Samba4 has a number of new server roles, lets talk about what they do. Also, keep in mind that if you want to change the role it's a good idea to re-provision.


This makes your Samba4 server behave based on the configuration of the security setting. The security setting will be interpreted as it was in Samba3. The options are: auto, user, domain, ads

# provision \
    --domain=edoceo.lan \
    --adminpass=t00_easy \
    --server-role=auto \
    --use-ntvfs \

We still got errors in the logs, like this:

task_server_terminate: [Cannot start Winbind (standalone configuration): Failed to find record for BORON in /var/lib/samba/private/secrets.ldb: No such object: (null): Have you provisioned this server (BORON) or changed it's name?]

But it

standalone | standalone server

This one can run by itself or it can join and participate a Windows Domain. This option also can be used with map to guest to create an open file and print server.

member | member server

This one must be joined into an existing Windows Domain (which could also be Samba3 or Samba4 based). Need to have the encrypted passwords = yes, can map with Winbind.

classic primary domain controller

Run Samba4 like it's a NT4/Samba3 Domain Controller.

netbios backup domain controller

Runs a classic Samba backup domain controller, providing domain logon services to Windows and Samba clients of an NT4-like domain. Useful for a redundant logon service.

active directory domain controller | domain controller | dc

The big-daddy, Active Directory Domain Controller providing logon services for WindowsXP through Windows8.

# provision \
    --domain=edoceo \
    --realm=edoceo.lan \
    --adminpass='Pass1234' \
    --server-role=dc \
    --dns-backend=NONE \