升级samba

最近smaba因为安全问题需要升级.需要下载代码和安全补丁,重新编译安装。

下面是步骤。

1.下载代码。我选择的版本是 4.7.5. https://download.samba.org/pub/samba/stable/samba-4.7.5.tar.gz

下载补丁:https://www.samba.org/samba/ftp/patches/security/samba-4.7.5-security-2018-03-13.patch

解压到本地,应用补丁:

~/code/samba/samba-4.7.5$ patch -p 1 < ../samba-4.7.5-security-2018-03-13.patch  
patching file source3/rpc_server/spoolss/srv_spoolss_nt.c
patching file selftest/knownfail.d/samba4.ldap.passwords.python
patching file source4/dsdb/tests/python/passwords.py
patching file source4/dsdb/samdb/ldb_modules/password_hash.c
patching file source4/dsdb/samdb/ldb_modules/password_hash.c
patching file source4/dsdb/samdb/ldb_modules/acl.c
patching file source4/dsdb/samdb/ldb_modules/acl.c
patching file source4/dsdb/samdb/ldb_modules/acl.c
patching file source4/dsdb/samdb/ldb_modules/acl.c
patching file source4/dsdb/samdb/ldb_modules/acl.c
patching file selftest/knownfail.d/samba4.ldap.passwords.python
patching file source4/dsdb/samdb/ldb_modules/acl.c
patching file source4/dsdb/samdb/ldb_modules/acl.c
patching file source4/dsdb/samdb/samdb.h
patching file source4/libcli/ldap/ldap_controls.c
patching file source4/setup/schema_samba4.ldif
patching file source4/dsdb/samdb/ldb_modules/acl.c
patching file source4/dsdb/samdb/ldb_modules/password_hash.c
patching file source4/dsdb/samdb/ldb_modules/acl.c

2. 配置,编译

$ ./configure --with-systemd
$ make -i -j4
$ sudo make install

3. export samba环境变量

sudo vi /etc/ld.so.conf.d/samba.conf

添加:

/usr/local/samba/lib

然后,执行  ldconfig.

sudo vi /etc/profile.d/samba.sh

添加:

export PATH=$PATH:/usr/local/samba/bin:/usr/local/samba/sbin
sudo vi /etc/sudoers

修改:

Defaults       secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

Defaults       secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/samba/bin:/usr/local/samba/sbin"

4. 配置samba

拷贝配置文件:

~/code/samba/samba-4.7.5$ sudo cp packaging/RHEL/setup/smb.conf /usr/local/samba/etc/

将workgroup改为:

workgroup = WORKGROUP

添加新用户:

~/code/samba/samba-4.7.5$ sudo /usr/local/samba/bin/smbpasswd  -a charles
New SMB password:
Retype new SMB password:
Added user charles.

5. systemd配置

拷贝 service文件:

~/code/samba/samba-4.7.5$ sudo cp  packaging/systemd/*.service /lib/systemd/system/

注意,由于samba没有安装到标准目录下,上面的service文件小做一下修改。比如:

$ cat smb.service 
[Unit]
Description=Samba SMB Daemon
After=syslog.target network.target nmb.service winbind.service

[Service]
Type=notify
NotifyAccess=all
PIDFile=/run/smbd.pid
LimitNOFILE=16384
EnvironmentFile=-/etc/sysconfig/samba
ExecStart=/usr/local/samba/sbin/smbd --foreground --no-process-group $SMBDOPTIONS
ExecReload=/usr/bin/kill -HUP $MAINPID
LimitCORE=infinity

[Install]
WantedBy=multi-user.target

可以执行下面的命令测试:

/lib/systemd/system$ sudo systemctl  start samba.service
如果需要开机启动,执行enable 命令。

目前遇到的问题是,samba.service 无法启动:

$ journalctl -xe
Mar 20 02:53:22 china samba[26988]:   Copyright Andrew Tridgell and the Samba Team 1992-2017
Mar 20 02:53:23 china samba[26988]: [2018/03/20 02:53:23.022836,  0] ../source4/smbd/server.c:600(binary_smbd_main)
Mar 20 02:53:23 china samba[26988]:   At this time the 'samba' binary should only be used for either:
Mar 20 02:53:23 china samba[26988]:   'server role = active directory domain controller' or to access the ntvfs file server
Mar 20 02:53:23 china samba[26988]:   You should start smbd/nmbd/winbindd instead for domain member and standalone file ser
Mar 20 02:53:23 china samba[26988]: [2018/03/20 02:53:23.022972,  0] ../lib/util/become_daemon.c:111(exit_daemon)
Mar 20 02:53:23 china samba[26988]:   STATUS=daemon failed to start: Samba detected misconfigured 'server role' and exited.
Mar 20 02:53:23 china systemd[1]: samba.service: Main process exited, code=exited, status=1/FAILURE
Mar 20 02:53:23 china systemd[1]: Failed to start Samba AD Daemon.
-- Subject: Unit samba.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit samba.service has failed.
-- 
-- The result is failed.

1. https://www.samba.org/samba/history/security.html

2.https://wiki.samba.org/index.php/Build_Samba_from_Source

3. http://blog.csdn.net/skdev/article/details/51556726

评论 2
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值