Samba Server Roles
The following sections give an overview of different roles you can configure for a Samba server.
Standalone
You can configure the Samba server role as a standalone server in small networks, such as peer-to-peer workgroups, where the server isn't required to be part of a domain.
To provide a Windows user with authenticated access to a share on a standalone server, you create the following accounts on the Samba server:
-
A Local Linux Account
The local Linux account is required to validate access to local file system objects.
-
A Samba Account
In a standalone configuration, Samba authenticates users to a local database rather than a domain controller. You use the Samba
smbpasswd
command to create such accounts.
In addition to authenticated access, you can also enable guest access for users to connect to some services without authentication.
Domain Member of an Active Directory Domain
Note:
Oracle Linux doesn't support running Samba as an AD domain controller (DC)
You configure a Samba server's role to be a domain member of an Active Directory (AD) domain when you need to set up Samba shares in an AD domain network.
The Samba AD domain member setup requires the following:
-
Installation of
Kerberos
The Samba server uses
Kerberos
to authenticate Windows AD users against the domain controller. -
Installation of the
winbind
serviceThe
winbind
service provides information about Windows AD users and groups to the Linux OS. Hence, when a Samba server is configured as an AD member, you don't need to manually create local Linux users and groups for authenticated access to the Samba shares. -
Configuration of ID Mapping Backends
Samba provides various ID mapping methods, referred to as backends, that can be configured to map each Linux
GID
andUID
to its corresponding WindowsSID
. You choose which backends you want to use and configure them in the/etc/samba/smb.conf
file.