Signed-off-by: Alexander Marx alexander.marx@ipfire.org --- samba4/samba.nm | 109 ++++++++++++++ samba4/samba.pamd | 6 + samba4/smb.conf | 320 +++++++++++++++++++++++++++++++++++++++++ samba4/systemd/nmb.service | 10 ++ samba4/systemd/smb.service | 11 ++ samba4/systemd/winbind.service | 10 ++ 6 files changed, 466 insertions(+) create mode 100644 samba4/samba.nm create mode 100644 samba4/samba.pamd create mode 100644 samba4/smb.conf create mode 100644 samba4/systemd/nmb.service create mode 100644 samba4/systemd/smb.service create mode 100644 samba4/systemd/winbind.service
diff --git a/samba4/samba.nm b/samba4/samba.nm new file mode 100644 index 0000000..9a1ef37 --- /dev/null +++ b/samba4/samba.nm @@ -0,0 +1,109 @@ +############################################################################### +# IPFire.org - An Open Source Firewall Solution # +# Copyright (C) - IPFire Development Team info@ipfire.org # +############################################################################### + +name = samba +version = 4.4.0 +release = 1 + +groups = Networking/Daemons +url = http://www.samba.org/ +license = GPLv3+ and LGPLv3+ +summary = Server and Client software to interoperate with Windows machines. + +description + Samba is the suite of programs by which a lot of PC-related machines + share files, printers, and other information (such as lists of + available files and printers). The Windows NT, OS/2, and Linux + operating systems support this natively, and add-on packages can + enable the same thing for DOS, Windows, VMS, UNIX of all kinds, MVS, + and more. This package provides an SMB/CIFS server that can be used to + provide network services to SMB/CIFS clients. + Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT + need the NetBEUI (Microsoft Raw NetBIOS frame) protocol. +end + +source_dl = http://www.samba.org/samba/ftp/stable/ + +CFLAGS += \ + -D_FILE_OFFSET_BITS=64 \ + -D_GNU_SOURCE -DLDAP_DEPRECATED + +build + requires + autoconf + automake + avahi-devel + #cups-devel + gettext + gnutls-devel + ncurses-devel + libacl-devel + libcap-devel + openldap-devel + openssl-devel + pam-devel + popt-devel + readline-devel + which + zlib-devel + end + + DIR_APP = %{DIR_SRC}/%{thisapp}/ + + configure_options += \ + --enable-fhs \ + --prefix=%{prefix} \ + --localstatedir=/var \ + --with-lockdir=%{sharedstatedir}/samba \ + --with-piddir=/var/run/samba \ + --with-privatedir=%{sharedstatedir}/samba/private \ + --with-logfilebase=/var/log/samba \ + --with-modulesdir=%{libdir}/samba \ + --with-configdir=%{sysconfdir}/samba \ + --with-pammodulesdir=/%{lib}/security \ + --with-automount \ + --with-pam \ + --with-quotas \ + --with-sendfile-support \ + --with-syslog \ + --with-utmp \ + --with-winbind \ + --with-shared-modules=idmap_ad,idmap_rid,idmap_adex,idmap_hash + + install_cmds + mkdir -pv %{BUILDROOT}%{sysconfdir}/samba + echo "127.0.0.1 localhost" > %{BUILDROOT}%{sysconfdir}/samba/lmhosts + cp -vf %{DIR_SOURCE}/smb.conf %{BUILDROOT}/%{sysconfdir}/%{name} + end +end + +quality-agent + whitelist_rpath + %{libdir}/samba + end +end + + +packages + package %{name} + prerequires = systemd-units + configfiles = /etc/smb.conf + requires += %{name}-libs = %{thisver} + end + + package %{name}-libs + template LIBS + end + + package %{name}-devel + template DEVEL + + requires += %{name}-libs = %{thisver} + end + + package %{name}-debuginfo + template DEBUGINFO + end +end diff --git a/samba4/samba.pamd b/samba4/samba.pamd new file mode 100644 index 0000000..66cd2a9 --- /dev/null +++ b/samba4/samba.pamd @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth required pam_nologin.so +auth include password-auth +account include password-auth +session include password-auth +password include password-auth diff --git a/samba4/smb.conf b/samba4/smb.conf new file mode 100644 index 0000000..fe0d921 --- /dev/null +++ b/samba4/smb.conf @@ -0,0 +1,320 @@ +# This is the main Samba configuration file. For detailed information about the +# options listed here, refer to the smb.conf(5) manual page. Samba has a huge +# number of configurable options, most of which are not shown in this example. +# +# The Official Samba 3.2.x HOWTO and Reference Guide contains step-by-step +# guides for installing, configuring, and using Samba: +# http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf +# +# The Samba-3 by Example guide has working examples for smb.conf. This guide is +# generated daily: http://www.samba.org/samba/docs/Samba-Guide.pdf +# +# In this file, lines starting with a semicolon (;) or a hash (#) are +# comments and are ignored. This file uses hashes to denote commentary and +# semicolons for parts of the file you may wish to configure. +# +# Note: Run the "testparm" command after modifying this file to check for basic +# syntax errors. +# +#--------------- +# Security-Enhanced Linux (SELinux) Notes: +# +# Turn the samba_domain_controller Boolean on to allow Samba to use the useradd +# and groupadd family of binaries. Run the following command as the root user to +# turn this Boolean on: +# setsebool -P samba_domain_controller on +# +# Turn the samba_enable_home_dirs Boolean on if you want to share home +# directories via Samba. Run the following command as the root user to turn this +# Boolean on: +# setsebool -P samba_enable_home_dirs on +# +# If you create a new directory, such as a new top-level directory, label it +# with samba_share_t so that SELinux allows Samba to read and write to it. Do +# not label system directories, such as /etc/ and /home/, with samba_share_t, as +# such directories should already have an SELinux label. +# +# Run the "ls -ldZ /path/to/directory" command to view the current SELinux +# label for a given directory. +# +# Set SELinux labels only on files and directories you have created. Use the +# chcon command to temporarily change a label: +# chcon -t samba_share_t /path/to/directory +# +# Changes made via chcon are lost when the file system is relabeled or commands +# such as restorecon are run. +# +# Use the samba_export_all_ro or samba_export_all_rw Boolean to share system +# directories. To share such directories and only allow read-only permissions: +# setsebool -P samba_export_all_ro on +# To share such directories and allow read and write permissions: +# setsebool -P samba_export_all_rw on +# +# To run scripts (preexec/root prexec/print command/...), copy them to the +# /var/lib/samba/scripts/ directory so that SELinux will allow smbd to run them. +# Note that if you move the scripts to /var/lib/samba/scripts/, they retain +# their existing SELinux labels, which may be labels that SELinux does not allow +# smbd to run. Copying the scripts will result in the correct SELinux labels. +# Run the "restorecon -R -v /var/lib/samba/scripts" command as the root user to +# apply the correct SELinux labels to these files. +# +#-------------- +# +#======================= Global Settings ===================================== + +[global] + +# ----------------------- Network-Related Options ------------------------- +# +# workgroup = the Windows NT domain name or workgroup name, for example, MYGROUP. +# +# server string = the equivalent of the Windows NT Description field. +# +# netbios name = used to specify a server name that is not tied to the hostname. +# +# interfaces = used to configure Samba to listen on multiple network interfaces. +# If you have multiple interfaces, you can use the "interfaces =" option to +# configure which of those interfaces Samba listens on. Never omit the localhost +# interface (lo). +# +# hosts allow = the hosts allowed to connect. This option can also be used on a +# per-share basis. +# +# hosts deny = the hosts not allowed to connect. This option can also be used on +# a per-share basis. +# +# max protocol = used to define the supported protocol. The default is NT1. You +# can set it to SMB2 if you want experimental SMB2 support. +# + workgroup = MYGROUP + server string = Samba Server Version %v + +; netbios name = MYSERVER + +; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24 +; hosts allow = 127. 192.168.12. 192.168.13. + +; max protocol = SMB2 + +# --------------------------- Logging Options ----------------------------- +# +# log file = specify where log files are written to and how they are split. +# +# max log size = specify the maximum size log files are allowed to reach. Log +# files are rotated when they reach the size specified with "max log size". +# + + # log files split per-machine: + log file = /var/log/samba/log.%m + # maximum size of 50KB per log file, then rotate: + max log size = 50 + +# ----------------------- Standalone Server Options ------------------------ +# +# security = the mode Samba runs in. This can be set to user, share +# (deprecated), or server (deprecated). +# +# passdb backend = the backend used to store user information in. New +# installations should use either tdbsam or ldapsam. No additional configuration +# is required for tdbsam. The "smbpasswd" utility is available for backwards +# compatibility. +# + + security = user + passdb backend = tdbsam + + +# ----------------------- Domain Members Options ------------------------ +# +# security = must be set to domain or ads. +# +# passdb backend = the backend used to store user information in. New +# installations should use either tdbsam or ldapsam. No additional configuration +# is required for tdbsam. The "smbpasswd" utility is available for backwards +# compatibility. +# +# realm = only use the realm option when the "security = ads" option is set. +# The realm option specifies the Active Directory realm the host is a part of. +# +# password server = only use this option when the "security = server" +# option is set, or if you cannot use DNS to locate a Domain Controller. The +# argument list can include My_PDC_Name, [My_BDC_Name], and [My_Next_BDC_Name]: +# +# password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name] +# +# Use "password server = *" to automatically locate Domain Controllers. + +; security = domain +; passdb backend = tdbsam +; realm = MY_REALM + +; password server = <NT-Server-Name> + +# ----------------------- Domain Controller Options ------------------------ +# +# security = must be set to user for domain controllers. +# +# passdb backend = the backend used to store user information in. New +# installations should use either tdbsam or ldapsam. No additional configuration +# is required for tdbsam. The "smbpasswd" utility is available for backwards +# compatibility. +# +# domain master = specifies Samba to be the Domain Master Browser, allowing +# Samba to collate browse lists between subnets. Do not use the "domain master" +# option if you already have a Windows NT domain controller performing this task. +# +# domain logons = allows Samba to provide a network logon service for Windows +# workstations. +# +# logon script = specifies a script to run at login time on the client. These +# scripts must be provided in a share named NETLOGON. +# +# logon path = specifies (with a UNC path) where user profiles are stored. +# +# +; security = user +; passdb backend = tdbsam + +; domain master = yes +; domain logons = yes + + # the following login script name is determined by the machine name + # (%m): +; logon script = %m.bat + # the following login script name is determined by the UNIX user used: +; logon script = %u.bat +; logon path = \%L\Profiles%u + # use an empty path to disable profile support: +; logon path = + + # various scripts can be used on a domain controller or a stand-alone + # machine to add or delete corresponding UNIX accounts: + +; add user script = /usr/sbin/useradd "%u" -n -g users +; add group script = /usr/sbin/groupadd "%g" +; add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u" +; delete user script = /usr/sbin/userdel "%u" +; delete user from group script = /usr/sbin/userdel "%u" "%g" +; delete group script = /usr/sbin/groupdel "%g" + + +# ----------------------- Browser Control Options ---------------------------- +# +# local master = when set to no, Samba does not become the master browser on +# your network. When set to yes, normal election rules apply. +# +# os level = determines the precedence the server has in master browser +# elections. The default value should be reasonable. +# +# preferred master = when set to yes, Samba forces a local browser election at +# start up (and gives itself a slightly higher chance of winning the election). +# +; local master = no +; os level = 33 +; preferred master = yes + +#----------------------------- Name Resolution ------------------------------- +# +# This section details the support for the Windows Internet Name Service (WINS). +# +# Note: Samba can be either a WINS server or a WINS client, but not both. +# +# wins support = when set to yes, the NMBD component of Samba enables its WINS +# server. +# +# wins server = tells the NMBD component of Samba to be a WINS client. +# +# wins proxy = when set to yes, Samba answers name resolution queries on behalf +# of a non WINS capable client. For this to work, there must be at least one +# WINS server on the network. The default is no. +# +# dns proxy = when set to yes, Samba attempts to resolve NetBIOS names via DNS +# nslookups. + +; wins support = yes +; wins server = w.x.y.z +; wins proxy = yes + +; dns proxy = yes + +# --------------------------- Printing Options ----------------------------- +# +# The options in this section allow you to configure a non-default printing +# system. +# +# load printers = when set you yes, the list of printers is automatically +# loaded, rather than setting them up individually. +# +# cups options = allows you to pass options to the CUPS library. Setting this +# option to raw, for example, allows you to use drivers on your Windows clients. +# +# printcap name = used to specify an alternative printcap file. +# + + load printers = yes + cups options = raw + +; printcap name = /etc/printcap + # obtain a list of printers automatically on UNIX System V systems: +; printcap name = lpstat +; printing = cups + +# --------------------------- File System Options --------------------------- +# +# The options in this section can be un-commented if the file system supports +# extended attributes, and those attributes are enabled (usually via the +# "user_xattr" mount option). These options allow the administrator to specify +# that DOS attributes are stored in extended attributes and also make sure that +# Samba does not change the permission bits. +# +# Note: These options can be used on a per-share basis. Setting them globally +# (in the [global] section) makes them the default for all shares. + +; map archive = no +; map hidden = no +; map read only = no +; map system = no +; store dos attributes = yes + + +#============================ Share Definitions ============================== + +[homes] + comment = Home Directories + browseable = no + writable = yes +; valid users = %S +; valid users = MYDOMAIN%S + +[printers] + comment = All Printers + path = /var/spool/samba + browseable = no + guest ok = no + writable = no + printable = yes + +# Un-comment the following and create the netlogon directory for Domain Logons: +; [netlogon] +; comment = Network Logon Service +; path = /var/lib/samba/netlogon +; guest ok = yes +; writable = no +; share modes = no + +# Un-comment the following to provide a specific roving profile share. +# The default is to use the user's home directory: +; [Profiles] +; path = /var/lib/samba/profiles +; browseable = no +; guest ok = yes + +# A publicly accessible directory that is read only, except for users in the +# "staff" group (which have write permissions): +; [public] +; comment = Public Stuff +; path = /home/samba +; public = yes +; writable = yes +; printable = no +; write list = +staff diff --git a/samba4/systemd/nmb.service b/samba4/systemd/nmb.service new file mode 100644 index 0000000..b0b447e --- /dev/null +++ b/samba4/systemd/nmb.service @@ -0,0 +1,10 @@ +[Unit] +Description=Samba NMB Daemon +After=syslog.target network.target + +[Service] +Type=forking +ExecStart=/usr/sbin/nmbd + +[Install] +WantedBy=multi-user.target diff --git a/samba4/systemd/smb.service b/samba4/systemd/smb.service new file mode 100644 index 0000000..b62df5c --- /dev/null +++ b/samba4/systemd/smb.service @@ -0,0 +1,11 @@ +[Unit] +Description=Samba SMB Daemon +After=syslog.target network.target nmb.service winbind.service + +[Service] +Type=forking +LimitNOFILE=16384 +ExecStart=/usr/sbin/smbd + +[Install] +WantedBy=multi-user.target diff --git a/samba4/systemd/winbind.service b/samba4/systemd/winbind.service new file mode 100644 index 0000000..5ae1c2f --- /dev/null +++ b/samba4/systemd/winbind.service @@ -0,0 +1,10 @@ +[Unit] +Description=Samba Winbind Daemon +After=syslog.target network.target nmb.service + +[Service] +Type=forking +ExecStart=/usr/sbin/winbindd + +[Install] +WantedBy=multi-user.target