Annotation of /trunk/samba/smb.conf
Parent Directory | Revision Log
Revision 153 -
(hide annotations)
(download)
Tue May 8 20:52:56 2007 UTC (17 years, 4 months ago) by niro
File size: 16546 byte(s)
Tue May 8 20:52:56 2007 UTC (17 years, 4 months ago) by niro
File size: 16546 byte(s)
-import
1 | niro | 153 | # This is the main Samba configuration file. You should read the |
2 | # smb.conf(5) manual page in order to understand the options listed | ||
3 | # here. Samba has a huge number of configurable options (perhaps too | ||
4 | # many!) most of which are not shown in this example | ||
5 | # | ||
6 | # Any line which starts with a ; (semi-colon) or a # (hash) | ||
7 | # is a comment and is ignored. In this example we will use a # | ||
8 | # for commentry and a ; for parts of the config file that you | ||
9 | # may wish to enable | ||
10 | # | ||
11 | # NOTE: Whenever you modify this file you should run the command "testparm" | ||
12 | # to check that you have not many any basic syntactic errors. | ||
13 | # | ||
14 | #======================= Global Settings ===================================== | ||
15 | [global] | ||
16 | |||
17 | ## | ||
18 | ## Basic Server Settings | ||
19 | ## | ||
20 | |||
21 | # workgroup = NT-Domain-Name or Workgroup-Name | ||
22 | workgroup = WORKGROUP | ||
23 | |||
24 | # server string is the equivalent of the NT Description field | ||
25 | server string = Samba Server | ||
26 | |||
27 | # netbios name is the name you will see in "Network Neighbourhood", | ||
28 | # but defaults to your hostname | ||
29 | ; netbios name = <name_of_this_server> | ||
30 | |||
31 | # This option is important for security. It allows you to restrict | ||
32 | # connections to machines which are on your local network. The | ||
33 | # following example restricts access to two C class networks and | ||
34 | # the "loopback" interface. For more examples of the syntax see | ||
35 | # the smb.conf man page | ||
36 | ; hosts allow = 192.168.1. 192.168.2.0./24 192.168.3.0/255.255.255.0 127.0.0.1 | ||
37 | |||
38 | # Uncomment this if you want a guest account, you must add this to /etc/passwd | ||
39 | # otherwise the user "nobody" is used | ||
40 | ; guest account = pcguest | ||
41 | |||
42 | # this tells Samba to use a separate log file for each machine | ||
43 | # that connects | ||
44 | log file = /var/log/samba/log.%m | ||
45 | |||
46 | # How much information do you want to see in the logs? | ||
47 | # default is only to log critical messages | ||
48 | ; log level = 3 | ||
49 | |||
50 | # Put a capping on the size of the log files (in Kb). | ||
51 | max log size = 50 | ||
52 | |||
53 | # Security mode. Most people will want user level security. See | ||
54 | # security_level.txt for details. | ||
55 | security = user | ||
56 | |||
57 | # Using the following line enables you to customise your configuration | ||
58 | # on a per machine basis. The %m gets replaced with the netbios name | ||
59 | # of the machine that is connecting. | ||
60 | ; include = /etc/samba/smb.conf.%m | ||
61 | |||
62 | # Most people will find that this option gives better performance. | ||
63 | # See speed.txt and the manual pages for details | ||
64 | socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 | ||
65 | |||
66 | # Configure Samba to use multiple interfaces | ||
67 | # If you have multiple network interfaces and want to limit smbd will | ||
68 | # use, list the ones desired here. Otherwise smbd & nmbd will bind to all | ||
69 | # active interfaces on the system. See the man page for details. | ||
70 | ; interfaces = 192.168.12.2/24 192.168.13.2/24 | ||
71 | |||
72 | # Should smbd report that it has MS-DFS Capabilities? Only available | ||
73 | # if --with-msdfs was passed to ./configure | ||
74 | ; host msdfs = yes | ||
75 | |||
76 | ## | ||
77 | ## Network Browsing | ||
78 | ## | ||
79 | # set local master to no if you don't want Samba to become a master | ||
80 | # browser on your network. Otherwise the normal election rules apply | ||
81 | ; local master = no | ||
82 | |||
83 | # OS Level determines the precedence of this server in master browser | ||
84 | # elections. The default value (33) should be reasonable | ||
85 | ; os level = 33 | ||
86 | |||
87 | # Domain Master specifies Samba to be the Domain Master Browser. This | ||
88 | # allows Samba to collate browse lists between subnets. Don't use this | ||
89 | # if you already have a Windows NT domain controller doing this job | ||
90 | ; domain master = yes | ||
91 | |||
92 | # Preferred Master causes Samba to force a local browser election on startup | ||
93 | # and gives it a slightly higher chance of winning the election | ||
94 | ; preferred master = yes | ||
95 | |||
96 | |||
97 | ## | ||
98 | ## WINS & Name Resolution | ||
99 | ## | ||
100 | # All NetBIOS names must be resolved to IP Addresses | ||
101 | # 'Name Resolve Order' allows the named resolution mechanism to be specified | ||
102 | # the default order is "host lmhosts wins bcast". "host" means use the unix | ||
103 | # system gethostbyname() function call that will use either /etc/hosts OR | ||
104 | # DNS or NIS depending on the settings of /etc/host.config, /etc/nsswitch.conf | ||
105 | # and the /etc/resolv.conf file. "host" therefore is system configuration | ||
106 | # dependant. This parameter is most often of use to prevent DNS lookups | ||
107 | # in order to resolve NetBIOS names to IP Addresses. Use with care! | ||
108 | # The example below excludes use of name resolution for machines that are NOT | ||
109 | # on the local network segment | ||
110 | # - OR - are not deliberately to be known via lmhosts or via WINS. | ||
111 | ; name resolve order = wins lmhosts bcast | ||
112 | |||
113 | # Windows Internet Name Serving Support Section: | ||
114 | # WINS Support - Tells the NMBD component of Samba to enable it's WINS Server | ||
115 | ; wins support = yes | ||
116 | |||
117 | # WINS Server - Tells the NMBD components of Samba to be a WINS Client | ||
118 | # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both | ||
119 | ; wins server = w.x.y.z | ||
120 | |||
121 | # WINS Proxy - Tells Samba to answer name resolution queries on | ||
122 | # behalf of a non WINS capable client, for this to work there must be | ||
123 | # at least one WINS Server on the network. The default is NO. | ||
124 | ; wins proxy = yes | ||
125 | |||
126 | # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names | ||
127 | # via DNS nslookups. | ||
128 | dns proxy = no | ||
129 | |||
130 | |||
131 | ## | ||
132 | ## Passwords & Authentication | ||
133 | ## | ||
134 | # Use password server option only with security = server | ||
135 | # The argument list may include: | ||
136 | # password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name] | ||
137 | # or to auto-locate the domain controller/s | ||
138 | # When using security = domain, you should use password server = * | ||
139 | ; password server = * | ||
140 | ; password server = <NT-Server-Name> | ||
141 | |||
142 | # You may wish to use password encryption. Please read | ||
143 | # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. | ||
144 | # Do not enable this option unless you have read those documents | ||
145 | # Encrypted passwords are required to samba in a Windows NT domain | ||
146 | encrypt passwords = yes | ||
147 | |||
148 | # The smbpasswd file is only required by a server doing authentication, thus | ||
149 | # members of a domain do not need one. | ||
150 | smb passwd file = /var/lib/samba/private/smbpasswd | ||
151 | |||
152 | # Should smbd obey the session and account lines in /etc/pam.d/samba ? | ||
153 | # only available if --with-pam was used at compile time | ||
154 | ; obey pam restrictions = yes | ||
155 | |||
156 | # When using encrypted passwords, Samba can synchronize the local | ||
157 | # UNIX password as well. You will also need the "passwd chat" parameters | ||
158 | ; unix password sync = yes | ||
159 | |||
160 | # how should smbd talk to the local system when changing a UNIX | ||
161 | # password? See smb.conf(5) for details | ||
162 | # NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above. | ||
163 | # NOTE2: You do NOT need these to allow workstations to change only | ||
164 | # the encrypted SMB passwords. They allow the Unix password | ||
165 | # to be kept in sync with the SMB password. | ||
166 | # passwd chat = <custom chat string> | ||
167 | ; unix password sync = Yes | ||
168 | ; passwd program = /usr/bin/passwd %u | ||
169 | ; passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n | ||
170 | ;*passwd:*all*authentication*tokens*updated*successfully* | ||
171 | |||
172 | |||
173 | # This is only available if you compiled Samba to include --with-pam | ||
174 | # Use PAM for changing the password | ||
175 | ; pam password change = yes | ||
176 | |||
177 | # Unix users can map to different SMB User names | ||
178 | ; username map = /etc/samba/smbusers | ||
179 | |||
180 | |||
181 | ## | ||
182 | ## Domain Control | ||
183 | ## | ||
184 | # Enable this if you want Samba act as a domain controller. | ||
185 | # make sure you have read the Samba-PDC-HOWTO included in the documentation | ||
186 | # before enabling this parameter | ||
187 | ; domain logons = yes | ||
188 | |||
189 | # if you enable domain logons then you may want a per-machine or | ||
190 | # per user logon script | ||
191 | # run a specific logon batch file per workstation (machine) | ||
192 | ; logon script = %m.bat | ||
193 | # run a specific logon batch file per username | ||
194 | ; logon script = %U.bat | ||
195 | |||
196 | # Where to store roving profiles (only for Win95 and WinNT) | ||
197 | # %L substitutes for this servers netbios name, %U is username | ||
198 | # You must uncomment the [Profiles] share below | ||
199 | ; logon path = \\%L\Profiles\%U | ||
200 | |||
201 | # UNC path specifying the network location of the user's home directory | ||
202 | # only used when acting as a DC for WinNT/2k/XP. Ignored by Win9x clients | ||
203 | ; logon home = \\%L\%U\.profile | ||
204 | |||
205 | # The add user script is used by a domain member to add local user accounts | ||
206 | # that have been authenticated by the domain controller, or by the domain | ||
207 | # controller to add local machine accounts when adding machines to the domain. | ||
208 | # The script must work from the command line when replacing the macros, | ||
209 | # or the operation will fail. Check that groups exist if forcing a group. | ||
210 | # Script for domain controller for adding machines: | ||
211 | ; add user script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine Accoun$ | ||
212 | # Script for domain member for adding local accounts for authenticated users: | ||
213 | ; add user script = /usr/sbin/useradd -s /bin/false %u | ||
214 | |||
215 | # These scripts are used on a domain controller or stand-alone | ||
216 | # machine to add or delete corresponding unix accounts | ||
217 | ; add user script = /usr/sbin/useradd %u | ||
218 | ; add group script = /usr/sbin/groupadd %g | ||
219 | ; add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u | ||
220 | ; delete user script = /usr/sbin/userdel %u | ||
221 | ; delete user from group script = /usr/sbin/deluser %u %g | ||
222 | ; delete group script = /usr/sbin/groupdel %g | ||
223 | |||
224 | # domain admin group is a list of unix users or groups who are made members | ||
225 | # of the Domain Admin group | ||
226 | ; domain admin group = root @wheel | ||
227 | # | ||
228 | # domain guest groups is a list of unix users or groups who are made members | ||
229 | # of the Domain Guests group | ||
230 | ; domain guest group = nobody @guest | ||
231 | |||
232 | # What drive should the "logon home" be mounted at upon login ? | ||
233 | # only used when acting as a DC for WinNT/2k/XP. Ignored by Win9x clients | ||
234 | ; logon drive = H: | ||
235 | |||
236 | ## | ||
237 | ## Printing | ||
238 | ## | ||
239 | |||
240 | # If you want to automatically load your printer list rather | ||
241 | # than setting them up individually then you'll need this | ||
242 | load printers = yes | ||
243 | |||
244 | # you may wish to override the location of the printcap file | ||
245 | # cups printing is the default | ||
246 | printcap name = lpstat | ||
247 | |||
248 | # It should not be necessary to specify the print system type unless | ||
249 | # it is non-standard. Currently supported print systems include: | ||
250 | # bsd, sysv, plp, lprng, aix, hpux, qnxm, cups | ||
251 | printing = cups | ||
252 | |||
253 | # list of users and groups which should be able to remotely manage | ||
254 | # printer drivers installed on the server | ||
255 | # printer admin = @<group> <user> | ||
256 | ; printer admin = @adm | ||
257 | |||
258 | |||
259 | ## | ||
260 | ## Winbind | ||
261 | ## | ||
262 | |||
263 | # specify the uid range which can be used by winbindd | ||
264 | # to allocate uids for Windows users as necessary | ||
265 | ; winbind uid = 10000-20000 | ||
266 | |||
267 | # specify the uid range which can be used by winbindd | ||
268 | # to allocate uids for Windows users as necessary | ||
269 | ; winbind gid = 10000-20000 | ||
270 | |||
271 | # Define a home directory to be given to passwd(5) style entries | ||
272 | # generated by libnss_winbind.so. You can use variables here | ||
273 | ; winbind template homedir = /home/%D/%U | ||
274 | |||
275 | # Specify a shell for all winbind user entries return by the | ||
276 | # libnss_winbind.so library. | ||
277 | ; winbind template shell = /bin/bash | ||
278 | |||
279 | # What character should be used to separate the DOMAIN and Username | ||
280 | # for a Windows user. The default is DOMAIN\user, but many people | ||
281 | # prefer DOMAIN+user | ||
282 | ; winbind separator = + | ||
283 | |||
284 | |||
285 | |||
286 | ### | ||
287 | ### File Naming | ||
288 | ### | ||
289 | # Case Preservation can be handy - system default is _no_ | ||
290 | # NOTE: These can be set on a per share basis | ||
291 | ; preserve case = no | ||
292 | ; short preserve case = no | ||
293 | # Default case is normally upper case for all DOS files | ||
294 | ; default case = lower | ||
295 | # Be very careful with case sensitivity - it can break things! | ||
296 | ; case sensitive = no | ||
297 | |||
298 | # you can match a Windows code page with a UNIX character set. | ||
299 | # Windows: 437 (US), 737 (GREEK), 850 (Latin1 - Western European), | ||
300 | # 852 (Eastern Eu.), 861 (Icelandic), 932 (Cyrillic - Russian), | ||
301 | # 936 (Japanese - Shift-JIS), 936 (Simpl. Chinese), 949 (Korean Hangul), | ||
302 | # 950 (Trad. Chin.). | ||
303 | # UNIX: ISO8859-1 (Western European), ISO8859-2 (Eastern Eu.), | ||
304 | # ISO8859-5 (Russian Cyrillic), KOI8-R (Alt-Russ. Cyril.) | ||
305 | # This is an example for french users: | ||
306 | ; client code page = 850 | ||
307 | ; character set = ISO8859-1 | ||
308 | |||
309 | #============================ Share Definitions ============================== | ||
310 | [homes] | ||
311 | comment = Home Directories | ||
312 | browseable = no | ||
313 | writable = yes | ||
314 | |||
315 | # Un-comment the following and create the netlogon directory for Domain Logons | ||
316 | ; [netlogon] | ||
317 | ; comment = Network Logon Service | ||
318 | ; path = /var/lib/samba/netlogon | ||
319 | ; guest ok = yes | ||
320 | ; writable = no | ||
321 | ; share modes = no | ||
322 | |||
323 | |||
324 | # Un-comment the following to provide a specific roving profile share | ||
325 | # the default is to use the user's home directory | ||
326 | ;[Profiles] | ||
327 | ; path = /var/lib/samba/profiles | ||
328 | ; browseable = no | ||
329 | ; guest ok = yes | ||
330 | |||
331 | |||
332 | # NOTE: If you have a CUPS or BSD-style print system there is no need to | ||
333 | # specifically define each individual printer | ||
334 | [printers] | ||
335 | comment = All Printers | ||
336 | path = /var/spool/samba | ||
337 | browseable = no | ||
338 | |||
339 | # Set guest ok = yes to allow user 'guest account' to print | ||
340 | guest ok = yes | ||
341 | |||
342 | writable = no | ||
343 | printable = yes | ||
344 | create mode = 0700 | ||
345 | |||
346 | # You must configure the samba printers with the appropriate Windows | ||
347 | # drivers on your Windows clients. On the Samba server no filtering is | ||
348 | # done. If you wish that the server provides the driver and the clients | ||
349 | # send PostScript ("Generic PostScript Printer" under Windows), you have | ||
350 | # to swap the 'print command' line below with the commented one. | ||
351 | print command = lpr -P %p -o raw %s -r # using client side printer drivers. | ||
352 | ; print command = lpr -P %p %s # using cups own drivers (use generic PostScript on clients). | ||
353 | |||
354 | # The following two commands are the samba defaults for printing=cups | ||
355 | # change them only if you need different options: | ||
356 | ; lpq command = lpq -P %p | ||
357 | ; lprm command = cancel %p-%j | ||
358 | |||
359 | |||
360 | # This share is used for Windows NT-style point-and-print support. | ||
361 | # To be able to install drivers, you need to be either root, or listed | ||
362 | # in the printer admin parameter above. Note that you also need write access | ||
363 | # to the directory and share definition to be able to upload the drivers. | ||
364 | # For more information on this, please see the Printing Support Section of | ||
365 | # /usr/share/doc/samba-<version>/docs/Samba-HOWTO-Collection.pdf | ||
366 | [print$] | ||
367 | path = /var/lib/samba/printers | ||
368 | browseable = yes | ||
369 | read only = yes | ||
370 | write list = @adm root | ||
371 | |||
372 | |||
373 | # This one is useful for people to share files | ||
374 | ;[tmp] | ||
375 | ; comment = Temporary file space | ||
376 | ; path = /tmp | ||
377 | ; read only = no | ||
378 | ; public = yes | ||
379 | |||
380 | |||
381 | # MS-DFS support is only available if Samba was compiled to | ||
382 | # include --with-msdfs | ||
383 | ;[dfsroot] | ||
384 | ; dfs root = yes | ||
385 | |||
386 | |||
387 | # A publicly accessible directory, but read only, except for people in | ||
388 | # the "staff" group | ||
389 | ;[public] | ||
390 | ; comment = Public Stuff | ||
391 | ; path = /home/samba | ||
392 | ; public = yes | ||
393 | ; writable = yes | ||
394 | ; printable = no | ||
395 | ; write list = @staff | ||
396 | |||
397 | |||
398 | ## | ||
399 | ## Other examples. | ||
400 | ## | ||
401 | |||
402 | # A private printer, usable only by fred. Spool data will be placed in fred's | ||
403 | # home directory. Note that fred must have write access to the spool directory, | ||
404 | # wherever it is. | ||
405 | ;[fredsprn] | ||
406 | ; comment = Fred's Printer | ||
407 | ; valid users = fred | ||
408 | ; path = /homes/fred | ||
409 | ; printer = freds_printer | ||
410 | ; public = no | ||
411 | ; writable = no | ||
412 | ; printable = yes | ||
413 | |||
414 | # A private directory, usable only by fred. Note that fred requires write | ||
415 | # access to the directory. | ||
416 | ;[fredsdir] | ||
417 | ; comment = Fred's Service | ||
418 | ; path = /usr/somewhere/private | ||
419 | ; valid users = fred | ||
420 | ; public = no | ||
421 | ; writable = yes | ||
422 | ; printable = no | ||
423 | |||
424 | # a service which has a different directory for each machine that connects | ||
425 | # this allows you to tailor configurations to incoming machines. You could | ||
426 | # also use the %U option to tailor it by user name. | ||
427 | # The %m gets replaced with the machine name that is connecting. | ||
428 | ;[pchome] | ||
429 | ; comment = PC Directories | ||
430 | ; path = /usr/pc/%m | ||
431 | ; public = no | ||
432 | ; writable = yes | ||
433 | |||
434 | # A publicly accessible directory, read/write to all users. Note that all files | ||
435 | # created in the directory by users will be owned by the default user, so | ||
436 | # any user with access can delete any other user's files. Obviously this | ||
437 | # directory must be writable by the default user. Another user could of course | ||
438 | # be specified, in which case all files would be owned by that user instead. | ||
439 | ;[public] | ||
440 | ; path = /usr/somewhere/else/public | ||
441 | ; public = yes | ||
442 | ; only guest = yes | ||
443 | ; writable = yes | ||
444 | ; printable = no | ||
445 | |||
446 | # The following two entries demonstrate how to share a directory so that two | ||
447 | # users can place files there that will be owned by the specific users. In this | ||
448 | # setup, the directory should be writable by both users and should have the | ||
449 | # sticky bit set on it to prevent abuse. Obviously this could be extended to | ||
450 | # as many users as required. | ||
451 | ;[myshare] | ||
452 | ; comment = Mary's and Fred's stuff | ||
453 | ; path = /usr/somewhere/shared | ||
454 | ; valid users = mary fred | ||
455 | ; public = no | ||
456 | ; writable = yes | ||
457 | ; printable = no | ||
458 | ; create mask = 0765 | ||
459 | |||
460 |