Set up SAMBA+

Setting up a SAMBA+ as a standalone server

A standalone server provides file and print services and is useful if domain integration is not required or desired (e.g. in small networks). The services can be open for guests without any authentication, but as this has many security impacts, we skip this setup here and describe an  authenticating standalone server only.

Please install at least the 'sernet-samba' package and its dependencies.

SAMBA+ can be run in different server modes, so you need to specify the role of your server before being able to start the services. This  mode needs to be set with the "SAMBA_START_MODE" variable in the  /etc/default/sernet-samba file. Set the mode to "classic" to run a standalone fileserver.

The services can be controlled with the usual systemd commands, like 'systemctl'. For a standalone file server, the following services are available:

  •  sernet-samba-smbd.service            Samba SMB Daemon (file and print services)
  •  sernet-samba-nmbd.service           Samba NMB Daemon  (NetBIOS name resolution)                              
  •  sernet-samba-winbindd.service    Samba Winbind Daemon (ID mapping, Name Service Switch daemon)
                                                                                                                             

The further configuration needs to be done in /etc/samba/smb.conf.

A very basic configuration could look like:                                      
                                                                                
[global]                                                                         
       netbios name = FILESRV1                                                  
       workgroup = MYWORKGROUP                                                  
                                                                                
[share1]                                                                         
       path = /path/to/share1                                                   
       read only = no
                                                          
                                                                                
The "netbios name" specifies the name of the server and "workgroup" the name of your workgroup.

In the [global] section, global settings are defined. For each file share and printer, a separate section has to be added (see [share1] in the example).       
                                                                                
Details on global and share specific parameters can be found in the smb.confmanual page ('man smb.conf').

To access your new SMB share, you need to create a Samba user. Samba needs also a UNIX account with exactly the same name to be able to check permissions on the underlying filesystem.                                                    
                                                                                
Add the UNIX user (if it does not exist yet):                                    
sudo useradd -s /usr/sbin/nologin smbuser1                                   
                                                                                
Add the Samba user:                                                              
sudo smbpasswd -a smbuser1                                               
                                                                                
The passwords of both accounts can differ. When connecting to the share, the password of the Samba user is needed.

Also the shared directory must exist. If it's not existing yet, it can be created via 'sudo mkdir -p /path/to/share1' according to the example above. Make sure that the user has filesystem access to the shared directory.           
                                                                                
Let's start the "smbd" and "nmbd" daemons and try to connect to the share:       
                                                                                
Start the services:                                                              
sudo systemctl restart sernet-samba-smbd                        
sudo systemctl restart sernet-samba-nmbd
                    
                                                                                
Connect to the share using smbclient:                                            
smbclient //FILESRV1/share1 -U smbuser1                                   
                                                                                
Connecting via a Windows and other SMB clients is of course possible as well.

Setting up a SAMBA+ AD domain controller (AD DC)

A domain controller provides the central Active Directory. Make sure to have at least two DCs for failover! Do not use your domain controllers as file servers.

Please install the "sernet-samba-ad" package and its dependencies.

  • Debian/Ubuntu:    apt-get install sernet-samba-ad
  • RHEL/CentOS:       yum install sernet-samba-ad
  • SUSE/Leap:           zypper in sernet-samba-ad

After that, please edit the SAMBA+ configuration file /etc/default/sernet-samba and set the "SAMBA_START_MODE" variable to "ad". Otherwise the 'samba' deamon won't start at all.

Now the domain has to be configured by running 'samba-tool domain provision'. Please enter your realm etc. This step creates the /etc/samba/smb.conf configuration file. Afterwards, the service can be started via the 'systemctl start sernet-samba-ad' command.

 

Setting up a SAMBA+ domain member server

A domain member is part of a domain (domain users and groups are available), authenticates against DCs. A member server is usually used for file or print servers.

TBA – we are continuously expanding the information on this page, please check back later.

 

Setting up a SAMBA+ CTDB cluster node

TBA – we are continuously expanding the information on this page, please check back later.

 
Deutsch English Français