trunk/samba/smb.conf

# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not many any basic syntactic errors.
#
#======================= Global Settings =====================================
[global]

##
## Basic Server Settings
##

	# workgroup = NT-Domain-Name or Workgroup-Name
	workgroup = WORKGROUP

	# server string is the equivalent of the NT Description field
	server string = Samba Server

	# netbios name is the name you will see in "Network Neighbourhood",
	# but defaults to your hostname
	;  netbios name = <name_of_this_server>

	# This option is important for security. It allows you to restrict
	# connections to machines which are on your local network. The
	# following example restricts access to two C class networks and
	# the "loopback" interface. For more examples of the syntax see
	# the smb.conf man page
	; hosts allow = 192.168.1. 192.168.2.0./24 192.168.3.0/255.255.255.0 127.0.0.1

	# Uncomment this if you want a guest account, you must add this to /etc/passwd
	# otherwise the user "nobody" is used
	; guest account = pcguest

	# this tells Samba to use a separate log file for each machine
	# that connects
	log file = /var/log/samba/log.%m

	# How much information do you want to see in the logs?
	# default is only to log critical messages
	; log level = 3

	# Put a capping on the size of the log files (in Kb).
	max log size = 50

	# Security mode. Most people will want user level security. See
	# security_level.txt for details.
	security = user

	# Using the following line enables you to customise your configuration
	# on a per machine basis. The %m gets replaced with the netbios name
	# of the machine that is connecting.
	;   include = /etc/samba/smb.conf.%m

	# Most people will find that this option gives better performance.
	# See speed.txt and the manual pages for details
	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

	# Configure Samba to use multiple interfaces
	# If you have multiple network interfaces and want to limit smbd will
	# use, list the ones desired here.  Otherwise smbd & nmbd will bind to all
	# active interfaces on the system.  See the man page for details.
	;   interfaces = 192.168.12.2/24 192.168.13.2/24

	# Should smbd report that it has MS-DFS Capabilities? Only available
	# if --with-msdfs was passed to ./configure
	; host msdfs = yes

##
## Network Browsing
##
	# set local master to no if you don't want Samba to become a master
	# browser on your network. Otherwise the normal election rules apply
	; local master = no

	# OS Level determines the precedence of this server in master browser
	# elections. The default value (33) should be reasonable
	; os level = 33

	# Domain Master specifies Samba to be the Domain Master Browser. This
	# allows Samba to collate browse lists between subnets. Don't use this
	# if you already have a Windows NT domain controller doing this job
	; domain master = yes

	# Preferred Master causes Samba to force a local browser election on startup
	# and gives it a slightly higher chance of winning the election
	; preferred master = yes


##
## WINS & Name Resolution
##
	# All NetBIOS names must be resolved to IP Addresses
	# 'Name Resolve Order' allows the named resolution mechanism to be specified
	# the default order is "host lmhosts wins bcast". "host" means use the unix
	# system gethostbyname() function call that will use either /etc/hosts OR
	# DNS or NIS depending on the settings of /etc/host.config, /etc/nsswitch.conf
	# and the /etc/resolv.conf file. "host" therefore is system configuration
	# dependant. This parameter is most often of use to prevent DNS lookups
	# in order to resolve NetBIOS names to IP Addresses. Use with care!
	# The example below excludes use of name resolution for machines that are NOT
	# on the local network segment
	# - OR - are not deliberately to be known via lmhosts or via WINS.
	; name resolve order = wins lmhosts bcast

	# Windows Internet Name Serving Support Section:
	# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
	; wins support = yes

	# WINS Server - Tells the NMBD components of Samba to be a WINS Client
	#	Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
	; wins server = w.x.y.z

	# WINS Proxy - Tells Samba to answer name resolution queries on
	# behalf of a non WINS capable client, for this to work there must be
	# at least one	WINS Server on the network. The default is NO.
	; wins proxy = yes

	# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
	# via DNS nslookups.
	dns proxy = no


##
## Passwords & Authentication
##
	# Use password server option only with security = server
	# The argument list may include:
	#   password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
	# or to auto-locate the domain controller/s
	# When using security = domain, you should use password server = *
	;   password server = *
	;   password server = <NT-Server-Name>

	# You may wish to use password encryption. Please read
	# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
	# Do not enable this option unless you have read those documents
	# Encrypted passwords are required to samba in a Windows NT domain
	encrypt passwords = yes
	
	# The smbpasswd file is only required by a server doing authentication, thus
	# members of a domain do not need one.
	smb passwd file = /var/lib/samba/private/smbpasswd

	# Should smbd obey the session and account lines in /etc/pam.d/samba ?
	# only available if --with-pam was used at compile time
	; obey pam restrictions = yes

	# When using encrypted passwords, Samba can synchronize the local
	# UNIX password as well.  You will also need the "passwd chat" parameters
	; unix password sync = yes

	# how should smbd talk to the local system when changing a UNIX
	# password?  See smb.conf(5) for details
	# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above.
	# NOTE2: You do NOT need these to allow workstations to change only
	#        the encrypted SMB passwords. They allow the Unix password
	#        to be kept in sync with the SMB password.
	# passwd chat = <custom chat string>
	;  unix password sync = Yes
	;  passwd program = /usr/bin/passwd %u
	;  passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n
	;*passwd:*all*authentication*tokens*updated*successfully*
	

	# This is only available if you compiled Samba to include --with-pam
	# Use PAM for changing the password
	; pam password change = yes

	# Unix users can map to different SMB User names
	;  username map = /etc/samba/smbusers


##
## Domain Control
##
	# Enable this if you want Samba act as a domain controller.
	# make sure you have read the Samba-PDC-HOWTO included in the documentation
	# before enabling this parameter
	;   domain logons = yes

	# if you enable domain logons then you may want a per-machine or
	# per user logon script
	# run a specific logon batch file per workstation (machine)
	; logon script = %m.bat
	# run a specific logon batch file per username
	; logon script = %U.bat

	# Where to store roving profiles (only for Win95 and WinNT)
	#        %L substitutes for this servers netbios name, %U is username
	#        You must uncomment the [Profiles] share below
	; logon path = \\%L\Profiles\%U

	# UNC path specifying the network location of the user's home directory
	# only used when acting as a DC for WinNT/2k/XP.  Ignored by Win9x clients
	; logon home = \\%L\%U\.profile

	# The add user script is used by a domain member to add local user accounts
	# that have been authenticated by the domain controller, or by the domain
	# controller to add local machine accounts when adding machines to the domain.
	# The script must work from the command line when replacing the macros,
	# or the operation will fail. Check that groups exist if forcing a group.
	# Script for domain controller for adding machines:
	; add user script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine Accoun$
	# Script for domain member for adding local accounts for authenticated users:
	; add user script = /usr/sbin/useradd -s /bin/false %u

	# These scripts are used on a domain controller or stand-alone
	# machine to add or delete corresponding unix accounts
	;  add user script = /usr/sbin/useradd %u
	;  add group script = /usr/sbin/groupadd %g
	;  add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
	;  delete user script = /usr/sbin/userdel %u
	;  delete user from group script = /usr/sbin/deluser %u %g
	;  delete group script = /usr/sbin/groupdel %g

	# domain admin group is a list of unix users or groups who are made members
	# of the Domain Admin group
	; domain admin group = root @wheel
	#
	# domain guest groups is a list of unix users or groups who are made members
	# of the Domain Guests group
	; domain guest group = nobody @guest

	# What drive should the "logon home" be mounted at upon login ?
	# only used when acting as a DC for WinNT/2k/XP.  Ignored by Win9x clients
	; logon drive = H:

##
## Printing
##

	# If you want to automatically load your printer list rather
	# than setting them up individually then you'll need this
	load printers = yes

	# you may wish to override the location of the printcap file
	# cups printing is the default
	printcap name = lpstat

	# It should not be necessary to specify the print system type unless
	# it is non-standard. Currently supported print systems include:
	# bsd, sysv, plp, lprng, aix, hpux, qnxm, cups
	printing = cups

	# list of users and groups which should be able to remotely manage
	# printer drivers installed on the server
	# printer admin = @<group> <user>
	; printer admin = @adm


##
## Winbind
##

	# specify the uid range which can be used by winbindd
	# to allocate uids for Windows users as necessary
	; winbind uid = 10000-20000

	# specify the uid range which can be used by winbindd
	# to allocate uids for Windows users as necessary
	; winbind gid = 10000-20000

	# Define a home directory to be given to passwd(5) style entries
	# generated by libnss_winbind.so.  You can use variables here
	; winbind template homedir = /home/%D/%U

	# Specify a shell for all winbind user entries return by the
	# libnss_winbind.so library.
	; winbind template shell = /bin/bash

	# What character should be used to separate the DOMAIN and Username
	# for a Windows user.  The default is DOMAIN\user, but many people
	# prefer DOMAIN+user
	; winbind separator = +


###
### File Naming
###
	# Case Preservation can be handy - system default is _no_
	# NOTE: These can be set on a per share basis
	;  preserve case = no
	;  short preserve case = no
	# Default case is normally upper case for all DOS files
	;  default case = lower
	# Be very careful with case sensitivity - it can break things!
	;  case sensitive = no

	# you can match a Windows code page with a UNIX character set.
	# Windows: 437 (US), 737 (GREEK), 850 (Latin1 - Western European),
	# 852 (Eastern Eu.), 861 (Icelandic), 932 (Cyrillic - Russian),
	# 936 (Japanese - Shift-JIS), 936 (Simpl. Chinese), 949 (Korean Hangul),
	# 950 (Trad. Chin.).
	# UNIX: ISO8859-1 (Western European), ISO8859-2 (Eastern Eu.),
	# ISO8859-5 (Russian Cyrillic), KOI8-R (Alt-Russ. Cyril.)
	# This is an example for french users:
	;   client code page = 850
	;   character set = ISO8859-1

#============================ Share Definitions ==============================
[homes]
     comment = Home Directories
     browseable = no
     writable = yes

# Un-comment the following and create the netlogon directory for Domain Logons
; [netlogon]
;    comment = Network Logon Service
;    path = /var/lib/samba/netlogon
;    guest ok = yes
;    writable = no
;    share modes = no


# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
;[Profiles]
;    path = /var/lib/samba/profiles
;    browseable = no
;    guest ok = yes


# NOTE: If you have a CUPS or BSD-style print system there is no need to
# specifically define each individual printer
[printers]
   comment = All Printers
   path = /var/spool/samba
   browseable = no

   # Set guest ok = yes to allow user 'guest account' to print
   guest ok = yes

   writable = no
   printable = yes
   create mode = 0700

   # You must configure the samba printers with the appropriate Windows
   # drivers on your Windows clients. On the Samba server no filtering is
   # done. If you wish that the server provides the driver and the clients
   # send PostScript ("Generic PostScript Printer" under Windows), you have
   # to swap the 'print command' line below with the commented one.
   print command = lpr -P %p -o raw %s -r   # using client side printer drivers.
   ; print command = lpr -P %p %s # using cups own drivers (use generic PostScript on clients).

   # The following two commands are the samba defaults for printing=cups
   # change them only if you need different options:
   ; lpq command = lpq -P %p
   ; lprm command = cancel %p-%j


# This share is used for Windows NT-style point-and-print support.
# To be able to install drivers, you need to be either root, or listed
# in the printer admin parameter above. Note that you also need write access
# to the directory and share definition to be able to upload the drivers.
# For more information on this, please see the Printing Support Section of
# /usr/share/doc/samba-<version>/docs/Samba-HOWTO-Collection.pdf
[print$]
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   write list = @adm root


# This one is useful for people to share files
;[tmp]
;   comment = Temporary file space
;   path = /tmp
;   read only = no
;   public = yes


# MS-DFS support is only available if Samba was compiled to
# include --with-msdfs
;[dfsroot]
;   dfs root = yes


# A publicly accessible directory, but read only, except for people in
# the "staff" group
;[public]
;   comment = Public Stuff
;   path = /home/samba
;   public = yes
;   writable = yes
;   printable = no
;   write list = @staff


##
## Other examples.
##

# A private printer, usable only by fred. Spool data will be placed in fred's
# home directory. Note that fred must have write access to the spool directory,
# wherever it is.
;[fredsprn]
;   comment = Fred's Printer
;   valid users = fred
;   path = /homes/fred
;   printer = freds_printer
;   public = no
;   writable = no
;   printable = yes

# A private directory, usable only by fred. Note that fred requires write
# access to the directory.
;[fredsdir]
;   comment = Fred's Service
;   path = /usr/somewhere/private
;   valid users = fred
;   public = no
;   writable = yes
;   printable = no

# a service which has a different directory for each machine that connects
# this allows you to tailor configurations to incoming machines. You could
# also use the %U option to tailor it by user name.
# The %m gets replaced with the machine name that is connecting.
;[pchome]
;  comment = PC Directories
;  path = /usr/pc/%m
;  public = no
;  writable = yes

# A publicly accessible directory, read/write to all users. Note that all files
# created in the directory by users will be owned by the default user, so
# any user with access can delete any other user's files. Obviously this
# directory must be writable by the default user. Another user could of course
# be specified, in which case all files would be owned by that user instead.
;[public]
;   path = /usr/somewhere/else/public
;   public = yes
;   only guest = yes
;   writable = yes
;   printable = no

# The following two entries demonstrate how to share a directory so that two
# users can place files there that will be owned by the specific users. In this
# setup, the directory should be writable by both users and should have the
# sticky bit set on it to prevent abuse. Obviously this could be extended to
# as many users as required.
;[myshare]
;   comment = Mary's and Fred's stuff
;   path = /usr/somewhere/shared
;   valid users = mary fred
;   public = no
;   writable = yes
;   printable = no
;   create mask = 0765


1	# This is the main Samba configuration file. You should read the
2	# smb.conf(5) manual page in order to understand the options listed
3	# here. Samba has a huge number of configurable options (perhaps too
4	# many!) most of which are not shown in this example
5	#
6	# Any line which starts with a ; (semi-colon) or a # (hash)
7	# is a comment and is ignored. In this example we will use a #
8	# for commentry and a ; for parts of the config file that you
9	# may wish to enable
10	#
11	# NOTE: Whenever you modify this file you should run the command "testparm"
12	# to check that you have not many any basic syntactic errors.
13	#
14	#======================= Global Settings =====================================
15	[global]
16
17	##
18	## Basic Server Settings
19	##
20
21	# workgroup = NT-Domain-Name or Workgroup-Name
22	workgroup = WORKGROUP
23
24	# server string is the equivalent of the NT Description field
25	server string = Samba Server
26
27	# netbios name is the name you will see in "Network Neighbourhood",
28	# but defaults to your hostname
29	; netbios name = <name_of_this_server>
30
31	# This option is important for security. It allows you to restrict
32	# connections to machines which are on your local network. The
33	# following example restricts access to two C class networks and
34	# the "loopback" interface. For more examples of the syntax see
35	# the smb.conf man page
36	; hosts allow = 192.168.1. 192.168.2.0./24 192.168.3.0/255.255.255.0 127.0.0.1
37
38	# Uncomment this if you want a guest account, you must add this to /etc/passwd
39	# otherwise the user "nobody" is used
40	; guest account = pcguest
41
42	# this tells Samba to use a separate log file for each machine
43	# that connects
44	log file = /var/log/samba/log.%m
45
46	# How much information do you want to see in the logs?
47	# default is only to log critical messages
48	; log level = 3
49
50	# Put a capping on the size of the log files (in Kb).
51	max log size = 50
52
53	# Security mode. Most people will want user level security. See
54	# security_level.txt for details.
55	security = user
56
57	# Using the following line enables you to customise your configuration
58	# on a per machine basis. The %m gets replaced with the netbios name
59	# of the machine that is connecting.
60	; include = /etc/samba/smb.conf.%m
61
62	# Most people will find that this option gives better performance.
63	# See speed.txt and the manual pages for details
64	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
65
66	# Configure Samba to use multiple interfaces
67	# If you have multiple network interfaces and want to limit smbd will
68	# use, list the ones desired here. Otherwise smbd & nmbd will bind to all
69	# active interfaces on the system. See the man page for details.
70	; interfaces = 192.168.12.2/24 192.168.13.2/24
71
72	# Should smbd report that it has MS-DFS Capabilities? Only available
73	# if --with-msdfs was passed to ./configure
74	; host msdfs = yes
75
76	##
77	## Network Browsing
78	##
79	# set local master to no if you don't want Samba to become a master
80	# browser on your network. Otherwise the normal election rules apply
81	; local master = no
82
83	# OS Level determines the precedence of this server in master browser
84	# elections. The default value (33) should be reasonable
85	; os level = 33
86
87	# Domain Master specifies Samba to be the Domain Master Browser. This
88	# allows Samba to collate browse lists between subnets. Don't use this
89	# if you already have a Windows NT domain controller doing this job
90	; domain master = yes
91
92	# Preferred Master causes Samba to force a local browser election on startup
93	# and gives it a slightly higher chance of winning the election
94	; preferred master = yes
95
96
97	##
98	## WINS & Name Resolution
99	##
100	# All NetBIOS names must be resolved to IP Addresses
101	# 'Name Resolve Order' allows the named resolution mechanism to be specified
102	# the default order is "host lmhosts wins bcast". "host" means use the unix
103	# system gethostbyname() function call that will use either /etc/hosts OR
104	# DNS or NIS depending on the settings of /etc/host.config, /etc/nsswitch.conf
105	# and the /etc/resolv.conf file. "host" therefore is system configuration
106	# dependant. This parameter is most often of use to prevent DNS lookups
107	# in order to resolve NetBIOS names to IP Addresses. Use with care!
108	# The example below excludes use of name resolution for machines that are NOT
109	# on the local network segment
110	# - OR - are not deliberately to be known via lmhosts or via WINS.
111	; name resolve order = wins lmhosts bcast
112
113	# Windows Internet Name Serving Support Section:
114	# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
115	; wins support = yes
116
117	# WINS Server - Tells the NMBD components of Samba to be a WINS Client
118	# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
119	; wins server = w.x.y.z
120
121	# WINS Proxy - Tells Samba to answer name resolution queries on
122	# behalf of a non WINS capable client, for this to work there must be
123	# at least one WINS Server on the network. The default is NO.
124	; wins proxy = yes
125
126	# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
127	# via DNS nslookups.
128	dns proxy = no
129
130
131	##
132	## Passwords & Authentication
133	##
134	# Use password server option only with security = server
135	# The argument list may include:
136	# password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
137	# or to auto-locate the domain controller/s
138	# When using security = domain, you should use password server = *
139	; password server = *
140	; password server = <NT-Server-Name>
141
142	# You may wish to use password encryption. Please read
143	# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
144	# Do not enable this option unless you have read those documents
145	# Encrypted passwords are required to samba in a Windows NT domain
146	encrypt passwords = yes
147
148	# The smbpasswd file is only required by a server doing authentication, thus
149	# members of a domain do not need one.
150	smb passwd file = /var/lib/samba/private/smbpasswd
151
152	# Should smbd obey the session and account lines in /etc/pam.d/samba ?
153	# only available if --with-pam was used at compile time
154	; obey pam restrictions = yes
155
156	# When using encrypted passwords, Samba can synchronize the local
157	# UNIX password as well. You will also need the "passwd chat" parameters
158	; unix password sync = yes
159
160	# how should smbd talk to the local system when changing a UNIX
161	# password? See smb.conf(5) for details
162	# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above.
163	# NOTE2: You do NOT need these to allow workstations to change only
164	# the encrypted SMB passwords. They allow the Unix password
165	# to be kept in sync with the SMB password.
166	# passwd chat = <custom chat string>
167	; unix password sync = Yes
168	; passwd program = /usr/bin/passwd %u
169	; passwd chat = NewUNIXpassword %n\n ReTypenewUNIXpassword* %n\n
170	;passwd:allauthenticationtokensupdatedsuccessfully*
171
172
173	# This is only available if you compiled Samba to include --with-pam
174	# Use PAM for changing the password
175	; pam password change = yes
176
177	# Unix users can map to different SMB User names
178	; username map = /etc/samba/smbusers
179
180
181	##
182	## Domain Control
183	##
184	# Enable this if you want Samba act as a domain controller.
185	# make sure you have read the Samba-PDC-HOWTO included in the documentation
186	# before enabling this parameter
187	; domain logons = yes
188
189	# if you enable domain logons then you may want a per-machine or
190	# per user logon script
191	# run a specific logon batch file per workstation (machine)
192	; logon script = %m.bat
193	# run a specific logon batch file per username
194	; logon script = %U.bat
195
196	# Where to store roving profiles (only for Win95 and WinNT)
197	# %L substitutes for this servers netbios name, %U is username
198	# You must uncomment the [Profiles] share below
199	; logon path = \\%L\Profiles\%U
200
201	# UNC path specifying the network location of the user's home directory
202	# only used when acting as a DC for WinNT/2k/XP. Ignored by Win9x clients
203	; logon home = \\%L\%U\.profile
204
205	# The add user script is used by a domain member to add local user accounts
206	# that have been authenticated by the domain controller, or by the domain
207	# controller to add local machine accounts when adding machines to the domain.
208	# The script must work from the command line when replacing the macros,
209	# or the operation will fail. Check that groups exist if forcing a group.
210	# Script for domain controller for adding machines:
211	; add user script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine Accoun$
212	# Script for domain member for adding local accounts for authenticated users:
213	; add user script = /usr/sbin/useradd -s /bin/false %u
214
215	# These scripts are used on a domain controller or stand-alone
216	# machine to add or delete corresponding unix accounts
217	; add user script = /usr/sbin/useradd %u
218	; add group script = /usr/sbin/groupadd %g
219	; add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
220	; delete user script = /usr/sbin/userdel %u
221	; delete user from group script = /usr/sbin/deluser %u %g
222	; delete group script = /usr/sbin/groupdel %g
223
224	# domain admin group is a list of unix users or groups who are made members
225	# of the Domain Admin group
226	; domain admin group = root @wheel
227	#
228	# domain guest groups is a list of unix users or groups who are made members
229	# of the Domain Guests group
230	; domain guest group = nobody @guest
231
232	# What drive should the "logon home" be mounted at upon login ?
233	# only used when acting as a DC for WinNT/2k/XP. Ignored by Win9x clients
234	; logon drive = H:
235
236	##
237	## Printing
238	##
239
240	# If you want to automatically load your printer list rather
241	# than setting them up individually then you'll need this
242	load printers = yes
243
244	# you may wish to override the location of the printcap file
245	# cups printing is the default
246	printcap name = lpstat
247
248	# It should not be necessary to specify the print system type unless
249	# it is non-standard. Currently supported print systems include:
250	# bsd, sysv, plp, lprng, aix, hpux, qnxm, cups
251	printing = cups
252
253	# list of users and groups which should be able to remotely manage
254	# printer drivers installed on the server
255	# printer admin = @<group> <user>
256	; printer admin = @adm
257
258
259	##
260	## Winbind
261	##
262
263	# specify the uid range which can be used by winbindd
264	# to allocate uids for Windows users as necessary
265	; winbind uid = 10000-20000
266
267	# specify the uid range which can be used by winbindd
268	# to allocate uids for Windows users as necessary
269	; winbind gid = 10000-20000
270
271	# Define a home directory to be given to passwd(5) style entries
272	# generated by libnss_winbind.so. You can use variables here
273	; winbind template homedir = /home/%D/%U
274
275	# Specify a shell for all winbind user entries return by the
276	# libnss_winbind.so library.
277	; winbind template shell = /bin/bash
278
279	# What character should be used to separate the DOMAIN and Username
280	# for a Windows user. The default is DOMAIN\user, but many people
281	# prefer DOMAIN+user
282	; winbind separator = +
283
284
285
286	###
287	### File Naming
288	###
289	# Case Preservation can be handy - system default is _no_
290	# NOTE: These can be set on a per share basis
291	; preserve case = no
292	; short preserve case = no
293	# Default case is normally upper case for all DOS files
294	; default case = lower
295	# Be very careful with case sensitivity - it can break things!
296	; case sensitive = no
297
298	# you can match a Windows code page with a UNIX character set.
299	# Windows: 437 (US), 737 (GREEK), 850 (Latin1 - Western European),
300	# 852 (Eastern Eu.), 861 (Icelandic), 932 (Cyrillic - Russian),
301	# 936 (Japanese - Shift-JIS), 936 (Simpl. Chinese), 949 (Korean Hangul),
302	# 950 (Trad. Chin.).
303	# UNIX: ISO8859-1 (Western European), ISO8859-2 (Eastern Eu.),
304	# ISO8859-5 (Russian Cyrillic), KOI8-R (Alt-Russ. Cyril.)
305	# This is an example for french users:
306	; client code page = 850
307	; character set = ISO8859-1
308
309	#============================ Share Definitions ==============================
310	[homes]
311	comment = Home Directories
312	browseable = no
313	writable = yes
314
315	# Un-comment the following and create the netlogon directory for Domain Logons
316	; [netlogon]
317	; comment = Network Logon Service
318	; path = /var/lib/samba/netlogon
319	; guest ok = yes
320	; writable = no
321	; share modes = no
322
323
324	# Un-comment the following to provide a specific roving profile share
325	# the default is to use the user's home directory
326	;[Profiles]
327	; path = /var/lib/samba/profiles
328	; browseable = no
329	; guest ok = yes
330
331
332	# NOTE: If you have a CUPS or BSD-style print system there is no need to
333	# specifically define each individual printer
334	[printers]
335	comment = All Printers
336	path = /var/spool/samba
337	browseable = no
338
339	# Set guest ok = yes to allow user 'guest account' to print
340	guest ok = yes
341
342	writable = no
343	printable = yes
344	create mode = 0700
345
346	# You must configure the samba printers with the appropriate Windows
347	# drivers on your Windows clients. On the Samba server no filtering is
348	# done. If you wish that the server provides the driver and the clients
349	# send PostScript ("Generic PostScript Printer" under Windows), you have
350	# to swap the 'print command' line below with the commented one.
351	print command = lpr -P %p -o raw %s -r # using client side printer drivers.
352	; print command = lpr -P %p %s # using cups own drivers (use generic PostScript on clients).
353
354	# The following two commands are the samba defaults for printing=cups
355	# change them only if you need different options:
356	; lpq command = lpq -P %p
357	; lprm command = cancel %p-%j
358
359
360	# This share is used for Windows NT-style point-and-print support.
361	# To be able to install drivers, you need to be either root, or listed
362	# in the printer admin parameter above. Note that you also need write access
363	# to the directory and share definition to be able to upload the drivers.
364	# For more information on this, please see the Printing Support Section of
365	# /usr/share/doc/samba-<version>/docs/Samba-HOWTO-Collection.pdf
366	[print$]
367	path = /var/lib/samba/printers
368	browseable = yes
369	read only = yes
370	write list = @adm root
371
372
373	# This one is useful for people to share files
374	;[tmp]
375	; comment = Temporary file space
376	; path = /tmp
377	; read only = no
378	; public = yes
379
380
381	# MS-DFS support is only available if Samba was compiled to
382	# include --with-msdfs
383	;[dfsroot]
384	; dfs root = yes
385
386
387	# A publicly accessible directory, but read only, except for people in
388	# the "staff" group
389	;[public]
390	; comment = Public Stuff
391	; path = /home/samba
392	; public = yes
393	; writable = yes
394	; printable = no
395	; write list = @staff
396
397
398	##
399	## Other examples.
400	##
401
402	# A private printer, usable only by fred. Spool data will be placed in fred's
403	# home directory. Note that fred must have write access to the spool directory,
404	# wherever it is.
405	;[fredsprn]
406	; comment = Fred's Printer
407	; valid users = fred
408	; path = /homes/fred
409	; printer = freds_printer
410	; public = no
411	; writable = no
412	; printable = yes
413
414	# A private directory, usable only by fred. Note that fred requires write
415	# access to the directory.
416	;[fredsdir]
417	; comment = Fred's Service
418	; path = /usr/somewhere/private
419	; valid users = fred
420	; public = no
421	; writable = yes
422	; printable = no
423
424	# a service which has a different directory for each machine that connects
425	# this allows you to tailor configurations to incoming machines. You could
426	# also use the %U option to tailor it by user name.
427	# The %m gets replaced with the machine name that is connecting.
428	;[pchome]
429	; comment = PC Directories
430	; path = /usr/pc/%m
431	; public = no
432	; writable = yes
433
434	# A publicly accessible directory, read/write to all users. Note that all files
435	# created in the directory by users will be owned by the default user, so
436	# any user with access can delete any other user's files. Obviously this
437	# directory must be writable by the default user. Another user could of course
438	# be specified, in which case all files would be owned by that user instead.
439	;[public]
440	; path = /usr/somewhere/else/public
441	; public = yes
442	; only guest = yes
443	; writable = yes
444	; printable = no
445
446	# The following two entries demonstrate how to share a directory so that two
447	# users can place files there that will be owned by the specific users. In this
448	# setup, the directory should be writable by both users and should have the
449	# sticky bit set on it to prevent abuse. Obviously this could be extended to
450	# as many users as required.
451	;[myshare]
452	; comment = Mary's and Fred's stuff
453	; path = /usr/somewhere/shared
454	; valid users = mary fred
455	; public = no
456	; writable = yes
457	; printable = no
458	; create mask = 0765
459
460