Introduction to Samba

The Samba package provides file and print services to SMB/CIFS clients and Windows networking to Linux clients. Samba can also be configured as a Windows NT 4.0 Domain Controller replacement (with caveats working with NT PDC's and BDC's), a file/print server acting as a member of a Windows NT 4.0 or Active Directory domain and a NetBIOS (rfc1001/1002) nameserver (which amongst other things provides LAN browsing support).

Package information

Installation of Samba

Install Samba by running the following commands:

cd source &&
install -d /var/cache/samba &&
./configure \
    --prefix=/usr \
    --sysconfdir=/etc \
    --localstatedir=/var \
    --with-piddir=/var/run \
    --with-fhs \
    --with-smbmount &&

Now, as the root user:

make install &&
mv /usr/lib/samba/ /usr/lib &&
ln -sf ../ /usr/lib/samba &&
chmod 644 /usr/include/libsmbclient.h \
          /usr/lib/samba/libsmbclient.a &&
install -m755 nsswitch/libnss_win{s,bind}.so /lib &&
ln -sf /lib/ &&
ln -sf /lib/ &&
cp ../examples/smb.conf.default /etc/samba &&
install -m644 ../docs/*.pdf /usr/share/samba &&
if [ -f nsswitch/ ]; then 
    install -m755 nsswitch/ /lib/security


You may want to run configure with the --help parameter. There may be other parameters needed to take advantage of the optional dependencies.

Command explanations

install -d /var/cache/samba: This directory is needed for proper operation of the smbd and nmbd daemons.

--sysconfdir=/etc: Sets the configuration file directory to avoid the default of /usr/etc.

--localstatedir=/var: Sets the variable data directory to avoid the default of /usr/var.

--with-fhs: Assigns all other file paths in a manner compliant with the Filesystem Hierarchy Standard (FHS).

--with-smbmount: Orders the creation of an extra binary for use by the mount command so that mounting remote SMB (Windows) shares becomes no more complex than mounting remote NFS shares.

--with-pam: Use this parameter to link Linux-PAM into the build. This also builds the PAM module. You can find instructions on how to configure and use the module by running man winbindd.

mv /usr/lib/samba/ ...; ln -sf ../ ...: The library is needed by other packages. This command moves it to a location where other packages can find it.

install -m755 nsswitch/libnss_win{s,bind}.so /lib: The nss libraries are not installed by default. If you intend to use winbindd for domain auth, and/or WINS name resolution, you need these libraries.

ln -sf /lib/ and ln -sf /lib/ These symlinks are required by glibc to use the nss libraries.

cp ../examples/smb.conf.default /etc/samba: This copies a default smb.conf into /etc/samba. This sample configuration will not work unless edited for your site, and renamed smb.conf.

Configuring Samba

Config files


Configuration overview and available documentation

Due to the complexity and the many various uses for Samba, complete configuration is well beyond the scope of the BLFS book. Advanced configurations including setting up Primary and Backup Domain Controllers are advanced topics and cannot be adequately covered in BLFS (it should be noted, however, that a Samba BDC cannot be used as a fallback for a Windows PDC, and conversely, a Windows BDC cannot be used as a fallback for a Samba PDC). Many complete books have been written on these topics alone.

There is quite a bit of documentation available which covers many of these advanced configurations. Point your web browser to the links below to view some of the documentation included with the Samba package:

Configuring SWAT

The built in SWAT (Samba Web Administration Tool) utility can be used for basic configuration of the Samba installation, but because it may be inconvenient, undesireable or perhaps even impossible to gain access to the console, BLFS recommends setting up access to SWAT using Stunnel.

First you must add entries to /etc/services and modify the inetd/xinetd configuration.

Add swat and swat_tunnel entries to /etc/services with the following commands issued as the root user:

echo "swat            901/tcp" >> /etc/services &&
echo "swat_tunnel     902/tcp" >> /etc/services

If inetd is used, the following command will add the swat_tunnel entry to /etc/inetd.conf (as user root):

echo "swat_tunnel stream tcp nowait.400 root /usr/sbin/swat swat" \
    >> /etc/inetd.conf

Issue a killall -HUP inetd to reread the changed inetd.conf file.

If xinetd is used, the following command issued as the root user will add the swat_tunnel entry to /etc/xinetd.conf (you may need to modify or remove the “only_from” line to include the desired host[s]):

cat >> /etc/xinetd.conf << "EOF"
service swat_tunnel
    port            = 902
    socket_type     = stream
    wait            = no
    only_from       =
    user            = root
    server          = /usr/sbin/swat
    log_on_failure  += USERID

Issue a killall -HUP xinetd to reread the changed xinetd.conf file.

Next, you must add an entry for the swat service to the /etc/stunnel/stunnel.conf file (as user root):

cat >> /etc/stunnel/stunnel.conf << "EOF"
accept  = 901
connect = 902


Restart the stunnel daemon using the following command as the root user:

/etc/rc.d/init.d/stunnel restart

SWAT can be launched by pointing your web browser to https://[CA_DN_field]:901. Substitute the hostname listed in the DN field of the CA certificate used with Stunnel for [CA_DN_field].



If you linked Linux-PAM into the Samba build, you'll need to create an /etc/pam.d/samba file.

Printing to SMB clients

If you use CUPS for print services, and you wish to print to a printer attached to an SMB client, you need to create an SMB backend device. To create the device, issue the following command as the root user:

ln -sf /usr/bin/smbspool /usr/lib/cups/backend/smb

Installing bootscripts

For your convenience, boot scripts have been provided for Samba. There are two included in the blfs-bootscripts-6.0 package. The first, samba, will start the smbd and nmbd daemons needed to provide SMB/CIFS services. The second script, winbind, starts the winbindd daemon, used for providing Windows domain services to Linux clients.

Install the samba script with the following command issued as the root user:

make install-samba

If you also need the winbind script:

make install-winbind


Installed Programs: findsmb, mount.smbfs, net, nmbd, nmblookup, ntlm_auth, pdbedit, profiles, rpcclient, smbcacls, smbclient, smbcontrol, smbcquotas, smbd, smbmnt, smbmount, smbpasswd, smbspool, smbstatus, smbtar, smbtree, smbumount, swat, tdbbackup, tdbdump, tdbtool, testparm, testprns, wbinfo and winbindd
Installed Libraries:,, libsmbclient.[so,a], the PAM library and assorted character set, filesystem and support modules.
Installed Directories: /etc/samba, /usr/lib/samba, /usr/share/samba, /var/cache/samba and /var/lib/samba

Short Descriptions


lists information about machines that respond to SMB name queries on a subnet.


is a symlink to mountsmb which provides /bin/mount with a way to mount remote Windows (or Samba) fileshares.


is a tool for administration of Samba and remote CIFS servers, similar to the net utility for DOS/Windows.


is the Samba NetBIOS name server.


is used to query NetBIOS names and map them to IP addresses.


is a tool to allow external access to Winbind's NTLM authentication function.


is a tool used to manage the SAM database.


is a utility that reports and changes SIDs in Windows registry files. It currently only supports Windows NT.


is used to execute MS-RPC client side functions.


is used to manipulate Windows NT access control lists.


is a SMB/CIFS access utility, similar to FTP.


is used to control running smbd, nmbd and winbindd daemons.


is used to manipulate Windows NT quotas on SMB file shares.


is the main Samba daemon which provides SMB/CIFS services to clients.


is a helper application used by the smbmount program to do the actual mounting of SMB shares. It can be installed setuid root if you want normal users to be able to mount their SMB shares.


is usually invoked as mount.smbfs by the mount command when using the -t smbfs option, mounts a Linux SMB filesystem.


changes a user's Samba password.


sends a print job to an SMB printer.


reports current Samba connections.


is a shell script used for backing up SMB/CIFS shares directly to Linux tape drives or a file.


is a text-based SMB network browser.


is used by normal users to unmount SMB filesystems, provided that it is setuid root.


is the Samba Web Administration Tool.


is a tool for backing up or validating the integrity of Samba .tdb files.


is a tool used to print the contents of a Samba .tdb file.


is a tool which allows simple database manipulation from the command line.


checks an smb.conf file for proper syntax.


tests printer names.


queries a running winbindd daemon.


resolves names from Windows NT servers.

Last updated on 2005-02-26 18:29:26 -0700