Samba uses the SSLeay package, written by Eric Young, to provide Secure Sockets Layer support on the server side. Because of U.S. export law, however, the SSLeay package cannot be shipped with Samba distributions that are based in the United States. For that reason, the Samba creators decided to leave it as a separate package entirely. You can download the SSLeay distribution from any of the following sites:
The latest version as of this printing is 0.9.0b. Download it to the same server as the Samba distribution, then uncompress and untar it. You should be left with a directory entitled
SSLeay-0.9.0b. After changing to that directory, you will need to configure and build the SSL encryption package in the same way that you did with Samba.
SSLeay uses a Perl-based
configure script. This script modifies the Makefile that constructs the utilities and libraries of the SSLeay package. However, the default script is hardcoded to find Perl at
/usr/local/bin/perl. You may need to change the
configure script to point to the location of the Perl executable file on your Unix system. For example, you can type the following to locate the Perl executable:
#
which perl
/usr/bin/perl
Then modify the first line of the
configure script to force it to use the correct Perl executable. For example, on our Red Hat Linux system:
#!/usr/bin/perl
#
# see PROBLEMS for instructions on what sort of things to do
# when tracking a bug -tjh
...
After that, you need to run the
configure script by specifying a target platform for the distribution. This target platform can be any of the following:
BC-16 BC-32 FreeBSD NetBSD-m86
NetBSD-sparc NetBSD-x86 SINIX-N VC-MSDOS
VC-NT VC-W31-16 VC-W31-32 VC-WIN16
VC-WIN32 aix-cc aix-gcc alpha-cc
alpha-gcc alpha400-cc cc cray-t90-cc
debug debug-irix-cc debug-linux-elf dgux-R3-gcc
dgux-R4-gcc dgux-R4-x86-gcc dist gcc
hpux-cc hpux-gcc hpux-kr-cc irix-cc
irix-gcc linux-aout linux-elf ncr-scde
nextstep purify sco5-cc solaris-sparc-cc
solaris-sparc-gcc solaris-sparc-sc4 solaris-usparc-sc4 solaris-x86-gcc
sunos-cc sunos-gcc unixware-2.0 unixware
For our system, we would enter the following:
#
./Configure linux-elf
CC =gcc
CFLAG =-DL_ENDIAN -DTERMIO -DBN_ASM -O3 -fomit-frame-pointer
EX_LIBS =
BN_MULW =asm/bn86-elf.o
DES_ENC =asm/dx86-elf.o asm/yx86-elf.o
BF_ENC =asm/bx86-elf.o
CAST_ENC =asm/cx86-elf.o
RC4_ENC =asm/rx86-elf.o
RC5_ENC =asm/r586-elf.o
MD5_OBJ_ASM =asm/mx86-elf.o
SHA1_OBJ_ASM =asm/sx86-elf.o
RMD160_OBJ_ASM=asm/rm86-elf.o
THIRTY_TWO_BIT mode
DES_PTR used
DES_RISC1 used
DES_UNROLL used
BN_LLONG mode
RC4_INDEX mode
After the package has been configured, you can build it by typing
make. If the build did not successfully complete, consult the documentation that comes with the distribution or the FAQ at
https://www.cryptsoft.com/ssleay/ for more information on what may have happened. If the build did complete, type
make
install to install the libraries on the system. Note that the makefile installs the package in
/usr/local/ssl by default. If you decide to install it in another directory, remember the directory when configuring Samba to use SSL.
