Samba Server Roles

The following sections give an overview of different roles you can configure for a Samba server.

Standalone

You can configure the Samba server role as a standalone server in small networks, such as peer-to-peer workgroups, where the server isn't required to be part of a domain.

To provide a Windows user with authenticated access to a share on a standalone server, you create the following accounts on the Samba server:

  • A Local Linux Account

    The local Linux account is required to validate access to local file system objects.

  • A Samba Account

    In a standalone configuration, Samba authenticates users to a local database rather than a domain controller. You use the Samba smbpasswd command to create such accounts.

In addition to authenticated access, you can also enable guest access for users to connect to some services without authentication.

Domain Member of an Active Directory Domain

Note:

Oracle Linux doesn't support running Samba as an AD domain controller (DC)

You configure a Samba server's role to be a domain member of an Active Directory (AD) domain when you need to set up Samba shares in an AD domain network.

The Samba AD domain member setup requires the following:

  • Installation of Kerberos

    The Samba server uses Kerberos to authenticate Windows AD users against the domain controller.

  • Installation of the winbind service

    The winbind service provides information about Windows AD users and groups to the Linux OS. Hence, when a Samba server is configured as an AD member, you don't need to manually create local Linux users and groups for authenticated access to the Samba shares.

  • Configuration of ID Mapping Backends

    Samba provides various ID mapping methods, referred to as backends, that can be configured to map each Linux GID and UID to its corresponding Windows SID. You choose which backends you want to use and configure them in the /etc/samba/smb.conf file.

    See ID Mapping Backends in the Active Domain Member Setup