
Samba の概要

The Samba package provides file and print services to SMB/CIFS clients and Windows networking to Linux clients. Samba can also be configured as a Windows Domain Controller replacement, a file/print server acting as a member of a Windows Active Directory domain and a NetBIOS (RFC1001/1002) nameserver (which among other things provides LAN browsing support).



LFS や依存パッケージが本ブックに示す最新安定バージョンでなかった場合には、BLFS 開発版においては、パッケージのビルドや処理実行が適切に行われないことがあります。


  • ダウンロード (HTTP):

  • ダウンロード MD5 sum: 14552927992a6b663e0bd8b53e6962ec

  • ダウンロードサイズ: 40 MB

  • 必要ディスク容量: 653 MB (add 73 MB for quicktest)

  • 概算ビルド時間: 2.1 SBU (using parallelism=4; add 0.4 SBU for quicktest)

Samba の依存パッケージ


GnuTLS-3.8.2, jansson-2.14, JSON-4.10, libtirpc-1.3.4, Parse-Yapp-1.21, and rpcsvc-proto-1.4.4



Avahi-0.8, BIND-9.18.20, Cups-2.4.7, Cyrus SASL-2.1.28, GDB-14.1, git-2.43.0, GnuPG-2.4.3 (required for ADS and the test suite), libaio-0.3.113, libarchive-3.7.2 (for tar in smbclient), libcap-2.69 with PAM, libgcrypt-1.10.3, libnsl-2.0.1, libunwind-1.6.2, lmdb-0.9.31, Markdown-3.4.1, MIT Kerberos V5-1.21.2, nss-3.96.1, popt-1.19, Talloc-2.4.1 (included), Vala-0.56.14, Valgrind-3.22.0 (optionally used by the test suite), xfsprogs-6.5.0, cmocka, cryptography, ctdb (included), cwrap, dnspython, FAM, Gamin, GlusterFS, Heimdal (included), iso8601, ldb (included), OpenAFS, poetry-core (required for ADS), pyasn1, tevent (included), tdb (included), and tracker-2

Optional (for the Developer Test Suite)

Install in listed order: six-1.16.0, pytest-7.4.3, argparse, testtools, testscenarios, and python-subunit


Samba のインストール

To support the test suite, set up a Python virtual environment for some Python modules out of the scope of BLFS:

python3 -m venv pyvenv &&
./pyvenv/bin/pip3 install cryptography pyasn1 iso8601

以下のコマンドを実行して Samba をビルドします。

PYTHON=$PWD/pyvenv/bin/python3             \
PATH=$PWD/pyvenv/bin:$PATH                 \
./configure                                \
    --prefix=/usr                          \
    --sysconfdir=/etc                      \
    --localstatedir=/var                   \
    --with-piddir=/run/samba               \
    --with-pammodulesdir=/usr/lib/security \
    --enable-fhs                           \
    --without-ad-dc                        \
    --without-systemd                      \
    --enable-selftest                      &&

ビルド結果をテストする場合は、PATH=$PWD/pyvenv/bin:$PATH make quicktest を実行します。 テストスイートの実行により複数行が出力され、あたかもエラーのように見えますが、これは問題ありません。 出力の最後に "ALL OK" と表示されるのでテスト実行が成功したことが分かります。 テストに失敗した場合は ./st/summary を見て確認できます。



Additionally, developer test suites are available. If you've installed the optional python modules above in the Python virtual environment for building this package, you can run these tests with make test. It is not recommended for the average builder at around 290 SBU and over a gigabyte of disk space, and you should expect ~73 errors and ~30 failures from the 3000+ tests.

Fix hard coded paths to Python 3 interpreter:

sed '1s@^.*$@#!/usr/bin/python3@' \
    -i ./bin/default/source4/scripting/bin/*.inst

If upgrading from an old version of samba, as the root user, remove the old Python support files to prevent some issues:

rm -rf /usr/lib/python3.12/site-packages/samba

root ユーザーのまま、以下を実行してパッケージをインストールします。

make install &&

install -v -m644    examples/smb.conf.default /etc/samba &&

sed -e "s;log file =.*;log file = /var/log/samba/%m.log;" \
    -e "s;path = /usr/spool/samba;path = /var/spool/samba;" \
    -i /etc/samba/smb.conf.default &&

mkdir -pv /etc/openldap/schema                        &&

install -v -m644    examples/LDAP/README              \
                    /etc/openldap/schema/README.samba &&

install -v -m644    examples/LDAP/samba*              \
                    /etc/openldap/schema              &&

install -v -m755    examples/LDAP/{get*,ol*} \


--enable-fhs: インストール先とするパスを、ファイルシステム階層標準 (Filesystem Hierarchy Standard; FHS) にならうようにします。

--without-systemd: Disable systemd integration, since it is not built in the System V version of LFS/BLFS.

--with-shared-modules='!vfs_snapper': Disable the vfs_snapper module if you want to build samba without dbus support, for setups without graphical user intefaces.

--without-ad-dc: Disables Active Directory Domain Controller functionality. See Set up a Samba Active Directory Domain Controller for detailed information. Remove this switch if you've installed the Python modules needed for ADS support. Note that BLFS does not provide a samba bootscript or systemd unit for an Active Directory domain controller.

--with-selftest-prefix=SELFTEST_PREFIX: This option specifies the test suite work directory (default=./st).

install -v -m644 examples/LDAP/* /etc/openldap/schema: These commands are used to copy sample Samba schemas to the OpenLDAP schema directory.

install -v -m644 ../examples/smb.conf.default /etc/samba: This copies a default smb.conf file into /etc/samba. This sample configuration will not work until you copy it to /etc/samba/smb.conf and make the appropriate changes for your installation. See the configuration section for minimum values which must be set.

Samba の設定



Printing to SMB Clients

If you use CUPS for print services, and you wish to print to a printer attached to an SMB client, you need to create an SMB backend device. To create the device, issue the following command as the root user:

install -dvm 755 /usr/lib/cups/backend &&
ln -v -sf /usr/bin/smbspool /usr/lib/cups/backend/smb


Due to the complexity and the many various uses for Samba, complete configuration for all the package's capabilities is well beyond the scope of the BLFS book. This section provides instructions to configure the /etc/samba/smb.conf file for two common scenarios. The complete contents of /etc/samba/smb.conf will depend on the purpose of Samba installation.



You may find it easier to copy the configuration parameters shown below into an empty /etc/samba/smb.conf file instead of copying and editing the default file as mentioned in the Command Explanations section. How you create/edit the /etc/samba/smb.conf file will be left up to you. Do ensure the file is only writable by the root user (mode 644).

シナリオ1: Minimal Standalone Client-Only Installation

Choose this variant if you only want to transfer files using smbclient, mount Windows shares and print to Windows printers, and don't want to share your files and printers to Windows machines.

A /etc/samba/smb.conf file with the following three parameters is sufficient:

    workgroup = WORKGROUP
    dos charset = cp850
    unix charset = ISO-8859-1

The values in this example specify that the computer belongs to a Windows workgroup named WORKGROUP, uses the cp850 character set on the wire when talking to MS-DOS and MS Windows 9x, and that the filenames are stored in the ISO-8859-1 encoding on the disk. Adjust these values appropriately for your installation. The unix charset value must be the same as the output of locale charmap when executed with the LANG variable set to your preferred locale, otherwise the ls command may not display correct filenames of downloaded files.

There is no need to run any Samba servers in this scenario, thus you don't need to install the provided bootscripts.

シナリオ2: Standalone File/Print Server

Choose this variant if you want to share your files and printers to Windows machines in your workgroup in addition to the capabilities described in Scenario 1.

In this case, the /etc/samba/smb.conf.default file may be a good template to start from. Also, you should add the dos charset and unix charset parameters to the [global] section as described in Scenario 1 in order to prevent filename corruption. For security reasons, you may wish to define path = /home/alice/shared-files, assuming your user name is alice and you only want to share the files in that directory, instead of your entire home. Then, replace homes by shared-files and change also the comment if used the configuration file below or the /etc/samba/smb.conf.default to create yours.

The following configuration file creates a separate share for each user's home directory and also makes all printers available to Windows machines:

    workgroup = WORKGROUP
    dos charset = cp850
    unix charset = ISO-8859-1

    comment = Home Directories
    browseable = no
    writable = yes

    comment = All Printers
    path = /var/spool/samba
    browseable = no
    guest ok = no
    printable = yes

Other parameters you may wish to customize in the [global] section include:

    server string =
    security =
    hosts allow =
    load printers =
    log file =
    max log size =
    socket options =
    local master =

Reference the comments in the /etc/samba/smb.conf.default file for information regarding these parameters.

Since the smbd and nmbd daemons are needed in this case, install the samba bootscript. Be sure to run smbpasswd (with the -a option to add users) to enable and set passwords for all accounts that need Samba access. Using the default Samba passdb backend, any user you attempt to add will also be required to exist in the /etc/passwd file.

Advanced Requirements

More complex scenarios involving domain control or membership are possible. Such setups are advanced topics and cannot be adequately covered in BLFS. Many complete books have been written on these topics alone. Note that in some domain membership scenarios, the winbindd daemon and the corresponding bootscript are needed.

Guest account

The default Samba installation uses the nobody user for guest access to the server. This can be overridden by setting the guest account = parameter in the /etc/samba/smb.conf file. If you utilize the guest account = parameter, ensure this user exists in the /etc/passwd file.

Boot Script

For your convenience, boot scripts have been provided for Samba. There are two included in the blfs-bootscripts-20231119 package. The first, samba, will start the smbd and nmbd daemons needed to provide SMB/CIFS services. The second script, winbind, starts the winbindd daemon, used for providing Windows domain services to Linux clients.

make install-samba
make install-winbindd


Installed Programs: cifsdd, dbwrap_tool, dumpmscat, eventlogadm, gentest, ldbadd, ldbdel, ldbedit, ldbmodify, ldbrename, ldbsearch, locktest, masktest, mdsearch, mvxattr, ndrdump, net, nmbd, nmblookup, ntlm_auth, oLschema2ldif, pdbedit, profiles, regdiff, regpatch, regshell, regtree, rpcclient, samba-log-parser, samba-gpupdate, samba-regedit, samba-tool, sharesec, smbcacls, smbclient, smbcontrol, smbcquotas, smbd, smbget, smbpasswd, smbspool, smbstatus, smbtar, smbtorture, smbtree, tdbbackup, tdbdump, tdbrestore, tdbtool, testparm, wbinfo, and winbindd
Installed Libraries:,,,,,,,,,,,,,,,,,,,,,,, and filesystem and support modules under /usr/lib/{python3.12,samba}
Installed Directories: /etc/samba, /run/samba, /usr/include/samba-4.0, /usr/lib/python3.12/site-packages/samba, /usr/{lib,libexec,share}/samba, and /var/{cache,lib,lock,log,run}/samba

Short Descriptions


is the dd command for SMB


is used to read and manipulate TDB/CTDB databases using the dbwrap interface


dumps the content of MS catalog files


is used to write records to eventlogs from STDIN, add the specified source and DLL eventlog registry entries and display the active eventlog names (from smb.conf)


is used to run random generic SMB operations against two SMB servers and show the differences in behavior


is a command-line utility for adding records to an LDB database


is a command-line utility for deleting LDB database records


allows you to edit LDB databases using your preferred editor


allows you to modify records in an LDB database


allows you to rename LDB databases


searches an LDB database for records matching a specified expression


is used to find differences in locking between two SMB servers


is used to find differences in wildcard matching between Samba's implementation and that of a remote server


runs Spotlight searches against a SMB server


is used to recursively rename extended attributes


is a DCE/RPC Packet Parser and Dumper


is a tool for administration of Samba and remote CIFS servers, similar to the net utility for DOS/Windows


is the Samba NetBIOS name server


is used to query NetBIOS names and map them to IP addresses


is a tool to allow external access to Winbind's NTLM authentication function


converts LDAP schema's to LDB-compatible LDIF


is a tool used to manage the SAM database


is a utility that reports and changes SIDs in Windows registry files


is a Diff program for Windows registry files


applies registry patches to registry files


is a Windows registry file browser using readline


is a text-mode registry viewer


is used to execute MS-RPC client side functions


parses winbind logs generated by Samba


allows you to edit Microsoft Group Policy Objects (GPOs)


is a ncurses based tool to manage the Samba registry


is the main Samba administration tool


manipulates share ACL permissions on SMB file shares


is used to manipulate Windows NT access control lists


is a SMB/CIFS access utility, similar to FTP


is used to control running smbd, nmbd and winbindd daemons


is used to manipulate Windows NT quotas on SMB file shares


is the main Samba daemon which provides SMB/CIFS services to clients


is a simple utility with wget-like semantics, that can download files from SMB servers. You can specify the files you would like to download on the command-line


changes a user's Samba password


sends a print job to a SMB printer


reports current Samba connections


is a shell script used for backing up SMB/CIFS shares directly to Linux tape drives or to a file


is a test suite that runs several tests against a SMB server


is a text-based SMB network browser


is a tool for backing up or validating the integrity of Samba .tdb files


is a tool used to print the contents of a Samba .tdb file


is a tool for creating a Samba .tdb file out of a ntdbdump


is a tool which allows simple database manipulation from the command line


checks a smb.conf file for proper syntax


queries a running winbindd daemon


resolves names from Windows NT servers

provides Name Service Switch API functions for resolving names from NT servers

provides API functions for Samba's implementation of the Windows Internet Naming Service

provides API functions for the administration tools used for Samba and remote CIFS servers

provides API functions for the Samba SMB client tools

provides API functions for Windows domain client services