Contents of /tags/samba-3_0_23c-r1/samba/smb.conf
Parent Directory | Revision Log
Revision 159 -
(show annotations)
(download)
Tue May 8 20:53:02 2007 UTC (17 years, 4 months ago) by (unknown author)
File size: 16546 byte(s)
Tue May 8 20:53:02 2007 UTC (17 years, 4 months ago) by (unknown author)
File size: 16546 byte(s)
This commit was manufactured by cvs2svn to create tag 'samba-3_0_23c-r1'.
1 | # This is the main Samba configuration file. You should read the |
2 | # smb.conf(5) manual page in order to understand the options listed |
3 | # here. Samba has a huge number of configurable options (perhaps too |
4 | # many!) most of which are not shown in this example |
5 | # |
6 | # Any line which starts with a ; (semi-colon) or a # (hash) |
7 | # is a comment and is ignored. In this example we will use a # |
8 | # for commentry and a ; for parts of the config file that you |
9 | # may wish to enable |
10 | # |
11 | # NOTE: Whenever you modify this file you should run the command "testparm" |
12 | # to check that you have not many any basic syntactic errors. |
13 | # |
14 | #======================= Global Settings ===================================== |
15 | [global] |
16 | |
17 | ## |
18 | ## Basic Server Settings |
19 | ## |
20 | |
21 | # workgroup = NT-Domain-Name or Workgroup-Name |
22 | workgroup = WORKGROUP |
23 | |
24 | # server string is the equivalent of the NT Description field |
25 | server string = Samba Server |
26 | |
27 | # netbios name is the name you will see in "Network Neighbourhood", |
28 | # but defaults to your hostname |
29 | ; netbios name = <name_of_this_server> |
30 | |
31 | # This option is important for security. It allows you to restrict |
32 | # connections to machines which are on your local network. The |
33 | # following example restricts access to two C class networks and |
34 | # the "loopback" interface. For more examples of the syntax see |
35 | # the smb.conf man page |
36 | ; hosts allow = 192.168.1. 192.168.2.0./24 192.168.3.0/255.255.255.0 127.0.0.1 |
37 | |
38 | # Uncomment this if you want a guest account, you must add this to /etc/passwd |
39 | # otherwise the user "nobody" is used |
40 | ; guest account = pcguest |
41 | |
42 | # this tells Samba to use a separate log file for each machine |
43 | # that connects |
44 | log file = /var/log/samba/log.%m |
45 | |
46 | # How much information do you want to see in the logs? |
47 | # default is only to log critical messages |
48 | ; log level = 3 |
49 | |
50 | # Put a capping on the size of the log files (in Kb). |
51 | max log size = 50 |
52 | |
53 | # Security mode. Most people will want user level security. See |
54 | # security_level.txt for details. |
55 | security = user |
56 | |
57 | # Using the following line enables you to customise your configuration |
58 | # on a per machine basis. The %m gets replaced with the netbios name |
59 | # of the machine that is connecting. |
60 | ; include = /etc/samba/smb.conf.%m |
61 | |
62 | # Most people will find that this option gives better performance. |
63 | # See speed.txt and the manual pages for details |
64 | socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 |
65 | |
66 | # Configure Samba to use multiple interfaces |
67 | # If you have multiple network interfaces and want to limit smbd will |
68 | # use, list the ones desired here. Otherwise smbd & nmbd will bind to all |
69 | # active interfaces on the system. See the man page for details. |
70 | ; interfaces = 192.168.12.2/24 192.168.13.2/24 |
71 | |
72 | # Should smbd report that it has MS-DFS Capabilities? Only available |
73 | # if --with-msdfs was passed to ./configure |
74 | ; host msdfs = yes |
75 | |
76 | ## |
77 | ## Network Browsing |
78 | ## |
79 | # set local master to no if you don't want Samba to become a master |
80 | # browser on your network. Otherwise the normal election rules apply |
81 | ; local master = no |
82 | |
83 | # OS Level determines the precedence of this server in master browser |
84 | # elections. The default value (33) should be reasonable |
85 | ; os level = 33 |
86 | |
87 | # Domain Master specifies Samba to be the Domain Master Browser. This |
88 | # allows Samba to collate browse lists between subnets. Don't use this |
89 | # if you already have a Windows NT domain controller doing this job |
90 | ; domain master = yes |
91 | |
92 | # Preferred Master causes Samba to force a local browser election on startup |
93 | # and gives it a slightly higher chance of winning the election |
94 | ; preferred master = yes |
95 | |
96 | |
97 | ## |
98 | ## WINS & Name Resolution |
99 | ## |
100 | # All NetBIOS names must be resolved to IP Addresses |
101 | # 'Name Resolve Order' allows the named resolution mechanism to be specified |
102 | # the default order is "host lmhosts wins bcast". "host" means use the unix |
103 | # system gethostbyname() function call that will use either /etc/hosts OR |
104 | # DNS or NIS depending on the settings of /etc/host.config, /etc/nsswitch.conf |
105 | # and the /etc/resolv.conf file. "host" therefore is system configuration |
106 | # dependant. This parameter is most often of use to prevent DNS lookups |
107 | # in order to resolve NetBIOS names to IP Addresses. Use with care! |
108 | # The example below excludes use of name resolution for machines that are NOT |
109 | # on the local network segment |
110 | # - OR - are not deliberately to be known via lmhosts or via WINS. |
111 | ; name resolve order = wins lmhosts bcast |
112 | |
113 | # Windows Internet Name Serving Support Section: |
114 | # WINS Support - Tells the NMBD component of Samba to enable it's WINS Server |
115 | ; wins support = yes |
116 | |
117 | # WINS Server - Tells the NMBD components of Samba to be a WINS Client |
118 | # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both |
119 | ; wins server = w.x.y.z |
120 | |
121 | # WINS Proxy - Tells Samba to answer name resolution queries on |
122 | # behalf of a non WINS capable client, for this to work there must be |
123 | # at least one WINS Server on the network. The default is NO. |
124 | ; wins proxy = yes |
125 | |
126 | # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names |
127 | # via DNS nslookups. |
128 | dns proxy = no |
129 | |
130 | |
131 | ## |
132 | ## Passwords & Authentication |
133 | ## |
134 | # Use password server option only with security = server |
135 | # The argument list may include: |
136 | # password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name] |
137 | # or to auto-locate the domain controller/s |
138 | # When using security = domain, you should use password server = * |
139 | ; password server = * |
140 | ; password server = <NT-Server-Name> |
141 | |
142 | # You may wish to use password encryption. Please read |
143 | # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. |
144 | # Do not enable this option unless you have read those documents |
145 | # Encrypted passwords are required to samba in a Windows NT domain |
146 | encrypt passwords = yes |
147 | |
148 | # The smbpasswd file is only required by a server doing authentication, thus |
149 | # members of a domain do not need one. |
150 | smb passwd file = /var/lib/samba/private/smbpasswd |
151 | |
152 | # Should smbd obey the session and account lines in /etc/pam.d/samba ? |
153 | # only available if --with-pam was used at compile time |
154 | ; obey pam restrictions = yes |
155 | |
156 | # When using encrypted passwords, Samba can synchronize the local |
157 | # UNIX password as well. You will also need the "passwd chat" parameters |
158 | ; unix password sync = yes |
159 | |
160 | # how should smbd talk to the local system when changing a UNIX |
161 | # password? See smb.conf(5) for details |
162 | # NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above. |
163 | # NOTE2: You do NOT need these to allow workstations to change only |
164 | # the encrypted SMB passwords. They allow the Unix password |
165 | # to be kept in sync with the SMB password. |
166 | # passwd chat = <custom chat string> |
167 | ; unix password sync = Yes |
168 | ; passwd program = /usr/bin/passwd %u |
169 | ; passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n |
170 | ;*passwd:*all*authentication*tokens*updated*successfully* |
171 | |
172 | |
173 | # This is only available if you compiled Samba to include --with-pam |
174 | # Use PAM for changing the password |
175 | ; pam password change = yes |
176 | |
177 | # Unix users can map to different SMB User names |
178 | ; username map = /etc/samba/smbusers |
179 | |
180 | |
181 | ## |
182 | ## Domain Control |
183 | ## |
184 | # Enable this if you want Samba act as a domain controller. |
185 | # make sure you have read the Samba-PDC-HOWTO included in the documentation |
186 | # before enabling this parameter |
187 | ; domain logons = yes |
188 | |
189 | # if you enable domain logons then you may want a per-machine or |
190 | # per user logon script |
191 | # run a specific logon batch file per workstation (machine) |
192 | ; logon script = %m.bat |
193 | # run a specific logon batch file per username |
194 | ; logon script = %U.bat |
195 | |
196 | # Where to store roving profiles (only for Win95 and WinNT) |
197 | # %L substitutes for this servers netbios name, %U is username |
198 | # You must uncomment the [Profiles] share below |
199 | ; logon path = \\%L\Profiles\%U |
200 | |
201 | # UNC path specifying the network location of the user's home directory |
202 | # only used when acting as a DC for WinNT/2k/XP. Ignored by Win9x clients |
203 | ; logon home = \\%L\%U\.profile |
204 | |
205 | # The add user script is used by a domain member to add local user accounts |
206 | # that have been authenticated by the domain controller, or by the domain |
207 | # controller to add local machine accounts when adding machines to the domain. |
208 | # The script must work from the command line when replacing the macros, |
209 | # or the operation will fail. Check that groups exist if forcing a group. |
210 | # Script for domain controller for adding machines: |
211 | ; add user script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine Accoun$ |
212 | # Script for domain member for adding local accounts for authenticated users: |
213 | ; add user script = /usr/sbin/useradd -s /bin/false %u |
214 | |
215 | # These scripts are used on a domain controller or stand-alone |
216 | # machine to add or delete corresponding unix accounts |
217 | ; add user script = /usr/sbin/useradd %u |
218 | ; add group script = /usr/sbin/groupadd %g |
219 | ; add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u |
220 | ; delete user script = /usr/sbin/userdel %u |
221 | ; delete user from group script = /usr/sbin/deluser %u %g |
222 | ; delete group script = /usr/sbin/groupdel %g |
223 | |
224 | # domain admin group is a list of unix users or groups who are made members |
225 | # of the Domain Admin group |
226 | ; domain admin group = root @wheel |
227 | # |
228 | # domain guest groups is a list of unix users or groups who are made members |
229 | # of the Domain Guests group |
230 | ; domain guest group = nobody @guest |
231 | |
232 | # What drive should the "logon home" be mounted at upon login ? |
233 | # only used when acting as a DC for WinNT/2k/XP. Ignored by Win9x clients |
234 | ; logon drive = H: |
235 | |
236 | ## |
237 | ## Printing |
238 | ## |
239 | |
240 | # If you want to automatically load your printer list rather |
241 | # than setting them up individually then you'll need this |
242 | load printers = yes |
243 | |
244 | # you may wish to override the location of the printcap file |
245 | # cups printing is the default |
246 | printcap name = lpstat |
247 | |
248 | # It should not be necessary to specify the print system type unless |
249 | # it is non-standard. Currently supported print systems include: |
250 | # bsd, sysv, plp, lprng, aix, hpux, qnxm, cups |
251 | printing = cups |
252 | |
253 | # list of users and groups which should be able to remotely manage |
254 | # printer drivers installed on the server |
255 | # printer admin = @<group> <user> |
256 | ; printer admin = @adm |
257 | |
258 | |
259 | ## |
260 | ## Winbind |
261 | ## |
262 | |
263 | # specify the uid range which can be used by winbindd |
264 | # to allocate uids for Windows users as necessary |
265 | ; winbind uid = 10000-20000 |
266 | |
267 | # specify the uid range which can be used by winbindd |
268 | # to allocate uids for Windows users as necessary |
269 | ; winbind gid = 10000-20000 |
270 | |
271 | # Define a home directory to be given to passwd(5) style entries |
272 | # generated by libnss_winbind.so. You can use variables here |
273 | ; winbind template homedir = /home/%D/%U |
274 | |
275 | # Specify a shell for all winbind user entries return by the |
276 | # libnss_winbind.so library. |
277 | ; winbind template shell = /bin/bash |
278 | |
279 | # What character should be used to separate the DOMAIN and Username |
280 | # for a Windows user. The default is DOMAIN\user, but many people |
281 | # prefer DOMAIN+user |
282 | ; winbind separator = + |
283 | |
284 | |
285 | |
286 | ### |
287 | ### File Naming |
288 | ### |
289 | # Case Preservation can be handy - system default is _no_ |
290 | # NOTE: These can be set on a per share basis |
291 | ; preserve case = no |
292 | ; short preserve case = no |
293 | # Default case is normally upper case for all DOS files |
294 | ; default case = lower |
295 | # Be very careful with case sensitivity - it can break things! |
296 | ; case sensitive = no |
297 | |
298 | # you can match a Windows code page with a UNIX character set. |
299 | # Windows: 437 (US), 737 (GREEK), 850 (Latin1 - Western European), |
300 | # 852 (Eastern Eu.), 861 (Icelandic), 932 (Cyrillic - Russian), |
301 | # 936 (Japanese - Shift-JIS), 936 (Simpl. Chinese), 949 (Korean Hangul), |
302 | # 950 (Trad. Chin.). |
303 | # UNIX: ISO8859-1 (Western European), ISO8859-2 (Eastern Eu.), |
304 | # ISO8859-5 (Russian Cyrillic), KOI8-R (Alt-Russ. Cyril.) |
305 | # This is an example for french users: |
306 | ; client code page = 850 |
307 | ; character set = ISO8859-1 |
308 | |
309 | #============================ Share Definitions ============================== |
310 | [homes] |
311 | comment = Home Directories |
312 | browseable = no |
313 | writable = yes |
314 | |
315 | # Un-comment the following and create the netlogon directory for Domain Logons |
316 | ; [netlogon] |
317 | ; comment = Network Logon Service |
318 | ; path = /var/lib/samba/netlogon |
319 | ; guest ok = yes |
320 | ; writable = no |
321 | ; share modes = no |
322 | |
323 | |
324 | # Un-comment the following to provide a specific roving profile share |
325 | # the default is to use the user's home directory |
326 | ;[Profiles] |
327 | ; path = /var/lib/samba/profiles |
328 | ; browseable = no |
329 | ; guest ok = yes |
330 | |
331 | |
332 | # NOTE: If you have a CUPS or BSD-style print system there is no need to |
333 | # specifically define each individual printer |
334 | [printers] |
335 | comment = All Printers |
336 | path = /var/spool/samba |
337 | browseable = no |
338 | |
339 | # Set guest ok = yes to allow user 'guest account' to print |
340 | guest ok = yes |
341 | |
342 | writable = no |
343 | printable = yes |
344 | create mode = 0700 |
345 | |
346 | # You must configure the samba printers with the appropriate Windows |
347 | # drivers on your Windows clients. On the Samba server no filtering is |
348 | # done. If you wish that the server provides the driver and the clients |
349 | # send PostScript ("Generic PostScript Printer" under Windows), you have |
350 | # to swap the 'print command' line below with the commented one. |
351 | print command = lpr -P %p -o raw %s -r # using client side printer drivers. |
352 | ; print command = lpr -P %p %s # using cups own drivers (use generic PostScript on clients). |
353 | |
354 | # The following two commands are the samba defaults for printing=cups |
355 | # change them only if you need different options: |
356 | ; lpq command = lpq -P %p |
357 | ; lprm command = cancel %p-%j |
358 | |
359 | |
360 | # This share is used for Windows NT-style point-and-print support. |
361 | # To be able to install drivers, you need to be either root, or listed |
362 | # in the printer admin parameter above. Note that you also need write access |
363 | # to the directory and share definition to be able to upload the drivers. |
364 | # For more information on this, please see the Printing Support Section of |
365 | # /usr/share/doc/samba-<version>/docs/Samba-HOWTO-Collection.pdf |
366 | [print$] |
367 | path = /var/lib/samba/printers |
368 | browseable = yes |
369 | read only = yes |
370 | write list = @adm root |
371 | |
372 | |
373 | # This one is useful for people to share files |
374 | ;[tmp] |
375 | ; comment = Temporary file space |
376 | ; path = /tmp |
377 | ; read only = no |
378 | ; public = yes |
379 | |
380 | |
381 | # MS-DFS support is only available if Samba was compiled to |
382 | # include --with-msdfs |
383 | ;[dfsroot] |
384 | ; dfs root = yes |
385 | |
386 | |
387 | # A publicly accessible directory, but read only, except for people in |
388 | # the "staff" group |
389 | ;[public] |
390 | ; comment = Public Stuff |
391 | ; path = /home/samba |
392 | ; public = yes |
393 | ; writable = yes |
394 | ; printable = no |
395 | ; write list = @staff |
396 | |
397 | |
398 | ## |
399 | ## Other examples. |
400 | ## |
401 | |
402 | # A private printer, usable only by fred. Spool data will be placed in fred's |
403 | # home directory. Note that fred must have write access to the spool directory, |
404 | # wherever it is. |
405 | ;[fredsprn] |
406 | ; comment = Fred's Printer |
407 | ; valid users = fred |
408 | ; path = /homes/fred |
409 | ; printer = freds_printer |
410 | ; public = no |
411 | ; writable = no |
412 | ; printable = yes |
413 | |
414 | # A private directory, usable only by fred. Note that fred requires write |
415 | # access to the directory. |
416 | ;[fredsdir] |
417 | ; comment = Fred's Service |
418 | ; path = /usr/somewhere/private |
419 | ; valid users = fred |
420 | ; public = no |
421 | ; writable = yes |
422 | ; printable = no |
423 | |
424 | # a service which has a different directory for each machine that connects |
425 | # this allows you to tailor configurations to incoming machines. You could |
426 | # also use the %U option to tailor it by user name. |
427 | # The %m gets replaced with the machine name that is connecting. |
428 | ;[pchome] |
429 | ; comment = PC Directories |
430 | ; path = /usr/pc/%m |
431 | ; public = no |
432 | ; writable = yes |
433 | |
434 | # A publicly accessible directory, read/write to all users. Note that all files |
435 | # created in the directory by users will be owned by the default user, so |
436 | # any user with access can delete any other user's files. Obviously this |
437 | # directory must be writable by the default user. Another user could of course |
438 | # be specified, in which case all files would be owned by that user instead. |
439 | ;[public] |
440 | ; path = /usr/somewhere/else/public |
441 | ; public = yes |
442 | ; only guest = yes |
443 | ; writable = yes |
444 | ; printable = no |
445 | |
446 | # The following two entries demonstrate how to share a directory so that two |
447 | # users can place files there that will be owned by the specific users. In this |
448 | # setup, the directory should be writable by both users and should have the |
449 | # sticky bit set on it to prevent abuse. Obviously this could be extended to |
450 | # as many users as required. |
451 | ;[myshare] |
452 | ; comment = Mary's and Fred's stuff |
453 | ; path = /usr/somewhere/shared |
454 | ; valid users = mary fred |
455 | ; public = no |
456 | ; writable = yes |
457 | ; printable = no |
458 | ; create mask = 0765 |
459 | |
460 |