How to SAMBA+

Buy a new SAMBA+ subscription

Please visit the SAMBA+ shop, click "My account" and register or sign in if you already have an account. Then click on "SAMBA+" and choose between

  • SAMBA+ for Linux (Debian, Ubuntu, RHEL, CentOS, SLES, OpenSUSE). This provides current Samba versions corresponding to the upstream Samba project.
  • SAMBA+ AIX for IBM's AIX Unix system.

After that, choose the period (1-3 years) and the amount of subscriptions needed and "Add to shopping cart". Please note that one subscription is valid for 5 servers! When you are done, "Proceed to checkout", enter your address and choose the payment method and "Complete payment". After that, your Serial numbers will be available under "My account". These serial numbers need to be activated in the OPOSSO subscription portal now.


Activate a new SAMBA+ subscription

At first, please register at or sign in if you already have an account. Please note that this account is independent from the shop account. This is intended to separate the purchasing process and the technical part, as both are usually processed by different persons/departments.

At, please click "Add new subscription", paste the subscription key(s) bought in the SAMBA+ shop into the window, read and (hopefully ;-) accept the terms and conditions and click "Register keys".

After that you can either set a global password for all subscriptions by clicking on "Set global password" or one password for each subscription by clicking on the key button of each entry.


Extend an existing SAMBA+ subscription

If your existing subscription expires, please extend the existing subscription. This is much easier than adding a new subscription, because you don't need to adopt all the repository files on your servers, because the old key will be extended. If you add a new subscription instead, the repo files must be updated with the new key.

To extend an existing subscription, please buy a new subscription in the SAMBA+ shop. Copy the new serial number (available here) into your clipboard and login at Click on the "Subscription" tab, mark the subscription that you are going to extend and then on the "Extend selected subscriptions" button. A new window opens and the old key is selected on the left side. Please enter your new key (serial number) on the right side, read and (hopefully ;-) accept the terms and conditions and then click the "Extend subscriptions" button.


Add the SAMBA+ package repository to your system

At you find all available repository files. Chose the sernet-samba-$VERSION.list template for your system and copy it to the corresponding directory:

  • for Debian/Ubuntu:    /etc/apt/sources.list.d/
  • for RHEL/CentOS:      /etc/yum.repos.d/
  • for SUSE/Leap:           /etc/zypp/repos.d/

Then please substitute the "KEY" and "PASSWORD" variables in your sernet-samba-$VERSION.list file with your personal key and password set in the OPOSSO backend (

Newer 'apt' versions recommend to use the /etc/apt/auth.conf file to store the login information instead of the sources.list. For the SAMBA+ repository, the following line would be needed:
'machine login KEY password PASSWORD'
where "KEY" and "PASSWORD" again need to be replaced with your personal data.

After that you should be able to refresh the repositories e.g. via

  • 'apt update' (Debian/Ubuntu)
  • 'zypper ref' (SUSE/Leap)

Installing SAMBA+

SAMBA+ consists of numerous packages. Which packages you need depends on the server role you are going to run your Samba server in. A list of all packages and the corresponding description is available in the repository meta data (e.g. for RHEL 8).

Additionally, you can show the package information with the packet manager commands, e.g. 'apt show sernet-samba' on Debian/Ubuntu.


Updating/Upgrading SAMBA+

There are regular major and minor upstream Samba releases. (For details on upstream Samba release cycles and currently supported branches, please see the Samba Release Planning.)

Please make sure that your running Samba version is still maintained. Regular updates are highly recommended for security reasons. SerNet usually recommends to run the "Maintenance Mode" Samba on production servers. Please note that manual interaction is needed to stick to the "Maintenance Mode" (see "Upgrading SAMBA+" below)! That means, every 6 month, you need to adapt the version number to the current "Maintenance Mode" in the repository files. Otherwise, the systems will end up running an unsupported Samba version, which won't receive any security updates after ~12 month.

Updating SAMBA+

Minor update means, the first and the second part of the version number does not change (e.g. 4.13.1 -> 4.13.2). To update to a newer minor version, you can just use your system's package management system to install the new package updates. It makes perfect sense to read the release notes of the new version before updating.

SerNet provides important information including the release notes on new SAMBA+ packages in the SAMBA+ Newsletter and the SAMBA+ Blog.

Upgrading SAMBA+

Upgrading means to go to a new major release (the first and/or second part of the version number changes). Testing the upgrade of your individual Samba setup in a test environment is highly recommended! Please read at least the first release notes of each new major version (e.g. when you are upgrading from Samba 4.10.4 to 4.13.2, read at least the release notes of Samba 4.11.0, 4.12.0 and 4.13.0). Especially the section "UPGRADING" is very important. Also running 'testparm' after upgrading is recommended, which complains about deprecated or already removed options in your Samba configuration.

To upgrade, you need to manually adopt the repository files to switch to the new repository path (e.g. 4.12 -> 4.13). This is not done automatically as it must be an active decision of the administrator. After that you can refresh your repository and proceed with the installation of the new version as normal.


Setting up a SAMBA+ as a standalone server

A standalone server provides file and print services and is useful if domain integration is not required or desired (e.g. in small networks). The services can be open for guests without any authentication, but as this has many security impacts, we skip this setup here and describe an  authenticating standalone server only.

Please install at least the 'sernet-samba' package and its dependencies.

SAMBA+ can be run in different server modes, so you need to specify the role of your server before being able to start the services. This  mode needs to be set with the "SAMBA_START_MODE" variable in the  /etc/default/sernet-samba file. Set the mode to "classic" to run a standalone fileserver.

The services can be controlled with the usual systemd commands, like 'systemctl'. For a standalone file server, the following services are available:

  •  sernet-samba-smbd.service            Samba SMB Daemon (file and print services)
  •  sernet-samba-nmbd.service           Samba NMB Daemon  (NetBIOS name resolution)                              
  •  sernet-samba-winbindd.service    Samba Winbind Daemon (ID mapping, Name Service Switch daemon)

The further configuration needs to be done in /etc/samba/smb.conf.

A very basic configuration could look like:                                      
       netbios name = FILESRV1                                                  
       workgroup = MYWORKGROUP                                                  
       path = /path/to/share1                                                   
       read only = no
The "netbios name" specifies the name of the server and "workgroup" the name of your workgroup.

In the [global] section, global settings are defined. For each file share and printer, a separate section has to be added (see [share1] in the example).       
Details on global and share specific parameters can be found in the smb.confmanual page ('man smb.conf').

To access your new SMB share, you need to create a Samba user. Samba needs also a UNIX account with exactly the same name to be able to check permissions on the underlying filesystem.                                                    
Add the UNIX user (if it does not exist yet):                                    
sudo useradd -s /usr/sbin/nologin smbuser1                                   
Add the Samba user:                                                              
sudo smbpasswd -a smbuser1                                               
The passwords of both accounts can differ. When connecting to the share, the password of the Samba user is needed.

Also the shared directory must exist. If it's not existing yet, it can be created via 'sudo mkdir -p /path/to/share1' according to the example above. Make sure that the user has filesystem access to the shared directory.           
Let's start the "smbd" and "nmbd" daemons and try to connect to the share:       
Start the services:                                                              
sudo systemctl restart sernet-samba-smbd                        
sudo systemctl restart sernet-samba-nmbd
Connect to the share using smbclient:                                            
smbclient //FILESRV1/share1 -U smbuser1                                   
Connecting via a Windows and other SMB clients is of course possible as well.

Setting up a SAMBA+ AD domain controller (AD DC)

A domain controller provides the central Active Directory. Make sure to have at least two DCs for failover! Do not use your domain controllers as file servers.

Please install the "sernet-samba-ad" package and its dependencies.

  • Debian/Ubuntu:    apt-get install sernet-samba-ad
  • RHEL/CentOS:       yum install sernet-samba-ad
  • SUSE/Leap:           zypper in sernet-samba-ad

After that, please edit the SAMBA+ configuration file /etc/default/sernet-samba and set the "SAMBA_START_MODE" variable to "ad". Otherwise the 'samba' deamon won't start at all.

Now the domain has to be configured by running 'samba-tool domain provision'. Please enter your realm etc. This step creates the /etc/samba/smb.conf configuration file. Afterwards, the service can be started via the 'systemctl start sernet-samba-ad' command.


Setting up a SAMBA+ domain member server

A domain member is part of a domain (domain users and groups are available), authenticates against DCs. A member server is usually used for file or print servers.

TBA – we are continuously expanding the information on this page, please check back later.


Setting up a SAMBA+ CTDB cluster node

TBA – we are continuously expanding the information on this page, please check back later.



SAMBA+ AIX: Installation Basics

The SAMBA+ installation needs to be put in the /usr/local/sambaplus-<version> path (this will be done by the setup script automatically) and
/usr/local/sambaplus should be a symlink to the actual path of
/usr/local/sambaplus-<version>. This is important for the init script to find the active SAMBA+ version always on the right place. This also allows multiple SAMBA+ versions to be installed simultaneously and the admin to switch easily between Samba versions if needed.


  • eventually delete old symlink: 'rm /usr/local/sambaplus'
  • link the Samba release to the active Samba path: 'ln -s /usr/local/sambaplus-<version> /usr/local/sambaplus'

Further down in the documentation we assume that this symlink /usr/local/sambaplus has been created successfully.

SAMBA+ is compiled to have all its configuration and database files under /var/sambaplus/. This way the installation files from /usr/local/sambaplus don't affect any of the config files.

smb.conf location:


tdb files location:


log files location:



SAMBA+ AIX: Init Scripts and how to enable them

The init scripts are located in /usr/local/sambaplus/init/ and they are called
winbind.init, nmbd.init and smbd.init.

To activate them for runlevel 2 you have to run those commands:

cd /etc/rc.d/rc2.d
ln -s /usr/local/sambaplus/init/winbindd.init S00winbindd
ln -s /usr/local/sambaplus/init/winbindd.init K10winbindd
ln -s /usr/local/sambaplus/init/smbd.init S10smbd
ln -s /usr/local/sambaplus/init/smbd.init K00smbd
ln -s /usr/local/sambaplus/init/nmbd.init S10nmbd
ln -s /usr/local/sambaplus/init/nmbd.init K00nmbd

(and the same in /etc/rc.d/rc3.d/ once more)



Further details are described in the README file shipped with SAMBA+ AIX.


SAMBA+ 4.13.9 has just been released by SerNet. Packages for various SUSE and Red Hat platforms…

For sambaXP 2021 Björn Jacke, longtime member of the international Samba Team and SerNet's AIX…


Buy and manage software subscriptions. SAMBA+ subscriptions are available for one, two and three years at the SAMBA+ shop.

+ visit the shop

Deutsch English Français