Guide for setting up 'libdes' 4.01 password encryption & Samba 1.9.17p2

This page was written by Christopher Spry. It is an account of how I set up 'libdes' with password encryption for 'Samba' on my Indy on 7 October1997. It was running IRIX 6.2 using the xfs file system. My thanks go to Neil Long neil.long@materials.oxford.ac.uk who helped me with several compilation issues.

Two steps are needed: 1. Obtain the 'libdes' distribution then compile and install it on the Indy. 2. Obtain the latest 'samba' release and compile it with the' libdes' library then install 'samba' on the Indy.

1. Installing 'libdes', the free encryption software by a variety of people (see the documentation that comes with it).

I first unzipped and untarred libdes-4_01.tar.gz which I had ftp from ftp://ftp.psy.uq.oz.au/pub/Crypto/DES/. This created a number of files, some of which are referred to below. Then I copied the 'Makefile.uni' over the 'Makefile'. I edited 'Makefile' and changed the 'CFLAGS....' line to 'CFLAGS = -O2 -n32 $(OPTS) $(CFLAG)'. I ensured that my editor program was not wordwrapping when I saved this edited file. I ran 'make' which compiled normally. I followed the instructions in the file 'INSTALL' help file to run './destest', './rpw', './speed' and './des_opts'. The last showed that I should use: 'OPTS4 = -DDES_UNROLL -DDES_PTR' so I edited 'Makefile' again to do so. I deleted the 'des_enc.o' file and ran 'make' again. This now compiled the programs and libraries for 'des'. I then made two new directories: '/usr/local/man/man3' and '/usr/include' and ran 'make install'. This put 'libdes.a' (the libdes library) in '/usr/local/lib', 'des' (the executable program that provides encryption) in' /usr/local/bin', 'des_crypt.man' (the 'man pages') in '/usr/local/man/man3', 'des.man' in' /usr/local/man/man1' and 'des.h' in '/usr/local/include'.

2. Installing 'samba', the free 'smb' server software by Andrew Tridgell and others, to allow Windows PCs to access UNIX workstations

(a) Uncompressing and untarring samba-1.9.17p2.tar.

I first unzipped and untarred 'samba-1.9.17p2.tar.gz' which I had obtained from 'ftp://sunsite.doc.ic.ac.uk/packages/samba/source/'. This created a number of files, some of which are referred to below.

(b) Editing the samba 'Makefile'

I edited the 'Makefile' and changed 'WORKGROUP = WORKGROUP' to 'WORKGROUP = BHFCIG'. (BHFCIG is the name of my workgroup on the Indy and PCs on our network).

I then unhashed four lines in 'Makefile': (Note that the 4th line is one long line).

I altered the DES_BASE= line so that it pointed to where 'libdes.a' had been put: '/usr/local/lib' not '/usr/local/libdes', so the correct first line was: DES_BASE=/usr/local/lib

I unhashed the three lines further on in 'Makefile' under '# FOR SGI IRIX 6.2, use this line instead'

This meant that I could compile the programs under IRIX 6.2. I saved 'Makefile' ensuring that lines were not wordwrapped.
As the compilation would need the 'des.h' include file, which had been put in the directory '/usr/local/include', I copied 'des.h' to same directory as the samba 'make' file.

(c) Compiling the samba distribution programs:

I ran 'make install'. This compiled and linked the modules for samba. I noted but ignored the error message was given after 'Linking smbrun':

More modules continued to be compiled and linked and the output showed where the 'smbd' and other files were being installed.

(d) Preparing a 'smbpasswd' file:

I made a directory called '/usr/local/samba/private'. I then made a 'smbpasswd' file for this new directory

I noted that the 'smbpasswd' file contained 'Xs' in groups of 32. I altered permissions for this directory and file:

(e) Editing samba's configuration file '/usr/local/samba/lib/smb.conf'

I edited '/usr/local/samba/lib/smb.conf' ensuring that autowrap was set 'off'. I added under the [global] section:

Other relevant entries, which I had in my previous version of samba (which did not use encryption) were:

(e) Restarting the new 'smb.conf' configuration.

I looked for the samba daemons with: 'ps -el | grep smb' which found three smbd daemons which I killed. (Users who do not have an earlier version of Samba running need not do this). I then ran the following command to initialize samba with the new 'smb.conf' configuration file:

This reinitialized samba with the new 'samba' feature: 'des' encryption. I ran

to check that it was OK. This showed that the new version 1.9.17p2 was running.

(e) using the '/usr/local/samba/bin/smbpasswd' script to alter the 'smbpasswd' file's passwords.

The '/usr/local/samba/private/smbpasswd' file that I created in (d) above contains 'Xs' instead of passwords for users who want to connect to the Indy from PCs. The presence of the 'Xs' prevents connection to samba shares by default. For this reason I ran the '/usr/local/samba/bin/smbpasswd' script so that I could enter the passwords one by one into this file. I entered them for 'root' and each 'human' user. I did not alter the ones for 'ftp', 'guest' etc as smbpasswords are only needed for connections that use samba, not 'ftp', 'telnet' etc. that bypass it. Only 'suidroot' could change the 'smbpasswd' in my configuration so when users alter their IRIX password they will have to be altered for 'smbpasswd' by root as well.

(f) Updating the documentation for samba

I copied all the document files from the untarred distribution directories of samba to '/usr/local/samba/docs'. I made a 'faq' directory for HTML files under that directory and copied the 'faq' HTML files from the untarred distribution directory, so that they could be used as helper applications. I then deleted the files and directories into which the distribution file had been untarred.

(Note: there is a patch for samba-1.9.17p2 but I understand that this fixes a minor DOS issue and is not needed for most users).

3. Configuring Samba

See: http://www.germany.net/teilnehmer/101,69082/samba.html which links to other on-line resources with help on configuration issues.

There is a definitive book on Samba called 'Samba: Integrating UNIX and Windows' by John D. Blair, Samba Team, ISBN 1-57831-006-7, February 1998. It is available from Amazon on-line booksellers @ US$29.99.

Return to the 'home page'

Return to the `Computing index page'

Return to the 'Indy administration index'

© Christopher Spry mailto:cspry@cspry.co.uk.  This page was last updated on 26 November 2003 10:13:37.