Appendix E. Configure Options

As we explained in Chapter 2, the configure program is run before the Samba source code is compiled to fit the compilation process to the local architecture. At this stage, it is possible to specify options to customize Samba's behavior further and include or exclude features. This is an example of specifying configure options:

# ./configure --with-smbmount --with-configdir=/etc/samba --with-manpages-langs=ja

This example configures the Samba installation to support mounting SMB filesystems, look for the Samba configuration file in /etc/samba (instead of the default location of /usr/local/samba/lib), and install Japanese-language manual pages. We have picked these three configure options because they illustrate the usage of the three types of options that are included up to Samba 3.0. The --with-smbmount option is a Boolean option, which can take a value of yes or no. All the Boolean options are set to no by default, and it is only necessary to provide the option to turn it on. If you want to be more explicit, you can specify --with-smbmount=yes. To turn an option off explicitly, you can also specify --without-feature rather than --with-feature=no.

In the case of the other two options we have shown, an argument must be supplied after the equals (=) sign. Some of the options are used to specify the directories that Samba uses for various purposes. Only one option is in the last group, where something other than a directory is specified as an option argument.

The supported configure options vary from release to release. For example, between Samba 2.2.x and Samba 3.0, many options were dropped, and a few were added. To get a list of the configure options for your release, use the following command:

# ./configure --help

Table E-1 lists Samba's configure options.

Table E-1. Configuration options

Configuration option

Description

--with-acl-support

Support Windows NT/2000/XP ACLs

--with-afs

Support the Andrew Filesystem (AFS)

--with-automount

Support the NFS automounter

--with-codepagedir=dir

Location of codepage files

--with-configdir=dir

Location of configuration files

--with-dce-dfs

Support DCE/DFS

--with-fhs

Use FHS-compliant locations of files

--with-included-popt

Use Samba's popt( )

--with-krb4=base-dir

Support Kerberos 4

--with-krb5=base-dir

Support Kerberos 5 (Microsoft ADS)

--with-ldapsam

Support LDAP SAM

--with-libiconv=directory

Specify iconv library

--with-libsmbclient

Build smbclient library

--with-lockdir=directory

Location of lock files

--with-logfilebase=directory

Location of log files

--with-manpages-langs=language

Specify language for manual pages

--with-msdfs

Support Microsoft Dfs

--with-nisplus-home

Support NIS+ home directories

--with-nisplussam

Support NIS+ SAM

--with-pam

Support PAM restrictions

--with-pam_smbpass

Build pam_smbpass.so PAM module

--with-piddir=directory

Location of PID files

--with-privatedir=directory

Location of smbpasswd file

--with-profiling-data

Support gathering of profiling information

--with-quotas

Support disk quotas

--with-readline=directory

Specify readline library

--with-sendfile-support

Support sendfile( ) system call

--with-smbmount

Support smbmount and smbfs

--with-smbwrapper

Build smbwrapper library for smbsh support

--with-spinlocks

Use spinlocks instead of fcntl locks

--with-ssl

Support SSL

--with-sslinc=directory

Location of SSL include files

--with-ssllib=directory

Location of SSL libraries

--with-swatdir=directory

Location of SWAT files

--with-syslog

Support syslog message logging

--with-tdbsam

Support TDB database files for SAM

--with-utmp

Support utmp file accounting

--with-winbind

Build winbind

--with-acl-support

Includes support for Windows NT/2000/XP access control lists (ACLs). For this to work, you need to have POSIX ACL support in the host operating system. See Chapter 8 for details.

--with-afs

Includes support for the Andrew Filesystem (AFS), for authenticating users who are accessing files through AFS.

--with-automount

Includes support for the automounter, a feature often used in conjunction with NFS, to mount NFS shares automatically at the first attempt to access them. You might wish to enable this feature if any of the directories shared by your Samba server are (or include) NFS-mounted directories.

--with-codepagedir=directory

Specifies the directory in which to put codepage files for internationalization support. See the "Internationalization" section earlier in this chapter for more information on this feature. By default, this directory is /usr/local/samba/lib/codepages.

--with-configdir=directory

Specifies the directory in which Samba keeps its configuration file, usually called smb.conf. By default, this is /usr/local/samba/lib.

--with-dce-dfs

Includes support for the Distributed Computing Environment Distributed Filesystem (DCE/DFS). This is a distributed filesystem included in some Unix variants and is not the same as Microsoft's Distributed Filesystem (Dfs).

--with-fhs

Adheres to the Filesystem Hierarchy Standard when locating files. For details, see http://www.pathname.com/fhs.

--with-included-popt

Includes Samba's own support for parsing command-line options, instead of using the local system's popt( ) C-library function.

--with-krb4=base-dir

Includes support for Kerberos Version 4.0, specifying the base directory of the Kerberos distribution. Kerberos is an authentication protocol developed at MIT that uses private-key cryptography to provide strong security between nodes. This version is not the same as Microsoft's adaptation of Kerberos in Active Directory, which is the preferred version for use with Samba. This option exists only in versions of Samba earlier than 3.0.

--with-krb5=base-dir

Includes support for Kerberos Version 5.0, specifying the base directory of the Kerberos distribution. This version of Kerberos is compatible with the Kerberos authentication in Microsoft's Active Directory used in Windows 2000 and Windows XP.

--with-ldapsam

Includes support for using LDAP instead of the smbpasswd file for maintaining Samba's equivalent to the Windows NT SAM database. This option is necessary to use the parameters ldap admin dn, ldap filter, ldap port, ldap server, ldap ssl, and ldap suffix in the Samba configuration file. It is necessary to specify --with-ldapsam only in Samba versions prior to 3.0.

--with-libiconv=directory

Specifies a location for iconv( ) support. The iconv( ) function exists in the C library to perform conversion between different character sets. This option allows Samba's default method of determining the location of the iconv() library to be overridden. Ordinarily, the configuration process checks for support in the C library on the system and, if not found, uses code included in the Samba source tree. Using --with-libiconv, it is possible to specify explicitly where the support is located. The include files are assumed to be in directory/include, and library files are assumed to be in directory/lib. This option is new in Samba 3.0.

--with-libsmbclient

Allows applications outside the Samba suite to access Samba's features. When --with-libsmbclient is specified, the library is built during the compilation process.

--with-lockdir=directory

Specifies the directory in which Samba keeps lock files. By default this directory is /usr/local/samba/var/locks.

--with-logfilebase=directory

Specifies the directory in which Samba keeps log files for the smbd, nmbd, and winbindd daemons. This defaults to /usr/local/samba/var.

--with-manpages-langs=language

Starting with Samba 3.0, Samba's manual pages are available in different languages. The default is en for English, and the language can be specified as ja for Japanese or pl for Polish.

--with-msdfs

Includes support for Microsoft Distributed Filesystem (Dfs). See Chapter 8 for more information on this feature. Specifying this option is necessary only in Samba versions prior to 3.0.

--with-nisplus-home

Includes support for locating the NIS+ server that is serving a particular user's home directory and telling the client to connect to it. Use --with-automount along with this option.

--with-nisplussam

Includes support for integrating NIS+ into Samba's equivalent of the Windows NT password database.

--with-pam

When this configure option is specified and the parameter obey pam restrictions in the Samba configuration file is set to yes, obeys PAM's configuration regarding account and session management. When encrypted passwords are in use, Samba uses the smbpasswd file for authentication, bypassing the PAM subsystem. Therefore, this option works only when encrypt passwords is set to no.

--with-pam_smbpass

When this option is specified, the compilation process builds a PAM module called pam_smbpass.so and places it in the source/bin directory. This module allows applications outside of the Samba suite to authenticate users with Samba's smbpasswd file. For more information, see the README file in the source/pam_smbpass directory of the Samba distribution and the file PAM-Authentication-And-Samba.html in the docs/html directory.

--with-piddir=directory

Specifies the directory in which Samba keeps files such as browse lists, WINS data, and PID files for keeping track of the process IDs of the Samba daemons. The default is /usr/local/samba/var/locks.

--with-privatedir=directory

Specifies the directory in which Samba keeps the smbpasswd, secrets.tdb, and related files for authentication. The default is /usr/local/samba/private.

--with-profiling-data

Includes support for analyzing the execution time of Samba's internal code. This is normally used only by the Samba developers.

--with-quotas

Includes disk-quota support. This is classified as an experimental option by the Samba developers.

--with-readline=directory

Specifies a location for readline( ) support. The readline( ) function exists in the C library to accept a line of input from an interactive user and provide support for editing and history. Samba uses these functions in smbclient and rpcclient.

This option allows Samba's default method of determining the location of the readline( ) library to be overridden. Ordinarily, the configuration process checks for support in the C library on the system and, if not found, uses code included in the Samba source tree. Using --with-readline, it is possible to specify the directory explicitly in which the library containing readline( ) is located.

--with-sendfile-support

Checks to see if the Samba host operating system supports the sendfile( ) system call, which speeds up file transfers by copying data directly to and from kernel buffers, avoiding the overhead of copying to and from buffers in user space. If the operating system has the sendfile( ) system call, support is included in Samba for the use sendfile configuration file option. This is an experimental option included in Samba 2.2.5 and later versions.

--with-smbmount

Must be specified if you want to mount SMB shares in your Unix filesystem using the smbfs filesystem and the smbmount command, as discussed in Chapter 5. Currently, this works only with Linux.

--with-smbwrapper

To use smbsh to access SMB shares from Unix (as discussed in Chapter 5), use this option to include the smbwrapper library.

--with-spinlocks

Uses spin locks instead of the normal method of file locking that uses the fcntl( ) C-library function. Using this option results in a Samba installation that consumes much more CPU time on the host system. Use it only when absolutely necessary.

--with-ssl

Includes support for running Samba with SSL encryption. This little-used feature was dropped for Samba 3.0. It still works with Samba 2.2.x and before, but a better method is to use a virtual private network (VPN).

--with-sslinc=directory

Specifies the location of the SSL include files. /usr/local/ssl/include is the default location. This option exists in versions prior to Samba 3.0.

--with-ssllib=directory

Specifies the location of the SSL libraries. The default location is /usr/local/ssl/lib. This option exists in versions prior to Samba 3.0.

--with-swatdir=directory

Specifies where to install the files for SWAT. /usr/local/samba/swat is the default location.

--with-syslog

Includes support for syslog error logging. This option must be specified for the Samba configuration file parameters syslog and syslog only to work. This option is widely supported, but might not work correctly on all Samba host systems.

--with-tdbsam

Includes support for keeping Samba's equivalent of the Windows NT SAM in a .tdb database file rather than in the smbpasswd file. This is an experimental feature.

--with-utmp

Includes support for user accounting in the system's utmp file. It is necessary for the utmp and utmp directory Samba configuration file options to work. This option is widely supported, but might not work correctly on all Samba host systems.

--with-winbind

Includes winbind support in Samba. Instead of defaulting to no, as with other boolean options, --with-winbind is automatically set to yes on systems that support winbind functionality. The only time you would need to specify this option is to turn it off, like this:

# configure --without-winbind

This excludes winbind functionality from Samba even when the local operating system can support it. For more information on winbind, see Chapter 9.


TOC