samba源码编译安装（版本4.13.0）_samba编译安装

前言

一般来说，安装samba最快的方式应该是通过yum的方式，只需一行命令：yum install -y samba即可完成。为什么需要通过源码编译安装呢？
原因有二：

• 通过yum方式安装的没法修改源码，打补丁
• yum方式不能安装到目前最新的版本4.13.0，通过yum安装目前是4.10.0

我们最终的目的是为了修补漏洞而采用源码编译安装，这是前段时间安全扫描爆出的漏洞：

看两个漏洞的详情：


可见有的漏洞是出现在指定的版本，我们可以通过升级版本解决，也可以在当前版本打补丁，但要通过源码安装才行，另一方面只是一味的升级也不解决问题，有些问题是高版本也存在，最后还是得打补丁！
所以，本文就是先通过源码安装的方式升级到最高的版本，后面再针对漏洞打补丁。

编译安装samba

下载三个包

• samba-4.13.0.tar.gz
• gnutls-3.6.4.tar.xz
• nettle-3.4.1.tar.gz

下载链接：链接:https://pan.baidu.com/s/1i3PA5Sagjd_ozypYiZPskw 密码:wzau

安装依赖

yum install -y python3 python36 python3-devel perl-Parse-Yapp libtasn1-devel libunistring-devel zlib-devel gmp-devel libldap2-dev openldap-devel m4
1

共需要安装samba、gnutls、nettle

因为安装samba依赖gnutls的版本 > 3.4.7，所以得升级gnutls，升级gnutls它又依赖nettle，这里我们还是按照正常安装的逻辑来进行，缺少依赖就依次去补充依赖，找不到文件就考虑使用软连接，下面是我上次安装的过程记录。

1、进入解压后的samba目录执行：

./configure --disable-python --without-ad-dc --without-json --without-libarchive
1

错误：

Checking for GnuTLS >= 3.4.7
['/usr/bin/pkg-config', 'gnutls >= 3.4.7', '--cflags', '--libs', 'gnutls']
err: Package gnutls was not found in the pkg-config search path.
Perhaps you should add the directory containing `gnutls.pc'
to the PKG_CONFIG_PATH environment variable
No package 'gnutls' found
Package gnutls was not found in the pkg-config search path.
Perhaps you should add the directory containing `gnutls.pc'
to the PKG_CONFIG_PATH environment variable
No package 'gnutls' found
1
2
3
4
5
6
7
8
9
10

解决：安装GnuTLS 3.4.7以上的版本，现在选择gnutls-3.6.4

2、进入解压后的gnutls目录执行

./configure  --without-p11-kit 
1

错误：
configure: error:

*** Libnettle 3.4 was not found.
解决：安装Libnettle

3、进入解压后的nettle目录执行

3.1 卸载已存在nettle

yum remove nettle*
1

3.2 检查配置

./configure
1

结果：成功

3.3 make编译

make
1

结果：

m4 ./asm.m4 machine.m4 config.m4 aes-decrypt-internal.asm >aes-decrypt-internal.s
/bin/sh: m4: command not found
make[1]: *** [aes-decrypt-internal.o] Error 127
make[1]: Leaving directory `/root/samba/nettle-3.4.1'
1
2
3
4

解决：

yum install -y m4.x86_64 
1

再次make:

make
1

结果：

rsa-sign-tr.c: 在函数‘sec_equal’中:
rsa-sign-tr.c:243:3: 错误：只允许在 C99 模式下使用‘for’循环初始化声明
   for (size_t i = 0; i < limbs; i++)
   ^
rsa-sign-tr.c:243:3: 附注：使用 -std=c99 或 -std=gnu99 来编译您的代码
make[1]: *** [rsa-sign-tr.o] 错误 1
make[1]: 离开目录“/kingdom/samba/nettle-3.4.1”
make: *** [all] 错误 2
1
2
3
4
5
6
7
8

解决：

vim config.make (修改第5,6行)

CFLAGS = -g -O2 -ggdb3 -Wno-pointer-sign -Wall -W   -Wmissing-prototypes -Wmissing-declarations -Wstrict-prototypes   -Wpointer-arith -Wbad-function-cast -Wnested-externs -std=c99
CXXFLAGS = -g -O2
1
2

再次make:

make
1

结果：成功

3.4 install安装

make install
1

结果：成功

nettle安装成功

4、进入gnutls继续编译

4.1 检查配置

./configure  --without-p11-kit 
1

结果：

configure: error: 

*** Libnettle 3.4 was not found.
1
2
3

解决：创建软连接

ln -s /usr/local/lib64/pkgconfig/nettle.pc /usr/lib64/pkgconfig/nettle.pc
### 我这里/usr/local/lib64/pkgconfig/这个目录下没有hogweed.pc，所以从安装包一个过去，存在就不拷
cp /root/samba/nettle-3.4.1/hogweed.pc /usr/local/lib64/pkgconfig/
ln -s /usr/local/lib64/pkgconfig/hogweed.pc /usr/lib64/pkgconfig/hogweed.pc
ln -sf /usr/local/lib64/libhogweed.so  /usr/lib64/libhogweed.so 
ln -sf /usr/local/lib64/libnettle.so.6 /usr/lib64/libnettle.so.6
ln -sf /usr/local/lib64/libhogweed.so.4 /usr/lib64/libhogweed.so.4
1
2
3
4
5
6
7

再次执行：

./configure  --without-p11-kit 
1

结果：

checking for __gmpz_cmp in -lgmp... no
configure: error: 
*** gmp was not found.
1
2
3

解决：

yum install -y gmp-devel
1

再次执行：

./configure  --without-p11-kit 
1

结果：

/usr/bin/ld: cannot find -lhogweed
collect2: error: ld returned 1 exit status
make[4]: *** [libgnutls.la] Error 1
make[4]: Leaving directory `/root/samba/gnutls-3.6.4/lib'
make[3]: *** [all-recursive] Error 1
make[3]: Leaving directory `/root/samba/gnutls-3.6.4/lib'
make[2]: *** [all] Error 2
make[2]: Leaving directory `/root/samba/gnutls-3.6.4/lib'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/root/samba/gnutls-3.6.4'
make: *** [all] Error 2
1
2
3
4
5
6
7
8
9
10
11

解决：

ln -sf /usr/local/lib64/libhogweed.so  /usr/lib64/libhogweed.so 
ln -sf /usr/local/lib64/libnettle.so.6 /usr/lib64/libnettle.so.6
1
2

再次执行：

./configure  --without-p11-kit 
1

结果：成功！

4.2 make编译

make
1

结果：

collect2: error: ld returned 1 exit status
make[4]: *** [libgnutls.la] Error 1
make[4]: Leaving directory `/root/samba/gnutls-3.6.4/lib'
make[3]: *** [all-recursive] Error 1
make[3]: Leaving directory `/root/samba/gnutls-3.6.4/lib'
make[2]: *** [all] Error 2
make[2]: Leaving directory `/root/samba/gnutls-3.6.4/lib'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/root/samba/gnutls-3.6.4'
make: *** [all] Error 2
1
2
3
4
5
6
7
8
9
10

解决：

ln -sf /usr/local/lib64/libhogweed.so.4 /usr/lib64/libhogweed.so.4
1

再次make:

make
1

结果：成功

4.3 install安装

make install
1

结果：成功

成功安装gnutils3.6.4

5、再次进入解压后的samba目录

5.1 执行./configure

./configure --disable-python --without-ad-dc --without-json --without-libarchive  --without-acl-support
1

结果：

Checking for GnuTLS >= 3.4.7
['/usr/bin/pkg-config', 'gnutls >= 3.4.7', '--cflags', '--libs', 'gnutls']
err: Package gnutls was not found in the pkg-config search path.
Perhaps you should add the directory containing `gnutls.pc'
to the PKG_CONFIG_PATH environment variable
No package 'gnutls' found
Package gnutls was not found in the pkg-config search path.
Perhaps you should add the directory containing `gnutls.pc'
to the PKG_CONFIG_PATH environment variable
No package 'gnutls' found
1
2
3
4
5
6
7
8
9
10

即使我们升级了gnutls，它还是提示没找到，原因是安装的位置没有在系统目录，需要建立软连接才能被找到

解决：建立软连接

ln -sf /usr/local/lib/pkgconfig/gnutls.pc /usr/lib64/pkgconfig/gnutls.pc
ln -sf /usr/local/lib/libgnutls.so /usr/lib64/libgnutls.so
ln -sf /usr/local/lib/libgnutls.so.30 /usr/lib64/libgnutls.so.30
1
2
3

再次./configure

./configure --disable-python --without-ad-dc --without-json --without-libarchive  --without-acl-support
1

结果：

LDAP support not found. Try installing libldap2-dev or openldap-devel. Otherwise, use --without-ldap to build without LDAP support. LDAP support is required for the LDAP passdb backend, LDAP idmap backends and ADS. ADS support improves communication with Active Directory domain controllers.
1

解决：

#如果安装失败直接禁用--without-ldap
yum install -y libldap2-dev openldap-devel
1
2

编译samba:

./configure --disable-python --without-ad-dc --without-json --without-libarchive  --without-acl-support --without-pam --with-shared-modules=\!vfs_snapper --without-ldap --without-ads
1

结果：成功！

WARNING: ans1Parser hasn't been found! Please install it (e.g. libtasn1-bin)
Checking linker accepts -Wl,-no-undefined                                                       : yes 
Checking linker accepts ['-undefined', 'dynamic_lookup']                                        : no 
-lc not needed                                                                                  : -lc is unnecessary 
Checking configure summary                                                                      : ok 
Checking compiler for PIE support                                                               : yes 
Checking compiler for full RELRO support                                                        : yes 
Checking if compiler accepts -fstack-protector-strong                                           : no 
Checking if compiler accepts -fstack-protector                                                  : no 
Checking if compiler accepts -fstack-clash-protection                                           : no configure' finished successfully (2m1.763s)
1
2
3
4
5
6
7
8
9
10

5.2 make编译

make
1

结果：

Waf: Leaving directory `/root/samba/samba-4.13.0/bin/default'
Build commands will be stored in bin/default/compile_commands.json
'build' finished successfully (10m35.203s)
1
2
3

5.3 samba安装

make install
1

结果：成功！

Waf: Leaving directory `/root/samba/samba-4.13.0/bin/default'
Build commands will be stored in bin/default/compile_commands.json
'install' finished successfully (3m13.572s)
1
2
3

启动samba

参考：https://www.cnblogs.com/coolking/p/5569154.html

启动：/usr/local/samba/sbin/smbd -D

结果：
/usr/local/samba/sbin/smbd: error while loading shared libraries: libhogweed.so.4: cannot open shared object file: No such file or directory

创建软连接：
ln -sf /usr/local/lib64/libhogweed.so.4 /usr/lib64/libhogweed.so.4

启动：/usr/local/samba/sbin/smbd -D
结果：失败，原因是没有/usr/local/samba/etc/smb.conf

解决：
1、vim /usr/local/samba/etc/smb.conf

[global]
    workgroup = WORKGROUP
    security = user
    map to guest = Bad User
    log file = /usr/local/samba/var/log.%m
    max log size = 50
    unix charset = UTF-8
#display charset = UTF-8
    guest account = nobody
    dos charset = cp936
    create mask = 777
    directory mask = 777
[kdum]
    comment = All Printers
    path = /kingdom/szkdum
    browseable = yes
    guest ok = yes
    writable = yes
    read only = no
    public = yes
    directory mode = 0777
    create mode = 0770
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

2、创建nobody用户，存在就把不要创建

useradd -s /sbin/nologin nobody 
1

3、smb中添加nobody用户

/usr/local/samba/bin/smbpasswd -a nobody
1

4、启动该用户

/usr/local/samba/bin/smbpasswd -e nobody
1

5、创建数据存储目录

mkdir -p /kingdom/szkdum
1

6、赋予目录777权限

chmod -R 777 /kingdom/szkdum
1

7、分配目录用户和用户组

chown -R nobody:nobody /kingdom/szkdum
1

8、启动smb

/usr/local/samba/sbin/smbd -D
1

9、查看进程

netstat -tlnp|grep smbd
1

有问题欢迎在评论区交流~