目录
前言
一般来说,安装samba最快的方式应该是通过yum的方式,只需一行命令:yum install -y samba即可完成。为什么需要通过源码编译安装呢?
原因有二:
- 通过yum方式安装的没法修改源码,打补丁
- yum方式不能安装到目前最新的版本4.13.0,通过yum安装目前是4.10.0
我们最终的目的是为了修补漏洞而采用源码编译安装,这是前段时间安全扫描爆出的漏洞:
看两个漏洞的详情:
可见有的漏洞是出现在指定的版本,我们可以通过升级版本解决,也可以在当前版本打补丁,但要通过源码安装才行,另一方面只是一味的升级也不解决问题,有些问题是高版本也存在,最后还是得打补丁!
所以,本文就是先通过源码安装的方式升级到最高的版本,后面再针对漏洞打补丁。
编译安装samba
下载三个包
- samba-4.13.0.tar.gz
- gnutls-3.6.4.tar.xz
- nettle-3.4.1.tar.gz
下载链接:链接:https://pan.baidu.com/s/1i3PA5Sagjd_ozypYiZPskw 密码:wzau
安装依赖
yum install -y python3 python36 python3-devel perl-Parse-Yapp libtasn1-devel libunistring-devel zlib-devel gmp-devel libldap2-dev openldap-devel m4
共需要安装samba、gnutls、nettle
因为安装samba依赖gnutls的版本 > 3.4.7,所以得升级gnutls,升级gnutls它又依赖nettle,这里我们还是按照正常安装的逻辑来进行,缺少依赖就依次去补充依赖,找不到文件就考虑使用软连接,下面是我上次安装的过程记录。
1、进入解压后的samba目录执行:
./configure --disable-python --without-ad-dc --without-json --without-libarchive
错误:
Checking for GnuTLS >= 3.4.7
['/usr/bin/pkg-config', 'gnutls >= 3.4.7', '--cflags', '--libs', 'gnutls']
err: Package gnutls was not found in the pkg-config search path.
Perhaps you should add the directory containing `gnutls.pc'
to the PKG_CONFIG_PATH environment variable
No package 'gnutls' found
Package gnutls was not found in the pkg-config search path.
Perhaps you should add the directory containing `gnutls.pc'
to the PKG_CONFIG_PATH environment variable
No package 'gnutls' found
解决:安装GnuTLS 3.4.7以上的版本,现在选择gnutls-3.6.4
2、进入解压后的gnutls目录执行
./configure --without-p11-kit
错误:
configure: error:
*** Libnettle 3.4 was not found.
解决:安装Libnettle
3、进入解压后的nettle目录执行
3.1 卸载已存在nettle
yum remove nettle*
3.2 检查配置
./configure
结果:成功
3.3 make编译
make
结果:
m4 ./asm.m4 machine.m4 config.m4 aes-decrypt-internal.asm >aes-decrypt-internal.s
/bin/sh: m4: command not found
make[1]: *** [aes-decrypt-internal.o] Error 127
make[1]: Leaving directory `/root/samba/nettle-3.4.1'
解决:
yum install -y m4.x86_64
再次make:
make
结果:
rsa-sign-tr.c: 在函数‘sec_equal’中:
rsa-sign-tr.c:243:3: 错误:只允许在 C99 模式下使用‘for’循环初始化声明
for (size_t i = 0; i < limbs; i++)
^
rsa-sign-tr.c:243:3: 附注:使用 -std=c99 或 -std=gnu99 来编译您的代码
make[1]: *** [rsa-sign-tr.o] 错误 1
make[1]: 离开目录“/kingdom/samba/nettle-3.4.1”
make: *** [all] 错误 2
解决:
vim config.make (修改第5,6行)
CFLAGS = -g -O2 -ggdb3 -Wno-pointer-sign -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wstrict-prototypes -Wpointer-arith -Wbad-function-cast -Wnested-externs -std=c99
CXXFLAGS = -g -O2
再次make:
make
结果:成功
3.4 install安装
make install
结果:成功
nettle安装成功
4、进入gnutls继续编译
4.1 检查配置
./configure --without-p11-kit
结果:
configure: error:
*** Libnettle 3.4 was not found.
解决:创建软连接
ln -s /usr/local/lib64/pkgconfig/nettle.pc /usr/lib64/pkgconfig/nettle.pc
### 我这里/usr/local/lib64/pkgconfig/这个目录下没有hogweed.pc,所以从安装包一个过去,存在就不拷
cp /root/samba/nettle-3.4.1/hogweed.pc /usr/local/lib64/pkgconfig/
ln -s /usr/local/lib64/pkgconfig/hogweed.pc /usr/lib64/pkgconfig/hogweed.pc
ln -sf /usr/local/lib64/libhogweed.so /usr/lib64/libhogweed.so
ln -sf /usr/local/lib64/libnettle.so.6 /usr/lib64/libnettle.so.6
ln -sf /usr/local/lib64/libhogweed.so.4 /usr/lib64/libhogweed.so.4
再次执行:
./configure --without-p11-kit
结果:
checking for __gmpz_cmp in -lgmp... no
configure: error:
*** gmp was not found.
解决:
yum install -y gmp-devel
再次执行:
./configure --without-p11-kit
结果:
/usr/bin/ld: cannot find -lhogweed
collect2: error: ld returned 1 exit status
make[4]: *** [libgnutls.la] Error 1
make[4]: Leaving directory `/root/samba/gnutls-3.6.4/lib'
make[3]: *** [all-recursive] Error 1
make[3]: Leaving directory `/root/samba/gnutls-3.6.4/lib'
make[2]: *** [all] Error 2
make[2]: Leaving directory `/root/samba/gnutls-3.6.4/lib'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/root/samba/gnutls-3.6.4'
make: *** [all] Error 2
解决:
ln -sf /usr/local/lib64/libhogweed.so /usr/lib64/libhogweed.so
ln -sf /usr/local/lib64/libnettle.so.6 /usr/lib64/libnettle.so.6
再次执行:
./configure --without-p11-kit
结果:成功!
4.2 make编译
make
结果:
collect2: error: ld returned 1 exit status
make[4]: *** [libgnutls.la] Error 1
make[4]: Leaving directory `/root/samba/gnutls-3.6.4/lib'
make[3]: *** [all-recursive] Error 1
make[3]: Leaving directory `/root/samba/gnutls-3.6.4/lib'
make[2]: *** [all] Error 2
make[2]: Leaving directory `/root/samba/gnutls-3.6.4/lib'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/root/samba/gnutls-3.6.4'
make: *** [all] Error 2
解决:
ln -sf /usr/local/lib64/libhogweed.so.4 /usr/lib64/libhogweed.so.4
再次make:
make
结果:成功
4.3 install安装
make install
结果:成功
成功安装gnutils3.6.4
5、再次进入解压后的samba目录
5.1 执行./configure
./configure --disable-python --without-ad-dc --without-json --without-libarchive --without-acl-support
结果:
Checking for GnuTLS >= 3.4.7
['/usr/bin/pkg-config', 'gnutls >= 3.4.7', '--cflags', '--libs', 'gnutls']
err: Package gnutls was not found in the pkg-config search path.
Perhaps you should add the directory containing `gnutls.pc'
to the PKG_CONFIG_PATH environment variable
No package 'gnutls' found
Package gnutls was not found in the pkg-config search path.
Perhaps you should add the directory containing `gnutls.pc'
to the PKG_CONFIG_PATH environment variable
No package 'gnutls' found
即使我们升级了gnutls,它还是提示没找到,原因是安装的位置没有在系统目录,需要建立软连接才能被找到
解决:建立软连接
ln -sf /usr/local/lib/pkgconfig/gnutls.pc /usr/lib64/pkgconfig/gnutls.pc
ln -sf /usr/local/lib/libgnutls.so /usr/lib64/libgnutls.so
ln -sf /usr/local/lib/libgnutls.so.30 /usr/lib64/libgnutls.so.30
再次./configure
./configure --disable-python --without-ad-dc --without-json --without-libarchive --without-acl-support
结果:
LDAP support not found. Try installing libldap2-dev or openldap-devel. Otherwise, use --without-ldap to build without LDAP support. LDAP support is required for the LDAP passdb backend, LDAP idmap backends and ADS. ADS support improves communication with Active Directory domain controllers.
解决:
#如果安装失败直接禁用--without-ldap
yum install -y libldap2-dev openldap-devel
编译samba:
./configure --disable-python --without-ad-dc --without-json --without-libarchive --without-acl-support --without-pam --with-shared-modules=\!vfs_snapper --without-ldap --without-ads
结果:成功!
WARNING: ans1Parser hasn't been found! Please install it (e.g. libtasn1-bin)
Checking linker accepts -Wl,-no-undefined : yes
Checking linker accepts ['-undefined', 'dynamic_lookup'] : no
-lc not needed : -lc is unnecessary
Checking configure summary : ok
Checking compiler for PIE support : yes
Checking compiler for full RELRO support : yes
Checking if compiler accepts -fstack-protector-strong : no
Checking if compiler accepts -fstack-protector : no
Checking if compiler accepts -fstack-clash-protection : no configure' finished successfully (2m1.763s)
5.2 make编译
make
结果:
Waf: Leaving directory `/root/samba/samba-4.13.0/bin/default'
Build commands will be stored in bin/default/compile_commands.json
'build' finished successfully (10m35.203s)
5.3 samba安装
make install
结果:成功!
Waf: Leaving directory `/root/samba/samba-4.13.0/bin/default'
Build commands will be stored in bin/default/compile_commands.json
'install' finished successfully (3m13.572s)
启动samba
参考:https://www.cnblogs.com/coolking/p/5569154.html
启动:/usr/local/samba/sbin/smbd -D
结果:
/usr/local/samba/sbin/smbd: error while loading shared libraries: libhogweed.so.4: cannot open shared object file: No such file or directory
创建软连接:
ln -sf /usr/local/lib64/libhogweed.so.4 /usr/lib64/libhogweed.so.4
启动:/usr/local/samba/sbin/smbd -D
结果:失败,原因是没有/usr/local/samba/etc/smb.conf
解决:
1、vim /usr/local/samba/etc/smb.conf
[global]
workgroup = WORKGROUP
security = user
map to guest = Bad User
log file = /usr/local/samba/var/log.%m
max log size = 50
unix charset = UTF-8
#display charset = UTF-8
guest account = nobody
dos charset = cp936
create mask = 777
directory mask = 777
[kdum]
comment = All Printers
path = /kingdom/szkdum
browseable = yes
guest ok = yes
writable = yes
read only = no
public = yes
directory mode = 0777
create mode = 0770
2、创建nobody用户,存在就把不要创建
useradd -s /sbin/nologin nobody
3、smb中添加nobody用户
/usr/local/samba/bin/smbpasswd -a nobody
4、启动该用户
/usr/local/samba/bin/smbpasswd -e nobody
5、创建数据存储目录
mkdir -p /kingdom/szkdum
6、赋予目录777权限
chmod -R 777 /kingdom/szkdum
7、分配目录用户和用户组
chown -R nobody:nobody /kingdom/szkdum
8、启动smb
/usr/local/samba/sbin/smbd -D
9、查看进程
netstat -tlnp|grep smbd
有问题欢迎在评论区交流~
1771
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
