Please visit the SAMBA+ shop, click "My account" and register or sign in if you already have an account. Then click on "SAMBA+" and choose between
- SAMBA+ for Linux (Debian, Ubuntu, RHEL, CentOS, SLES, OpenSUSE). This provides current Samba versions corresponding to the upstream Samba project.
- SAMBA+ AIX for IBM's AIX Unix system.
After that, choose the period (1-3 years) and the amount of subscriptions needed and "Add to shopping cart". Please note that one subscription is valid for 5 servers! When you are done, "Proceed to checkout", enter your address and choose the payment method and "Complete payment". After that, your Serial numbers will be available under "My account". These serial numbers need to be activated in the OPOSSO subscription portal now.
At first, please register at https://oposso.samba.plus or sign in if you already have an account. Please note that this account is independent from the shop account. This is intended to separate the purchasing process and the technical part, as both are usually processed by different persons/departments.
At https://oposso.samba.plus/subscription.php, please click "Add new subscription", paste the subscription key(s) bought in the SAMBA+ shop into the window, read and (hopefully ;-) accept the terms and conditions and click "Register keys".
After that you can either set a global password for all subscriptions by clicking on "Set global password" or one password for each subscription by clicking on the key button of each entry.
If your existing subscription expires, please extend the existing subscription. This is much easier than adding a new subscription, because you don't need to adopt all the repository files on your servers, because the old key will be extended. If you add a new subscription instead, the repo files must be updated with the new key.
To extend an existing subscription, please buy a new subscription in the SAMBA+ shop. Copy the new serial number (available here) into your clipboard and login at https://oposso.samba.plus. Click on the "Subscription" tab, mark the subscription that you are going to extend and then on the "Extend selected subscriptions" button. A new window opens and the old key is selected on the left side. Please enter your new key (serial number) on the right side, read and (hopefully ;-) accept the terms and conditions and then click the "Extend subscriptions" button.
At https://oposso.samba.plus/how_to.php you find all available repository files. Chose the sernet-samba-$VERSION.list template for your system and copy it to the corresponding directory:
- for Debian/Ubuntu: /etc/apt/sources.list.d/
- for RHEL/CentOS: /etc/yum.repos.d/
- for SUSE/Leap: /etc/zypp/repos.d/
Then please substitute the "KEY" and "PASSWORD" variables in your sernet-samba-$VERSION.list file with your personal key and password set in the OPOSSO backend (https://oposso.samba.plus/subscription.php).
Newer 'apt' versions recommend to use the /etc/apt/auth.conf file to store the login information instead of the sources.list. For the SAMBA+ repository, the following line would be needed:
'machine download.sernet.de/subscriptions/samba/ login KEY password PASSWORD'
where "KEY" and "PASSWORD" again need to be replaced with your personal data.
After that you should be able to refresh the repositories e.g. via
- 'apt update' (Debian/Ubuntu)
- 'zypper ref' (SUSE/Leap)
SAMBA+ consists of numerous packages. Which packages you need depends on the server role you are going to run your Samba server in. A list of all packages and the corresponding description is available in the repository meta data (e.g. https://download.sernet.de/subscriptions/samba/4.12/rhel/8/repodata/ for RHEL 8).
Additionally, you can show the package information with the packet manager commands, e.g. 'apt show sernet-samba' on Debian/Ubuntu.
There are regular major and minor upstream Samba releases. (For details on upstream Samba release cycles and currently supported branches, please see the Samba Release Planning.)
Please make sure that your running Samba version is still maintained. Regular updates are highly recommended for security reasons. SerNet usually recommends to run the "Maintenance Mode" Samba on production servers. Please note that manual interaction is needed to stick to the "Maintenance Mode" (see "Upgrading SAMBA+" below)! That means, every 6 month, you need to adapt the version number to the current "Maintenance Mode" in the repository files. Otherwise, the systems will end up running an unsupported Samba version, which won't receive any security updates after ~12 month.
Minor update means, the first and the second part of the version number does not change (e.g. 4.13.1 -> 4.13.2). To update to a newer minor version, you can just use your system's package management system to install the new package updates. It makes perfect sense to read the release notes of the new version before updating.
Upgrading means to go to a new major release (the first and/or second part of the version number changes). Testing the upgrade of your individual Samba setup in a test environment is highly recommended! Please read at least the first release notes of each new major version (e.g. when you are upgrading from Samba 4.10.4 to 4.13.2, read at least the release notes of Samba 4.11.0, 4.12.0 and 4.13.0). Especially the section "UPGRADING" is very important. Also running 'testparm' after upgrading is recommended, which complains about deprecated or already removed options in your Samba configuration.
To upgrade, you need to manually adopt the repository files to switch to the new repository path (e.g. 4.12 -> 4.13). This is not done automatically as it must be an active decision of the administrator. After that you can refresh your repository and proceed with the installation of the new version as normal.
A standalone server provides file and print services and is useful if domain integration is not required or desired (e.g. in small networks). The services can be open for guests without any authentication, but as this has many security impacts, we skip this setup here and describe an authenticating standalone server only.
Please install at least the 'sernet-samba' package and its dependencies.
SAMBA+ can be run in different server modes, so you need to specify the role of your server before being able to start the services. This mode needs to be set with the "SAMBA_START_MODE" variable in the /etc/default/sernet-samba file. Set the mode to "classic" to run a standalone fileserver.
The services can be controlled with the usual systemd commands, like 'systemctl'. For a standalone file server, the following services are available:
- sernet-samba-smbd.service Samba SMB Daemon (file and print services)
- sernet-samba-nmbd.service Samba NMB Daemon (NetBIOS name resolution)
- sernet-samba-winbindd.service Samba Winbind Daemon (ID mapping, Name Service Switch daemon)
The further configuration needs to be done in /etc/samba/smb.conf.
A very basic configuration could look like:
netbios name = FILESRV1
workgroup = MYWORKGROUP
path = /path/to/share1
read only = no
The "netbios name" specifies the name of the server and "workgroup" the name of your workgroup.
In the [global] section, global settings are defined. For each file share and printer, a separate section has to be added (see [share1] in the example).
Details on global and share specific parameters can be found in the smb.confmanual page ('man smb.conf').
To access your new SMB share, you need to create a Samba user. Samba needs also a UNIX account with exactly the same name to be able to check permissions on the underlying filesystem.
Add the UNIX user (if it does not exist yet):
sudo useradd -s /usr/sbin/nologin smbuser1
Add the Samba user:
sudo smbpasswd -a smbuser1
The passwords of both accounts can differ. When connecting to the share, the password of the Samba user is needed.
Also the shared directory must exist. If it's not existing yet, it can be created via 'sudo mkdir -p /path/to/share1' according to the example above. Make sure that the user has filesystem access to the shared directory.
Let's start the "smbd" and "nmbd" daemons and try to connect to the share:
Start the services:
sudo systemctl restart sernet-samba-smbd
sudo systemctl restart sernet-samba-nmbd
Connect to the share using smbclient:
smbclient //FILESRV1/share1 -U smbuser1
Connecting via a Windows and other SMB clients is of course possible as well.
A domain controller provides the central Active Directory. Make sure to have at least two DCs for failover! Do not use your domain controllers as file servers.
Please install the "sernet-samba-ad" package and its dependencies.
- Debian/Ubuntu: apt-get install sernet-samba-ad
- RHEL/CentOS: yum install sernet-samba-ad
- SUSE/Leap: zypper in sernet-samba-ad
After that, please edit the SAMBA+ configuration file /etc/default/sernet-samba and set the "SAMBA_START_MODE" variable to "ad". Otherwise the 'samba' deamon won't start at all.
Now the domain has to be configured by running 'samba-tool domain provision'. Please enter your realm etc. This step creates the /etc/samba/smb.conf configuration file. Afterwards, the service can be started via the 'systemctl start sernet-samba-ad' command.
A domain member is part of a domain (domain users and groups are available), authenticates against DCs. A member server is usually used for file or print servers.
TBA – we are continuously expanding the information on this page, please check back later.
TBA – we are continuously expanding the information on this page, please check back later.
The SAMBA+ installation needs to be put in the /usr/local/sambaplus-<version> path (this will be done by the setup script automatically) and
/usr/local/sambaplus should be a symlink to the actual path of
/usr/local/sambaplus-<version>. This is important for the init script to find the active SAMBA+ version always on the right place. This also allows multiple SAMBA+ versions to be installed simultaneously and the admin to switch easily between Samba versions if needed.
- eventually delete old symlink: 'rm /usr/local/sambaplus'
- link the Samba release to the active Samba path: 'ln -s /usr/local/sambaplus-<version> /usr/local/sambaplus'
Further down in the documentation we assume that this symlink /usr/local/sambaplus has been created successfully.
SAMBA+ is compiled to have all its configuration and database files under /var/sambaplus/. This way the installation files from /usr/local/sambaplus don't affect any of the config files.
tdb files location:
log files location:
The init scripts are located in /usr/local/sambaplus/init/ and they are called
winbind.init, nmbd.init and smbd.init.
To activate them for runlevel 2 you have to run those commands:
ln -s /usr/local/sambaplus/init/winbindd.init S00winbindd
ln -s /usr/local/sambaplus/init/winbindd.init K10winbindd
ln -s /usr/local/sambaplus/init/smbd.init S10smbd
ln -s /usr/local/sambaplus/init/smbd.init K00smbd
ln -s /usr/local/sambaplus/init/nmbd.init S10nmbd
ln -s /usr/local/sambaplus/init/nmbd.init K00nmbd
(and the same in /etc/rc.d/rc3.d/ once more)
Further details are described in the README file shipped with SAMBA+ AIX.