From mboxrd@z Thu Jan  1 00:00:00 1970
From: Alexander Marx <alexander.marx@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] Samba4: New package samba-4.4.0
Date: Sun, 04 Sep 2016 10:49:41 +0000
Message-ID: <1472986181-21780-1-git-send-email-alexander.marx@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0981396359816134987=="
List-Id: <development.lists.ipfire.org>

--===============0981396359816134987==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Signed-off-by: Alexander Marx <alexander.marx(a)ipfire.org>
---
 samba4/samba.nm                | 109 ++++++++++++++
 samba4/samba.pamd              |   6 +
 samba4/smb.conf                | 320 +++++++++++++++++++++++++++++++++++++++=
++
 samba4/systemd/nmb.service     |  10 ++
 samba4/systemd/smb.service     |  11 ++
 samba4/systemd/winbind.service |  10 ++
 6 files changed, 466 insertions(+)
 create mode 100644 samba4/samba.nm
 create mode 100644 samba4/samba.pamd
 create mode 100644 samba4/smb.conf
 create mode 100644 samba4/systemd/nmb.service
 create mode 100644 samba4/systemd/smb.service
 create mode 100644 samba4/systemd/winbind.service

diff --git a/samba4/samba.nm b/samba4/samba.nm
new file mode 100644
index 0000000..9a1ef37
--- /dev/null
+++ b/samba4/samba.nm
@@ -0,0 +1,109 @@
+############################################################################=
###
+# IPFire.org    - An Open Source Firewall Solution                          =
  #
+# Copyright (C) - IPFire Development Team <info(a)ipfire.org>               =
    #
+############################################################################=
###
+
+name       =3D samba
+version    =3D 4.4.0
+release    =3D 1
+
+groups     =3D Networking/Daemons
+url        =3D http://www.samba.org/
+license    =3D GPLv3+ and LGPLv3+
+summary    =3D Server and Client software to interoperate with Windows machi=
nes.
+
+description
+	Samba is the suite of programs by which a lot of PC-related machines
+	share files, printers, and other information (such as lists of
+	available files and printers). The Windows NT, OS/2, and Linux
+	operating systems support this natively, and add-on packages can
+	enable the same thing for DOS, Windows, VMS, UNIX of all kinds, MVS,
+	and more. This package provides an SMB/CIFS server that can be used to
+	provide network services to SMB/CIFS clients.
+	Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT
+	need the NetBEUI (Microsoft Raw NetBIOS frame) protocol.
+end
+
+source_dl  =3D http://www.samba.org/samba/ftp/stable/
+
+CFLAGS    +=3D \
+	-D_FILE_OFFSET_BITS=3D64 \
+	-D_GNU_SOURCE -DLDAP_DEPRECATED
+
+build
+	requires
+		autoconf
+		automake
+		avahi-devel
+		#cups-devel
+		gettext
+		gnutls-devel
+		ncurses-devel
+		libacl-devel
+		libcap-devel
+		openldap-devel
+		openssl-devel
+		pam-devel
+		popt-devel
+		readline-devel
+		which
+		zlib-devel
+	end
+
+	DIR_APP =3D %{DIR_SRC}/%{thisapp}/
+
+	configure_options +=3D \
+		--enable-fhs \
+		--prefix=3D%{prefix} \
+		--localstatedir=3D/var \
+		--with-lockdir=3D%{sharedstatedir}/samba \
+		--with-piddir=3D/var/run/samba \
+		--with-privatedir=3D%{sharedstatedir}/samba/private \
+		--with-logfilebase=3D/var/log/samba \
+		--with-modulesdir=3D%{libdir}/samba \
+		--with-configdir=3D%{sysconfdir}/samba \
+		--with-pammodulesdir=3D/%{lib}/security \
+		--with-automount \
+		--with-pam \
+		--with-quotas \
+		--with-sendfile-support \
+		--with-syslog \
+		--with-utmp \
+		--with-winbind \
+		--with-shared-modules=3Didmap_ad,idmap_rid,idmap_adex,idmap_hash
+
+	install_cmds
+		mkdir -pv %{BUILDROOT}%{sysconfdir}/samba
+		echo "127.0.0.1 localhost" > %{BUILDROOT}%{sysconfdir}/samba/lmhosts
+		cp -vf %{DIR_SOURCE}/smb.conf %{BUILDROOT}/%{sysconfdir}/%{name}
+	end
+end
+
+quality-agent
+	whitelist_rpath
+		%{libdir}/samba
+	end
+end
+
+
+packages
+	package %{name}
+		prerequires =3D systemd-units
+		configfiles =3D /etc/smb.conf
+		requires +=3D %{name}-libs =3D %{thisver}
+	end
+
+	package %{name}-libs
+		template LIBS
+	end
+
+	package %{name}-devel
+		template DEVEL
+
+		requires +=3D %{name}-libs =3D %{thisver}
+	end
+
+	package %{name}-debuginfo
+		template DEBUGINFO
+	end
+end
diff --git a/samba4/samba.pamd b/samba4/samba.pamd
new file mode 100644
index 0000000..66cd2a9
--- /dev/null
+++ b/samba4/samba.pamd
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth       required	pam_nologin.so
+auth       include	password-auth
+account    include	password-auth
+session    include	password-auth
+password   include	password-auth
diff --git a/samba4/smb.conf b/samba4/smb.conf
new file mode 100644
index 0000000..fe0d921
--- /dev/null
+++ b/samba4/smb.conf
@@ -0,0 +1,320 @@
+# This is the main Samba configuration file. For detailed information about =
the
+# options listed here, refer to the smb.conf(5) manual page. Samba has a huge
+# number of configurable options, most of which are not shown in this exampl=
e.
+#
+# The Official Samba 3.2.x HOWTO and Reference Guide contains step-by-step
+# guides for installing, configuring, and using Samba:
+# http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
+#
+# The Samba-3 by Example guide has working examples for smb.conf. This guide=
 is
+# generated daily: http://www.samba.org/samba/docs/Samba-Guide.pdf
+#
+# In this file, lines starting with a semicolon (;) or a hash (#) are
+# comments and are ignored. This file uses hashes to denote commentary and
+# semicolons for parts of the file you may wish to configure.
+#
+# Note: Run the "testparm" command after modifying this file to check for ba=
sic
+# syntax errors.
+#
+#---------------
+# Security-Enhanced Linux (SELinux) Notes:
+#
+# Turn the samba_domain_controller Boolean on to allow Samba to use the user=
add
+# and groupadd family of binaries. Run the following command as the root use=
r to
+# turn this Boolean on:
+# setsebool -P samba_domain_controller on
+#
+# Turn the samba_enable_home_dirs Boolean on if you want to share home
+# directories via Samba. Run the following command as the root user to turn =
this
+# Boolean on:
+# setsebool -P samba_enable_home_dirs on
+#
+# If you create a new directory, such as a new top-level directory, label it
+# with samba_share_t so that SELinux allows Samba to read and write to it. Do
+# not label system directories, such as /etc/ and /home/, with samba_share_t=
, as
+# such directories should already have an SELinux label.
+#
+# Run the "ls -ldZ /path/to/directory" command to view the current SELinux
+# label for a given directory.
+#
+# Set SELinux labels only on files and directories you have created. Use the
+# chcon command to temporarily change a label:
+# chcon -t samba_share_t /path/to/directory
+#
+# Changes made via chcon are lost when the file system is relabeled or comma=
nds
+# such as restorecon are run.
+#
+# Use the samba_export_all_ro or samba_export_all_rw Boolean to share system
+# directories. To share such directories and only allow read-only permission=
s:
+# setsebool -P samba_export_all_ro on
+# To share such directories and allow read and write permissions:
+# setsebool -P samba_export_all_rw on
+#
+# To run scripts (preexec/root prexec/print command/...), copy them to the
+# /var/lib/samba/scripts/ directory so that SELinux will allow smbd to run t=
hem.
+# Note that if you move the scripts to /var/lib/samba/scripts/, they retain
+# their existing SELinux labels, which may be labels that SELinux does not a=
llow
+# smbd to run. Copying the scripts will result in the correct SELinux labels.
+# Run the "restorecon -R -v /var/lib/samba/scripts" command as the root user=
 to
+# apply the correct SELinux labels to these files.
+#
+#--------------
+#
+#=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Globa=
l Settings =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
+
+[global]
+
+# ----------------------- Network-Related Options -------------------------
+#
+# workgroup =3D the Windows NT domain name or workgroup name, for example, M=
YGROUP.
+#
+# server string =3D the equivalent of the Windows NT Description field.
+#
+# netbios name =3D used to specify a server name that is not tied to the hos=
tname.
+#
+# interfaces =3D used to configure Samba to listen on multiple network inter=
faces.
+# If you have multiple interfaces, you can use the "interfaces =3D" option to
+# configure which of those interfaces Samba listens on. Never omit the local=
host
+# interface (lo).
+#
+# hosts allow =3D the hosts allowed to connect. This option can also be used=
 on a
+# per-share basis.
+#
+# hosts deny =3D the hosts not allowed to connect. This option can also be u=
sed on
+# a per-share basis.
+#
+# max protocol =3D used to define the supported protocol. The default is NT1=
. You
+# can set it to SMB2 if you want experimental SMB2 support.
+#
+	workgroup =3D MYGROUP
+	server string =3D Samba Server Version %v
+
+;	netbios name =3D MYSERVER
+
+;	interfaces =3D lo eth0 192.168.12.2/24 192.168.13.2/24
+;	hosts allow =3D 127. 192.168.12. 192.168.13.
+
+;	max protocol =3D SMB2
+
+# --------------------------- Logging Options -----------------------------
+#
+# log file =3D specify where log files are written to and how they are split.
+#
+# max log size =3D specify the maximum size log files are allowed to reach. =
Log
+# files are rotated when they reach the size specified with "max log size".
+#
+
+	# log files split per-machine:
+	log file =3D /var/log/samba/log.%m
+	# maximum size of 50KB per log file, then rotate:
+	max log size =3D 50
+
+# ----------------------- Standalone Server Options ------------------------
+#
+# security =3D the mode Samba runs in. This can be set to user, share
+# (deprecated), or server (deprecated).
+#
+# passdb backend =3D the backend used to store user information in. New
+# installations should use either tdbsam or ldapsam. No additional configura=
tion
+# is required for tdbsam. The "smbpasswd" utility is available for backwards
+# compatibility.
+#
+
+	security =3D user
+	passdb backend =3D tdbsam
+
+
+# ----------------------- Domain Members Options ------------------------
+#
+# security =3D must be set to domain or ads.
+#
+# passdb backend =3D the backend used to store user information in. New
+# installations should use either tdbsam or ldapsam. No additional configura=
tion
+# is required for tdbsam. The "smbpasswd" utility is available for backwards
+# compatibility.
+#
+# realm =3D only use the realm option when the "security =3D ads" option is =
set.
+# The realm option specifies the Active Directory realm the host is a part o=
f.
+#
+# password server =3D only use this option when the "security =3D server"
+# option is set, or if you cannot use DNS to locate a Domain Controller. The
+# argument list can include My_PDC_Name, [My_BDC_Name], and [My_Next_BDC_Nam=
e]:
+#
+# password server =3D My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
+#
+# Use "password server =3D *" to automatically locate Domain Controllers.
+
+;	security =3D domain
+;	passdb backend =3D tdbsam
+;	realm =3D MY_REALM
+
+;	password server =3D <NT-Server-Name>
+
+# ----------------------- Domain Controller Options ------------------------
+#
+# security =3D must be set to user for domain controllers.
+#
+# passdb backend =3D the backend used to store user information in. New
+# installations should use either tdbsam or ldapsam. No additional configura=
tion
+# is required for tdbsam. The "smbpasswd" utility is available for backwards
+# compatibility.
+#
+# domain master =3D specifies Samba to be the Domain Master Browser, allowing
+# Samba to collate browse lists between subnets. Do not use the "domain mast=
er"
+# option if you already have a Windows NT domain controller performing this =
task.
+#
+# domain logons =3D allows Samba to provide a network logon service for Wind=
ows
+# workstations.
+#
+# logon script =3D specifies a script to run at login time on the client. Th=
ese
+# scripts must be provided in a share named NETLOGON.
+#
+# logon path =3D specifies (with a UNC path) where user profiles are stored.
+#
+#
+;	security =3D user
+;	passdb backend =3D tdbsam
+
+;	domain master =3D yes
+;	domain logons =3D yes
+
+	# the following login script name is determined by the machine name
+	# (%m):
+;	logon script =3D %m.bat
+	# the following login script name is determined by the UNIX user used:
+;	logon script =3D %u.bat
+;	logon path =3D \\%L\Profiles\%u
+	# use an empty path to disable profile support:
+;	logon path =3D
+
+	# various scripts can be used on a domain controller or a stand-alone
+	# machine to add or delete corresponding UNIX accounts:
+
+;	add user script =3D /usr/sbin/useradd "%u" -n -g users
+;	add group script =3D /usr/sbin/groupadd "%g"
+;	add machine script =3D /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /n=
ohome -s /bin/false "%u"
+;	delete user script =3D /usr/sbin/userdel "%u"
+;	delete user from group script =3D /usr/sbin/userdel "%u" "%g"
+;	delete group script =3D /usr/sbin/groupdel "%g"
+
+
+# ----------------------- Browser Control Options --------------------------=
--
+#
+# local master =3D when set to no, Samba does not become the master browser =
on
+# your network. When set to yes, normal election rules apply.
+#
+# os level =3D determines the precedence the server has in master browser
+# elections. The default value should be reasonable.
+#
+# preferred master =3D when set to yes, Samba forces a local browser electio=
n at
+# start up (and gives itself a slightly higher chance of winning the electio=
n).
+#
+;	local master =3D no
+;	os level =3D 33
+;	preferred master =3D yes
+
+#----------------------------- Name Resolution -----------------------------=
--
+#
+# This section details the support for the Windows Internet Name Service (WI=
NS).
+#
+# Note: Samba can be either a WINS server or a WINS client, but not both.
+#
+# wins support =3D when set to yes, the NMBD component of Samba enables its =
WINS
+# server.
+#
+# wins server =3D tells the NMBD component of Samba to be a WINS client.
+#
+# wins proxy =3D when set to yes, Samba answers name resolution queries on b=
ehalf
+# of a non WINS capable client. For this to work, there must be at least one
+# WINS server on the network. The default is no.
+#
+# dns proxy =3D when set to yes, Samba attempts to resolve NetBIOS names via=
 DNS
+# nslookups.
+
+;	wins support =3D yes
+;	wins server =3D w.x.y.z
+;	wins proxy =3D yes
+
+;	dns proxy =3D yes
+
+# --------------------------- Printing Options -----------------------------
+#
+# The options in this section allow you to configure a non-default printing
+# system.
+#
+# load printers =3D when set you yes, the list of printers is automatically
+# loaded, rather than setting them up individually.
+#
+# cups options =3D allows you to pass options to the CUPS library. Setting t=
his
+# option to raw, for example, allows you to use drivers on your Windows clie=
nts.
+#
+# printcap name =3D used to specify an alternative printcap file.
+#
+
+	load printers =3D yes
+	cups options =3D raw
+
+;	printcap name =3D /etc/printcap
+	# obtain a list of printers automatically on UNIX System V systems:
+;	printcap name =3D lpstat
+;	printing =3D cups
+
+# --------------------------- File System Options ---------------------------
+#
+# The options in this section can be un-commented if the file system supports
+# extended attributes, and those attributes are enabled (usually via the
+# "user_xattr" mount option). These options allow the administrator to speci=
fy
+# that DOS attributes are stored in extended attributes and also make sure t=
hat
+# Samba does not change the permission bits.
+#
+# Note: These options can be used on a per-share basis. Setting them globally
+# (in the [global] section) makes them the default for all shares.
+
+;	map archive =3D no
+;	map hidden =3D no
+;	map read only =3D no
+;	map system =3D no
+;	store dos attributes =3D yes
+
+
+#=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D Share Definitions =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
+
+[homes]
+	comment =3D Home Directories
+	browseable =3D no
+	writable =3D yes
+;	valid users =3D %S
+;	valid users =3D MYDOMAIN\%S
+
+[printers]
+	comment =3D All Printers
+	path =3D /var/spool/samba
+	browseable =3D no
+	guest ok =3D no
+	writable =3D no
+	printable =3D yes
+
+# Un-comment the following and create the netlogon directory for Domain Logo=
ns:
+;	[netlogon]
+;	comment =3D Network Logon Service
+;	path =3D /var/lib/samba/netlogon
+;	guest ok =3D yes
+;	writable =3D no
+;	share modes =3D no
+
+# Un-comment the following to provide a specific roving profile share.
+# The default is to use the user's home directory:
+;	[Profiles]
+;	path =3D /var/lib/samba/profiles
+;	browseable =3D no
+;	guest ok =3D yes
+
+# A publicly accessible directory that is read only, except for users in the
+# "staff" group (which have write permissions):
+;	[public]
+;	comment =3D Public Stuff
+;	path =3D /home/samba
+;	public =3D yes
+;	writable =3D yes
+;	printable =3D no
+;	write list =3D +staff
diff --git a/samba4/systemd/nmb.service b/samba4/systemd/nmb.service
new file mode 100644
index 0000000..b0b447e
--- /dev/null
+++ b/samba4/systemd/nmb.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=3DSamba NMB Daemon
+After=3Dsyslog.target network.target
+
+[Service]
+Type=3Dforking
+ExecStart=3D/usr/sbin/nmbd
+
+[Install]
+WantedBy=3Dmulti-user.target
diff --git a/samba4/systemd/smb.service b/samba4/systemd/smb.service
new file mode 100644
index 0000000..b62df5c
--- /dev/null
+++ b/samba4/systemd/smb.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=3DSamba SMB Daemon
+After=3Dsyslog.target network.target nmb.service winbind.service
+
+[Service]
+Type=3Dforking
+LimitNOFILE=3D16384
+ExecStart=3D/usr/sbin/smbd
+
+[Install]
+WantedBy=3Dmulti-user.target
diff --git a/samba4/systemd/winbind.service b/samba4/systemd/winbind.service
new file mode 100644
index 0000000..5ae1c2f
--- /dev/null
+++ b/samba4/systemd/winbind.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=3DSamba Winbind Daemon
+After=3Dsyslog.target network.target nmb.service
+
+[Service]
+Type=3Dforking
+ExecStart=3D/usr/sbin/winbindd
+
+[Install]
+WantedBy=3Dmulti-user.target
--=20
2.6.3


--===============0981396359816134987==--