[packages/samba.git] / smb.conf

# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# Any line which starts with a ; (semi-colon) or a # (hash) 
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not many any basic syntactic errors. 
#
#======================= Global Settings =====================================
[global]

# workgroup = NT-Domain-Name or Workgroup-Name
   workgroup = MYGROUP

# server string is the equivalent of the NT Description field
   server string = Samba Server

# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
;   hosts allow = 192.168.1. 192.168.2. 127.

# if you want to automatically load your printer list rather
# than setting them up individually then you'll need this
   printcap name = /etc/printcap
   load printers = yes

# It should not be necessary to spell out the print system type unless
# yours is non-standard. Currently supported print systems include:
# bsd, sysv, plp, lprng, aix, hpux, qnx
;   printing = bsd

# Uncomment this if you want a guest account, you must add this to /etc/passwd
# otherwise the user "nobody" is used
;  guest account = pcguest

# this tells Samba to use a separate log file for each machine
# that connects
   log file = /var/log/samba/log.%m

# Put a capping on the size of the log files (in Kb).
   max log size = 50

# Security mode. Most people will want user level security. See
# security_level.txt for details.
   security = user
# Use password server option only with security = server
;   password server = <NT-Server-Name>

# Password Level allows matching of _n_ characters of the password for
# all combinations of upper and lower case.
;  password level = 8
;  username level = 8

# You may wish to use password encryption. Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
# Do not enable this option unless you have read those documents
;  encrypt passwords = yes
;  smb passwd file = /etc/smbpasswd

# The following are needed to allow password changing from Windows to
# update the Linux sytsem password also.
# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above.
# NOTE2: You do NOT need these to allow workstations to change only
#        the encrypted SMB passwords. They allow the Unix password
#        to be kept in sync with the SMB password.
;  unix password sync = Yes
;  passwd program = /usr/bin/passwd %u
;  passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*

# Unix users can map to different SMB User names
;  username map = /etc/samba/smbusers

# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
;   include = /etc/samba/smb.conf.%m

# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details
   socket options = TCP_NODELAY 

# Configure Samba to use multiple interfaces
# If you have multiple network interfaces then you must list them
# here. See the man page for details.
;   interfaces = 192.168.12.2/24 192.168.13.2/24 

# Configure remote browse list synchronisation here
#  request announcement to, or browse list sync from:
#	a specific host or from / to a whole subnet (see below)
;   remote browse sync = 192.168.3.25 192.168.5.255
# Cause this host to announce itself to local subnets here
;   remote announce = 192.168.1.255 192.168.2.44

# Browser Control Options:
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
;   local master = no

# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
;   os level = 33

# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
;   domain master = yes 

# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
;   preferred master = yes

# Use only if you have an NT server on your network that has been
# configured at install time to be a primary domain controller.
;   domain controller = <NT-Domain-Controller-SMBName>

# Enable this if you want Samba to be a domain logon server for 
# Windows95 workstations. 
;   domain logons = yes

# if you enable domain logons then you may want a per-machine or
# per user logon script
# run a specific logon batch file per workstation (machine)
;   logon script = %m.bat
# run a specific logon batch file per username
;   logon script = %U.bat

# Where to store roving profiles (only for Win95 and WinNT)
#        %L substitutes for this servers netbios name, %U is username
#        You must uncomment the [Profiles] share below
;   logon path = \\%L\Profiles\%U

# All NetBIOS names must be resolved to IP Addresses
# 'Name Resolve Order' allows the named resolution mechanism to be specified
# the default order is "host lmhosts wins bcast". "host" means use the unix
# system gethostbyname() function call that will use either /etc/hosts OR
# DNS or NIS depending on the settings of /etc/host.config, /etc/nsswitch.conf
# and the /etc/resolv.conf file. "host" therefore is system configuration
# dependant. This parameter is most often of use to prevent DNS lookups
# in order to resolve NetBIOS names to IP Addresses. Use with care!
# The example below excludes use of name resolution for machines that are NOT
# on the local network segment
# - OR - are not deliberately to be known via lmhosts or via WINS.
; name resolve order = wins lmhosts bcast

# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
;   wins support = yes

# WINS Server - Tells the NMBD components of Samba to be a WINS Client
#	Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
;   wins server = w.x.y.z

# WINS Proxy - Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one	WINS Server on the network. The default is NO.
;   wins proxy = yes

# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The built-in default for versions 1.9.17 is yes,
# this has been changed in version 1.9.18 to no.
   dns proxy = no 

# Case Preservation can be handy - system default is _no_
# NOTE: These can be set on a per share basis
;  preserve case = no
;  short preserve case = no
# Default case is normally upper case for all DOS files
;  default case = lower
# Be very careful with case sensitivity - it can break things!
;  case sensitive = no

#============================ Share Definitions ==============================
[homes]
   comment = Home Directories
   browseable = no
   writable = yes

# Un-comment the following and create the netlogon directory for Domain Logons
; [netlogon]
;   comment = Network Logon Service
;   path = /home/netlogon
;   guest ok = yes
;   writable = no
;   share modes = no


# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
;[Profiles]
;    path = /home/profiles
;    browseable = no
;    guest ok = yes


# NOTE: If you have a BSD-style print system there is no need to 
# specifically define each individual printer
[printers]
   comment = All Printers
   path = /var/spool/samba
   browseable = no
# Set public = yes to allow user 'guest account' to print
   guest ok = no
   writable = no
   printable = yes

# This one is useful for people to share files
;[tmp]
;   comment = Temporary file space
;   path = /tmp
;   read only = no
;   public = yes

# A publicly accessible directory, but read only, except for people in
# the "staff" group
;[public]
;   comment = Public Stuff
;   path = /home/samba
;   public = yes
;   writable = yes
;   printable = no
;   write list = @staff

# Other examples. 
#
# A private printer, usable only by fred. Spool data will be placed in fred's
# home directory. Note that fred must have write access to the spool directory,
# wherever it is.
;[fredsprn]
;   comment = Fred's Printer
;   valid users = fred
;   path = /homes/fred
;   printer = freds_printer
;   public = no
;   writable = no
;   printable = yes

# A private directory, usable only by fred. Note that fred requires write
# access to the directory.
;[fredsdir]
;   comment = Fred's Service
;   path = /usr/somewhere/private
;   valid users = fred
;   public = no
;   writable = yes
;   printable = no

# a service which has a different directory for each machine that connects
# this allows you to tailor configurations to incoming machines. You could
# also use the %u option to tailor it by user name.
# The %m gets replaced with the machine name that is connecting.
;[pchome]
;  comment = PC Directories
;  path = /usr/pc/%m
;  public = no
;  writable = yes

# A publicly accessible directory, read/write to all users. Note that all files
# created in the directory by users will be owned by the default user, so
# any user with access can delete any other user's files. Obviously this
# directory must be writable by the default user. Another user could of course
# be specified, in which case all files would be owned by that user instead.
;[public]
;   path = /usr/somewhere/else/public
;   public = yes
;   only guest = yes
;   writable = yes
;   printable = no

# The following two entries demonstrate how to share a directory so that two
# users can place files there that will be owned by the specific users. In this
# setup, the directory should be writable by both users and should have the
# sticky bit set on it to prevent abuse. Obviously this could be extended to
# as many users as required.
;[myshare]
;   comment = Mary's and Fred's stuff
;   path = /usr/somewhere/shared
;   valid users = mary fred
;   public = no
;   writable = yes
;   printable = no
;   create mask = 0765
Commit	Line	Data
94610c17	1	# This is the main Samba configuration file. You should read the
	2	# smb.conf(5) manual page in order to understand the options listed
	3	# here. Samba has a huge number of configurable options (perhaps too
	4	# many!) most of which are not shown in this example
	5	#
	6	# Any line which starts with a ; (semi-colon) or a # (hash)
	7	# is a comment and is ignored. In this example we will use a #
	8	# for commentry and a ; for parts of the config file that you
	9	# may wish to enable
	10	#
	11	# NOTE: Whenever you modify this file you should run the command "testparm"
	12	# to check that you have not many any basic syntactic errors.
	13	#
	14	#======================= Global Settings =====================================
	15	[global]
	16
	17	# workgroup = NT-Domain-Name or Workgroup-Name
	18	workgroup = MYGROUP
	19
	20	# server string is the equivalent of the NT Description field
	21	server string = Samba Server
	22
	23	# This option is important for security. It allows you to restrict
	24	# connections to machines which are on your local network. The
	25	# following example restricts access to two C class networks and
	26	# the "loopback" interface. For more examples of the syntax see
	27	# the smb.conf man page
	28	; hosts allow = 192.168.1. 192.168.2. 127.
	29
	30	# if you want to automatically load your printer list rather
	31	# than setting them up individually then you'll need this
	32	printcap name = /etc/printcap
	33	load printers = yes
	34
	35	# It should not be necessary to spell out the print system type unless
	36	# yours is non-standard. Currently supported print systems include:
	37	# bsd, sysv, plp, lprng, aix, hpux, qnx
	38	; printing = bsd
	39
	40	# Uncomment this if you want a guest account, you must add this to /etc/passwd
	41	# otherwise the user "nobody" is used
	42	; guest account = pcguest
	43
	44	# this tells Samba to use a separate log file for each machine
	45	# that connects
	46	log file = /var/log/samba/log.%m
	47
	48	# Put a capping on the size of the log files (in Kb).
	49	max log size = 50
	50
	51	# Security mode. Most people will want user level security. See
	52	# security_level.txt for details.
	53	security = user
	54	# Use password server option only with security = server
	55	; password server = <NT-Server-Name>
	56
	57	# Password Level allows matching of _n_ characters of the password for
	58	# all combinations of upper and lower case.
	59	; password level = 8
	60	; username level = 8
	61
	62	# You may wish to use password encryption. Please read
	63	# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
	64	# Do not enable this option unless you have read those documents
65	; encrypt passwords = yes
66	; smb passwd file = /etc/smbpasswd
67
68	# The following are needed to allow password changing from Windows to
69	# update the Linux sytsem password also.
70	# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above.
71	# NOTE2: You do NOT need these to allow workstations to change only
72	# the encrypted SMB passwords. They allow the Unix password
73	# to be kept in sync with the SMB password.
74	; unix password sync = Yes
75	; passwd program = /usr/bin/passwd %u
76	; passwd chat = NewUNIXpassword %n\n ReTypenewUNIXpassword* %n\n passwd:allauthenticationtokensupdatedsuccessfully*
77
78	# Unix users can map to different SMB User names
79	; username map = /etc/samba/smbusers
80
81	# Using the following line enables you to customise your configuration
82	# on a per machine basis. The %m gets replaced with the netbios name
83	# of the machine that is connecting
84	; include = /etc/samba/smb.conf.%m
85
86	# Most people will find that this option gives better performance.
87	# See speed.txt and the manual pages for details
88	socket options = TCP_NODELAY
89
90	# Configure Samba to use multiple interfaces
91	# If you have multiple network interfaces then you must list them
92	# here. See the man page for details.
93	; interfaces = 192.168.12.2/24 192.168.13.2/24
94
95	# Configure remote browse list synchronisation here
96	# request announcement to, or browse list sync from:
97	# a specific host or from / to a whole subnet (see below)
98	; remote browse sync = 192.168.3.25 192.168.5.255
99	# Cause this host to announce itself to local subnets here
100	; remote announce = 192.168.1.255 192.168.2.44
101
102	# Browser Control Options:
103	# set local master to no if you don't want Samba to become a master
104	# browser on your network. Otherwise the normal election rules apply
105	; local master = no
106
107	# OS Level determines the precedence of this server in master browser
108	# elections. The default value should be reasonable
109	; os level = 33
110
111	# Domain Master specifies Samba to be the Domain Master Browser. This
112	# allows Samba to collate browse lists between subnets. Don't use this
113	# if you already have a Windows NT domain controller doing this job
114	; domain master = yes
115
116	# Preferred Master causes Samba to force a local browser election on startup
117	# and gives it a slightly higher chance of winning the election
118	; preferred master = yes
119
120	# Use only if you have an NT server on your network that has been
121	# configured at install time to be a primary domain controller.
122	; domain controller = <NT-Domain-Controller-SMBName>
123
124	# Enable this if you want Samba to be a domain logon server for
125	# Windows95 workstations.
126	; domain logons = yes
127
128	# if you enable domain logons then you may want a per-machine or
129	# per user logon script
130	# run a specific logon batch file per workstation (machine)
131	; logon script = %m.bat
132	# run a specific logon batch file per username
133	; logon script = %U.bat
134
135	# Where to store roving profiles (only for Win95 and WinNT)
136	# %L substitutes for this servers netbios name, %U is username
137	# You must uncomment the [Profiles] share below
138	; logon path = \\%L\Profiles\%U
139
140	# All NetBIOS names must be resolved to IP Addresses
141	# 'Name Resolve Order' allows the named resolution mechanism to be specified
142	# the default order is "host lmhosts wins bcast". "host" means use the unix
143	# system gethostbyname() function call that will use either /etc/hosts OR
144	# DNS or NIS depending on the settings of /etc/host.config, /etc/nsswitch.conf
145	# and the /etc/resolv.conf file. "host" therefore is system configuration
146	# dependant. This parameter is most often of use to prevent DNS lookups
147	# in order to resolve NetBIOS names to IP Addresses. Use with care!
148	# The example below excludes use of name resolution for machines that are NOT
149	# on the local network segment
150	# - OR - are not deliberately to be known via lmhosts or via WINS.
151	; name resolve order = wins lmhosts bcast
152
153	# Windows Internet Name Serving Support Section:
154	# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
155	; wins support = yes
156
157	# WINS Server - Tells the NMBD components of Samba to be a WINS Client
158	# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
159	; wins server = w.x.y.z
160
161	# WINS Proxy - Tells Samba to answer name resolution queries on
162	# behalf of a non WINS capable client, for this to work there must be
163	# at least one WINS Server on the network. The default is NO.
164	; wins proxy = yes
165
166	# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
167	# via DNS nslookups. The built-in default for versions 1.9.17 is yes,
168	# this has been changed in version 1.9.18 to no.
169	dns proxy = no
170
171	# Case Preservation can be handy - system default is _no_
172	# NOTE: These can be set on a per share basis
173	; preserve case = no
174	; short preserve case = no
175	# Default case is normally upper case for all DOS files
176	; default case = lower
177	# Be very careful with case sensitivity - it can break things!
178	; case sensitive = no
179
180	#============================ Share Definitions ==============================
181	[homes]
182	comment = Home Directories
183	browseable = no
184	writable = yes
185
186	# Un-comment the following and create the netlogon directory for Domain Logons
187	; [netlogon]
188	; comment = Network Logon Service
189	; path = /home/netlogon
190	; guest ok = yes
191	; writable = no
192	; share modes = no
193
194
195	# Un-comment the following to provide a specific roving profile share
196	# the default is to use the user's home directory
197	;[Profiles]
198	; path = /home/profiles
199	; browseable = no
200	; guest ok = yes
201
202
203	# NOTE: If you have a BSD-style print system there is no need to
204	# specifically define each individual printer
205	[printers]
206	comment = All Printers
207	path = /var/spool/samba
208	browseable = no
209	# Set public = yes to allow user 'guest account' to print
210	guest ok = no
211	writable = no
212	printable = yes
213
214	# This one is useful for people to share files
215	;[tmp]
216	; comment = Temporary file space
217	; path = /tmp
218	; read only = no
219	; public = yes
220
221	# A publicly accessible directory, but read only, except for people in
222	# the "staff" group
223	;[public]
224	; comment = Public Stuff
225	; path = /home/samba
226	; public = yes
227	; writable = yes
228	; printable = no
229	; write list = @staff
230
231	# Other examples.
232	#
233	# A private printer, usable only by fred. Spool data will be placed in fred's
234	# home directory. Note that fred must have write access to the spool directory,
235	# wherever it is.
236	;[fredsprn]
237	; comment = Fred's Printer
238	; valid users = fred
239	; path = /homes/fred
240	; printer = freds_printer
241	; public = no
242	; writable = no
243	; printable = yes
244
245	# A private directory, usable only by fred. Note that fred requires write
246	# access to the directory.
247	;[fredsdir]
248	; comment = Fred's Service
249	; path = /usr/somewhere/private
250	; valid users = fred
251	; public = no
252	; writable = yes
253	; printable = no
254
255	# a service which has a different directory for each machine that connects
256	# this allows you to tailor configurations to incoming machines. You could
257	# also use the %u option to tailor it by user name.
258	# The %m gets replaced with the machine name that is connecting.
259	;[pchome]
260	; comment = PC Directories
261	; path = /usr/pc/%m
262	; public = no
263	; writable = yes
264
265	# A publicly accessible directory, read/write to all users. Note that all files
266	# created in the directory by users will be owned by the default user, so
267	# any user with access can delete any other user's files. Obviously this
268	# directory must be writable by the default user. Another user could of course
269	# be specified, in which case all files would be owned by that user instead.
270	;[public]
271	; path = /usr/somewhere/else/public
272	; public = yes
273	; only guest = yes
274	; writable = yes
275	; printable = no
276
277	# The following two entries demonstrate how to share a directory so that two
278	# users can place files there that will be owned by the specific users. In this
279	# setup, the directory should be writable by both users and should have the
280	# sticky bit set on it to prevent abuse. Obviously this could be extended to
281	# as many users as required.
282	;[myshare]
283	; comment = Mary's and Fred's stuff
284	; path = /usr/somewhere/shared
285	; valid users = mary fred
286	; public = no
287	; writable = yes
288	; printable = no
289	; create mask = 0765
290
291