trunk/samba/smb.conf

# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not many any basic syntactic errors.
#
#======================= Global Settings =====================================
[global]

##
## Basic Server Settings
##

	# workgroup = NT-Domain-Name or Workgroup-Name
	workgroup = WORKGROUP

	# server string is the equivalent of the NT Description field
	server string = Samba Server

	# netbios name is the name you will see in "Network Neighbourhood",
	# but defaults to your hostname
	;  netbios name = <name_of_this_server>

	# This option is important for security. It allows you to restrict
	# connections to machines which are on your local network. The
	# following example restricts access to two C class networks and
	# the "loopback" interface. For more examples of the syntax see
	# the smb.conf man page
	; hosts allow = 192.168.1. 192.168.2.0./24 192.168.3.0/255.255.255.0 127.0.0.1

	# Uncomment this if you want a guest account, you must add this to /etc/passwd
	# otherwise the user "nobody" is used
	; guest account = pcguest

	# this tells Samba to use a separate log file for each machine
	# that connects
	log file = /var/log/samba/log.%m

	# How much information do you want to see in the logs?
	# default is only to log critical messages
	; log level = 3

	# Put a capping on the size of the log files (in Kb).
	max log size = 50

	# Security mode. Most people will want user level security. See
	# security_level.txt for details.
	security = user

	# Using the following line enables you to customise your configuration
	# on a per machine basis. The %m gets replaced with the netbios name
	# of the machine that is connecting.
	;   include = /etc/samba/smb.conf.%m

	# Most people will find that this option gives better performance.
	# See speed.txt and the manual pages for details
	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

	# Configure Samba to use multiple interfaces
	# If you have multiple network interfaces and want to limit smbd will
	# use, list the ones desired here.  Otherwise smbd & nmbd will bind to all
	# active interfaces on the system.  See the man page for details.
	;   interfaces = 192.168.12.2/24 192.168.13.2/24

	# Should smbd report that it has MS-DFS Capabilities? Only available
	# if --with-msdfs was passed to ./configure
	; host msdfs = yes

##
## Network Browsing
##
	# set local master to no if you don't want Samba to become a master
	# browser on your network. Otherwise the normal election rules apply
	; local master = no

	# OS Level determines the precedence of this server in master browser
	# elections. The default value (33) should be reasonable
	; os level = 33

	# Domain Master specifies Samba to be the Domain Master Browser. This
	# allows Samba to collate browse lists between subnets. Don't use this
	# if you already have a Windows NT domain controller doing this job
	; domain master = yes

	# Preferred Master causes Samba to force a local browser election on startup
	# and gives it a slightly higher chance of winning the election
	; preferred master = yes


##
## WINS & Name Resolution
##
	# All NetBIOS names must be resolved to IP Addresses
	# 'Name Resolve Order' allows the named resolution mechanism to be specified
	# the default order is "host lmhosts wins bcast". "host" means use the unix
	# system gethostbyname() function call that will use either /etc/hosts OR
	# DNS or NIS depending on the settings of /etc/host.config, /etc/nsswitch.conf
	# and the /etc/resolv.conf file. "host" therefore is system configuration
	# dependant. This parameter is most often of use to prevent DNS lookups
	# in order to resolve NetBIOS names to IP Addresses. Use with care!
	# The example below excludes use of name resolution for machines that are NOT
	# on the local network segment
	# - OR - are not deliberately to be known via lmhosts or via WINS.
	; name resolve order = wins lmhosts bcast

	# Windows Internet Name Serving Support Section:
	# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
	; wins support = yes

	# WINS Server - Tells the NMBD components of Samba to be a WINS Client
	#	Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
	; wins server = w.x.y.z

	# WINS Proxy - Tells Samba to answer name resolution queries on
	# behalf of a non WINS capable client, for this to work there must be
	# at least one	WINS Server on the network. The default is NO.
	; wins proxy = yes

	# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
	# via DNS nslookups.
	dns proxy = no


##
## Passwords & Authentication
##
	# Use password server option only with security = server
	# The argument list may include:
	#   password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
	# or to auto-locate the domain controller/s
	# When using security = domain, you should use password server = *
	;   password server = *
	;   password server = <NT-Server-Name>

	# You may wish to use password encryption. Please read
	# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
	# Do not enable this option unless you have read those documents
	# Encrypted passwords are required to samba in a Windows NT domain
	encrypt passwords = yes
	
	# The smbpasswd file is only required by a server doing authentication, thus
	# members of a domain do not need one.
	smb passwd file = /var/lib/samba/private/smbpasswd

	# Should smbd obey the session and account lines in /etc/pam.d/samba ?
	# only available if --with-pam was used at compile time
	; obey pam restrictions = yes

	# When using encrypted passwords, Samba can synchronize the local
	# UNIX password as well.  You will also need the "passwd chat" parameters
	; unix password sync = yes

	# how should smbd talk to the local system when changing a UNIX
	# password?  See smb.conf(5) for details
	# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above.
	# NOTE2: You do NOT need these to allow workstations to change only
	#        the encrypted SMB passwords. They allow the Unix password
	#        to be kept in sync with the SMB password.
	# passwd chat = <custom chat string>
	;  unix password sync = Yes
	;  passwd program = /usr/bin/passwd %u
	;  passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n
	;*passwd:*all*authentication*tokens*updated*successfully*
	

	# This is only available if you compiled Samba to include --with-pam
	# Use PAM for changing the password
	; pam password change = yes

	# Unix users can map to different SMB User names
	;  username map = /etc/samba/smbusers


##
## Domain Control
##
	# Enable this if you want Samba act as a domain controller.
	# make sure you have read the Samba-PDC-HOWTO included in the documentation
	# before enabling this parameter
	;   domain logons = yes

	# if you enable domain logons then you may want a per-machine or
	# per user logon script
	# run a specific logon batch file per workstation (machine)
	; logon script = %m.bat
	# run a specific logon batch file per username
	; logon script = %U.bat

	# Where to store roving profiles (only for Win95 and WinNT)
	#        %L substitutes for this servers netbios name, %U is username
	#        You must uncomment the [Profiles] share below
	; logon path = \\%L\Profiles\%U

	# UNC path specifying the network location of the user's home directory
	# only used when acting as a DC for WinNT/2k/XP.  Ignored by Win9x clients
	; logon home = \\%L\%U\.profile

	# The add user script is used by a domain member to add local user accounts
	# that have been authenticated by the domain controller, or by the domain
	# controller to add local machine accounts when adding machines to the domain.
	# The script must work from the command line when replacing the macros,
	# or the operation will fail. Check that groups exist if forcing a group.
	# Script for domain controller for adding machines:
	; add user script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine Accoun$
	# Script for domain member for adding local accounts for authenticated users:
	; add user script = /usr/sbin/useradd -s /bin/false %u

	# These scripts are used on a domain controller or stand-alone
	# machine to add or delete corresponding unix accounts
	;  add user script = /usr/sbin/useradd %u
	;  add group script = /usr/sbin/groupadd %g
	;  add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
	;  delete user script = /usr/sbin/userdel %u
	;  delete user from group script = /usr/sbin/deluser %u %g
	;  delete group script = /usr/sbin/groupdel %g

	# domain admin group is a list of unix users or groups who are made members
	# of the Domain Admin group
	; domain admin group = root @wheel
	#
	# domain guest groups is a list of unix users or groups who are made members
	# of the Domain Guests group
	; domain guest group = nobody @guest

	# What drive should the "logon home" be mounted at upon login ?
	# only used when acting as a DC for WinNT/2k/XP.  Ignored by Win9x clients
	; logon drive = H:

##
## Printing
##

	# If you want to automatically load your printer list rather
	# than setting them up individually then you'll need this
	load printers = yes

	# you may wish to override the location of the printcap file
	# cups printing is the default
	printcap name = lpstat

	# It should not be necessary to specify the print system type unless
	# it is non-standard. Currently supported print systems include:
	# bsd, sysv, plp, lprng, aix, hpux, qnxm, cups
	printing = cups

	# list of users and groups which should be able to remotely manage
	# printer drivers installed on the server
	# printer admin = @<group> <user>
	; printer admin = @adm


##
## Winbind
##

	# specify the uid range which can be used by winbindd
	# to allocate uids for Windows users as necessary
	; winbind uid = 10000-20000

	# specify the uid range which can be used by winbindd
	# to allocate uids for Windows users as necessary
	; winbind gid = 10000-20000

	# Define a home directory to be given to passwd(5) style entries
	# generated by libnss_winbind.so.  You can use variables here
	; winbind template homedir = /home/%D/%U

	# Specify a shell for all winbind user entries return by the
	# libnss_winbind.so library.
	; winbind template shell = /bin/bash

	# What character should be used to separate the DOMAIN and Username
	# for a Windows user.  The default is DOMAIN\user, but many people
	# prefer DOMAIN+user
	; winbind separator = +


###
### File Naming
###
	# Case Preservation can be handy - system default is _no_
	# NOTE: These can be set on a per share basis
	;  preserve case = no
	;  short preserve case = no
	# Default case is normally upper case for all DOS files
	;  default case = lower
	# Be very careful with case sensitivity - it can break things!
	;  case sensitive = no

	# you can match a Windows code page with a UNIX character set.
	# Windows: 437 (US), 737 (GREEK), 850 (Latin1 - Western European),
	# 852 (Eastern Eu.), 861 (Icelandic), 932 (Cyrillic - Russian),
	# 936 (Japanese - Shift-JIS), 936 (Simpl. Chinese), 949 (Korean Hangul),
	# 950 (Trad. Chin.).
	# UNIX: ISO8859-1 (Western European), ISO8859-2 (Eastern Eu.),
	# ISO8859-5 (Russian Cyrillic), KOI8-R (Alt-Russ. Cyril.)
	# This is an example for french users:
	;   client code page = 850
	;   character set = ISO8859-1

#============================ Share Definitions ==============================
[homes]
     comment = Home Directories
     browseable = no
     writable = yes

# Un-comment the following and create the netlogon directory for Domain Logons
; [netlogon]
;    comment = Network Logon Service
;    path = /var/lib/samba/netlogon
;    guest ok = yes
;    writable = no
;    share modes = no


# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
;[Profiles]
;    path = /var/lib/samba/profiles
;    browseable = no
;    guest ok = yes


# NOTE: If you have a CUPS or BSD-style print system there is no need to
# specifically define each individual printer
[printers]
   comment = All Printers
   path = /var/spool/samba
   browseable = no

   # Set guest ok = yes to allow user 'guest account' to print
   guest ok = yes

   writable = no
   printable = yes
   create mode = 0700

   # You must configure the samba printers with the appropriate Windows
   # drivers on your Windows clients. On the Samba server no filtering is
   # done. If you wish that the server provides the driver and the clients
   # send PostScript ("Generic PostScript Printer" under Windows), you have
   # to swap the 'print command' line below with the commented one.
   print command = lpr -P %p -o raw %s -r   # using client side printer drivers.
   ; print command = lpr -P %p %s # using cups own drivers (use generic PostScript on clients).

   # The following two commands are the samba defaults for printing=cups
   # change them only if you need different options:
   ; lpq command = lpq -P %p
   ; lprm command = cancel %p-%j


# This share is used for Windows NT-style point-and-print support.
# To be able to install drivers, you need to be either root, or listed
# in the printer admin parameter above. Note that you also need write access
# to the directory and share definition to be able to upload the drivers.
# For more information on this, please see the Printing Support Section of
# /usr/share/doc/samba-<version>/docs/Samba-HOWTO-Collection.pdf
[print$]
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   write list = @adm root


# This one is useful for people to share files
;[tmp]
;   comment = Temporary file space
;   path = /tmp
;   read only = no
;   public = yes


# MS-DFS support is only available if Samba was compiled to
# include --with-msdfs
;[dfsroot]
;   dfs root = yes


# A publicly accessible directory, but read only, except for people in
# the "staff" group
;[public]
;   comment = Public Stuff
;   path = /home/samba
;   public = yes
;   writable = yes
;   printable = no
;   write list = @staff


##
## Other examples.
##

# A private printer, usable only by fred. Spool data will be placed in fred's
# home directory. Note that fred must have write access to the spool directory,
# wherever it is.
;[fredsprn]
;   comment = Fred's Printer
;   valid users = fred
;   path = /homes/fred
;   printer = freds_printer
;   public = no
;   writable = no
;   printable = yes

# A private directory, usable only by fred. Note that fred requires write
# access to the directory.
;[fredsdir]
;   comment = Fred's Service
;   path = /usr/somewhere/private
;   valid users = fred
;   public = no
;   writable = yes
;   printable = no

# a service which has a different directory for each machine that connects
# this allows you to tailor configurations to incoming machines. You could
# also use the %U option to tailor it by user name.
# The %m gets replaced with the machine name that is connecting.
;[pchome]
;  comment = PC Directories
;  path = /usr/pc/%m
;  public = no
;  writable = yes

# A publicly accessible directory, read/write to all users. Note that all files
# created in the directory by users will be owned by the default user, so
# any user with access can delete any other user's files. Obviously this
# directory must be writable by the default user. Another user could of course
# be specified, in which case all files would be owned by that user instead.
;[public]
;   path = /usr/somewhere/else/public
;   public = yes
;   only guest = yes
;   writable = yes
;   printable = no

# The following two entries demonstrate how to share a directory so that two
# users can place files there that will be owned by the specific users. In this
# setup, the directory should be writable by both users and should have the
# sticky bit set on it to prevent abuse. Obviously this could be extended to
# as many users as required.
;[myshare]
;   comment = Mary's and Fred's stuff
;   path = /usr/somewhere/shared
;   valid users = mary fred
;   public = no
;   writable = yes
;   printable = no
;   create mask = 0765


1	niro	153	# This is the main Samba configuration file. You should read the
2			# smb.conf(5) manual page in order to understand the options listed
3			# here. Samba has a huge number of configurable options (perhaps too
4			# many!) most of which are not shown in this example
5			#
6			# Any line which starts with a ; (semi-colon) or a # (hash)
7			# is a comment and is ignored. In this example we will use a #
8			# for commentry and a ; for parts of the config file that you
9			# may wish to enable
10			#
11			# NOTE: Whenever you modify this file you should run the command "testparm"
12			# to check that you have not many any basic syntactic errors.
13			#
14			#======================= Global Settings =====================================
15			[global]
16
17			##
18			## Basic Server Settings
19			##
20
21			# workgroup = NT-Domain-Name or Workgroup-Name
22			workgroup = WORKGROUP
23
24			# server string is the equivalent of the NT Description field
25			server string = Samba Server
26
27			# netbios name is the name you will see in "Network Neighbourhood",
28			# but defaults to your hostname
29			; netbios name = <name_of_this_server>
30
31			# This option is important for security. It allows you to restrict
32			# connections to machines which are on your local network. The
33			# following example restricts access to two C class networks and
34			# the "loopback" interface. For more examples of the syntax see
35			# the smb.conf man page
36			; hosts allow = 192.168.1. 192.168.2.0./24 192.168.3.0/255.255.255.0 127.0.0.1
37
38			# Uncomment this if you want a guest account, you must add this to /etc/passwd
39			# otherwise the user "nobody" is used
40			; guest account = pcguest
41
42			# this tells Samba to use a separate log file for each machine
43			# that connects
44			log file = /var/log/samba/log.%m
45
46			# How much information do you want to see in the logs?
47			# default is only to log critical messages
48			; log level = 3
49
50			# Put a capping on the size of the log files (in Kb).
51			max log size = 50
52
53			# Security mode. Most people will want user level security. See
54			# security_level.txt for details.
55			security = user
56
57			# Using the following line enables you to customise your configuration
58			# on a per machine basis. The %m gets replaced with the netbios name
59			# of the machine that is connecting.
60			; include = /etc/samba/smb.conf.%m
61
62			# Most people will find that this option gives better performance.
63			# See speed.txt and the manual pages for details
64			socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
65
66			# Configure Samba to use multiple interfaces
67			# If you have multiple network interfaces and want to limit smbd will
68			# use, list the ones desired here. Otherwise smbd & nmbd will bind to all
69			# active interfaces on the system. See the man page for details.
70			; interfaces = 192.168.12.2/24 192.168.13.2/24
71
72			# Should smbd report that it has MS-DFS Capabilities? Only available
73			# if --with-msdfs was passed to ./configure
74			; host msdfs = yes
75
76			##
77			## Network Browsing
78			##
79			# set local master to no if you don't want Samba to become a master
80			# browser on your network. Otherwise the normal election rules apply
81			; local master = no
82
83			# OS Level determines the precedence of this server in master browser
84			# elections. The default value (33) should be reasonable
85			; os level = 33
86
87			# Domain Master specifies Samba to be the Domain Master Browser. This
88			# allows Samba to collate browse lists between subnets. Don't use this
89			# if you already have a Windows NT domain controller doing this job
90			; domain master = yes
91
92			# Preferred Master causes Samba to force a local browser election on startup
93			# and gives it a slightly higher chance of winning the election
94			; preferred master = yes
95
96
97			##
98			## WINS & Name Resolution
99			##
100			# All NetBIOS names must be resolved to IP Addresses
101			# 'Name Resolve Order' allows the named resolution mechanism to be specified
102			# the default order is "host lmhosts wins bcast". "host" means use the unix
103			# system gethostbyname() function call that will use either /etc/hosts OR
104			# DNS or NIS depending on the settings of /etc/host.config, /etc/nsswitch.conf
105			# and the /etc/resolv.conf file. "host" therefore is system configuration
106			# dependant. This parameter is most often of use to prevent DNS lookups
107			# in order to resolve NetBIOS names to IP Addresses. Use with care!
108			# The example below excludes use of name resolution for machines that are NOT
109			# on the local network segment
110			# - OR - are not deliberately to be known via lmhosts or via WINS.
111			; name resolve order = wins lmhosts bcast
112
113			# Windows Internet Name Serving Support Section:
114			# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
115			; wins support = yes
116
117			# WINS Server - Tells the NMBD components of Samba to be a WINS Client
118			# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
119			; wins server = w.x.y.z
120
121			# WINS Proxy - Tells Samba to answer name resolution queries on
122			# behalf of a non WINS capable client, for this to work there must be
123			# at least one WINS Server on the network. The default is NO.
124			; wins proxy = yes
125
126			# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
127			# via DNS nslookups.
128			dns proxy = no
129
130
131			##
132			## Passwords & Authentication
133			##
134			# Use password server option only with security = server
135			# The argument list may include:
136			# password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
137			# or to auto-locate the domain controller/s
138			# When using security = domain, you should use password server = *
139			; password server = *
140			; password server = <NT-Server-Name>
141
142			# You may wish to use password encryption. Please read
143			# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
144			# Do not enable this option unless you have read those documents
145			# Encrypted passwords are required to samba in a Windows NT domain
146			encrypt passwords = yes
147
148			# The smbpasswd file is only required by a server doing authentication, thus
149			# members of a domain do not need one.
150			smb passwd file = /var/lib/samba/private/smbpasswd
151
152			# Should smbd obey the session and account lines in /etc/pam.d/samba ?
153			# only available if --with-pam was used at compile time
154			; obey pam restrictions = yes
155
156			# When using encrypted passwords, Samba can synchronize the local
157			# UNIX password as well. You will also need the "passwd chat" parameters
158			; unix password sync = yes
159
160			# how should smbd talk to the local system when changing a UNIX
161			# password? See smb.conf(5) for details
162			# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above.
163			# NOTE2: You do NOT need these to allow workstations to change only
164			# the encrypted SMB passwords. They allow the Unix password
165			# to be kept in sync with the SMB password.
166			# passwd chat = <custom chat string>
167			; unix password sync = Yes
168			; passwd program = /usr/bin/passwd %u
169			; passwd chat = NewUNIXpassword %n\n ReTypenewUNIXpassword* %n\n
170			;passwd:allauthenticationtokensupdatedsuccessfully*
171
172
173			# This is only available if you compiled Samba to include --with-pam
174			# Use PAM for changing the password
175			; pam password change = yes
176
177			# Unix users can map to different SMB User names
178			; username map = /etc/samba/smbusers
179
180
181			##
182			## Domain Control
183			##
184			# Enable this if you want Samba act as a domain controller.
185			# make sure you have read the Samba-PDC-HOWTO included in the documentation
186			# before enabling this parameter
187			; domain logons = yes
188
189			# if you enable domain logons then you may want a per-machine or
190			# per user logon script
191			# run a specific logon batch file per workstation (machine)
192			; logon script = %m.bat
193			# run a specific logon batch file per username
194			; logon script = %U.bat
195
196			# Where to store roving profiles (only for Win95 and WinNT)
197			# %L substitutes for this servers netbios name, %U is username
198			# You must uncomment the [Profiles] share below
199			; logon path = \\%L\Profiles\%U
200
201			# UNC path specifying the network location of the user's home directory
202			# only used when acting as a DC for WinNT/2k/XP. Ignored by Win9x clients
203			; logon home = \\%L\%U\.profile
204
205			# The add user script is used by a domain member to add local user accounts
206			# that have been authenticated by the domain controller, or by the domain
207			# controller to add local machine accounts when adding machines to the domain.
208			# The script must work from the command line when replacing the macros,
209			# or the operation will fail. Check that groups exist if forcing a group.
210			# Script for domain controller for adding machines:
211			; add user script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine Accoun$
212			# Script for domain member for adding local accounts for authenticated users:
213			; add user script = /usr/sbin/useradd -s /bin/false %u
214
215			# These scripts are used on a domain controller or stand-alone
216			# machine to add or delete corresponding unix accounts
217			; add user script = /usr/sbin/useradd %u
218			; add group script = /usr/sbin/groupadd %g
219			; add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
220			; delete user script = /usr/sbin/userdel %u
221			; delete user from group script = /usr/sbin/deluser %u %g
222			; delete group script = /usr/sbin/groupdel %g
223
224			# domain admin group is a list of unix users or groups who are made members
225			# of the Domain Admin group
226			; domain admin group = root @wheel
227			#
228			# domain guest groups is a list of unix users or groups who are made members
229			# of the Domain Guests group
230			; domain guest group = nobody @guest
231
232			# What drive should the "logon home" be mounted at upon login ?
233			# only used when acting as a DC for WinNT/2k/XP. Ignored by Win9x clients
234			; logon drive = H:
235
236			##
237			## Printing
238			##
239
240			# If you want to automatically load your printer list rather
241			# than setting them up individually then you'll need this
242			load printers = yes
243
244			# you may wish to override the location of the printcap file
245			# cups printing is the default
246			printcap name = lpstat
247
248			# It should not be necessary to specify the print system type unless
249			# it is non-standard. Currently supported print systems include:
250			# bsd, sysv, plp, lprng, aix, hpux, qnxm, cups
251			printing = cups
252
253			# list of users and groups which should be able to remotely manage
254			# printer drivers installed on the server
255			# printer admin = @<group> <user>
256			; printer admin = @adm
257
258
259			##
260			## Winbind
261			##
262
263			# specify the uid range which can be used by winbindd
264			# to allocate uids for Windows users as necessary
265			; winbind uid = 10000-20000
266
267			# specify the uid range which can be used by winbindd
268			# to allocate uids for Windows users as necessary
269			; winbind gid = 10000-20000
270
271			# Define a home directory to be given to passwd(5) style entries
272			# generated by libnss_winbind.so. You can use variables here
273			; winbind template homedir = /home/%D/%U
274
275			# Specify a shell for all winbind user entries return by the
276			# libnss_winbind.so library.
277			; winbind template shell = /bin/bash
278
279			# What character should be used to separate the DOMAIN and Username
280			# for a Windows user. The default is DOMAIN\user, but many people
281			# prefer DOMAIN+user
282			; winbind separator = +
283
284
285
286			###
287			### File Naming
288			###
289			# Case Preservation can be handy - system default is _no_
290			# NOTE: These can be set on a per share basis
291			; preserve case = no
292			; short preserve case = no
293			# Default case is normally upper case for all DOS files
294			; default case = lower
295			# Be very careful with case sensitivity - it can break things!
296			; case sensitive = no
297
298			# you can match a Windows code page with a UNIX character set.
299			# Windows: 437 (US), 737 (GREEK), 850 (Latin1 - Western European),
300			# 852 (Eastern Eu.), 861 (Icelandic), 932 (Cyrillic - Russian),
301			# 936 (Japanese - Shift-JIS), 936 (Simpl. Chinese), 949 (Korean Hangul),
302			# 950 (Trad. Chin.).
303			# UNIX: ISO8859-1 (Western European), ISO8859-2 (Eastern Eu.),
304			# ISO8859-5 (Russian Cyrillic), KOI8-R (Alt-Russ. Cyril.)
305			# This is an example for french users:
306			; client code page = 850
307			; character set = ISO8859-1
308
309			#============================ Share Definitions ==============================
310			[homes]
311			comment = Home Directories
312			browseable = no
313			writable = yes
314
315			# Un-comment the following and create the netlogon directory for Domain Logons
316			; [netlogon]
317			; comment = Network Logon Service
318			; path = /var/lib/samba/netlogon
319			; guest ok = yes
320			; writable = no
321			; share modes = no
322
323
324			# Un-comment the following to provide a specific roving profile share
325			# the default is to use the user's home directory
326			;[Profiles]
327			; path = /var/lib/samba/profiles
328			; browseable = no
329			; guest ok = yes
330
331
332			# NOTE: If you have a CUPS or BSD-style print system there is no need to
333			# specifically define each individual printer
334			[printers]
335			comment = All Printers
336			path = /var/spool/samba
337			browseable = no
338
339			# Set guest ok = yes to allow user 'guest account' to print
340			guest ok = yes
341
342			writable = no
343			printable = yes
344			create mode = 0700
345
346			# You must configure the samba printers with the appropriate Windows
347			# drivers on your Windows clients. On the Samba server no filtering is
348			# done. If you wish that the server provides the driver and the clients
349			# send PostScript ("Generic PostScript Printer" under Windows), you have
350			# to swap the 'print command' line below with the commented one.
351			print command = lpr -P %p -o raw %s -r # using client side printer drivers.
352			; print command = lpr -P %p %s # using cups own drivers (use generic PostScript on clients).
353
354			# The following two commands are the samba defaults for printing=cups
355			# change them only if you need different options:
356			; lpq command = lpq -P %p
357			; lprm command = cancel %p-%j
358
359
360			# This share is used for Windows NT-style point-and-print support.
361			# To be able to install drivers, you need to be either root, or listed
362			# in the printer admin parameter above. Note that you also need write access
363			# to the directory and share definition to be able to upload the drivers.
364			# For more information on this, please see the Printing Support Section of
365			# /usr/share/doc/samba-<version>/docs/Samba-HOWTO-Collection.pdf
366			[print$]
367			path = /var/lib/samba/printers
368			browseable = yes
369			read only = yes
370			write list = @adm root
371
372
373			# This one is useful for people to share files
374			;[tmp]
375			; comment = Temporary file space
376			; path = /tmp
377			; read only = no
378			; public = yes
379
380
381			# MS-DFS support is only available if Samba was compiled to
382			# include --with-msdfs
383			;[dfsroot]
384			; dfs root = yes
385
386
387			# A publicly accessible directory, but read only, except for people in
388			# the "staff" group
389			;[public]
390			; comment = Public Stuff
391			; path = /home/samba
392			; public = yes
393			; writable = yes
394			; printable = no
395			; write list = @staff
396
397
398			##
399			## Other examples.
400			##
401
402			# A private printer, usable only by fred. Spool data will be placed in fred's
403			# home directory. Note that fred must have write access to the spool directory,
404			# wherever it is.
405			;[fredsprn]
406			; comment = Fred's Printer
407			; valid users = fred
408			; path = /homes/fred
409			; printer = freds_printer
410			; public = no
411			; writable = no
412			; printable = yes
413
414			# A private directory, usable only by fred. Note that fred requires write
415			# access to the directory.
416			;[fredsdir]
417			; comment = Fred's Service
418			; path = /usr/somewhere/private
419			; valid users = fred
420			; public = no
421			; writable = yes
422			; printable = no
423
424			# a service which has a different directory for each machine that connects
425			# this allows you to tailor configurations to incoming machines. You could
426			# also use the %U option to tailor it by user name.
427			# The %m gets replaced with the machine name that is connecting.
428			;[pchome]
429			; comment = PC Directories
430			; path = /usr/pc/%m
431			; public = no
432			; writable = yes
433
434			# A publicly accessible directory, read/write to all users. Note that all files
435			# created in the directory by users will be owned by the default user, so
436			# any user with access can delete any other user's files. Obviously this
437			# directory must be writable by the default user. Another user could of course
438			# be specified, in which case all files would be owned by that user instead.
439			;[public]
440			; path = /usr/somewhere/else/public
441			; public = yes
442			; only guest = yes
443			; writable = yes
444			; printable = no
445
446			# The following two entries demonstrate how to share a directory so that two
447			# users can place files there that will be owned by the specific users. In this
448			# setup, the directory should be writable by both users and should have the
449			# sticky bit set on it to prevent abuse. Obviously this could be extended to
450			# as many users as required.
451			;[myshare]
452			; comment = Mary's and Fred's stuff
453			; path = /usr/somewhere/shared
454			; valid users = mary fred
455			; public = no
456			; writable = yes
457			; printable = no
458			; create mask = 0765
459
460