]>
Commit | Line | Data |
---|---|---|
94610c17 | 1 | # This is the main Samba configuration file. You should read the |
2 | # smb.conf(5) manual page in order to understand the options listed | |
3 | # here. Samba has a huge number of configurable options (perhaps too | |
4 | # many!) most of which are not shown in this example | |
5 | # | |
99fdb0b6 JR |
6 | # For a step to step guide on installing, configuring and using samba, |
7 | # read the Samba-HOWTO-Collection. This may be obtained from: | |
8 | # http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf | |
9 | # | |
10 | # Many working examples of smb.conf files can be found in the | |
11 | # Samba-Guide which is generated daily and can be downloaded from: | |
12 | # http://www.samba.org/samba/docs/Samba-Guide.pdf | |
13 | # | |
14 | # Any line which starts with a ; (semi-colon) or a # (hash) | |
94610c17 | 15 | # is a comment and is ignored. In this example we will use a # |
16 | # for commentry and a ; for parts of the config file that you | |
17 | # may wish to enable | |
18 | # | |
19 | # NOTE: Whenever you modify this file you should run the command "testparm" | |
99fdb0b6 | 20 | # to check that you have not made any basic syntactic errors. |
94610c17 | 21 | # |
22 | #======================= Global Settings ===================================== | |
23 | [global] | |
24 | ||
99fdb0b6 | 25 | # workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH |
94610c17 | 26 | workgroup = MYGROUP |
27 | ||
28 | # server string is the equivalent of the NT Description field | |
29 | server string = Samba Server | |
30 | ||
99fdb0b6 JR |
31 | # Server role. Defines in which mode Samba will operate. Possible |
32 | # values are "standalone server", "member server", "classic primary | |
33 | # domain controller", "classic backup domain controller", "active | |
34 | # directory domain controller". | |
35 | # | |
36 | # Most people will want "standalone sever" or "member server". | |
37 | # Running as "active directory domain controller" will require first | |
38 | # running "samba-tool domain provision" to wipe databases and create a | |
39 | # new domain. | |
40 | server role = standalone server | |
41 | ||
94610c17 | 42 | # This option is important for security. It allows you to restrict |
43 | # connections to machines which are on your local network. The | |
44 | # following example restricts access to two C class networks and | |
45 | # the "loopback" interface. For more examples of the syntax see | |
46 | # the smb.conf man page | |
47 | ; hosts allow = 192.168.1. 192.168.2. 127. | |
48 | ||
49 | # if you want to automatically load your printer list rather | |
50 | # than setting them up individually then you'll need this | |
51 | printcap name = /etc/printcap | |
52 | load printers = yes | |
53 | ||
54 | # It should not be necessary to spell out the print system type unless | |
55 | # yours is non-standard. Currently supported print systems include: | |
7c4ff631 | 56 | # bsd, sysv, plp, lprng, aix, hpux, qnx, cups |
99fdb0b6 | 57 | printing = cups |
94610c17 | 58 | |
59 | # Uncomment this if you want a guest account, you must add this to /etc/passwd | |
60 | # otherwise the user "nobody" is used | |
61 | ; guest account = pcguest | |
62 | ||
63 | # this tells Samba to use a separate log file for each machine | |
64 | # that connects | |
3df908aa | 65 | log file = /var/log/samba/log.%I |
94610c17 | 66 | |
67 | # Put a capping on the size of the log files (in Kb). | |
68 | max log size = 50 | |
69 | ||
99fdb0b6 JR |
70 | # Specifies the Kerberos or Active Directory realm the host is part of |
71 | ; realm = MY_REALM | |
72 | ||
94610c17 | 73 | # Security mode. Most people will want user level security. See |
aa01a999 | 74 | # /usr/share/doc/samba-doc-html-*/Samba3-HOWTO/ServerType.html for details. |
94610c17 | 75 | security = user |
99fdb0b6 | 76 | |
94610c17 | 77 | # Use password server option only with security = server |
78 | ; password server = <NT-Server-Name> | |
79 | ||
80 | # Password Level allows matching of _n_ characters of the password for | |
81 | # all combinations of upper and lower case. | |
82 | ; password level = 8 | |
83 | ; username level = 8 | |
84 | ||
6474fc1b | 85 | # You may wish to use password encryption. Please read Samba documentation. |
94610c17 | 86 | # Do not enable this option unless you have read those documents |
87 | ; encrypt passwords = yes | |
88 | ; smb passwd file = /etc/smbpasswd | |
89 | ||
90 | # The following are needed to allow password changing from Windows to | |
7c4ff631 | 91 | # update the Linux system password also. |
94610c17 | 92 | # NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above. |
93 | # NOTE2: You do NOT need these to allow workstations to change only | |
94 | # the encrypted SMB passwords. They allow the Unix password | |
95 | # to be kept in sync with the SMB password. | |
96 | ; unix password sync = Yes | |
97 | ; passwd program = /usr/bin/passwd %u | |
98 | ; passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* | |
99 | ||
99fdb0b6 JR |
100 | # Backend to store user information in. New installations should |
101 | # use either tdbsam or ldapsam. smbpasswd is available for backwards | |
102 | # compatibility. tdbsam requires no further configuration. | |
103 | ; passdb backend = tdbsam | |
104 | ||
94610c17 | 105 | # Unix users can map to different SMB User names |
106 | ; username map = /etc/samba/smbusers | |
107 | ||
108 | # Using the following line enables you to customise your configuration | |
109 | # on a per machine basis. The %m gets replaced with the netbios name | |
99fdb0b6 JR |
110 | # of the machine that is connecting. |
111 | # Note: Consider carefully the location in the configuration file of | |
112 | # this line. The included file is read at that point. | |
94610c17 | 113 | ; include = /etc/samba/smb.conf.%m |
114 | ||
115 | # Most people will find that this option gives better performance. | |
116 | # See speed.txt and the manual pages for details | |
99fdb0b6 | 117 | socket options = TCP_NODELAY |
94610c17 | 118 | |
119 | # Configure Samba to use multiple interfaces | |
120 | # If you have multiple network interfaces then you must list them | |
121 | # here. See the man page for details. | |
99fdb0b6 | 122 | ; interfaces = 192.168.12.2/24 192.168.13.2/24 |
94610c17 | 123 | |
124 | # Configure remote browse list synchronisation here | |
125 | # request announcement to, or browse list sync from: | |
126 | # a specific host or from / to a whole subnet (see below) | |
127 | ; remote browse sync = 192.168.3.25 192.168.5.255 | |
99fdb0b6 | 128 | |
94610c17 | 129 | # Cause this host to announce itself to local subnets here |
130 | ; remote announce = 192.168.1.255 192.168.2.44 | |
131 | ||
132 | # Browser Control Options: | |
133 | # set local master to no if you don't want Samba to become a master | |
134 | # browser on your network. Otherwise the normal election rules apply | |
135 | ; local master = no | |
136 | ||
137 | # OS Level determines the precedence of this server in master browser | |
138 | # elections. The default value should be reasonable | |
139 | ; os level = 33 | |
140 | ||
141 | # Domain Master specifies Samba to be the Domain Master Browser. This | |
142 | # allows Samba to collate browse lists between subnets. Don't use this | |
143 | # if you already have a Windows NT domain controller doing this job | |
99fdb0b6 | 144 | ; domain master = yes |
94610c17 | 145 | |
146 | # Preferred Master causes Samba to force a local browser election on startup | |
147 | # and gives it a slightly higher chance of winning the election | |
148 | ; preferred master = yes | |
149 | ||
150 | # Use only if you have an NT server on your network that has been | |
151 | # configured at install time to be a primary domain controller. | |
152 | ; domain controller = <NT-Domain-Controller-SMBName> | |
153 | ||
99fdb0b6 JR |
154 | # Enable this if you want Samba to be a domain logon server for |
155 | # Windows95 workstations. | |
94610c17 | 156 | ; domain logons = yes |
157 | ||
7c4ff631 | 158 | # If you enable domain logons then you may want a per-machine or |
94610c17 | 159 | # per user logon script |
160 | # run a specific logon batch file per workstation (machine) | |
161 | ; logon script = %m.bat | |
162 | # run a specific logon batch file per username | |
163 | ; logon script = %U.bat | |
164 | ||
165 | # Where to store roving profiles (only for Win95 and WinNT) | |
166 | # %L substitutes for this servers netbios name, %U is username | |
167 | # You must uncomment the [Profiles] share below | |
168 | ; logon path = \\%L\Profiles\%U | |
169 | ||
170 | # All NetBIOS names must be resolved to IP Addresses | |
171 | # 'Name Resolve Order' allows the named resolution mechanism to be specified | |
172 | # the default order is "host lmhosts wins bcast". "host" means use the unix | |
173 | # system gethostbyname() function call that will use either /etc/hosts OR | |
174 | # DNS or NIS depending on the settings of /etc/host.config, /etc/nsswitch.conf | |
175 | # and the /etc/resolv.conf file. "host" therefore is system configuration | |
176 | # dependant. This parameter is most often of use to prevent DNS lookups | |
177 | # in order to resolve NetBIOS names to IP Addresses. Use with care! | |
178 | # The example below excludes use of name resolution for machines that are NOT | |
179 | # on the local network segment | |
180 | # - OR - are not deliberately to be known via lmhosts or via WINS. | |
99fdb0b6 | 181 | ; name resolve order = wins lmhosts bcast |
94610c17 | 182 | |
183 | # Windows Internet Name Serving Support Section: | |
184 | # WINS Support - Tells the NMBD component of Samba to enable it's WINS Server | |
185 | ; wins support = yes | |
186 | ||
187 | # WINS Server - Tells the NMBD components of Samba to be a WINS Client | |
188 | # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both | |
189 | ; wins server = w.x.y.z | |
190 | ||
191 | # WINS Proxy - Tells Samba to answer name resolution queries on | |
192 | # behalf of a non WINS capable client, for this to work there must be | |
193 | # at least one WINS Server on the network. The default is NO. | |
194 | ; wins proxy = yes | |
195 | ||
196 | # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names | |
99fdb0b6 JR |
197 | # via DNS nslookups. The default is NO. |
198 | dns proxy = no | |
94610c17 | 199 | |
200 | # Case Preservation can be handy - system default is _no_ | |
201 | # NOTE: These can be set on a per share basis | |
202 | ; preserve case = no | |
203 | ; short preserve case = no | |
99fdb0b6 | 204 | |
94610c17 | 205 | # Default case is normally upper case for all DOS files |
206 | ; default case = lower | |
99fdb0b6 | 207 | |
94610c17 | 208 | # Be very careful with case sensitivity - it can break things! |
209 | ; case sensitive = no | |
210 | ||
08fef0bf | 211 | # Setting this to yes may cause problems when using kernel < 2.6 |
212 | # This option is ignored when Windows 9x client connects | |
e721830a | 213 | use sendfile = yes |
08fef0bf | 214 | |
99fdb0b6 JR |
215 | # These scripts are used on a domain controller or stand-alone |
216 | # machine to add or delete corresponding unix accounts | |
217 | ; add user script = /usr/sbin/useradd %u | |
218 | ; add group script = /usr/sbin/groupadd %g | |
219 | ; add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u | |
220 | ; delete user script = /usr/sbin/userdel %u | |
221 | ; delete user from group script = /usr/sbin/deluser %u %g | |
222 | ; delete group script = /usr/sbin/groupdel %g | |
223 | ||
224 | ||
94610c17 | 225 | #============================ Share Definitions ============================== |
226 | [homes] | |
227 | comment = Home Directories | |
228 | browseable = no | |
229 | writable = yes | |
230 | ||
231 | # Un-comment the following and create the netlogon directory for Domain Logons | |
232 | ; [netlogon] | |
233 | ; comment = Network Logon Service | |
234 | ; path = /home/netlogon | |
235 | ; guest ok = yes | |
236 | ; writable = no | |
237 | ; share modes = no | |
238 | ||
239 | ||
240 | # Un-comment the following to provide a specific roving profile share | |
241 | # the default is to use the user's home directory | |
242 | ;[Profiles] | |
243 | ; path = /home/profiles | |
244 | ; browseable = no | |
245 | ; guest ok = yes | |
246 | ||
247 | ||
248 | # NOTE: If you have a BSD-style print system there is no need to | |
249 | # specifically define each individual printer | |
250 | [printers] | |
251 | comment = All Printers | |
252 | path = /var/spool/samba | |
253 | browseable = no | |
254 | # Set public = yes to allow user 'guest account' to print | |
255 | guest ok = no | |
256 | writable = no | |
257 | printable = yes | |
258 | ||
259 | # This one is useful for people to share files | |
260 | ;[tmp] | |
261 | ; comment = Temporary file space | |
262 | ; path = /tmp | |
263 | ; read only = no | |
264 | ; public = yes | |
265 | ||
266 | # A publicly accessible directory, but read only, except for people in | |
267 | # the "staff" group | |
268 | ;[public] | |
269 | ; comment = Public Stuff | |
bbf7ec7d | 270 | ; path = /home/services/samba |
94610c17 | 271 | ; public = yes |
272 | ; writable = yes | |
273 | ; printable = no | |
274 | ; write list = @staff | |
275 | ||
99fdb0b6 | 276 | # Other examples. |
94610c17 | 277 | # |
278 | # A private printer, usable only by fred. Spool data will be placed in fred's | |
279 | # home directory. Note that fred must have write access to the spool directory, | |
280 | # wherever it is. | |
281 | ;[fredsprn] | |
282 | ; comment = Fred's Printer | |
283 | ; valid users = fred | |
284 | ; path = /homes/fred | |
285 | ; printer = freds_printer | |
286 | ; public = no | |
287 | ; writable = no | |
288 | ; printable = yes | |
289 | ||
290 | # A private directory, usable only by fred. Note that fred requires write | |
291 | # access to the directory. | |
292 | ;[fredsdir] | |
293 | ; comment = Fred's Service | |
294 | ; path = /usr/somewhere/private | |
295 | ; valid users = fred | |
296 | ; public = no | |
297 | ; writable = yes | |
298 | ; printable = no | |
299 | ||
99fdb0b6 | 300 | # a service which has a different directory for each machine that connects |
94610c17 | 301 | # this allows you to tailor configurations to incoming machines. You could |
99fdb0b6 | 302 | # also use the %U option to tailor it by user name. |
94610c17 | 303 | # The %m gets replaced with the machine name that is connecting. |
304 | ;[pchome] | |
305 | ; comment = PC Directories | |
306 | ; path = /usr/pc/%m | |
307 | ; public = no | |
308 | ; writable = yes | |
309 | ||
310 | # A publicly accessible directory, read/write to all users. Note that all files | |
311 | # created in the directory by users will be owned by the default user, so | |
312 | # any user with access can delete any other user's files. Obviously this | |
313 | # directory must be writable by the default user. Another user could of course | |
314 | # be specified, in which case all files would be owned by that user instead. | |
315 | ;[public] | |
316 | ; path = /usr/somewhere/else/public | |
317 | ; public = yes | |
318 | ; only guest = yes | |
319 | ; writable = yes | |
320 | ; printable = no | |
321 | ||
322 | # The following two entries demonstrate how to share a directory so that two | |
323 | # users can place files there that will be owned by the specific users. In this | |
324 | # setup, the directory should be writable by both users and should have the | |
325 | # sticky bit set on it to prevent abuse. Obviously this could be extended to | |
326 | # as many users as required. | |
327 | ;[myshare] | |
328 | ; comment = Mary's and Fred's stuff | |
329 | ; path = /usr/somewhere/shared | |
330 | ; valid users = mary fred | |
331 | ; public = no | |
332 | ; writable = yes | |
333 | ; printable = no | |
334 | ; create mask = 0765 | |
335 | ||
336 |