Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Samba for Freeradius 2.x

    Scheduled Pinned Locked Moved Development
    12 Posts 3 Posters 9.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pszafer
      last edited by

      Hello,

      For almost a year I have well working configuration - samba (exactly ntlm_auth) cooperating with freeradius. Then I chose a simplier and faster way to install it.
      I made some guide how to install it on other pfSense machines (http://goo.gl/bVAEB).

      And now I have to implement the same thing on another router, but this time, if it is possible, I would like to go more complicated way, but hopefully with pfSense package in the end.

      As far as I understand, I should do following things:

      • make BSD port for "samba for freeradius"

      • create pbi package from that port

      • create tbz package for 2.0 pfSense

      • create GUI files for Samba

      • create little patch for freeradius package

      Is it correct?

      And last question - can I use original samba sources (~34 MB) with configuration like that:

      ./configure --prefix=/tmp/samba2/ --disable-smbtorture4 --disable-cups --disable-pie --disable-fam --disable-old-ctdb --disable-avahi --without-mandir --without-krb5 --with-ads --with-ldap --with-wbclient --with-winbind --without-libsmbclient
      

      and after install in post-install script removing unnecessary files;
      or rather cut samba sources from unnecessary files (more complicated for me, but less space).

      Thanks in advance for help

      1 Reply Last reply Reply Quote 0
      • N
        Nachtfalke
        last edited by

        I do not know how this .pbi and .tbz magic is working on the pfsense servers ;) but perhaps this will help you:
        http://forum.pfsense.org/index.php/topic,50498.0.html

        As far as I understand it - you do not need to build/make the .tbz and .pbi by hand. This will be done automatically if you do the correct entries in this file:
        https://github.com/bsdperimeter/pfsense-packages/blob/master/pkg_config.8.xml
        And the perhaps just ask jimp to start the builder (which does the magic) and on the next day there are the .tbz and .pbi files ;-)

        Another possibility could be to ask marcelloc - he built the .pbi files for me in the past on his own server. That was for testing the new package/functions before do the real work on pfsense server.

        So you points 1,2 and 3 will be done "nearly" automatically if you understand how.
        Point 4 and 5 - you are welcom to do that and/or implement that in freeradius2 package.
        Perhaps it would make sense to create a second package like "freeradius2-smb". So that there is no need to install freeradius2 with samba if you do not need it. But if you need it - then just install the "freeradius2-smb" package which adds the neccessary binaries and the GUI.

        Sorry that I could not help you much more but I am really interested in that feature :D

        1 Reply Last reply Reply Quote 0
        • P
          pszafer
          last edited by

          Hi Nachtfalke! I hoped You will be interested in this feature :)

          I think that better make GUI for Samba and little patch to freeradius (after properly installing Samba it's only one change in configuration and maybe one check box in GUI, I'll write it later).

          So I will try to make GUI for Samba and this patch and the same time ask jimp about some explanation (maybe there are some arguments against building Samba for all community).

          1 Reply Last reply Reply Quote 0
          • N
            Nachtfalke
            last edited by

            I will help you on freeradius.inc if you have any questions. But probably you know more about php and coding than me ;)

            1 Reply Last reply Reply Quote 0
            • marcellocM
              marcelloc
              last edited by

              pszafer,

              the basic steps to compile/write/test new packages on pfsense is:

              • Install a freebsd 8.1 for 2.0.x builds or a 8.3 for 2.1 builds

              • Install ports via portsnap fetch && portsnap upgrade(maybe a portsnap extract on first time run)

              • define packages destination folder, folowing this page

              • Compile your packages using ports, in your case /usr/ports/net/samba36

              • type make config to select your compile options, then type make package

              • copy tbz files created to a web server or pfsense server and do a pkg_add to install it

              This way you can test/create a gui for it, the next step is to publish it on github.

              att,
              Marcello Coutinho

              Treinamentos de Elite: http://sys-squad.com

              Help a community developer! ;D

              1 Reply Last reply Reply Quote 0
              • P
                pszafer
                last edited by

                Hello Marcelloc,

                Thank You for your post!

                I did most of steps you wrote before. I installed samba from sources in /tmp directory on FreeBSD 8.3. I removed as much files as I can by hand (rm command), because with configure I can't define not to install some executables, even if I know that ntlm_auth (one of main programs to authenticate with Active Directory) doesn't use them.
                Then I used script from Polish bsd site:

                
                #! /bin/sh
                for i in `find $1 -type d`; do
                if [ "$i" != "$1" ]; then
                for j in `ls $i`; do
                if [ ! -d $i/$j ]; then
                echo $i/$j
                fi
                done
                fi
                done
                #--------------------
                
                sh create_list.sh > files
                find /tmp/samba -type d > directories
                

                removed beginning of path (/tmp/samba)

                cat files | cut -b 10- > new_files
                cat directories | cut -b 10- > new_dirs
                

                removed lines:

                bin
                include
                lib
                share/doc

                after that simple sort:

                cat new_files | sort > packing_list
                cat new_dirs | sort > directories
                

                added

                @name, @cwd, @srcdir, @dirrm
                
                

                and in the end:

                pkg_create -f packing_list -c description1 -d description2 sambaforfreeradius.tbz
                

                I have tbz file and can install it successfully.
                As I understand now I should create GUI config and then I could publish it on github (my own github or bsdperimeter?)?

                Am I correct or your steps are necessary and only way to create package for pfSense?

                Another question I have on my mind, can I make changes in the other packet by installing Samba (make changes in freeradius.inc file)

                1 Reply Last reply Reply Quote 0
                • marcellocM
                  marcelloc
                  last edited by

                  @pszafer:

                  As I understand now I should create GUI config and then I could publish it on github (my own github or bsdperimeter?)?
                  Am I correct or your steps are necessary and only way to create package for pfSense?

                  To publish on github you need all make options you've used on ports, as it must be compiled by core-team.
                  Take a look on pkg_config.8.xml

                  @pszafer:

                  Another question I have on my mind, can I make changes in the other packet by installing Samba (make changes in freeradius.inc file)

                  You can but it's better to talk to it's package maintainer.
                  You can create a patch file and let user apply/remove it or check it on install process.

                  Treinamentos de Elite: http://sys-squad.com

                  Help a community developer! ;D

                  1 Reply Last reply Reply Quote 0
                  • N
                    Nachtfalke
                    last edited by

                    You are allowed to add things to freeradius.inc if you need to.
                    But I would suggest to make it optional - in any way - to use samba or not. Some people probably do not want and need samba on their pfsense.

                    1 Reply Last reply Reply Quote 0
                    • P
                      pszafer
                      last edited by

                      Nachtfalke, definitely it would be optional and as you will see today or tomorrow it wouldn't be a big change.

                      –---
                      I've just made patch for freeradius2.
                      Haven't check it yet, but want to show the idea.

                      Just need to check if samba is installed and if true then in file etc/raddb/modules/mschap uncomment line ntlm_auth with proper line.
                      Rest of work will do samba package

                      Here is the link - http://pastebin.com/CS8fupvz.
                      I'll check it today.

                      1 Reply Last reply Reply Quote 0
                      • P
                        pszafer
                        last edited by

                        @Marcelloc

                        I have questions to you or someone from CoreTeam.
                        1. Should I create dependencies packages like talloc, tbd?
                        2. Is there any possibility to create post-installation script to remove some unnecessary files from samba package or maybe it is possible to create my own samba "light" for freeradius port.
                        I have samba created following your instructions, but there are a few files really don't needed.

                        1 Reply Last reply Reply Quote 0
                        • marcellocM
                          marcelloc
                          last edited by

                          The post install script can be done on package install process as IIIRC it install packages before xml files.

                          Treinamentos de Elite: http://sys-squad.com

                          Help a community developer! ;D

                          1 Reply Last reply Reply Quote 0
                          • P
                            pszafer
                            last edited by

                            I'm half way of making samba pkg work.

                            @Marcelloc, I have problem. In pfsense 2.1 packages are installing in /usr/pbi/*.
                            While creating tbz package, can I change the installation destination directory of package to /usr/pbi/samba?

                            By default it is installed in /usr/local with it's all dependencies.

                            Here is link to repository where I'm creating package - https://github.com/pszafer/SambaForFreeradiusPFSENSE

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.