Samba
Table of Contents
Samba hosts a transfer share with write access, a read only share, and a share for game installers/files. Accounts are setup manually via:
smbpasswd -a <username>
Restart smbd for user changes to take effect.
I previously used libpam-smbpass to sync unix passwords, but it's not
available in Debian buster. This meets my requirements though.
#======================= Global Settings ======================= [global] ## Browsing/Identification ### # Change this to the workgroup/NT-domain name your Samba server will part of workgroup = WORKGROUP #### Networking #### interfaces = 127.0.0.0/8 10.0.0.0/24 192.168.1.0/24 bind interfaces only = yes hosts allow = 127.0.0.0/8 10.0.0.0/24 192.168.1.0/24 hosts deny = 0.0.0.0/0 #### Debugging/Accounting #### log file = /var/log/samba/log.%m max log size = 1000 logging = file panic action = /usr/share/samba/panic-action %d ####### Authentication ####### server role = standalone server obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes map to guest = Bad User ############ Misc ############ usershare allow guests = no #======================= Share Definitions ======================= [video_iso] comment = video_iso read only = yes locking = no path = /path/to/iso guest ok = no [transfer] comment = Transfer read only = no locking = no path = /path/to/transfer guest ok = no [share] comment = Share read only = yes locking = no path = /path/to/share guest ok = yes [games] comment = Games read only = yes locking = no path = /path/to/games guest ok = yes [mp3] comment = MP3 read only = yes locking = no path = /path/to/mp3 guest ok = yes
Samba with MIT Kerberos Support
An attempt at extending my Kerberos setup to Samba. Incomplete.
Rebuild Debian package
Install dependencies and fetch samba source
sudo apt-get build-dep samba sudo apt install libkrb5-dev
In directory of your choice:
apt-get source samba
Modify build
Debian build requries a number of changes to remove heimdall related artifacts, and enable MIT kerberos. I used this dockerfile as a reference for changes.
Remove install references with this command from the debian directory:
for i in libHDB-SAMBA4.so.0 libhdb-samba4.so.11 libhdb-samba4.so.11.0.2 libkdc-samba4.so.2 libkdc-samba4.so.2.0.0 libasn1-samba4.so.8 libasn1-samba4.so.8.0.0 libcom_err-samba4.so.0 libcom_err-samba4.so.0.25 libgssapi-samba4.so.2 libgssapi-samba4.so.2.0.0 libhcrypto-samba4.so.5 libhcrypto-samba4.so.5.0.1 libheimbase-samba4.so.1 libheimbase-samba4.so.1.0.0 libheimntlm-samba4.so.1 libheimntlm-samba4.so.1.0.1 libhx509-samba4.so.5 libhx509-samba4.so.5.0.0 libkrb5-samba4.so.26 libkrb5-samba4.so.26.0.0 libroken-samba4.so.19 libroken-samba4.so.19.0.1 libwind-samba4.so.0 libwind-samba4.so.0.0.0; do find . -type f | grep install | xargs -I '{}' sed -i "/${i}/d" '{}'; done;
Run dch and add a changelog entry if you like.
Add libkrb5-dev and krb5-kdc to debian/control Build-Depends
Build-Depends: bison,
...
zlib1g-dev (>= 1:1.2.3),
libkrb5-dev (>= 1.15.1),
krb5-kdc (>= 1.15.1)
In debian/rules add these arguments to the conf_args variable:
conf_args = \
... \
--with-system-mitkrb5 \
--with-experimental-mit-ad-dc
In debian/rules remove these heimdall related bundled libraries:
hx509,krb5,kdc,gssapi,heimbase,hcrypto,heimntlm,hdb,asn1,com_err,asn1_compile,compile_et,roken,wind.
My resulting line looks like:
--bundled-libraries=NONE,pytevent,iniparser,replace
Add new files to an install file:
... usr/lib/x86_64-linux-gnu/krb5/plugins/kdb/samba.so usr/lib/x86_64-linux-gnu/samba/krb5/winbind_krb5_localauth.so usr/share/man/man8/winbind_krb5_localauth.8
Build the package
debuild -i -us -uc
Setting up an AD DC
TODO