Saturday Aug 25, 2007

SAMBA and SWAT in Solaris 10 Update 4 (Solaris 10 8/07)

I have previously blogged on how to enable SAMBA and SWAT as shipped with Solaris 10.

In Solaris 10 Update 4 (AKA Solaris 10 8/07 - available real soon now) Sun is shipping SAMBA 3.0.25a, and for the first time we are supporting SAMBA's Active Directory Service (ADS) integration.

What caught me out when I installed this new release of Solaris was that the way you stop and start SAMBA and SWAT have changed.

SAMBA processes are now managed using the Service Management Facility (SMF). You configure SAMBA as before, but to start the services you type:

root# svcadm enable samba wins

To stop SAMBA.........

root# svcadm disable samba wins

To check the status of the services....

root# svcs samba wins
STATE          STIME    FMRI
online         Aug_24   svc:/network/samba:default
online         Aug_24   svc:/network/wins:default

To enable SWAT you no longer have to edit any files, you just enable the service as below...

root# svcadm enable swat

And here is how to check the status of the service...

root# svcs swat
STATE          STIME    FMRI
online         Aug_23   svc:/network/swat:default

You still connect to SWAT on port 901, just point your browser at http://servername:901.

Sunday Jun 17, 2007

Configuring the SAMBA Web Administration Tool (SWAT) for Solaris 10

SWAT is a web based tool for managing a SAMBA server environment. It provides a GUI to manage the SAMBA configuration files (Global Settings, Shares, Printers etc), gives you simple interface to view SAMBA documentation and allows you to stop and restart the SAMBA processes.

SWAT ships with Solaris 10 in /usr/sfw/sbin and, like the version of SAMBA we ship, is supported by Sun.

The below is correct for Solaris 9 and Solaris 10 up to Solaris 10 Update 3 (11/06). If you are running  Solaris 10 Update 4 (8/07) or later you need to look at this blog entry.

Here is how you enable SWAT:

  1. Add the following line to /etc/services:

    swat 901/tcp

  2. Add the following line to /etc/inetd.conf:

    swat stream tcp nowait root /usr/sfw/sbin/swat swat

  3. Run the command inetconv to compile the new information in inetd.conf into Solaris. You should see messages about XML files being created, something like the below:

    root# inetconv
    swat -> /var/svc/manifest/network/swat-tcp.xml
    Importing swat-tcp.xml ...Done

You should now be able to connect to SWAT using a browser, just point your browser at http://servername:901.

If you want to know how to enable SAMBA in Solaris 10 in the first place, check out this blog entry.

Enabling and configuring SAMBA as shipped with Solaris 10

Sun ships SAMBA with Solaris 9 & Solaris 10 and it is supported as part of the Operating System. I recently completed a project with Symantec Enterprise Vault and Sun StorageTek Storage Archive Manager (aka SAM-FS) which required me to do some work with SAMBA for the first time.

My requirement was to use SAMBA to give a server running Microsoft Windows Server 2003 and Symantec Enterprise Vault access to a SAM-FS file system on a Sun server running Solaris 10. The good news is that it does all work correctly and that it performed well. As a result, this configuration is now supported by Symantec.

Initially I struggled with SAMBA and looked at many web sites and docs before I worked out how to set it up. In the end it was simple and the object of this blog entry is to explain how to set up a basic SAMBA server installation on Solaris.

The below is correct for Solaris 9 and Solaris 10 up to Solaris 10 Update 3 (11/06). If you are running Solaris 10 Update 4 (8/07) then the version of SAMBA is 3.0.25a, the patches are not applicable and the way that you stop and start SAMBA has changed: look at this blog entry for notes on that.

  1. Make sure that /usr/sfw/bin and /usr/sfw/sbin are on the root user's path.

  2. Check you have the latest version of SAMBA installed:

    root# /usr/sfw/sbin/smbd -V
    Version 3.0.21b

    This is the most recent version supported by Sun at this time. If you find you have an older version than the above then you should patch the system. The latest patch for SAMBA on Solaris 10 SPARC is 119757-04 and Solaris 10 x86 is 119758-04. If you have access to Sunsolve then Sun InfoDoc 80581 talks about this some more.

  3. By default, all files create by the windows server in the Solaris directories shared by SAMBA will be owned by user nobody. If you want to change this then you can force the ownership to another user. I created a user evault in group other for this purpose. Make sure that the user you choose has permission to write to the directories in the file systems that you are sharing with SAMBA. You can use the user root if you wish.

  4. Create an entry in the SAMBA user database for the user with the below command:

    root# smbpasswd -a evault

  5. Create the file /etc/sfw/smb.conf. Below is the /etc/sfw/smb.conf that I used. The SAM-FS file system was mounted as /ev_test and vaultstores was the subdirectory I wanted to share.

    [global]
      workgroup = EV-SAMFS
      server string = Samba Server
      log file = /var/adm/samba_log.%m
      security = SHARE
    [vaultstores]
      comment = vaultstores
      path = /ev_test/vaultstores
      force user = evault
      force group = other
      read only = No
      guest ok = Yes

    It is not obvious, but the share is defined in the square brackets and is "vaultstores" in this case.

    Note that once the file /etc/sfw/smb.conf exists SAMBA will start automatically when the system boots.

  6. You should check the syntax of /etc/sfw/smb.conf using the command testparm. Assuming that all is well you can start SAMBA.

    root# /etc/init.d/samba start

    This returns silently. If you are paranoid, like me, check to see that smbd is running. If you are running Solaris 10 Update 4 (8/07) or later this step has changed: look at this blog entry for notes on that.

From the server running Microsoft Windows I was then able to map the share \\\\servername\\vaultstores to a drive and create and delete files and directories. I then looked on the SAMBA server and confirmed that the file were created with the correct ownership, which they were.

So far as SAMBA performance tuning goes, I tried various configuration options, but in the end I used the default socket option settings, hence no custom settings for this in my smb.conf file. I found that these gave the best performance. I was fortunate in being able to get advice on this topic from Jeremy Allison who has been involved with SAMBA for years.

Note that the version of SAMBA that Sun provides at the time of writing this does not support Active Directory Services (ADS), a frequently asked for feature. Sun will ship a later version of SAMBA with support for ADS as part of a future release of Solaris 10. In the meantime, you can build your own version of SAMBA with this feature using the packages and sources at Sunfreeware.com but unfortunately the custom SAMBA build would not be supported by Sun.

For information and documentation on SAMBA go to samba.org.

If you would like to know how to configure SWAT, the SAMBA Web Administration Tool, I have written a blog entry on that here.

About

Tim Thomas

Search

Archives
« April 2014
MonTueWedThuFriSatSun
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
    
       
Today