO
PATH=/sbin:/bin:/usr/sbin:/usr/bin
[ -r /etc/default/winbind ] && . /etc/default/winbind
DAEMON=/usr/sbin/winbindd
PIDDIR=/var/run/samba
WINBINDPID=$PIDDIR/winbindd.pid
# clear conflicting settings from the environment
unset TMPDIR
# See if the daemon is there
test -x $DAEMON || exit 0
SERVER_ROLE=`samba-tool testparm --parameter-name="server role" 2>/dev/null | tail -1`
if [ "$SERVER_ROLE" = "active directory domain controller" ]; then
exit 0
fi
. /lib/lsb/init-functions
case "$1" in
start)
log_daemon_msg "Starting the Winbind daemon" "winbind"
start-stop-daemon --start --quiet --oknodo --exec $DAEMON --pidfile $WINBINDPID -- $WINBINDD_OPTS
log_end_msg $?
;;
stop)
log_daemon_msg "Stopping the Winbind daemon" "winbind"
start-stop-daemon --stop --quiet --oknodo --exec $DAEMON --pidfile $WINBINDPID
log_end_msg $?
;;
restart|force-reload)
$0 stop && sleep 2 && $0 start
;;
status)
status_of_proc -p $WINBINDPID $DAEMON winbind && exit 0 || exit $?
;;
*)
echo "Usage: /etc/init.d/winbind {start|stop|restart|force-reload|status}"
exit 1
;;
esac
5.4 samba.samba-ad-dc.init
#! /bin/sh
### BEGIN INIT INFO
# Provides: samba-ad-dc
# Required-Start: $network $local_fs $remote_fs
# Required-Stop: $network $local_fs $remote_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Samba daemons for the AD DC
# Description: Meta-service to provide AD and SMB/CIFS services to clients
### END INIT INFO
#
# Start/stops the Samba daemon (samba).
# Adapted from the Samba 3 packages.
#
PIDDIR=/var/run/samba
SAMBAPID=$PIDDIR/samba.pid
# clear conflicting settings from the environment
unset TMPDIR
# See if the daemon and the config file are there
test -x /usr/sbin/samba -a -r /etc/samba/smb.conf || exit 0
. /lib/lsb/init-functions
case "$1" in
start)
SERVER_ROLE=`samba-tool testparm --parameter-name="server role" 2>/dev/null | tail -1`
if [ "$SERVER_ROLE" != "active directory domain controller" ]; then
exit 0
fi
# CVE-2013-4475
KEYFILE=/var/lib/samba/private/tls/key.pem
if [ -e $KEYFILE ]
then
KEYPERMS=`stat -c %a $KEYFILE`
if [ "$KEYPERMS" != "600" ]
then
echo "wrong permission on $KEYFILE, must be 600"
echo "samba will not start (CVE-2013-4475)"
echo "Removing all tls .pem files will cause an auto-regeneration with the correct permissions."
exit 1
fi
fi
log_daemon_msg "Starting Samba AD DC daemon" "samba"
# Make sure we have our PIDDIR, even if it's on a tmpfs
install -o root -g root -m 755 -d $PIDDIR
if ! start-stop-daemon --start --quiet --oknodo --exec /usr/sbin/samba --pidfile $SAMBAPID -- -D; then
log_end_msg 1
exit 1
fi
log_end_msg 0
;;
stop)
log_daemon_msg "Stopping Samba AD DC daemon" "samba"
start-stop-daemon --stop --quiet --pidfile $SAMBAPID
# Wait a little and remove stale PID file
sleep 1
if [ -f $SAMBAPID ] && ! ps h `cat $SAMBAPID` > /dev/null
then
# Stale PID file (samba was succesfully stopped),
# remove it (should be removed by samba itself IMHO.)
rm -f $SAMBAPID
fi
log_end_msg 0
;;
restart|force-reload)
$0 stop
sleep 1
$0 start
;;
status)
status_of_proc -p $SAMBAPID /usr/sbin/samba samba
exit $?
;;
*)
echo "Usage: /etc/init.d/samba-ad-dc {start|stop|restart|force-reload|status}"
exit 1
;;
esac
exit 0
5. 执行编译安装
bash auto_install.sh
# 安装完成后启动服务
service smbd start
service nmbd start6. 创建共享,启用匿名共享
# 匿名共享配置如下,如果不理解参数的意思,可以通过man smb.conf进行查看
# 修改完配置文件后,需要重启smbd服务(service smbd restart)方可生效
### /etc/samba/smb.conf
[global]
workgroup = WORKGROUP
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
server role = standalone server
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
usershare allow guests = yes
security = user
[share]
comment = description
#共享路径,share的权限需要改为777,chmod 777 /home/wuyq/share
path = /home/samba/share
browseable = yes
hosts allow = ALL
writable = yes
create mask = 0775
directory mask = 0775
guest ok = yes
7. 访问共享
需要关闭centos的防火墙