[Samba] Basic server role question

Tom Peters tpeters at mixcom.com
Tue Oct 28 23:44:47 GMT 2008

I have a samba 3.2.3-0.1-1882 server running on Suse SL11.0. It's out of 
the box, just the way YAST builds it.

Pardon the extremely basic level questions here.

The intent for this server is basically just file and print services. (It's 
defined as a BDC, I think, because I didn't do that on a previous install 
and I couldn't get name service (wins) to work right. Wins works great now, 
but I don't know if being a domain controller is the reason. ) I also want 
it to do DHCP and maybe DNS for a small network, but those two will come 

It works now for offering shares and printers, in my limited testing.

I want to define what shares people can access based on who they log in 
as-- if they never get prompted for username/password until they attempt to 
access a resource on this Samba server, that's fine.

First basic question: I get a complaint when I run testparm:
Server's Role (logon server) NOT ADVISED with domain-level security

So I'm wondering if my choice of security model is ill-advised, or if it's 
my choice of role I should be questioning. Actually, I don't remember 
specifying a server role.

Please advise.


My configuration is below.

# Date: 2008-06-06
workgroup = RIVENDELL
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
include = /etc/samba/dhcp.conf
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = L:
usershare allow guests = No
add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s 
/bin/false %m$
domain logons = Yes
domain master = Yes
local master = Yes
netbios name = ASIMOV
os level = 65
passdb backend = smbpasswd:/etc/samba/smbpasswd
preferred master = Yes
security = domain
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
comment = Network Profiles Service
path = %H
read only = No
store dos attributes = Yes
create mask = 0600
directory mask = 0700
comment = All users
path = /home
read only = No
inherit acls = Yes
veto files = /aquota.user/groups/shares/
comment = All groups
path = /home/groups
read only = No
inherit acls = Yes
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @ntadmin root
force group = ntadmin
create mask = 0664
directory mask = 0775
comment = Network Logon Service
path = /var/lib/samba/netlogon
write list = root

268. [Philosophy] "People can and will do things that no one could possibly
believe anyone would do. For examples look at most of human history or the
alt.sex.* hierarchy." --Ken Boucher on human stupidity in sci.nanotech
--... ...--  -.. .  -. ----. --.- --.- -...
tpeters at nospam.mixcom.com   (remove "nospam") N9QQB (amateur radio)
"HEY YOU" (loud shouting)    WEB: http://www.mixweb.com/tpeters
43° 7' 17.2" N by 88° 6' 28.9" W,  Elevation 815',  Grid Square EN53wc
WAN/LAN/Telcom Analyst, Tech Writer, MCP, CCNA, Registered Linux User 385531

More information about the samba mailing list