openbsd-ports/net/samba/files
giovanni 59c7a9b962 Tell the user how to correctly enable samba as a Pdc
ok Ian McWilliam (Maintainer)
2010-07-02 14:42:29 +00:00
..
krb5-config
README.OpenBSD Tell the user how to correctly enable samba as a Pdc 2010-07-02 14:42:29 +00:00

Using samba package in an OpenBSD environment:

1. Edit ${SYSCONFDIR}/samba/smb.conf to suit your needs.

2. Edit /etc/rc.conf.local:
   ...
   smbd_flags="-D"         # for normal use: "-D"
   nmbd_flags="-D"         # for normal use: "-D"
   ...

3. Edit /etc/rc.local:
   echo -n 'starting local daemons:'
   ...
   if [ -f ${SYSCONFDIR}/samba/smb.conf ]; then
       if [ X"${smbd_flags}" != X"NO" -a -x ${LOCALBASE}/libexec/smbd ]; then
           echo -n ' smbd';    ${LOCALBASE}/libexec/smbd ${smbd_flags}
       fi
       if [ X"${nmbd_flags}" != X"NO" -a -x ${LOCALBASE}/libexec/nmbd ]; then
           echo -n ' nmbd';    ${LOCALBASE}/libexec/nmbd ${nmbd_flags}
       fi
   fi
   ...
   echo '.'

Steps 4 and 5 are only necessary if you want to enable swat (Samba 
Web Administration Tool). Please note that administering the server
with swat over a network is inadvisable as passwords are passed in
the clear. You can avoid this problem by using ssh forwarding to
port 901.

4. add the following entry to /etc/inetd.conf:

   ...
   swat  stream  tcp  nowait.400  root  ${LOCALBASE}/libexec/swat  swat
   ...

5. add the following entry to /etc/services:

   ...
   swat            901/tcp                 # samba admin service
   ...

Install the samba-docs package and see documentation files in
${PREFIX}/share/doc/samba and example config files in
${PREFIX}/share/examples/samba for more information.

Winbind on OpenBSD does not support local user logins as there
is no nsswitch support.

Winbind support is included for external systems like Dovecot or
Squid that are able to use it to authenticate users.

!!! ATTENTION !!!
The default passdb backend has been changed to 'tdbsam'! That breaks
existing setups using the 'smbpasswd' backend without explicit
declaration! Please use 'passdb backend = smbpasswd' if you would like
to stick to the 'smbpasswd' backend or convert your smbpasswd entries
using e.g. 'pdbedit -i smbpasswd -e tdbsam'.

The 'tdbsam' backend is much more flexible concerning per user settings
like 'profile path' or 'home directory' and there are some commands which
do not work with the 'smbpasswd' backend at all.

The configuration file, found at ${CONFDIR}/smb.conf can be used right
away for simple configurations.  Local users must be added to the Samba user
database using the pdbedit utility in order to use the Samba server.
        
$ sudo pdbedit -a -u <username>
or the old way if for smbpasswd
$ sudo smbpasswd -a <username>

An EXPERIMENTAL implementation of the SMB2 protocol has been added.
SMB2 can be enabled by setting "max protocol = smb2". SMB2 is a new
implementation of the SMB protocol used by Windows Vista and higher.

To use Samba as a PDC the values of openfiles-max in ${SYSCONFDIR}/login.conf
and kern.maxfiles should be increased to 16384.

Rebuild the login.conf.db file if necessary:

        # cap_mkdb ${SYSCONFDIR}/login.conf

Don't forget to add the entry kern.maxfiles=16384 to the ${SYSCONFDIR}/sysctl.conf
file to keep the change across reboots.