Only about 8 months from release of Samba 3.0.0, there is beginning to be the transition from 2.2.x. Here again, I will explain the Notes on new features and migration of Samba 3.0 series. (Editorial office)
The Samba Team as an Samba of developer, especially in Mr. currently Gerald (Jerry) Carter, has continued the development and release of Samba 3.0 series as a stable version. Samba 3.0 series, since Samba 3.0.0 is released on September 24, 2003, and upgraded to Samba 3.0.3 In time of writing (May 2004) (Editor‘s Note), bug fixes and small function and improvement have been made. Along with this, including the Red Hat Enterprise Linux (RHEL) 3.0, also distribution to adopt the Samba 3.0 series has been gradually increasing.
Editor‘s Note: Then, Samba 3.0.4 has been released by the end of this article the time of publication.
So far in the person who was using the Samba 2.2 series also, I think people who Ya you have already migrated you are considering a migration to Samba 3.0 series is increasing. So, in this article the whole picture of Samba 3.0 as revised, and then describes the notes during the transition from the feature and Samba 2.2 series of Samba 3.0 series.
New features and changes of Samba 3.0 series
First of all, I will list the main thing about the features that have been added or changed significantly in Samba 3.0 series. For a complete description of each feature, I will introduce later with the setting method.
1. change of internationalization (Japanese correspondence) function
To take advantage of the iconv () to the character code conversion, implementation has been changed significantly. In accordance with this, significant changes have occurred in the parameters.
2. internationalization of SWAT
Outcome of Samba Japanese version is shipped, SWAT became a multilingual.
3. Unicode support in communication path
You do not need to be aware of directly, but looks like communication on the network is carried out in a Windows NT-based OS (Note) and the same Unicode-based (UCS-2).
Note: such as Windows 2000 / XP / Windows Server 2003. Following the same.
4. Active Directory participation function
Support for Kerberos authentication, has become possible to participate in the Active Directory as well as the OS since Windows 2000.
5. Winbind enhancements
the mapping table between the uid and gid I can now centrally managed in the LDAP server.
6. of any of the global group support
In NT domain that was constructed in the Samba (Note), was now possible to create any of the global group.
Note: Windows domain the domain controller is configured with Windows NT or Samba. Following the same.
7. interdomain trust relationship
In NT domain that was constructed in the Samba, it is now possible to construct an explicit one-way trust relationship.
8. support of a variety of authentication database
In addition to the conventional smbpasswd file, it is now possible to use at the same time by combining a variety of authentication methods in any order.
9. extension of SMB security
Such as encryption of SMB signing and secure channel, was for many of the security features included in the Windows OS.
10. Expansion of management commands
Around the net command that is newly added, UNIX and Windows machines and Windows domain (Note) (if not otherwise specified is also included Linux. The following R) functions to manage the machines on the command line has not been greatly expanded you.
Note: is used as a generic term for NT domain and AD domain (Windows domain that has been configured with Windows 2000 Server and later domain controller). Following the same.
Installation of Samba 3.0 series
For installation of Samba 3.0 series, I will briefly describe.
Recently, because Samba 3.0 series as a package of OS and distributions have been increasing even if it is installed, please first try to check. For example, Samba package that comes with RHEL 3.0 and Fedora Core has become a Samba 3.0 series, also there are no Japanese file name support issues, which will be described later. However, because of the Japanese support issues some distributions, it does not necessarily and can be used as it is even if there is a package.
At least, if as Japanese file name is written in EUC by specifying the eucJP-ms as the value of the unix charset parameter, which will be described later, Japanese file name support you may believe that no problem.
■ Installing from informal package
Distributions not use the supplied package environment, if you want to easily try the Samba 3.0 series, the Linux has the following methods.
● Red Hat-based distributions
For Linux distributions Red Hat system, it is possible to make use of informal RPM package provides Japan Samba Users Group, which is available from the following URL.
http://ftp.samba.gr.jp/pub/samba-jp/samba-3.0-ja/
ftp://ftp.samba.gr.jp/pub/samba-jp/samba-3.0-ja/
From here to get the SRPM file, it would be better to create and use a RPM package and rebuild.
In addition, the package
- those to replace the glibc
- To install the GNU libiconv (or replace) those
There are two types of. Since the replacement of glibc large influence on the other, you may package to install the GNU libiconv If you want to try the time being.
Package of rebuilding from SRPM file, I done in the following command.
# cd /usr/src/redhat/SRPMS/
# rpm --rebuild libiconv-1.8-1.src.rpm
# rpm --rebuild samba-3.0.0-3iconv.src.rpm
Recompilation of SRPM
Note: In the case of Red Hat Linux 8 and later, that you run the rpmbuild command instead of the rpm command. In addition, SRPM file necessary, in advance / usr / src / redhat / SRPMS may want to copy below.
After a successful rebuild, / usr / Because src / redhat / RPM / RPMS / i386 RPM file below is created, please do the installation by using this. It should be noted that since the Samba compilation is performed at the time of rebuild, in addition to the general development environment, including the GCC, LDAP, the development environment, such as Kerberos must be installed.
● Debian
If you are using, such as Debian GNU / Linux 3.0, you can use the package that Mr. Saito has to offer. In an environment capable of communicating with the Internet, to the / etc / apt / sources.list file,
deb http://everybody.good-day.net/~nsaito samba3/
Fixes /etc/apt/sources.list file
Did on add a description like, please do the installation in the following manner.
# apt-get update
# apt-get install locales
# apt-get install samba
Commands that are required to install
■ Installing from source
The above method can not be used, or for example, if you want to use the latest version, it will be installed from the source. In this case, usually requires the installation of GNU libiconv prior to the installation of Samba. Also, if you want to enable support for LDAP authentication database or AD domain, you must also be installed LDAP and Kerberos development environment.
Installation of ● GNU libiconv
Character code conversion including Japanese Samba 3.0 in series, as described below, is achieved by Samba external iconv () function. The iconv () function, I present in glibc of various UNIX and Linux distributions, but most of the iconv () function,
- Is not supported, such as machine-dependent character
- Conversion table of character codes of the Unicode is not a Windows fully compatible
Such as there is a problem, there is a problem in order to use in Samba.
By the efforts of Mr. Moriyama, this point has been resolved in the glibc-2.3.3 or later. Even glibc-2.2.5 or later and GNU libiconv-1.8 or later, it is possible deal in which to apply the Japanese locale support patch, which also created Moriyama Mr.. However, for the replacement of glibc has a large influence, is basically a good idea that you have installed the GNU libiconv of applying the Japanese locale patch.
The latest version of the GNU libiconv in time of writing but is 1.9.2, the latest version of the Japanese locale patch, GNU libiconv-1.9 that have been published in Issues in iconv page of Miracle Linux‘s Samba 3.0 internationalization project. It becomes Japanese locale patch libiconv-1.9.1-cp932.patch.gz for 1.
- Miracle Linux‘s Samba 3.0 internationalization project
http://www.miraclelinux.com/technet/samba30/ - Issues in iconv
http://www.miraclelinux.com/english/technet/samba30/iconv_issues.html
In terms of acquired separately libiconv-1.9.1.tar.gz, please do the installation in the following manner. In order to install the Samba 3.0 series, specify the configure option is not required.
$ ls
libiconv-1.9.1.tar.gz libiconv-1.9.1-cp932-patch.gz
$ tar xf libiconv-1.9.1.tar.gz
$ cd libiconv-1.9.1
$ zcat ../libiconv-1.9.1-cp932-patch.gz | patch -p1
$ ./configure; make;
$ su
# make install
Patching and installation of the GNU libiconv-1.9.1
After the GNU libiconv installation is complete,
$ /usr/local/bin/iconv -l | grep -i EUCJP-MS
EUCJP-MS
Confirmation of EUCJP-MS locale
Note: it is sufficient line output that EUCJP-MS.
Run a, it‘s a good idea to check that the EUCJP-MS locale to be added has been recognized by the patch.
In addition, in the case of Linux for inclusion in the reference path of the shared library / usr / local / lib, in / etc / ld.so.conf,
/usr/local/lib
Add a single line, please sure you have run ldconfig command.
● installation of Samba 3.0 series
Once you have installed the GNU libiconv, it is finally the installation of Samba body.
From Samba 3.0 series, many features I now to enable or so can be set in the parameters in the smb.conf, the function to automatically detect the configure at environment. Therefore, configure option is not so much to consider. Of the Samba-specific configure options, it indicates that those who were conscious seems to be good in Table 1.
Is indispensable basically specified
--with-libiconv = <directory>
Specifies the installation of GNU libiconv
--with-pam
Enabling PAM support
Shall be specified as necessary
--with-ads
Active support of Directory corresponding function
--with-ldapsam
Support for LDAP authentication feature of Samba 2.2 series compatible
The main configure options in Table 1 Samba 3.0
In order to use the libiconv you just created, - with-libiconv option must be specified. If the system is to support the PAM is, - with-pam also a good idea you gave.
default of --with-ads has become the auto. For this reason, if the LDAP and Kerberos development environment if installed, automatically enabled Active Directory corresponding function. However, Active Directory support functions will be disabled without warning otherwise.
By specifying explicitly this option, since LDAP and Kerberos development environment is to configure error if not installed, you can avoid the trouble that the "this function within do not know had been disabled" .
For other options, please set as necessary. Author used, such as during verification, all the major features I shows the configure option to support below.
./configure --with-libiconv=/usr/local --with-automount --with-smbmount --with-pam --with-pam_smbpass --with-ldapsam --with-syslog --with-quotas --with-utmp --with-winbind --with-ldap --with-ads --with-smbwrapper
Note: However, - with-ldapsam If you give the order to the default authentication database is no longer smbpasswd, this option would be better I do not give unless really necessary.
If you especially do not perform the specified destination, will be installed Samba is below If you do make install / usr / local / samba. I shows the flow of up to install the following from configure.
$ tar xjf samba-3.0.3.tar.bz2
$ cd samba-3.0.3/source
$ ./configure --with-libiconv=< ディレクトリ > --with-pam < そのほかのオプション >
$ make
$ su
# make install
Configure and installation instructions of Samba 3.0.3
Internationalization features and character code support
■ Changing the internationalization (Japanese correspondence) function
We as a large point of most impact for the Japanese, you include change of character code-related parameters, including the Japanese. To Samba 2.2 series, the conversion of the so-called character code (encoding format) Samba himself had done. In Samba 3.0 series, except for Unicode (UCS-2, UTF-8) and some of the character code such as CP850, implementation to take advantage of the standard iconv () function has been significantly changed.
For up to Samba 2.2 series dealing with Japanese correctly,
[global]
client code page = 932
coding system = SJIS/EUC/CAP/HEXなど
There was a need to properly set the two parameters. On the other hand, the conventional parameters in Samba 3.0 series is obsolete and has been newly added on behalf of,
[global]
unix charset = CP932/EUCJP-MS/UTF-8など
dos charset = CP932
display charset = CP932/EUCJP-MS/UTF-8など
You control the character code using the three parameters. This will have a meaning, such as each Table 2.
unix charset
Character codes are used in a file system on UNIX (coding format). However, to change the character code of the various configuration files, including the character code and smb.conf that Samba will use internally at the same time
dos charset
Specifies the character code that is available in the Windows side. When using the Japanese, set the CP932 or equivalent character codes
display charset
Specifies the character code that is displayed in the SWAT of the screen. Character code that you specify if you want to use the Japanese language, different depending on the version of Samba
Table 2 character code-related parameters
The value of each parameter, please specify the various locale names that are supported by the iconv () function (Note).
Note: Due to the implementation of iconv () function, locale names that are supported will vary. In this paper, I will describe what the application of the Japanese corresponding patch described above to GNU libiconv and glibc included iconv () as an example.
A typical configuration of the case of using a Japanese file name is as follows.
[global]
unix charset = EUCJP-MS/CP932/UTF-8 (1)
dos charset = CP932
display charset = CP932 (2)
Typical settings in using Japanese file name
(1)
Each (including the EUC3) value of coding system parameters EUC in Samba 2.2 series, corresponding to the case of SJIS, UTF8.
(2)
In the case of Samba 3.0.2 or later, there is a need to set to the same value as the unix charset.
■ CAP and HEX of support
To Samba 2.2 series has a value such as CAP and HEX to coding system parameters, are widely used. However, these was because it is not supported in the personality on the iconv () function, so as to support using the VFS function of Samba 3.0 series.
For CAP,
[global]
unix charset = CP932
…
[cap_share1]
vfs objects = cap (1)
Support of CAP (and HEX) in Samba 3.0 series
(1)
vfs_cap I want to enable the module. cap always be specified in lowercase. Note that the HEX module enable HEX installation environment may be hex and specified instead of cap.
Of way, and then achieved by the combined use of VFS module called vfs_cap to share units after you have specified the CP932 as unix charset.
For HEX, because it is not shipped with Samba body, you must use the HEX modules that are shipped with the artifacts of Samba 3.0 internationalization project. Such as setting method is similar to the CAP.
Considerations of ■ Migration
For technical reasons, in the Samba 2.2 series and the Samba 3.0 series, different positions that are mapped in the part of the machine-dependent characters (Note).
Note: However, this is only a story about the implementation of iconv () function that is included in the glibc and GNU libiconv. In theory, all of iconv () function does not necessarily applicable.
Simply if you have upgraded Samba, if there is a file name that uses a model dependent characters corresponding to Table 3, is a problem in such will not be able to access the file may occur.
List of characters Table 3 problem
Source: how to migrate to Samba 3 of Japanese file name of the Samba 2 Japanese version ( Http://Www.Miraclelinux.Com/technet/samba30/migration.Html )
If you are using these characters, you must perform the migration of file name during the migration. One of the migration method is, once you copy the files from the problem on Windows, after Samba version up, it is that written back again to share on the Samba.
If you do the conversion of the file name on the server side, you can either use the SMBCHARTOOL 3.0 that Samba 3.0 internationalization project has to offer, you can create a script with the same function, please do the migration of file name.
- SMBCHARTOOL 3.0
http://www.miraclelinux.com/technet/samba30/migration.html#04
If you use the SMBCHARTOOL 3.0,
$ smbfnconv -f euc3 -t eucjp-ms
Example of the use of SMBCHARTOOL
euc3
:
The value of the coding system parameters in Samba 2.2 series
eucjp-ms
:
Value of unix charset parameter in the Samba 3.0 series
Through the like, it can migrate a file name on the server.
For more information on how to use SMBCHARTOOL is,
- How to migrate to the Japanese file name of the Samba 3 of Samba 2 Japanese version
http://www.miraclelinux.com/technet/samba30/migration.html
Please refer to the.
■ internationalization of SWAT
In Samba 3.0 series, internationalization features of SWAT, which is implemented in Samba Japanese version has been integrated. As a result, the Japanese display of SWAT screen has been implemented as standard in screen 1 in Samba 3.0.1 or later.
Screen 1 SWAT of Japanese screen
In order to ensure that Japanese is properly displayed, the value of the display charset parameters as described above
- Until Samba 3.0.1 is CP932
- Samba 3.0.2 and later the same value as the unix charset parameter
Must be set to.
Of change Samba 3.0.2 or later, is due to the fact that Samba Team does not understand this function adequately, we believe as the author to be a bug. Also, originally this feature by reference to the value of the Accept-Language header Web browser sends out (only), was intended to be to change the language to dynamically display. However, there is also such as at the time of the author‘s misunderstanding, status quo because it is necessary to set the display charset parameters statically, it has become a half-hearted implementation as a result. Therefore, we believe that there is a high possibility that you want to change the setting method in accordance with the version up in the future.
If this feature you do not want to use the, please delete the * .msg file that is installed by default in the same directory as the smb.conf. In addition, lang_ <language name> .tdb file that is generated from this file if (in the case of Japanese is that lang_ja.tdb) there is (Note), it also please delete.
Note: This file is, by default, is generated in the / usr / local / samba / var / locks directory.
It should be noted that, although not directly related to the SWAT internationalization, until Samba 3.0.3 and account creation and password change from the SWAT of PASSWORD screen was not functioning properly. In this regard, it has been confirmed that it has been fixed in Samba 3.0.4.
■ Unicode support in communication path
As major changes while sober, character code flowing over the network, from the national character code, such as the same shift JIS and Windows 9x series, will include that it has become the same Unicode and Windows NT series (UCS-2) ( Fig. 1).
But until Samba 2.2 series is sent in the Shift-JIS was done, character code that is sent for some of the characters in the Windows 9x system and the Windows NT system there was a problem that different. Therefore, it was not forced to support in Samba side using very tricky means in Samba Japanese version.
With this Unicode reduction, this problem should naturally disappear. It also enables the use of Japanese from SMB client file name of non-ASCII, which are supported by only communication in Unicode (such as SMB feature of Mac OS X).
Figure 1 letter code used in Samba