Guide for setting up 'libdes' 4.01 password encryption & Samba 1.9.17p2
This is an account of how I set
up 'libdes' with password encryption for 'Samba' on my Indy on 7 October1997. It was
running IRIX 6.2 using the xfs file system. My thanks go to Neil Long neil.long@materials.oxford.ac.uk who
helped me with several compilation issues.
Two steps are needed: 1. Obtain the 'libdes' distribution then compile and install it on
the Indy. 2. Obtain the latest 'samba' release and compile it with the' libdes' library
then install 'samba' on the Indy.
1. Installing 'libdes', the free encryption software by a variety of people (see
the documentation that comes with it).
I first unzipped and untarred libdes-4_01.tar.gz which I had ftp from
ftp://ftp.psy.uq.oz.au/pub/Crypto/DES/. This created a number of files, some of which are
referred to below. Then I copied the 'Makefile.uni' over the 'Makefile'. I edited
'Makefile' and changed the 'CFLAGS....' line to 'CFLAGS = -O2 -n32 $(OPTS) $(CFLAG)'. I
ensured that my editor program was not wordwrapping when I saved this edited file. I ran
'make' which compiled normally. I followed the instructions in the file 'INSTALL' help
file to run './destest', './rpw', './speed' and './des_opts'. The last showed that I
should use: 'OPTS4 = -DDES_UNROLL -DDES_PTR' so I edited 'Makefile' again to do so. I
deleted the 'des_enc.o' file and ran 'make' again. This now compiled the programs and
libraries for 'des'. I then made two new directories: '/usr/local/man/man3' and
'/usr/include' and ran 'make install'. This put 'libdes.a' (the libdes library) in
'/usr/local/lib', 'des' (the executable program that provides encryption) in'
/usr/local/bin', 'des_crypt.man' (the 'man pages') in '/usr/local/man/man3', 'des.man' in'
/usr/local/man/man1' and 'des.h' in '/usr/local/include'.
2. Installing 'samba', the free 'smb' server software by Andrew Tridgell and
others, to allow Windows PCs to access UNIX workstations
(a) Uncompressing and untarring samba-1.9.17p2.tar.
I first unzipped and untarred 'samba-1.9.17p2.tar.gz' which I had obtained from
'ftp://sunsite.doc.ic.ac.uk/packages/samba/source/'. This created a number of files, some
of which are referred to below.
(b) Editing the samba 'Makefile'
I edited the 'Makefile' and changed 'WORKGROUP = WORKGROUP' to 'WORKGROUP = BHFCIG'.
(BHFCIG is the name of my workgroup on the Indy and PCs on our network).
I then unhashed four lines in 'Makefile': (Note that the 4th line is one long line).
- DES_BASE=/usr/local/libdes
- DES_FLAGS= -I$(DES_BASE)
- DES_LIB= -L$(DES_BASE) -ldes
- PASSWD_FLAGS=-DUSE_LIBDES -DSMB_PASSWD=\"$(BINDIR)/smbpasswd\" DSMB_PASSWD_FILE=\"$(BASEDIR)/private/smbpasswd\"
I altered the DES_BASE= line so that it
pointed to where 'libdes.a' had been put: '/usr/local/lib' not '/usr/local/libdes', so the
correct first line was: DES_BASE=/usr/local/lib
I unhashed the three lines further on in 'Makefile' under '# FOR SGI IRIX 6.2, use this
line instead'
- FLAGSM = -DSGI5 -DSHADOW_PWD -DHAVE_TIMEZONE -DFAST_SHARE_MODES
- LIBSM =
- FLAGS1 = -O -n32
This meant that I could compile the programs
under IRIX 6.2. I saved 'Makefile' ensuring that lines were not wordwrapped.
As the compilation would need the 'des.h' include file, which had been put in the
directory '/usr/local/include', I copied 'des.h' to same directory as the samba 'make'
file.
(c) Compiling the samba distribution programs:
I ran 'make install'. This compiled and linked the modules for samba. I noted but ignored
the error message was given after 'Linking smbrun':
- ld: WARNING 84: /usr/local/lib/libdes.a is not used for resolving any symbol.
More modules continued to be compiled and
linked and the output showed where the 'smbd' and other files were being installed.
(d) Preparing a 'smbpasswd' file:
I made a directory called '/usr/local/samba/private'. I then made a 'smbpasswd' file for
this new directory
- cat /etc/passwd | ./mksmbpasswd.sh > /usr/local/samba/private/smbpasswd
I noted that the 'smbpasswd' file contained 'Xs' in groups of 32. I altered permissions for this directory and file:
- cd /usr/local/samba/private/
- chmod 600 smbpasswd
- cd ..
- chmod 500 private
(e) Editing samba's configuration file
'/usr/local/samba/lib/smb.conf'
I edited '/usr/local/samba/lib/smb.conf' ensuring that autowrap was set 'off'. I added
under the [global] section:
- encrypt passwords = yes
Other relevant entries, which I had in my previous version of samba (which did not use encryption) were:
- mangle case = no
- default case = lower
- preserve case = yes
- short preserve case = yes
- security = user
- wins proxy = yes
- password level = 2
(e) Restarting the new 'smb.conf'
configuration.
I looked for the samba daemons with: 'ps -el | grep smb' which found three smbd daemons
which I killed. (Users who do not have an earlier version of Samba running need not do
this). I then ran the following command to initialize samba with the new 'smb.conf'
configuration file:
- /usr/local/samba/bin/smbd -D -s /usr/local/samba/lib/smb.conf
This reinitialized samba with the new 'samba' feature: 'des' encryption. I ran
- /usr/local/samba/bin/smbstatus
to check that it was OK. This
showed that the new version 1.9.17p2 was running.
(e) using the '/usr/local/samba/bin/smbpasswd' script to alter the 'smbpasswd' file's
passwords.
The '/usr/local/samba/private/smbpasswd' file that I created in (d) above contains 'Xs'
instead of passwords for users who want to connect to the Indy from PCs. The presence of
the 'Xs' prevents connection to samba shares by default. For this reason I ran the
'/usr/local/samba/bin/smbpasswd' script so that I could enter the passwords one by one
into this file. I entered them for 'root' and each 'human' user. I did not alter the ones
for 'ftp', 'guest' etc as smbpasswords are only needed for connections that use samba, not
'ftp', 'telnet' etc. that bypass it. Only 'suidroot' could change the 'smbpasswd' in my
configuration so when users alter their IRIX password they will have to be altered for
'smbpasswd' by root as well.
(f) Updating the documentation for samba
I copied all the document files from the untarred distribution directories of samba to
'/usr/local/samba/docs'. I made a 'faq' directory for HTML files under that directory and
copied the 'faq' HTML files from the untarred distribution directory, so that they could
be used as helper applications. I then deleted the files and directories into which the
distribution file had been untarred.
(Note: there is a patch for samba-1.9.17p2 but I understand that this fixes a minor DOS
issue and is not needed for most users).
3. Configuring Samba
See: http://www.germany.net/teilnehmer/101,69082/samba.html which links to other on-line resources with help on configuration issues.
There is a definitive book on Samba called 'Samba: Integrating UNIX and Windows' by John D. Blair, Samba Team, ISBN 1-57831-006-7, February 1998. It is available from Amazon on-line booksellers @ US$29.99.
Return to the 'home page'
Return to the `Computing index page'
Return to the 'Indy administration index'