Upgraded Fedora, now Samba trouble: How to properly configure Samba on Fedora Server 32?

Richard T asked:

I replaced my aging server with a new one, a completely new build, (so perhaps "replaced" would be more accurate than "upgraded") but of course I harvested all the old config files, etc, and the only important function I didn’t get going was samba.

I’ve worked at this for many days now and even upgraded today to Fedora Server 5.7.11-200.fc32.x86_64 to be sure there wasn’t some bug now fixed. There were absolutely no installation errors or update errors. And, for what it’s worth, there are a dozen or so samba packages:


I’ve tried to do my homework but I can find no examples of anything helpful in search engines. I’ve tried more configuration file contents than I can even remember – certainly MANY dozens, or a hundred+, depending on how you count. It’s probably not fruitful of our time for me to post a variety of configuration files, but for an example configuration that I was hopeful should work and is intended for Fedora 32, please see the link about that below. However, the old configuration data is found below.

The error message is identical no matter what the config file says – so far at least:

At this time the 'samba' binary should only be used for either:
  'server role = active directory domain controller' or to access the ntvfs file server with 'server services = +smb' or the rpc proxy with 'dcerpc endpoint servers = remote'
  You should start smbd/nmbd/winbindd instead for domain member and standalone file server tasks
[2020/08/02 15:48:33.190413,  0] ../../lib/util/become_daemon.c:121(exit_daemon)
  exit_daemon: daemon failed to start: Samba detected misconfigured 'server role' and exited. Check logs for details, error code 22

Of course, this comes first from the journalctl program, then also, identically, from one of the logs in /var/log/samba/ and after reading every one of them to be sure, there is no further information to be found from there, contrary to the smug suggestion in the message.

The first thing I did was try to figure out what this was trying to say:

You should start smbd/nmbd/winbindd instead for domain member and standalone file server tasks

I’ve followed up, best I can, about smbd, nmbd, and winbindd, but no, these cannot be simply started, as stated, and apparently one needs a PhD to figure out how to deal with them on Fedora – or maybe I just don’t understand what the heck I’m reading, though I’m no newbie. Interestingly, following any boot, there’s two winbind processes:

/usr/sbin/winbindd --foreground --no-process-group

But my clients cannot connect at all. And, best I can figure, that’s for a domain controller we don’t want anyway, and nmdb seems to be a NetBios tool and I have no idea how that helps with serving Linux files to Windows. And as for smbd, YES! That sounds for all the world like what we’ve been using for all these years! BUT… I haven’t found ANYTHING about it – I even asked dnf to install it! No, sorry, it’s ephemeral, unfortunately.

To be clear about that, I thought SURELY smbd was what’s needed, but no, neither of these work:

# systemctl start smbd
Failed to start smbd.service: Unit smbd.service not found.
# dnf install smbd
Last metadata expiration check: 1:27:03 ago on Mon 03 Aug 2020 08:08:24 AM PDT.
No match for argument: smbd
Error: Unable to find a match: smbd

I’d be delighted to try something else along these lines – suggestions welcome! (Notably, I tried to install "samba*" thinking maybe there was a package missing and there was, samba-winexe-2:4.12.5-0.fc32.x86_64, so of course I installed it. systemctl start smbd still did nothing, but there was an image winexe added, but it has no man page and systemctl didn’t do anything with it either. However:

# winexe -h
winexe version 4.12
This program may be freely redistributed under the terms of the GNU GPLv3
Usage: winexe [OPTION]... //HOST[:PORT] COMMAND
  -h, --help                                  Display help message
  -V, --version                               Display version number
  -U, --user=[DOMAIN/]USERNAME[%PASSWORD]     Set the network username
  -A, --authentication-file=FILE              Get the credentials from a file
  -N, --no-pass                               Do not ask for a password
  -k, --kerberos=[yes|no]                     Use Kerberos
  -d, --debuglevel=DEBUGLEVEL                 Set debug level
      --uninstall                             Uninstall winexe service after
                                              remote execution
      --reinstall                             Reinstall winexe service before
                                              remote execution
      --runas=[DOMAIN\]USERNAME%PASSWORD      Run as the given user (BEWARE:
                                              this password is sent in
                                              cleartext over the network!)
      --runas-file=FILE                       Run as user options defined in a
      --interactive=0|1                       Desktop interaction: 0 -
                                              disallow, 1 - allow. If allow,
                                              also use the --system switch
                                              (Windows requirement). Vista
                                              does not support this option.
      --ostype=0|1|2                          OS type: 0 - 32-bit, 1 - 64-bit,
                                              2 - winexe will decide.
                                              Determines which version (32-bit
                                              or 64-bit) of service will be

This is intriguing but I couldn’t figure out what to do with it exactly, what it’s for. So, I moved on.

Then, I focused on the obvious changes one might think could work for "server role", an checked the documentation and spent countless hours searching for a solution to the "server role" problem online. I’ve tried so many variations – not just of "server role" but of entire configuration files – I can’t even recall them all. And, the documentation mostly appears to be very old, but I did think this was current, yet it produced no useful results. I tried hard, but did I overlook something? MAYBE I’m not expert enough in the windows world to know what they’re saying? Can, for example, domain controllers ONLY serve directories like I’m familiar with? I thought that’s exactly what I DON’T want.

In the extensive web searchs, the only thing close can be found here. It’s for Fedora 32 but their example doesn’t work for me – the server won’t start OR give helpful error messages.

What Is Needed Of Samba:

In the 20+ years Samba has been installed here, it has provided perfect services rather like NFS, serving Linux directories to Windows boxes on a local network using the Workgroup paradigm. Domains are NOT helpful and not desired at all, though the printer support was useful. The system must have read and write access, a simple but effective username / password scheme, and honor permissions reasonably well. For maybe 24 years – I’ve lost track – Samba has served that role in this shop. And yes, the systems are all older, like Windows 7, and we don’t care at all about domain controllers – find it rather authoritarian and dictatorial, nothing we want. (Or do we?)

It’s worth adding that this is on an internal-only network and SE linux isn’t an issue – the server won’t even start!

So, does a simple system upgrade end our relationship with Samba – and force us to maybe reconsider windows?! (This is maddening.)


Commenter Michael Hampton wants to see the old config, though I don’t see the pertinence since I’ll run with ANY configuration file that lets the server start and just re-do the configuration the modern way. But, for those like Michale, here you go – first, the system:

Server: 3.19.3-200.fc21.x86_64

Configuration file data – from testparm, which is how you did it back in those days:

        workgroup = OurWorkgroup
        server string = Samba Server Version %v
        log file = /var/log/samba/log.%m
        max log size = 50
        idmap config * : backend = tdb
        cups options = raw

        comment = All Printers
        path = /var/spool/samba
        guest ok = Yes
        printable = Yes
        print ok = Yes
        browseable = No

        path = /opt/samba/Share1
        username = fred clara 
        write list = fred, clara
        read only = No

The little bit you can’t / don’t get from testparm:

security = user
bassdb backend = tdbsam

OK, that’s it – there is nothing else. And I mean NOTHING else in the config file. There’s a lot more stuff in the config file that’s commented out, but, well, it’s commented out!

My answer:

For reasons I don’t quite understand, Fedora named the systemd units that start smbd and nmbd smb and nmb respectively. To manage these services, use systemctl <command> smb (or nmb).

I was able to find the systemd units by inspecting the RPM contents, to wit:

[[email protected] ~]# rpm -ql samba | grep systemd/system

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.