|
|
As we explained in Chapter 2, the configure program is run before the Samba source code is compiled to fit the compilation process to the local architecture. At this stage, it is possible to specify options to customize Samba's behavior further and include or exclude features. This is an example of specifying configure options:
# ./configure --with-smbmount --with-configdir=/etc/samba --with-manpages-langs=ja
This example configures the Samba installation to support mounting SMB filesystems, look for the Samba configuration file in /etc/samba (instead of the default location of /usr/local/samba/lib), and install Japanese-language manual pages. We have picked these three configure options because they illustrate the usage of the three types of options that are included up to Samba 3.0. The --with-smbmount option is a Boolean option, which can take a value of yes or no. All the Boolean options are set to no by default, and it is only necessary to provide the option to turn it on. If you want to be more explicit, you can specify --with-smbmount=yes. To turn an option off explicitly, you can also specify --without-feature rather than --with-feature=no.
In the case of the other two options we have shown, an argument must be supplied after the equals (=) sign. Some of the options are used to specify the directories that Samba uses for various purposes. Only one option is in the last group, where something other than a directory is specified as an option argument.
The supported configure options vary from release to release. For example, between Samba 2.2.x and Samba 3.0, many options were dropped, and a few were added. To get a list of the configure options for your release, use the following command:
# ./configure --help
Table E-1 lists Samba's configure options.
|
Configuration option |
Description |
|---|---|
|
--with-acl-support |
Support Windows NT/2000/XP ACLs |
|
--with-afs |
Support the Andrew Filesystem (AFS) |
|
--with-automount |
Support the NFS automounter |
|
--with-codepagedir=dir |
Location of codepage files |
|
--with-configdir=dir |
Location of configuration files |
|
--with-dce-dfs |
Support DCE/DFS |
|
--with-fhs |
Use FHS-compliant locations of files |
|
--with-included-popt |
Use Samba's popt( ) |
|
--with-krb4=base-dir |
Support Kerberos 4 |
|
--with-krb5=base-dir |
Support Kerberos 5 (Microsoft ADS) |
|
--with-ldapsam |
Support LDAP SAM |
|
--with-libiconv=directory |
Specify iconv library |
|
--with-libsmbclient |
Build smbclient library |
|
--with-lockdir=directory |
Location of lock files |
|
--with-logfilebase=directory |
Location of log files |
|
--with-manpages-langs=language |
Specify language for manual pages |
|
--with-msdfs |
Support Microsoft Dfs |
|
--with-nisplus-home |
Support NIS+ home directories |
|
--with-nisplussam |
Support NIS+ SAM |
|
--with-pam |
Support PAM restrictions |
|
--with-pam_smbpass |
Build pam_smbpass.so PAM module |
|
--with-piddir=directory |
Location of PID files |
|
--with-privatedir=directory |
Location of smbpasswd file |
|
--with-profiling-data |
Support gathering of profiling information |
|
--with-quotas |
Support disk quotas |
|
--with-readline=directory |
Specify readline library |
|
--with-sendfile-support |
Support sendfile( ) system call |
|
--with-smbmount |
Support smbmount and smbfs |
|
--with-smbwrapper |
Build smbwrapper library for smbsh support |
|
--with-spinlocks |
Use spinlocks instead of fcntl locks |
|
--with-ssl |
Support SSL |
|
--with-sslinc=directory |
Location of SSL include files |
|
--with-ssllib=directory |
Location of SSL libraries |
|
--with-swatdir=directory |
Location of SWAT files |
|
--with-syslog |
Support syslog message logging |
|
--with-tdbsam |
Support TDB database files for SAM |
|
--with-utmp |
Support utmp file accounting |
|
--with-winbind |
Build winbind |
Includes support for Windows NT/2000/XP access control lists (ACLs). For this to work, you need to have POSIX ACL support in the host operating system. See Chapter 8 for details.
Includes support for the Andrew Filesystem (AFS), for authenticating users who are accessing files through AFS.
Includes support for the automounter, a feature often used in conjunction with NFS, to mount NFS shares automatically at the first attempt to access them. You might wish to enable this feature if any of the directories shared by your Samba server are (or include) NFS-mounted directories.
Specifies the directory in which to put codepage files for internationalization support. See the "Internationalization" section earlier in this chapter for more information on this feature. By default, this directory is /usr/local/samba/lib/codepages.
Specifies the directory in which Samba keeps its configuration file, usually called smb.conf. By default, this is /usr/local/samba/lib.
Includes support for the Distributed Computing Environment Distributed Filesystem (DCE/DFS). This is a distributed filesystem included in some Unix variants and is not the same as Microsoft's Distributed Filesystem (Dfs).
Adheres to the Filesystem Hierarchy Standard when locating files. For details, see http://www.pathname.com/fhs.
Includes Samba's own support for parsing command-line options, instead of using the local system's popt( ) C-library function.
Includes support for Kerberos Version 4.0, specifying the base directory of the Kerberos distribution. Kerberos is an authentication protocol developed at MIT that uses private-key cryptography to provide strong security between nodes. This version is not the same as Microsoft's adaptation of Kerberos in Active Directory, which is the preferred version for use with Samba. This option exists only in versions of Samba earlier than 3.0.
Includes support for Kerberos Version 5.0, specifying the base directory of the Kerberos distribution. This version of Kerberos is compatible with the Kerberos authentication in Microsoft's Active Directory used in Windows 2000 and Windows XP.
Includes support for using LDAP instead of the smbpasswd file for maintaining Samba's equivalent to the Windows NT SAM database. This option is necessary to use the parameters ldap admin dn, ldap filter, ldap port, ldap server, ldap ssl, and ldap suffix in the Samba configuration file. It is necessary to specify --with-ldapsam only in Samba versions prior to 3.0.
Specifies a location for iconv( ) support. The iconv( ) function exists in the C library to perform conversion between different character sets. This option allows Samba's default method of determining the location of the iconv() library to be overridden. Ordinarily, the configuration process checks for support in the C library on the system and, if not found, uses code included in the Samba source tree. Using --with-libiconv, it is possible to specify explicitly where the support is located. The include files are assumed to be in directory/include, and library files are assumed to be in directory/lib. This option is new in Samba 3.0.
Allows applications outside the Samba suite to access Samba's features. When --with-libsmbclient is specified, the library is built during the compilation process.
Specifies the directory in which Samba keeps lock files. By default this directory is /usr/local/samba/var/locks.
Specifies the directory in which Samba keeps log files for the smbd, nmbd, and winbindd daemons. This defaults to /usr/local/samba/var.
Starting with Samba 3.0, Samba's manual pages are available in different languages. The default is en for English, and the language can be specified as ja for Japanese or pl for Polish.
Includes support for Microsoft Distributed Filesystem (Dfs). See Chapter 8 for more information on this feature. Specifying this option is necessary only in Samba versions prior to 3.0.
Includes support for locating the NIS+ server that is serving a particular user's home directory and telling the client to connect to it. Use --with-automount along with this option.
Includes support for integrating NIS+ into Samba's equivalent of the Windows NT password database.
When this configure option is specified and the parameter obey pam restrictions in the Samba configuration file is set to yes, obeys PAM's configuration regarding account and session management. When encrypted passwords are in use, Samba uses the smbpasswd file for authentication, bypassing the PAM subsystem. Therefore, this option works only when encrypt passwords is set to no.
When this option is specified, the compilation process builds a PAM module called pam_smbpass.so and places it in the source/bin directory. This module allows applications outside of the Samba suite to authenticate users with Samba's smbpasswd file. For more information, see the README file in the source/pam_smbpass directory of the Samba distribution and the file PAM-Authentication-And-Samba.html in the docs/html directory.
Specifies the directory in which Samba keeps files such as browse lists, WINS data, and PID files for keeping track of the process IDs of the Samba daemons. The default is /usr/local/samba/var/locks.
Specifies the directory in which Samba keeps the smbpasswd, secrets.tdb, and related files for authentication. The default is /usr/local/samba/private.
Includes support for analyzing the execution time of Samba's internal code. This is normally used only by the Samba developers.
Includes disk-quota support. This is classified as an experimental option by the Samba developers.
Specifies a location for readline( ) support. The readline( ) function exists in the C library to accept a line of input from an interactive user and provide support for editing and history. Samba uses these functions in smbclient and rpcclient.
This option allows Samba's default method of determining the location of the readline( ) library to be overridden. Ordinarily, the configuration process checks for support in the C library on the system and, if not found, uses code included in the Samba source tree. Using --with-readline, it is possible to specify the directory explicitly in which the library containing readline( ) is located.
Checks to see if the Samba host operating system supports the sendfile( ) system call, which speeds up file transfers by copying data directly to and from kernel buffers, avoiding the overhead of copying to and from buffers in user space. If the operating system has the sendfile( ) system call, support is included in Samba for the use sendfile configuration file option. This is an experimental option included in Samba 2.2.5 and later versions.
Must be specified if you want to mount SMB shares in your Unix filesystem using the smbfs filesystem and the smbmount command, as discussed in Chapter 5. Currently, this works only with Linux.
To use smbsh to access SMB shares from Unix (as discussed in Chapter 5), use this option to include the smbwrapper library.
Uses spin locks instead of the normal method of file locking that uses the fcntl( ) C-library function. Using this option results in a Samba installation that consumes much more CPU time on the host system. Use it only when absolutely necessary.
Includes support for running Samba with SSL encryption. This little-used feature was dropped for Samba 3.0. It still works with Samba 2.2.x and before, but a better method is to use a virtual private network (VPN).
Specifies the location of the SSL include files. /usr/local/ssl/include is the default location. This option exists in versions prior to Samba 3.0.
Specifies the location of the SSL libraries. The default location is /usr/local/ssl/lib. This option exists in versions prior to Samba 3.0.
Specifies where to install the files for SWAT. /usr/local/samba/swat is the default location.
Includes support for syslog error logging. This option must be specified for the Samba configuration file parameters syslog and syslog only to work. This option is widely supported, but might not work correctly on all Samba host systems.
Includes support for keeping Samba's equivalent of the Windows NT SAM in a .tdb database file rather than in the smbpasswd file. This is an experimental feature.
Includes support for user accounting in the system's utmp file. It is necessary for the utmp and utmp directory Samba configuration file options to work. This option is widely supported, but might not work correctly on all Samba host systems.
Includes winbind support in Samba. Instead of defaulting to no, as with other boolean options, --with-winbind is automatically set to yes on systems that support winbind functionality. The only time you would need to specify this option is to turn it off, like this:
# configure --without-winbind
This excludes winbind functionality from Samba even when the local operating system can support it. For more information on winbind, see Chapter 9.