Learn Linux, 302 (Mixed environments)
Configure and build Samba from source
Assembling Samba from scratch
This content is part # of # in the series: Learn Linux, 302 (Mixed environments)
This content is part of the series:Learn Linux, 302 (Mixed environments)
Stay tuned for additional content in this series.
In this article, learn about these concepts:
- Identify important Samba packages and their content.
- Locate and install depended-upon software.
- Describe the structure of the Samba software.
- Identify important Samba compilation options.
This article helps you prepare for objective 311.1 in the Linux® Professional Institute (LPI) Certification level 3 (LPIC-3) LPI-302 exam. This objective has a weight of 1.
This article assumes that you have a working knowledge of Linux command-line
functions and at least a general understanding of software structure (source code
versus binary code) and compilation procedures. To perform the actions described
in this article, your computer must have a working Internet connection and
C compiler (such as the GNU Compiler Collection [GCC]).
Obtaining Samba source code
Samba source code is readily available from the Samba Web site (see Related topics for a link). If you're familiar with compiling and installing software from source code, you should have little trouble with Samba; however, because of the critical nature of Samba to many installations, you may want to take extra care to ensure that your software is what you believe it to be. To this end, the Samba developers provide authentication keys you can use to validate your download.
Downloading a source tarball
You can download the Samba source code from the main Samba Web page. A link to the latest stable version (3.5.6 at the time of writing) appears on the main page. Click it to obtain this version of the software; the tarball appears wherever your Web browser places its downloads. A download link for the next generation of Samba, version 4, also appears on the main page; however, Samba version 4 is in alpha testing and has been for years. Use it only if you must have its features or if you want to contribute to Samba development.
Near the main download link, you'll find a link to the current version's release notes and another link to the signature, which you use to verify the software's integrity. If you intend to verify the software's integrity, you should download the signature file. (You may need to right-click the link to do this.) This file is called samba-version.tar.asc, where version is the Samba version number.
Additional download options appear on the Samba download page. This page includes links to an archive of older versions of Samba; instructions for downloading the software via Git, Control Version System, and other tools; links to related tools such as graphical user interface managers and Server Message Block (SMB)/Common Internet File System (CIFS) packages for other platforms; and so on. One particularly important link is to the GnuPG (GPG) key for the Samba package. You must download this file (samba-pubkey.asc) if you intend to verify the Samba package's authenticity, as described next.
Verifying the software's authenticity
It's possible to decompress, compile, install, and use Samba without verifying the software's authenticity. However, given the server's critical importance, running the handful of commands required to verify its authenticity is generally a good idea. To do so, perform the following steps:
- Ensure that you've downloaded the samba-version.tar.asc and samba-pubkey.asc files.
gunzip samba-version.tar.gzto decompress (but not untar) the package file.
- If you have not already done so, type
gpg --import samba-pubkey.ascto import the Samba public key into your GPG key ring.
gpg --verify samba-version.tar.ascto verify the key. The program should respond with a message similar to:
gpg: Signature made Thu 07 Oct 2010 02:23:24 PM EDT using DSA key ID 6568B7EA gpg: Good signature from "Samba Distribution Verification Key <firstname.lastname@example.org\>"
The output is likely to continue with a message to the effect that the key is
not certified with a trusted signature. This message highlights a limitation
of the verification procedure just described: If the main Samba Web site
were compromised, the attacker could have replaced the Samba package
and both keys with fake versions, which could fool you into accepting the
bogus keys. You can protect yourself to some extent by using the
--keyserver wwwkeys.pgp.net option to
gpg in step 4. This option causes
gpg to retrieve a key from wwwkeys.gpg.net as part
of the verification process. Somebody distributing a fake Samba package would
then need to compromise this key server in addition to the Samba server.
Unpacking the tarball
Assuming that your package has passed its verification step (or if you don't want to bother with that step), you can unpack your source code tarball. Do so in your home directory or in a directory such as /usr/src/, which is intended to hold source code for locally installed software. If you unpack the source code in /usr/src/, you may need to acquire root privileges to do so or change the permissions on /usr/src/ to enable an ordinary user to write to that directory.
However you do it, change to the base of the directory in which you want to untar the source code. Then, type the following command:
$ tar xvf ~/samba-.tar
This command assumes that you've already decompressed the tarball and that
it's located in the base of your home directory. If the tarball is still compressed,
you can either decompress it first or add
z to the
tar commands and change the file name, as in:
$ tar xvzf ~/samba-.tar.gz
If the file resides somewhere other than the base of your home directory, adjust the path appropriately. Of course, you should also change the file name to reflect the version you're using.
This command produces a list of files as they're being decompressed. If you see error messages, you may not have permission to write to your current directory, or you may have run out of disk space. Once the task finishes successfully, you'll find that a new subdirectory, samba-version, now exists. This is your Samba source code tree.
With the source code now available, you can begin the compilation process. Before you jump in, though, check that you have the necessary prerequisite software on your system. You must then configure the software before performing the actual compilation. You may run into problems that you'll have to resolve, as well.
Installing prerequisite software
To compile Samba, a number of other software packages must be available, the
most notable of which is GCC. GCC is a set of compilers for the
C language, in which most of Samba is written.
On most Linux distributions, you can install GCC from a package called,
gcc. Another critical development
make, which calls
gcc and other development tools in a pattern
determined by the Samba developers.
The Samba code relies on several other libraries—software
packages that provide support functions for other programs' use. Chances
are, these libraries are already installed on your computer, but to compile
a program, you need the libraries' header files, which are often
installed in separate packages with names that end in -dev or
-devel. At a minimum, use your distribution's packaging tools to
ensure that the
development libraries are installed. Some libraries might or might not be
required based on your configuration choices. If a library is missing, the
configure script—or possibly the build
process itself—will produce an error message, so you should be able
to track down the relevant library.
Many distributions make it easy to install a basic selection of development tools
and libraries in a single operation. In Ubuntu, for instance, you can install
build-essential package. Distributions such
as Fedora enable you to install large groups of packages when you install the
operating system, so if you know you'll be using a computer for software
development when you install the operating system, you can select the
relevant package group at that time. If you can't find such an option for
your operating system, you'll have to muddle through by installing packages
To configure Samba, first change to the source3 subdirectory of the main Samba source code directory. This directory holds the source code for the main Samba package.
Note: Other subdirectories off of the main Samba source code
directory hold the source code for ancillary programs, support programs,
documentation, and so on. For instance, the client subdirectory holds files
related to Linux's ability to mount SMB/CIFS shares as a client; the swat
subdirectory holds source code for the Samba Web Administration Tool
(SWAT). Building the main Samba package also compiles some of these
programs, but you may need to compile others manually. Compiling the main
body of Samba, in the source3 subdirectory, builds the critical
server programs along with support libraries and many related tools.
configure script handles the configuration
process. In the simplest case, you can type
to configure Samba using its default options. Quite a few parameters are
available to tweak Samba's compile-time options, though. Type
./configure --help to see a list of these options.
(If you're working from a console that doesn't scroll, you may want to redirect
the output to a file so that you can peruse it via
or read it in a text editor.)
You can also set various environment variables, which are also detailed in the
./configure --help output. For the most part,
the defaults work fine; however, if you know enough about the relevant
systems, you can tweak options to suit your needs. For instance, you might
set the CFLAGS environment variable to tweak your
compiler's flags. If you don't understand an environment variable, it's best to
leave it alone.
Once you've perused the options and environment variables, you can configure your Samba build:
$ CFLAGS="-O3" ./configure --without-ldap
This example tells the script to use the
compiler flag and compile Samba without support for Lightweight Directory
Access Protocol. You can change or omit these options, of course, for your
Compiling the software
Actually compiling the software takes very little effort on your part. Simply type:
The result is a series of lines describing what the
utility is doing, such as the following:
Compiling lib/netapi/joindomain.c Compiling lib/netapi/serverinfo.c Compiling lib/netapi/getdc.c
With any luck, this process will continue until the software is compiled, which
is likely to take several minutes, although the exact time varies depending
on your computer's speed. If your computer has more than one processor
or a multi-core processor, you may want to use the
make to have it run multiple compile
jobs simultaneously, thus speeding up the process. For instance, you could
make -j 4 to have
compile up to four source code files simultaneously. Once the software has
compiled, you can use the
install target to
make to install it:
# make install
Although you can perform previous actions as an ordinary user (assuming you
have Write access to the source code directory tree as that user), using
make install requires you to have root privileges,
because this command copies the Samba binary and documentation files
into system directories on the computer (typically in /usr/local/, unless
you change the location via
Unfortunately, configuration and compilation sometimes fail. The most common cause of such problems is a missing library. If the configure step fails, you're likely to see a message near the end of the output that specifies what's missing—for instance, the message may indicate that it can't find Pluggable Authentication Module libraries. You should then use your system's package management tools, such as Synaptic or Yumex, to search for and install the relevant software. Remember that you may need to install the development libraries separately from the main library package.
You can handle errors at the
make stage in a similar
way; however, such errors often generate huge numbers of error messages.
Ignore the later errors in the list; scroll upward until you find the first error
message. Frequently, one error leads to another, which leads to another,
and so on. Correcting the first error breaks this chain and often enables the
software to compile correctly.
make errors may require more interpretation
configure errors, because the
make errors are likely to reference missing files
or even improper syntax within a file. If a missing file is the culprit, its
name may serve as a clue; try searching your distribution's packages for the
file name minus any extension it has; doing so may lead you to a missing
development library that
to flag. If this fails, try a Web search on the file name; this is likely to lead
you to the name of the library you need to install. If the error relates to
incorrect syntax, the problem is more serious. You might be able to disable
a feature with a relevant
configure script option;
however, it could be that you'll need to upgrade (or downgrade) your
C compiler or the version of Samba you're trying
to compile. If you're dealing with a prerelease version of the software, you
may have encountered a bug that you'll need to patch yourself. This type
of job is well beyond the scope of this article, so you may need to seek help
from the Samba developers or a knowledgeable programmer.
The LPIC-3 311.2 objective—and the next article in this series—describe
how to install Samba from source and from binary packages. This task necessarily
includes launching the Samba server programs,
nmbd. (Additional servers handle ancillary tasks,
such as SWAT for Web-based configuration.)
- The Samba Web site has Samba downloads and information.
- Additional Samba download options are available from the Samba download page on the Samba Web site.
- The GCC Web site provides information about and downloads of the GNU Compiler Collection and related tools and libraries.
makeWeb page provides information about and downloads of the GNU
- In the developerWorks Linux zone, find hundreds of how-to articles and tutorials, as well as downloads, discussion forums, and a wealth of other resources for Linux developers and administrators.
- Evaluate IBM products in the way that suits you best: Download a product trial, try a product online, use a product in a cloud environment, or spend a few hours in the SOA Sandbox learning how to implement Service Oriented Architecture efficiently.
- Follow developerWorks on Twitter, or subscribe to a feed of Linux tweets on developerWorks.