freebsd-ports

mirror of https://git.FreeBSD.org/ports.git synced 2024-10-18 19:49:40 +00:00

History

Timur I. Bakeyev 135b4febde net/samba416: Security update for the recent Heimdal/KRB5 related vulnerabilities. Security: CVE-2022-38023 CVE-2022-37966 CVE-2022-37967 CVE-2022-45141		2022-12-19 02:42:08 +01:00
..
man
0001-Compact-and-simplify-modules-build-and-config-genera.patch
0002-Adjust-abi_gen.sh-script-to-run-under-FreeBSD-with-i.patch
0003-Mask-CLang-prototype-warnings-in-kadm5-admin.h.patch
0004-On-FreeBSD-date-1-has-different-semantics-than-on-Li.patch
0005-Include-jemalloc-jemalloc.h-if-ENABLE_JEMALLOC-is-se.patch
0006-Install-nss_-modules-into-PAMMODULESDIR-path.patch
0007-Use-macro-value-as-a-default-backlog-size-for-the-li.patch
0008-Brute-force-work-around-usage-of-Linux-specific-m-fl.patch
0009-Make-sure-that-config-checks-fail-if-the-warning-is-.patch
0010-Add-option-with-pkgconfigdir-to-specify-alternative-.patch
0011-Use-provided-by-port-location-of-the-XML-catalog.patch
0012-Create-shared-libraries-according-to-the-FreeBSD-spe.patch
0013-Pass-additional-msg-parameter-to-CHECK_LIB-so-it-can.patch
0014-Add-option-to-disable-CTDB-tests-failing-on-FreeBSD-.patch
0015-Add-extra-debug-class-to-trck-down-DB-locking-code.patch
0016-Make-ldb_schema_attribute_compare-a-stable-comparisi.patch
0017-Use-arc4random-when-available-to-generate-random-tal.patch
0018-Add-configuration-option-that-allows-to-choose-alter.patch
0019-From-923bc7a1afeb0b920e60e14846987ae1d2d7dca4-Mon-Se.patch
0020-FreeBSD-12-between-r336017-and-r342928-wrongfuly-ret.patch
0021-Fix-casting-warnings-in-the-nfs_quota-debug-message.patch
0022-Clean-up-UTMP-handling-code-and-add-FreeBSD-support..patch
0023-Add-cmd_get_quota-test-function-into-vfstest-to-test.patch
0024-Cherry-pick-ZFS-provisioning-code-by-iXsystems-Inc.patch
0025-From-d9b748869a8f4018ebee302aae8246bf29f60309-Mon-Se.patch
0026-vfs-add-a-compatibility-option-to-the-vfs_streams_xa.patch
0027-Add-VFS-module-vfs_freebsd-that-implements-FreeBSD-s.patch
0028-s3-lib-system-add-FreeBSD-proc_fd_pattern.patch
0099-s3-modules-zfsacl-fix-get-set-ACL-on-FreeBSD-13.patch
0099-s4-mitkdc-Add-support-for-MIT-Kerberos-1.20.patch
patch-examples_pdb_wscript__build
patch-lib_ldb_wscript
patch-lib_talloc_wscript
patch-lib_tdb_wscript
patch-lib_util_wscript__build
patch-source3_lib_util.c
patch-source3_librpc_crypto_gse.c
patch-source3_modules_vfs__virusfilter__utils.c
patch-source3_registry_tests_test__regfio.c
patch-source3_winbindd_wscript__build
patch-source3_wscript__build
pkg-message.in
README.FreeBSD.in
samba_server.in

README.FreeBSD.in

              !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
              !!! Please read before runing any tools !!!
              !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Documentation
=============

    o https://wiki.samba.org/index.php/Samba4/HOWTO

    o https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO

    o https://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO

FreeBSD specific information
============================

* Your configuration is in: %%SAMBA4_CONFDIR%%/%%SAMBA4_CONFIG%%

* All the logs are under: %%SAMBA4_LOGDIR%%

* All the relevant databases are under: %%SAMBA4_LOCKDIR%%

* Provisioning script is: %%PREFIX%%/bin/samba-tool

Samba4 provisioning requires file system(s) with the ACLs support. On
UFS2 you need to enable POSIX ACLs by adding 'acls' option to the mount
flags, on ZFS you need to use NFSv4 ACLs and `zfsacl` VFS module to get
provisioning work.

There is a hack in the code, that makes provisioning work on UFS2 and in
the jails on the price of using USER extattr(2) namespace, which is less
secure than SYSTEM namespace, as can be edited not only by root user, but
also by the owner of the file.

For the provisioning on ZFS you need to use additional parameters to the
samba-tool, that would explicitly add `zfsacl` to the default `vfs objects`:

    # samba-tool domain provision --interactive \
            --option="vfs objects"="dfs_samba4 zfsacl"

To run this port you need to perform the following steps:
---------------------------------------------------------

0. If you had Samba3 port installed before, please, *take backups* of
all the relevant files. That includes 'smb.conf' file and all the
content of the '/var/db/samba/' directory.

1a. Create new '%%SAMBA4_CONFDIR%%/%%SAMBA4_CONFIG%%' file by running:

    # samba-tool domain provision

1b. Or upgrade from the Samba3 'smb.conf' file by running:

    # samba-tool domain classicupgrade

%%AC_DC%%1c. You will need to specify location of the 'nsupdate' command in the
%%AC_DC%%'%%SAMBA4_CONFIG%%' file:
%%AC_DC%%
%%AC_DC%%      nsupdate command = %%PREFIX%%/bin/samba-nsupdate -g
%%AC_DC%%
2. Put string 'samba_server_enable="YES"' into your /etc/rc.conf.

3. Make sure that your server doesn't run Samba3, OpenLDAP and named.
Stop them, if necessary.

4. Run '%%PREFIX%%/etc/rc.d/samba_server start' or reboot.

Please, check archives of samba@lists.samba.org and ask there for help,
if necessary:

    https://lists.samba.org/archive/samba/

Port related bugs can be reported to the FreeBSD Bugzilla or directly to:

    https://gitlab.com/samba-freebsd/ports/-/issues

In case you found a bug which is clearly not related to the port build
process itself, plese file a bug report at:

    https://bugzilla.samba.org/

And add me to CC list.

You may find those tools helpful:
---------------------------------

Microsoft Remote Server Administration Tools (RSAT) for:

* Vista: http://www.microsoft.com/en-us/download/details.aspx?id=21090
* Windows 7: http://www.microsoft.com/en-us/download/details.aspx?id=7887


FreeBSD Samba4 port maintainer: Timur I. Bakeyev <timur@FreeBSD.org>