summaryrefslogtreecommitdiff
path: root/docs/docbook/projdoc/UNIX_INSTALL.sgml
blob: c307636d5fabbef2e9425d4c14a1d5feb521812c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
<chapter id="install">

<title>How to Install and Test SAMBA</title>

<sect1>
	<title>Step 0: Read the man pages</title>
	
	<para>The man pages distributed with SAMBA contain 
	lots of useful info that will help to get you started. 
	If you don't know how to read man pages then try 
	something like:</para>

	<para><prompt>$ </prompt><userinput>nroff -man smbd.8 | more
	</userinput></para>
	
	<para>Other sources of information are pointed to 
	by the Samba web site,<ulink url="http://www.samba.org/">
	http://www.samba.org</ulink></para>
</sect1>

<sect1>
	<title>Step 1: Building the Binaries</title>
	
	<para>To do this, first run the program <command>./configure
	</command> in the source directory. This should automatically 
	configure Samba for your operating system. If you have unusual 
	needs then you may wish to run</para>
	
	<para><prompt>root# </prompt><userinput>./configure --help
	</userinput></para>
	
	<para>first to see what special options you can enable.
	Then executing</para>
	
	<para><prompt>root# </prompt><userinput>make</userinput></para>
	
	<para>will create the binaries. Once it's successfully 
	compiled you can use </para>
	
	<para><prompt>root# </prompt><userinput>make install</userinput></para>
	
	<para>to install the binaries and manual pages. You can 
	separately install the binaries and/or man pages using</para>
	
	<para><prompt>root# </prompt><userinput>make installbin
	</userinput></para>
	
	<para>and</para>
	
	<para><prompt>root# </prompt><userinput>make installman
	</userinput></para>

	<para>Note that if you are upgrading for a previous version 
	of Samba you might like to know that the old versions of 
	the binaries will be renamed with a ".old" extension. You 
	can go back to the previous version with</para>
	
	<para><prompt>root# </prompt><userinput>make revert
	</userinput></para>
	
	<para>if you find this version a disaster!</para>
</sect1>

<sect1>
	<title>Step 2: The all important step</title>
	
	<para>At this stage you must fetch yourself a 
	coffee or other drink you find stimulating. Getting the rest 
	of the install right can sometimes be tricky, so you will 
	probably need it.</para>

	<para>If you have installed samba before then you can skip 
	this step.</para>
</sect1>

<sect1>
	<title>Step 3: Create the smb configuration file. </title>

	<para>There are sample configuration files in the examples 
	subdirectory in the distribution. I suggest you read them 
	carefully so you can see how the options go together in 
	practice. See the man page for all the options.</para>

	<para>The simplest useful configuration file would be 
	something like this:</para>

	<para><programlisting>
	[global]
	   workgroup = MYGROUP

	   [homes]
	      guest ok = no
	      read only = no
	</programlisting</para>
	
	<para>which would allow connections by anyone with an 
	account on the server, using either their login name or 
	"homes" as the service name. (Note that I also set the 
	workgroup that Samba is part of. See BROWSING.txt for details)</para>
	
	<para>Note that <command>make install</command> will not install 
	a <filename>smb.conf</filename> file. You need to create it 
	yourself. </para>
	
	<para>Make sure you put the smb.conf file in the same place 
	you specified in the<filename>Makefile</filename> (the default is to 
	look for it in <filename>/usr/local/samba/lib/</filename>).</para>

	<para>For more information about security settings for the 
	[homes] share please refer to the document UNIX_SECURITY.txt.</para>
</sect1>

<sect1>
	<title>Step 4: Test your config file with 
	<command>testparm</command></title>

	<para>It's important that you test the validity of your
	<filename>smb.conf</filename> file using the testparm program. 
	If testparm runs OK then it will list the loaded services. If 
	not it will give an error message.</para>

	<para>Make sure it runs OK and that the services look 
	reasonable before proceeding. </para>

</sect1>

<sect1>
	<title>Step 5: Starting the smbd and nmbd</title>

	<para>You must choose to start smbd and nmbd either
	as daemons or from <command>inetd</command>. Don't try
	to do both!  Either you can put them in <filename>
	inetd.conf</filename> and have them started on demand
	by <command>inetd</command>, or you can start them as
	daemons either from the command line or in <filename>
	/etc/rc.local</filename>. See the man pages for details
	on the command line options. Take particular care to read
	the bit about what user you need to be in order to start
	Samba.  In many cases you must be root.</para>

	<para>The main advantage of starting <command>smbd</command>
	and <command>nmbd</command> using the recommended daemon method
	is that they will respond slightly more quickly to an initial connection
	request.</para>

	<sect2>
		<title>Step 5a: Starting from inetd.conf</title>

		<para>NOTE; The following will be different if 
		you use NIS or NIS+ to distributed services maps.</para>
		
		<para>Look at your <filename>/etc/services</filename>. 
		What is defined at port 139/tcp. If nothing is defined 
		then add a line like this:</para>

		<para><userinput>netbios-ssn     139/tcp</userinput></para>

		<para>similarly for 137/udp you should have an entry like:</para>

		<para><userinput>netbios-ns	137/udp</userinput></para>

		<para>Next edit your <filename>/etc/inetd.conf</filename> 
		and add two lines something like this:</para>

		<para><programlisting>
		netbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd smbd 
		netbios-ns dgram udp wait root /usr/local/samba/bin/nmbd nmbd 
		</programlisting></para>

		<para>The exact syntax of <filename>/etc/inetd.conf</filename> 
		varies between unixes. Look at the other entries in inetd.conf 
		for a guide.</para>

		<para>NOTE: Some unixes already have entries like netbios_ns 
		(note the underscore) in <filename>/etc/services</filename>. 
		You must either edit <filename>/etc/services</filename> or
		<filename>/etc/inetd.conf</filename> to make them consistent.</para>

		<para>NOTE: On many systems you may need to use the 
		"interfaces" option in smb.conf to specify the IP address 
		and netmask of your interfaces. Run <command>ifconfig</command> 
		as root if you don't know what the broadcast is for your
		net. <command>nmbd</command> tries to determine it at run 
		time, but fails on some unixes. See the section on "testing nmbd" 
		for a method of finding if you need to do this.</para>

		<para>!!!WARNING!!! Many unixes only accept around 5 
		parameters on the command line in <filename>inetd.conf</filename>. 
		This means you shouldn't use spaces between the options and 
		arguments, or you should use a script, and start the script 
		from <command>inetd</command>.</para>

		<para>Restart <command>inetd</command>, perhaps just send 
		it a HUP. If you have installed an earlier version of <command>
		nmbd</command> then you may need to kill nmbd as well.</para>
	</sect2>
	
	<sect2>
		<title>Step 5b. Alternative: starting it as a daemon</title>

		<para>To start the server as a daemon you should create 
		a script something like this one, perhaps calling 
		it <filename>startsmb</filename>.</para>

		<para><programlisting>
		#!/bin/sh
		/usr/local/samba/bin/smbd -D 
		/usr/local/samba/bin/nmbd -D 
		</programlisting></para>

		<para>then make it executable with <command>chmod 
		+x startsmb</command></para>

		<para>You can then run <command>startsmb</command> by 
		hand or execute it from <filename>/etc/rc.local</filename>
		</para>

		<para>To kill it send a kill signal to the processes 
		<command>nmbd</command> and <command>smbd</command>.</para>

		<para>NOTE: If you use the SVR4 style init system then 
		you may like to look at the <filename>examples/svr4-startup</filename>
		script to make Samba fit into that system.</para>
	</sect2>
</sect1>

<sect1>
	<title>Step 6: Try listing the shares available on your 
	server</title>

	<para><prompt>$ </prompt><userinput>smbclient -L 
	<replaceable>yourhostname</replaceable></userinput></para>

	<para>You should get back a list of shares available on 
	your server. If you don't then something is incorrectly setup. 
	Note that this method can also be used to see what shares 
	are available on other LanManager clients (such as WfWg).</para>

	<para>If you choose user level security then you may find 
	that Samba requests a password before it will list the shares. 
	See the <command>smbclient</command> man page for details. (you 
	can force it to list the shares without a password by
	adding the option -U% to the command line. This will not work 
	with non-Samba servers)</para>
</sect1>

<sect1>
	<title>Step 7: Try connecting with the unix client</title>
	
	<para><prompt>$ </prompt><userinput>smbclient <replaceable>
	//yourhostname/aservice</replaceable></userinput></para>
	
	<para>Typically the <replaceable>yourhostname</replaceable> 
	would be the name of the host where you installed <command>
	smbd</command>. The <replaceable>aservice</replaceable> is 
	any service you have defined in the <filename>smb.conf</filename> 
	file. Try your user name if you just have a [homes] section
	in <filename>smb.conf</filename>.</para>

	<para>For example if your unix host is bambi and your login 
	name is fred you would type:</para>

	<para><prompt>$ </prompt><userinput>smbclient //bambi/fred
	</userinput></para>
</sect1>

<sect1>
	<title>Step 8: Try connecting from a DOS, WfWg, Win9x, WinNT, 
	Win2k, OS/2, etc... client</title>
	
	<para>Try mounting disks. eg:</para>

	<para><prompt>C:\WINDOWS\> </prompt><userinput>net use d: \\servername\service
	</userinput></para>

	<para>Try printing. eg:</para>

	<para><prompt>C:\WINDOWS\> </prompt><userinput>net use lpt1:
	\\servername\spoolservice</userinput></para>

	<para><prompt>C:\WINDOWS\> </prompt><userinput>print filename
	</userinput></para>

	<para>Celebrate, or send me a bug report!</para>
</sect1>

<sect1>
	<title>What If Things Don't Work?</title>
	
	<para>If nothing works and you start to think "who wrote 
	this pile of trash" then I suggest you do step 2 again (and 
	again) till you calm down.</para>

	<para>Then you might read the file DIAGNOSIS.txt and the 
	FAQ. If you are still stuck then try the mailing list or 
	newsgroup (look in the README for details). Samba has been 
	successfully installed at thousands of sites worldwide, so maybe 
	someone else has hit your problem and has overcome it. You could 
	also use the WWW site to scan back issues of the samba-digest.</para>

	<para>When you fix the problem PLEASE send me some updates to the
	documentation (or source code) so that the next person will find it
	easier. </para>

	<sect2>
		<title>Diagnosing Problems</title>

		<para>If you have installation problems then go to 
		<filename>DIAGNOSIS.txt</filename> to try to find the 
		problem.</para>
	</sect2>
	
	<sect2>
		<title>Scope IDs</title>

		<para>By default Samba uses a blank scope ID. This means 
		all your windows boxes must also have a blank scope ID. 
		If you really want to use a non-blank scope ID then you will 
		need to use the 'netbios scope' smb.conf option.
                All your PCs will need to have the same setting for 
		this to work. I do not recommend scope IDs.</para>
	</sect2>


	<sect2>
		<title>Choosing the Protocol Level</title>

		<para>The SMB protocol has many dialects. Currently 
		Samba supports 5, called CORE, COREPLUS, LANMAN1, 
		LANMAN2 and NT1.</para>

		<para>You can choose what maximum protocol to support 
		in the <filename>smb.conf</filename> file. The default is 
		NT1 and that is the best for the vast majority of sites.</para>

		<para>In older versions of Samba you may have found it 
		necessary to use COREPLUS. The limitations that led to 
		this have mostly been fixed. It is now less likely that you 
		will want to use less than LANMAN1. The only remaining advantage 
		of COREPLUS is that for some obscure reason WfWg preserves 
		the case of passwords in this protocol, whereas under LANMAN1, 
		LANMAN2 or NT1 it uppercases all passwords before sending them,
		forcing you to use the "password level=" option in some cases.</para>

		<para>The main advantage of LANMAN2 and NT1 is support for 
		long filenames with some clients (eg: smbclient, Windows NT 
		or Win95). </para>

		<para>See the smb.conf(5) manual page for more details.</para>

		<para>Note: To support print queue reporting you may find 
		that you have to use TCP/IP as the default protocol under 
		WfWg. For some reason if you leave Netbeui as the default 
		it may break the print queue reporting on some systems. 
		It is presumably a WfWg bug.</para>
	</sect2>
	
	<sect2>
		<title>Printing from UNIX to a Client PC</title>

		<para>To use a printer that is available via a smb-based 
		server from a unix host with LPR you will need to compile the 
		smbclient program. You then need to install the script 
		"smbprint". Read the instruction in smbprint for more details.
		</para>

		<para>There is also a SYSV style script that does much 
		the same thing called smbprint.sysv. It contains instructions.</para>

		<para>See the CUPS manual for information about setting up 
		printing from a unix host with CUPS to a smb-based server. </para>
	</sect2>

	<sect2>
		<title>Locking</title>

		<para>One area which sometimes causes trouble is locking.</para>

		<para>There are two types of locking which need to be 
		performed by a SMB server. The first is "record locking" 
		which allows a client to lock a range of bytes in a open file. 
		The second is the "deny modes" that are specified when a file 
		is open.</para>

		<para>Record locking semantics under Unix is very
		different from record locking under Windows. Versions
		of Samba before 2.2 have tried to use the native
		fcntl() unix system call to implement proper record
		locking between different Samba clients. This can not
		be fully correct due to several reasons. The simplest
		is the fact that a Windows client is allowed to lock a
		byte range up to 2^32 or 2^64, depending on the client
		OS. The unix locking only supports byte ranges up to
		2^31. So it is not possible to correctly satisfy a
		lock request above 2^31. There are many more
		differences, too many to be listed here.</para>

		<para>Samba 2.2 and above implements record locking
		completely independent of the underlying unix
		system. If a byte range lock that the client requests
		happens to fall into the range 0-2^31, Samba hands
		this request down to the Unix system. All other locks
		can not be seen by unix anyway.</para>

		<para>Strictly a SMB server should check for locks before 
		every read and write call on a file. Unfortunately with the 
		way fcntl() works this can be slow and may overstress the 
		rpc.lockd. It is also almost always unnecessary as clients 
		are supposed to independently make locking calls before reads 
		and writes anyway if locking is important to them. By default 
		Samba only makes locking calls when explicitly asked
		to by a client, but if you set "strict locking = yes" then it will
		make lock checking calls on every read and write. </para>

		<para>You can also disable by range locking completely 
		using "locking = no". This is useful for those shares that 
		don't support locking or don't need it (such as cdroms). In 
		this case Samba fakes the return codes of locking calls to 
		tell clients that everything is OK.</para>

		<para>The second class of locking is the "deny modes". These 
		are set by an application when it opens a file to determine 
		what types of access should be allowed simultaneously with 
		its open. A client may ask for DENY_NONE, DENY_READ, DENY_WRITE 
		or DENY_ALL. There are also special compatibility modes called 
		DENY_FCB and  DENY_DOS.</para>
	</sect2>
	
	<sect2>
		<title>Mapping Usernames</title>
	
		<para>If you have different usernames on the PCs and 
		the unix server then take a look at the "username map" option. 
		See the smb.conf man page for details.</para>
	</sect2>

</sect1>	
</chapter>