This option determines the basic operating mode of a Samba
server and is one of the most important settings in the smb.conf file.
The default is server role = auto, as causes
Samba to operate according to the setting, or if not
specified as a simple file server that is not connected to any domain.
The alternatives are
server role = standalone or server role = member server
, which support joining Samba to a Windows domain, along with server role = domain controller, which run Samba as a Windows domain controller.
You should use server role = standalone and
if you
want to mainly setup shares without a password (guest shares). This
is commonly used for a shared printer server.
SERVER ROLE = AUTO
This is the default server role in Samba, and causes Samba to consult
the parameter (if set) to determine the server role, giving compatible behaviours to previous Samba versions.
SERVER ROLE = STANDALONE
If is also not specified, this is the default security setting in Samba.
In standalone operation, a client must first "log-on" with a
valid username and password (which can be mapped using the
parameter) stored on this machine. Encrypted passwords (see the parameter) are by default
used in this security mode. Parameters such as and if set are then applied and
may change the UNIX user to use on this connection, but only after
the user has been successfully authenticated.
SERVER ROLE = MEMBER SERVER
This mode will only work correctly if net
8 has been used to add this
machine into a Windows Domain. It expects the
parameter to be set to yes. In this
mode Samba will try to validate the username/password by passing
it to a Windows or Samba Domain Controller, in exactly
the same way that a Windows Server would do.
Note that a valid UNIX user must still
exist as well as the account on the Domain Controller to allow
Samba to have a valid UNIX account to map file access to. Winbind can provide this.
SERVER ROLE = CLASSIC PRIMARY DOMAIN CONTROLLER
This mode of operation runs a classic Samba primary domain
controller, providing domain logon services to Windows and Samba
clients of an NT4-like domain. Clients must be joined to the domain to
create a secure, trusted path across the network. There must be
only one PDC per NetBIOS scope (typically a broadcast network or
clients served by a single WINS server).
SERVER ROLE = CLASSIC BACKUP DOMAIN CONTROLLER
This mode of operation runs a classic Samba backup domain
controller, providing domain logon services to Windows and Samba
clients of an NT4-like domain. As a BDC, this allows
multiple Samba servers to provide redundant logon services to a
single NetBIOS scope.
SERVER ROLE = ACTIVE DIRECTORY DOMAIN CONTROLLER
This mode of operation runs Samba as an active directory
domain controller, providing domain logon services to Windows and
Samba clients of the domain. This role requires special
configuration, see the Samba4
HOWTO
SERVER ROLE = IPA DOMAIN CONTROLLER
This mode of operation runs Samba in a hybrid mode for IPA
domain controller, providing forest trust to Active Directory.
This role requires special configuration performed by IPA installers
and should not be used manually by any administrator.
security
realm
encrypt passwords
AUTO
ACTIVE DIRECTORY DOMAIN CONTROLLER