[PATCH] Remove 'server role' lines from default smb.conf

Rowland Penny repenny241155 at gmail.com
Thu Aug 20 09:12:42 UTC 2015

On 19/08/15 22:51, Andrew Bartlett wrote:
> On Wed, 2015-08-19 at 19:45 +0100, Rowland Penny wrote:
>> HI, Samba ships a default smb.conf, this contains lines referring to
>> the
>> server role and a default line 'server role = standalone server'.
>> In 'man smb.conf', there is this about 'server role':
>>               This option determines the basic operating mode of a
>> Samba
>> server
>>              and is one of the most important settings in the smb.conf
>> file.
>>              The default is server role = auto, as causes Samba to
>> operate
>>              according to the security setting, or if not specified as
>> a
>> simple
>>              file server that is not connected to any domain.
>> I do not think 'server role' should be set anywhere except on an AD
>> DC,
>> the attached patch removes the lines.
> The behaviour described is there to ensure that we work with old
> smb.conf files before this was specified.
> This new parameter was added to make it easier to set up all types of
> servers, including standalone servers, and that is why we give it as
> the suggested starting point in the example.
> The old system is just an insane matrix of boolens that have no meaning
> in themselves.  Parameters like 'security', 'domain master', and
> 'domain logons' have a meaning, but I added 'server role' so
> administrators specify the desired outcome, not the method.
> Thanks,
> Andrew Bartlett

In which case it is at odds with the smb.conf manpage.
As you say, administrators should specify the desired outcome, but the 
manpage gives these as possible values:

standalone server
member server
classic primary domain controller
classic backup domain controller

If you run 'samba-tool domain provision --help' amongst the output is this:

--server-role=ROLE    The server role (domain controller | dc | member
                         server | member | standalone). Default is dc.

Hmm, two from the first list are also in the output from samba-tool and 
if you read the Samba wikipage:


You will find this:

_Server Role:_ 'dc' for Domain Controller, do not use anything else, 
none of the other options are working at present.

Now, as is well known, people either don't read the wiki or only read it 
after something goes wrong, I do not think that Samba should ship a 
default smb.conf that could potentially lead to problems.


More information about the samba-technical mailing list