# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options
listed # here. Samba has a huge number of configurable options
(perhaps too # many!) most of which are not shown in this example
# # Any line which starts with a ; (semi‐colon) or a # (hash) #
is a comment and is ignored. In this example we will use a # #
for commentry and a ; for parts of the config file that you # may
wish to enable # # NOTE: Whenever you modify this file you should
run the command #"testparm" # to check that you have not made any
basic syntactic #errors. # #======================= Global Set‐
tings ===================================== [global]
# 1. Server Naming Options: # workgroup = NT‐Domain‐Name or Work‐
group‐Name
workgroup = MDKGROUP
# netbios name is the name you will see in "Network Neighbour‐
hood", # but defaults to your hostname
; netbios name = <name_of_this_server>
# server string is the equivalent of the NT Description field
server string = Samba Server %v
# Message command is run by samba when a "popup" message is sent
to it. # The example below is for use with LinPopUp: ; message
command = /usr/bin/linpopup "%f" "%m" %s; rm %s
# 2. Printing Options: # CHANGES TO ENABLE PRINTING ON ALL CUPS
PRINTERS IN THE NETWORK # (as cups is now used in linux‐mandrake
7.2 by default) # if you want to automatically load your printer
list rather # than setting them up individually then you’ll need
this
printcap name = lpstat
load printers = yes
# It should not be necessary to spell out the print system type
unless # yours is non‐standard. Currently supported print systems
include: # bsd, sysv, plp, lprng, aix, hpux, qnx, cups
printing = cups
# Samba 2.2 supports the Windows NT‐style point‐and‐print fea‐
ture. To # use this, you need to be able to upload print drivers
to the samba # server. The printer admins (or root) may install
drivers onto samba. # Note that this feature uses the print$
share, so you will need to # enable it below. # This parameter
works like domain admin group: # printer admin = @<group> <user>
; printer admin = @adm # This should work well for winbind: ;
printer admin = @"Domain Admins"
# 3. Logging Options: # this tells Samba to use a separate log
file for each machine # that connects
log file = /var/log/samba/log.%m
# Put a capping on the size of the log files (in Kb).
max log size = 50
# Set the log (verbosity) level (0 <= log level <= 10) ; log
level = 3
# 4. Security and Domain Membership Options: # This option is im‐
portant for security. It allows you to restrict # connections to
machines which are on your local network. The # following example
restricts access to two C class networks and # the "loopback" in‐
terface. For more examples of the syntax see # the smb.conf man
page. Do not enable this if (tcp/ip) name resolution #does # not
work for all the hosts in your network. ; hosts allow =
192.168.1. 192.168.2. 127.
hosts allow = 127. //note this is only my private IP address
# Uncomment this if you want a guest account, you must add this
to # /etc/passwd # otherwise the user "nobody" is used ; guest
account = pcguest
# Security mode. Most people will want user level security. See #
security_level.txt for details.
security = user
# Use password server option only with security = server or secu‐
rity = # domain # When using security = domain, you should use
password server = * ; password server = ; password server = *
# Password Level allows matching of _n_ characters of the pass‐
word for # all combinations of upper and lower case.
password level = 8
; username level = 8
# You may wish to use password encryption. Please read # ENCRYP‐
TION.txt, Win95.txt and WinNT.txt in the Samba documentation. #
Do not enable this option unless you have read those documents #
Encrypted passwords are required for any use of samba in a Win‐
dows NT #domain # The smbpasswd file is only required by a server
doing authentication, #thus members of a domain do not need one.
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
# The following are needed to allow password changing from Win‐
dows to # also update the Linux system password. # NOTE: Use
these with ’encrypt passwords’ and ’smb passwd file’ above. #
NOTE2: You do NOT need these to allow workstations to change only
# the encrypted SMB passwords. They allow the Unix pass‐
word # to be kept in sync with the SMB password. ; unix
password sync = Yes # You either need to setup a passwd program
and passwd chat, or # enable pam password change ; pam password
change = yes ; passwd program = /usr/bin/passwd %u ; passwd
chat = *New*UNIX*password* %n*ReType*new*UNIX*password* # %n
;*passwd:*all*authentication*tokens*updated*successfully*
# Unix users can map to different SMB User names ; username map
= /etc/samba/smbusers
# Using the following line enables you to customize your configu‐
ration # on a per machine basis. The %m gets replaced with the
netbios name # of the machine that is connecting ; include =
/etc/samba/smb.conf.%m
# Options for using winbind. Winbind allows you to do all account
and # authentication from a Windows or samba domain controller,
creating # accounts on the fly, and maintaining a mapping of Win‐
dows RIDs to # unix uid’s # and gid’s. winbind uid and winbind
gid are the only required # parameters. # # winbind uid is the
range of uid’s winbind can use when mapping RIDs #to uid’s ;
winbind uid = 10000‐20000 # # winbind gid is the range of uid’s
winbind can use when mapping RIDs # to gid’s ; winbind gid =
10000‐20000 # # winbind separator is the character a user must
use between their # domain name and username, defaults to " ;
winbind separator = + # # winbind use default domain allows you
to have winbind return # usernames in the form user instead of
DOMAIN+user for the domain # listed in the workgroup parameter.
; winbind use default domain = yes # # template homedir deter‐
mines the home directory for winbind users, # with %D expanding
to their domain name and %U expanding to their # username: ;
template homedir = /home/%D/%U
# When using winbind, you may want to have samba create home #
directories on the fly for authenticated users. Ensure that #
/etc/pam.d/samba is using ’service=system‐auth‐winbind’ in
pam_stack # modules, and then enable obedience of pam restric‐
tions below: ; obey pam restrictions = yes
# # template shell determines the shell users authenticated by
winbind #get ; template shell = /bin/bash
# 5. Browser Control and Networking Options: # Most people will
find that this option gives better performance. # See speed.txt
and the manual pages for details
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
# Configure Samba to use multiple interfaces # If you have multi‐
ple network interfaces then you must list them # here. See the
man page for details. ; interfaces = 192.168.12.2/24
192.168.13.2/24
# Configure remote browse list synchronisation here # request
announcement to, or browse list sync from: # a specific
host or from / to a whole subnet (see below) ; remote browse
sync = 192.168.3.25 192.168.5.255 # Cause this host to announce
itself to local subnets here ; remote announce = 192.168.1.255
192.168.2.44
# set local master to no if you don’t want Samba to become a mas‐
ter # browser on your network. Otherwise the normal election
rules apply ; local master = no
# OS Level determines the precedence of this server in master
browser # elections. The default value should be reasonable ;
os level = 33
# Domain Master specifies Samba to be the Domain Master Browser.
This # allows Samba to collate browse lists between subnets.
Don’t use this # if you already have a Windows NT domain con‐
troller doing this job ; domain master = yes
# Preferred Master causes Samba to force a local browser election
on # startup and gives it a slightly higher chance of winning the
election ; preferred master = yes
# 6. Domain Control Options: # Enable this if you want Samba to
be a domain logon server for # Windows95 workstations or Primary
Domain Controller for WinNT and # Win2k
; domain logons = yes
# if you enable domain logons then you may want a per‐machine or
# per user logon script # run a specific logon batch file per
workstation (machine) ; logon script = %m.bat # run a specific
logon batch file per username ; logon script = %U.bat
# Where to store roaming profiles for WinNT and Win2k # %L
substitutes for this servers netbios name, %U is username #
You must uncomment the [Profiles] share below ; logon path =
\%LProfilesU
# Where to store roaming profiles for Win9x. Be careful with this
as it # also impacts where Win2k finds it’s /HOME share ; logon
home = \%LU.profile
# The add user script is used by a domain member to add local
user # accounts that have been authenticated by the domain con‐
troller, or by # the domain controller to add local machine ac‐
counts when adding # machines to the domain. # The script must
work from the command line when replacing the macros, # or the
operation will fail. Check that groups exist if forcing a #
group. # Script for domain controller for adding machines: ; add
user script = /usr/sbin/useradd ‐d /dev/null ‐g machines –c #
’Machine Account’ ‐s /bin/false ‐M %u # Script for domain con‐
troller with LDAP backend for adding machines #(please # config‐
ure in /etc/samba/smbldap_conf.pm first): ; add user script =
/usr/share/samba/scripts/smbldap‐useradd.pl ‐w –d # /dev/null ‐g
machines ‐c ’Machine Account’ ‐s /bin/false %u # Script for do‐
main member for adding local accounts for authenticated # users:
; add user script = /usr/sbin/useradd ‐s /bin/false %u
# Domain groups: # domain admin group is a list of unix users or
groups who are made # members # of the Domain Admin group ; do‐
main admin group = root @wheel # # domain guest groups is a list
of unix users or groups who are made # members # of the Domain
Guests group ; domain guest group = nobody @guest
# LDAP configuration for Domain Controlling: # The account (dn)
that samba uses to access the LDAP server # This account needs to
have write access to the LDAP tree # You will need to give samba
the password for this dn, by # running ’smbpasswd ‐w mypassword’
; ldap admin dn = cn=root,dc=mydomain,dc=com ; ldap ssl =
start_tls # start_tls should run on 389, but samba defaults in‐
correctly to 636 ; ldap port = 389 ; ldap suffix = dc=mydo‐
main,dc=com ; ldap server = ldap.mydomain.com
# 7. Name Resolution Options: # All NetBIOS names must be re‐
solved to IP Addresses # ’Name Resolve Order’ allows the named
resolution mechanism to be # specified the default order is "host
lmhosts wins bcast". "host" # means use the unix system gethost‐
byname() function call that will use # either /etc/hosts OR DNS
or NIS depending on the settings of # /etc/host.config, /etc/nss‐
witch.conf # and the /etc/resolv.conf file. "host" therefore is
system # configuration dependent. This parameter is most often of
use to # prevent DNS lookups # in order to resolve NetBIOS names
to IP Addresses. Use with care! # The example below excludes use
of name resolution for machines that # are NOT on the local net‐
work segment ‐ OR ‐ are not deliberately to # be known via
lmhosts or via WINS. ; name resolve order = wins lmhosts bcast
# Windows Internet Name Serving Support Section: # WINS Support ‐
Tells the NMBD component of Samba to enable it’s WINS # Server ;
wins support = yes
# WINS Server ‐ Tells the NMBD components of Samba to be a WINS
Client # Note: Samba can be either a WINS Server, or a WINS
Client, but # NOT both ; wins server = w.x.y.z
# WINS Proxy ‐ Tells Samba to answer name resolution queries on #
behalf of a non WINS capable client, for this to work there must
be # at least one WINS Server on the network. The default is NO.
; wins proxy = yes
# DNS Proxy ‐ tells Samba whether or not to try to resolve Net‐
BIOS # names via DNS nslookups. The built‐in default for ver‐
sions 1.9.17 is # yes, this has been changed in version 1.9.18 to
no.
dns proxy = no
# 8. File Naming Options: # Case Preservation can be handy ‐ sys‐
tem default is _no_ # NOTE: These can be set on a per share basis
; preserve case = no ; short preserve case = no # Default case
is normally upper case for all DOS files ; default case = lower
# Be very careful with case sensitivity ‐ it can break things! ;
case sensitive = no
# Enabling internationalization: # you can match a Windows code
page with a UNIX character set. # Windows: 437 (US), 737
(GREEK), 850 (Latin1 ‐ Western European), # 852 (Eastern Eu.),
861 (Icelandic), 932 (Cyrillic ‐ Russian), # 936 (Japanese ‐
Shift‐JIS), 936 (Simpl. Chinese), 949 (Korean # Hangul), # 950
(Trad. Chin.). # UNIX: ISO8859‐1 (Western European), ISO8859‐2
(Eastern Eu.), # ISO8859‐5 (Russian Cyrillic), KOI8‐R (Alt‐Russ.
Cyril.) # This is an example for french users: ; client code
page = 850 ; character set = ISO8859‐1
#============================ Share Definitions
==============================
[homes]
comment = Home Directories
browseable = no
writable = yes
# You can enable VFS recycle bin on a per share basis: # Uncom‐
ment the next 2 lines (make sure you create a # .recycle folder
in the base of the share and ensure # all users will have write
access to it. See # examples/VFS/recycle/REAME in samba‐doc for
details ; vfs object = /usr/lib/samba/vfs/recycle.so ; vfs
options= /etc/samba/recycle.conf
# Un‐comment the following and create the netlogon directory for
Domain # Logons ; [netlogon] ; comment = Network Logon Service
; path = /var/lib/samba/netlogon ; guest ok = yes ;
writable = no
#Uncomment the following 2 lines if you would like your login
scripts # to be created dynamically by ntlogon (check that you
have it in the # correct location (the default of the ntlogon rpm
available in # contribs)
;root preexec = /usr/bin/ntlogon ‐u %U ‐g %G ‐o %a ‐d
/var/lib/samba/netlogon ;root postexec = rm ‐f
/var/lib/samba/netlogon/%U.bat
# Un‐comment the following to provide a specific roving profile
share # the default is to use the user’s home directory ;[Pro‐
files] ; path = /var/lib/samba/profiles ; browseable = no ;
guest ok = yes
# NOTE: If you have a CUPS print system there is no need to #
specifically define each individual printer. # You must config‐
ure the samba printers with the appropriate Windows # drivers on
your Windows clients. On the Samba server no filtering is # done.
If you wish that the server provides the driver and the clients #
send PostScript ("Generic PostScript Printer" under Windows), you
# have to swap the ’print command’ line below with the commented
one.
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no # to allow user ’guest account’ to print.
guest ok = yes
writable = no
printable = yes
create mode = 0700
# ===================================== # print command: see
above for details. # =====================================
print command = lpr‐cups ‐P %p ‐o raw %s ‐r # using client
side printer drivers. ; print command = lpr‐cups ‐P %p %s # us‐
ing cups own drivers (use generic PostScript on clients). # The
following two commands are the samba defaults for printing=cups #
change them only if you need different options: ; lpq command =
lpq ‐P %p ; lprm command = cancel %p‐%j
# This share is used for Windows NT‐style point‐and‐print sup‐
port. # To be able to install drivers, you need to be either
root, or listed # in the printer admin parameter above. Note that
you also need write # access to the directory and share defini‐
tion to be able to upload the # drivers. # For more information
on this, please see the Printing Support Section # of
/usr/share/doc/samba‐/docs/Samba‐HOWTO‐Collection.pdf
[print$]
path = /var/lib/samba/printers
browseable = yes
read only = yes
write list = @adm root
# A useful application of samba is to make a PDF‐generation ser‐
vice # To streamline this, install windows postscript drivers
(preferably # colour)on the samba server, so that clients can au‐
tomatically install # them.
[pdf‐generator]
path = /var/tmp
guest ok = No
printable = Yes
comment = PDF Generator (only valid users)
#print command = /usr/share/samba/scripts/print‐pdf file path
win_path recipient IP &
print command = /usr/share/samba/scripts/print‐pdf %s ˜%u
\\\\%L\\%u %m %I &
# This one is useful for people to share files [tmp]
comment = Temporary file space
path = /tmp
read only = no
public = yes
echo command = cat %s; rm %s
# A publicly accessible directory, but read only, except for peo‐
ple in # the "staff" group
;[public] ; comment = Public Stuff ; path = /home/samba/pub‐
lic ; public = yes ; writable = no ; write list = @staff #
Audited directory through experimental VFS audit.so module: # Un‐
comment next line. ; vfs object = /usr/lib/samba/vfs/audit.so
# Other examples. # # A private printer, usable only by Fred.
Spool data will be placed in # Fred’s # home directory. Note that
fred must have write access to the spool # directory, # wherever
it is. ;[fredsprn] ; comment = Fred’s Printer ; valid users
= fred ; path = /homes/fred ; printer = freds_printer ;
public = no ; writable = no ; printable = yes
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ # A
private directory, usable only by Fred. Note that Fred requires #
write access to the directory.
;[fredsdir]
[Agustin] ; comment = Fred’s Service
comment = Agustin Private Files ; path = /usr/some‐
where/private
path = /home/agustin/Documents ; valid users = fred
valid users = agustin ; public = no ; writable = yes
writable = yes ; printable = no
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# a service which has a different directory for each machine that
# connects this allows you to tailor configurations to incoming #
machines. You could also use the %u option to tailor it by user
name. # The %m gets replaced with the machine name that is con‐
necting. ;[pchome] ; comment = PC Directories ; path =
/usr/pc/%m ; public = no ; writable = yes
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ # A
publicly accessible directory, read/write to all users. Note that
# all files created in the directory by users will be owned by
the # default user, so any user with access can delete any other
user’s # files. Obviously this directory must be writable by the
default user. # Another user could of course be specified, in
which case all files # would be owned by that user instead.
;[public] ; path = /usr/somewhere/else/public ; public = yes
; only guest = yes ; writable = yes ; printable = no
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# The following two entries demonstrate how to share a directory
so # that two users can place files there that will be owned by
the # specific users. In this setup, the directory should be
writable by # both users and should have the sticky bit set on it
to prevent abuse. # Obviously this could be extended to as many
users as required.
;[myshare] ; comment = Mary’s and Fred’s stuff ; path =
/usr/somewhere/shared ; valid users = mary fred ; public = no
; writable = yes ; printable = no ; create mask = 0765
# smb.conf(5) manual page in order to understand the options
listed # here. Samba has a huge number of configurable options
(perhaps too # many!) most of which are not shown in this example
# # Any line which starts with a ; (semi‐colon) or a # (hash) #
is a comment and is ignored. In this example we will use a # #
for commentry and a ; for parts of the config file that you # may
wish to enable # # NOTE: Whenever you modify this file you should
run the command #"testparm" # to check that you have not made any
basic syntactic #errors. # #======================= Global Set‐
tings ===================================== [global]
# 1. Server Naming Options: # workgroup = NT‐Domain‐Name or Work‐
group‐Name
workgroup = MDKGROUP
# netbios name is the name you will see in "Network Neighbour‐
hood", # but defaults to your hostname
; netbios name = <name_of_this_server>
# server string is the equivalent of the NT Description field
server string = Samba Server %v
# Message command is run by samba when a "popup" message is sent
to it. # The example below is for use with LinPopUp: ; message
command = /usr/bin/linpopup "%f" "%m" %s; rm %s
# 2. Printing Options: # CHANGES TO ENABLE PRINTING ON ALL CUPS
PRINTERS IN THE NETWORK # (as cups is now used in linux‐mandrake
7.2 by default) # if you want to automatically load your printer
list rather # than setting them up individually then you’ll need
this
printcap name = lpstat
load printers = yes
# It should not be necessary to spell out the print system type
unless # yours is non‐standard. Currently supported print systems
include: # bsd, sysv, plp, lprng, aix, hpux, qnx, cups
printing = cups
# Samba 2.2 supports the Windows NT‐style point‐and‐print fea‐
ture. To # use this, you need to be able to upload print drivers
to the samba # server. The printer admins (or root) may install
drivers onto samba. # Note that this feature uses the print$
share, so you will need to # enable it below. # This parameter
works like domain admin group: # printer admin = @<group> <user>
; printer admin = @adm # This should work well for winbind: ;
printer admin = @"Domain Admins"
# 3. Logging Options: # this tells Samba to use a separate log
file for each machine # that connects
log file = /var/log/samba/log.%m
# Put a capping on the size of the log files (in Kb).
max log size = 50
# Set the log (verbosity) level (0 <= log level <= 10) ; log
level = 3
# 4. Security and Domain Membership Options: # This option is im‐
portant for security. It allows you to restrict # connections to
machines which are on your local network. The # following example
restricts access to two C class networks and # the "loopback" in‐
terface. For more examples of the syntax see # the smb.conf man
page. Do not enable this if (tcp/ip) name resolution #does # not
work for all the hosts in your network. ; hosts allow =
192.168.1. 192.168.2. 127.
hosts allow = 127. //note this is only my private IP address
# Uncomment this if you want a guest account, you must add this
to # /etc/passwd # otherwise the user "nobody" is used ; guest
account = pcguest
# Security mode. Most people will want user level security. See #
security_level.txt for details.
security = user
# Use password server option only with security = server or secu‐
rity = # domain # When using security = domain, you should use
password server = * ; password server = ; password server = *
# Password Level allows matching of _n_ characters of the pass‐
word for # all combinations of upper and lower case.
password level = 8
; username level = 8
# You may wish to use password encryption. Please read # ENCRYP‐
TION.txt, Win95.txt and WinNT.txt in the Samba documentation. #
Do not enable this option unless you have read those documents #
Encrypted passwords are required for any use of samba in a Win‐
dows NT #domain # The smbpasswd file is only required by a server
doing authentication, #thus members of a domain do not need one.
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
# The following are needed to allow password changing from Win‐
dows to # also update the Linux system password. # NOTE: Use
these with ’encrypt passwords’ and ’smb passwd file’ above. #
NOTE2: You do NOT need these to allow workstations to change only
# the encrypted SMB passwords. They allow the Unix pass‐
word # to be kept in sync with the SMB password. ; unix
password sync = Yes # You either need to setup a passwd program
and passwd chat, or # enable pam password change ; pam password
change = yes ; passwd program = /usr/bin/passwd %u ; passwd
chat = *New*UNIX*password* %n*ReType*new*UNIX*password* # %n
;*passwd:*all*authentication*tokens*updated*successfully*
# Unix users can map to different SMB User names ; username map
= /etc/samba/smbusers
# Using the following line enables you to customize your configu‐
ration # on a per machine basis. The %m gets replaced with the
netbios name # of the machine that is connecting ; include =
/etc/samba/smb.conf.%m
# Options for using winbind. Winbind allows you to do all account
and # authentication from a Windows or samba domain controller,
creating # accounts on the fly, and maintaining a mapping of Win‐
dows RIDs to # unix uid’s # and gid’s. winbind uid and winbind
gid are the only required # parameters. # # winbind uid is the
range of uid’s winbind can use when mapping RIDs #to uid’s ;
winbind uid = 10000‐20000 # # winbind gid is the range of uid’s
winbind can use when mapping RIDs # to gid’s ; winbind gid =
10000‐20000 # # winbind separator is the character a user must
use between their # domain name and username, defaults to " ;
winbind separator = + # # winbind use default domain allows you
to have winbind return # usernames in the form user instead of
DOMAIN+user for the domain # listed in the workgroup parameter.
; winbind use default domain = yes # # template homedir deter‐
mines the home directory for winbind users, # with %D expanding
to their domain name and %U expanding to their # username: ;
template homedir = /home/%D/%U
# When using winbind, you may want to have samba create home #
directories on the fly for authenticated users. Ensure that #
/etc/pam.d/samba is using ’service=system‐auth‐winbind’ in
pam_stack # modules, and then enable obedience of pam restric‐
tions below: ; obey pam restrictions = yes
# # template shell determines the shell users authenticated by
winbind #get ; template shell = /bin/bash
# 5. Browser Control and Networking Options: # Most people will
find that this option gives better performance. # See speed.txt
and the manual pages for details
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
# Configure Samba to use multiple interfaces # If you have multi‐
ple network interfaces then you must list them # here. See the
man page for details. ; interfaces = 192.168.12.2/24
192.168.13.2/24
# Configure remote browse list synchronisation here # request
announcement to, or browse list sync from: # a specific
host or from / to a whole subnet (see below) ; remote browse
sync = 192.168.3.25 192.168.5.255 # Cause this host to announce
itself to local subnets here ; remote announce = 192.168.1.255
192.168.2.44
# set local master to no if you don’t want Samba to become a mas‐
ter # browser on your network. Otherwise the normal election
rules apply ; local master = no
# OS Level determines the precedence of this server in master
browser # elections. The default value should be reasonable ;
os level = 33
# Domain Master specifies Samba to be the Domain Master Browser.
This # allows Samba to collate browse lists between subnets.
Don’t use this # if you already have a Windows NT domain con‐
troller doing this job ; domain master = yes
# Preferred Master causes Samba to force a local browser election
on # startup and gives it a slightly higher chance of winning the
election ; preferred master = yes
# 6. Domain Control Options: # Enable this if you want Samba to
be a domain logon server for # Windows95 workstations or Primary
Domain Controller for WinNT and # Win2k
; domain logons = yes
# if you enable domain logons then you may want a per‐machine or
# per user logon script # run a specific logon batch file per
workstation (machine) ; logon script = %m.bat # run a specific
logon batch file per username ; logon script = %U.bat
# Where to store roaming profiles for WinNT and Win2k # %L
substitutes for this servers netbios name, %U is username #
You must uncomment the [Profiles] share below ; logon path =
\%LProfilesU
# Where to store roaming profiles for Win9x. Be careful with this
as it # also impacts where Win2k finds it’s /HOME share ; logon
home = \%LU.profile
# The add user script is used by a domain member to add local
user # accounts that have been authenticated by the domain con‐
troller, or by # the domain controller to add local machine ac‐
counts when adding # machines to the domain. # The script must
work from the command line when replacing the macros, # or the
operation will fail. Check that groups exist if forcing a #
group. # Script for domain controller for adding machines: ; add
user script = /usr/sbin/useradd ‐d /dev/null ‐g machines –c #
’Machine Account’ ‐s /bin/false ‐M %u # Script for domain con‐
troller with LDAP backend for adding machines #(please # config‐
ure in /etc/samba/smbldap_conf.pm first): ; add user script =
/usr/share/samba/scripts/smbldap‐useradd.pl ‐w –d # /dev/null ‐g
machines ‐c ’Machine Account’ ‐s /bin/false %u # Script for do‐
main member for adding local accounts for authenticated # users:
; add user script = /usr/sbin/useradd ‐s /bin/false %u
# Domain groups: # domain admin group is a list of unix users or
groups who are made # members # of the Domain Admin group ; do‐
main admin group = root @wheel # # domain guest groups is a list
of unix users or groups who are made # members # of the Domain
Guests group ; domain guest group = nobody @guest
# LDAP configuration for Domain Controlling: # The account (dn)
that samba uses to access the LDAP server # This account needs to
have write access to the LDAP tree # You will need to give samba
the password for this dn, by # running ’smbpasswd ‐w mypassword’
; ldap admin dn = cn=root,dc=mydomain,dc=com ; ldap ssl =
start_tls # start_tls should run on 389, but samba defaults in‐
correctly to 636 ; ldap port = 389 ; ldap suffix = dc=mydo‐
main,dc=com ; ldap server = ldap.mydomain.com
# 7. Name Resolution Options: # All NetBIOS names must be re‐
solved to IP Addresses # ’Name Resolve Order’ allows the named
resolution mechanism to be # specified the default order is "host
lmhosts wins bcast". "host" # means use the unix system gethost‐
byname() function call that will use # either /etc/hosts OR DNS
or NIS depending on the settings of # /etc/host.config, /etc/nss‐
witch.conf # and the /etc/resolv.conf file. "host" therefore is
system # configuration dependent. This parameter is most often of
use to # prevent DNS lookups # in order to resolve NetBIOS names
to IP Addresses. Use with care! # The example below excludes use
of name resolution for machines that # are NOT on the local net‐
work segment ‐ OR ‐ are not deliberately to # be known via
lmhosts or via WINS. ; name resolve order = wins lmhosts bcast
# Windows Internet Name Serving Support Section: # WINS Support ‐
Tells the NMBD component of Samba to enable it’s WINS # Server ;
wins support = yes
# WINS Server ‐ Tells the NMBD components of Samba to be a WINS
Client # Note: Samba can be either a WINS Server, or a WINS
Client, but # NOT both ; wins server = w.x.y.z
# WINS Proxy ‐ Tells Samba to answer name resolution queries on #
behalf of a non WINS capable client, for this to work there must
be # at least one WINS Server on the network. The default is NO.
; wins proxy = yes
# DNS Proxy ‐ tells Samba whether or not to try to resolve Net‐
BIOS # names via DNS nslookups. The built‐in default for ver‐
sions 1.9.17 is # yes, this has been changed in version 1.9.18 to
no.
dns proxy = no
# 8. File Naming Options: # Case Preservation can be handy ‐ sys‐
tem default is _no_ # NOTE: These can be set on a per share basis
; preserve case = no ; short preserve case = no # Default case
is normally upper case for all DOS files ; default case = lower
# Be very careful with case sensitivity ‐ it can break things! ;
case sensitive = no
# Enabling internationalization: # you can match a Windows code
page with a UNIX character set. # Windows: 437 (US), 737
(GREEK), 850 (Latin1 ‐ Western European), # 852 (Eastern Eu.),
861 (Icelandic), 932 (Cyrillic ‐ Russian), # 936 (Japanese ‐
Shift‐JIS), 936 (Simpl. Chinese), 949 (Korean # Hangul), # 950
(Trad. Chin.). # UNIX: ISO8859‐1 (Western European), ISO8859‐2
(Eastern Eu.), # ISO8859‐5 (Russian Cyrillic), KOI8‐R (Alt‐Russ.
Cyril.) # This is an example for french users: ; client code
page = 850 ; character set = ISO8859‐1
#============================ Share Definitions
==============================
[homes]
comment = Home Directories
browseable = no
writable = yes
# You can enable VFS recycle bin on a per share basis: # Uncom‐
ment the next 2 lines (make sure you create a # .recycle folder
in the base of the share and ensure # all users will have write
access to it. See # examples/VFS/recycle/REAME in samba‐doc for
details ; vfs object = /usr/lib/samba/vfs/recycle.so ; vfs
options= /etc/samba/recycle.conf
# Un‐comment the following and create the netlogon directory for
Domain # Logons ; [netlogon] ; comment = Network Logon Service
; path = /var/lib/samba/netlogon ; guest ok = yes ;
writable = no
#Uncomment the following 2 lines if you would like your login
scripts # to be created dynamically by ntlogon (check that you
have it in the # correct location (the default of the ntlogon rpm
available in # contribs)
;root preexec = /usr/bin/ntlogon ‐u %U ‐g %G ‐o %a ‐d
/var/lib/samba/netlogon ;root postexec = rm ‐f
/var/lib/samba/netlogon/%U.bat
# Un‐comment the following to provide a specific roving profile
share # the default is to use the user’s home directory ;[Pro‐
files] ; path = /var/lib/samba/profiles ; browseable = no ;
guest ok = yes
# NOTE: If you have a CUPS print system there is no need to #
specifically define each individual printer. # You must config‐
ure the samba printers with the appropriate Windows # drivers on
your Windows clients. On the Samba server no filtering is # done.
If you wish that the server provides the driver and the clients #
send PostScript ("Generic PostScript Printer" under Windows), you
# have to swap the ’print command’ line below with the commented
one.
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no # to allow user ’guest account’ to print.
guest ok = yes
writable = no
printable = yes
create mode = 0700
# ===================================== # print command: see
above for details. # =====================================
print command = lpr‐cups ‐P %p ‐o raw %s ‐r # using client
side printer drivers. ; print command = lpr‐cups ‐P %p %s # us‐
ing cups own drivers (use generic PostScript on clients). # The
following two commands are the samba defaults for printing=cups #
change them only if you need different options: ; lpq command =
lpq ‐P %p ; lprm command = cancel %p‐%j
# This share is used for Windows NT‐style point‐and‐print sup‐
port. # To be able to install drivers, you need to be either
root, or listed # in the printer admin parameter above. Note that
you also need write # access to the directory and share defini‐
tion to be able to upload the # drivers. # For more information
on this, please see the Printing Support Section # of
/usr/share/doc/samba‐/docs/Samba‐HOWTO‐Collection.pdf
[print$]
path = /var/lib/samba/printers
browseable = yes
read only = yes
write list = @adm root
# A useful application of samba is to make a PDF‐generation ser‐
vice # To streamline this, install windows postscript drivers
(preferably # colour)on the samba server, so that clients can au‐
tomatically install # them.
[pdf‐generator]
path = /var/tmp
guest ok = No
printable = Yes
comment = PDF Generator (only valid users)
#print command = /usr/share/samba/scripts/print‐pdf file path
win_path recipient IP &
print command = /usr/share/samba/scripts/print‐pdf %s ˜%u
\\\\%L\\%u %m %I &
# This one is useful for people to share files [tmp]
comment = Temporary file space
path = /tmp
read only = no
public = yes
echo command = cat %s; rm %s
# A publicly accessible directory, but read only, except for peo‐
ple in # the "staff" group
;[public] ; comment = Public Stuff ; path = /home/samba/pub‐
lic ; public = yes ; writable = no ; write list = @staff #
Audited directory through experimental VFS audit.so module: # Un‐
comment next line. ; vfs object = /usr/lib/samba/vfs/audit.so
# Other examples. # # A private printer, usable only by Fred.
Spool data will be placed in # Fred’s # home directory. Note that
fred must have write access to the spool # directory, # wherever
it is. ;[fredsprn] ; comment = Fred’s Printer ; valid users
= fred ; path = /homes/fred ; printer = freds_printer ;
public = no ; writable = no ; printable = yes
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ # A
private directory, usable only by Fred. Note that Fred requires #
write access to the directory.
;[fredsdir]
[Agustin] ; comment = Fred’s Service
comment = Agustin Private Files ; path = /usr/some‐
where/private
path = /home/agustin/Documents ; valid users = fred
valid users = agustin ; public = no ; writable = yes
writable = yes ; printable = no
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# a service which has a different directory for each machine that
# connects this allows you to tailor configurations to incoming #
machines. You could also use the %u option to tailor it by user
name. # The %m gets replaced with the machine name that is con‐
necting. ;[pchome] ; comment = PC Directories ; path =
/usr/pc/%m ; public = no ; writable = yes
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ # A
publicly accessible directory, read/write to all users. Note that
# all files created in the directory by users will be owned by
the # default user, so any user with access can delete any other
user’s # files. Obviously this directory must be writable by the
default user. # Another user could of course be specified, in
which case all files # would be owned by that user instead.
;[public] ; path = /usr/somewhere/else/public ; public = yes
; only guest = yes ; writable = yes ; printable = no
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# The following two entries demonstrate how to share a directory
so # that two users can place files there that will be owned by
the # specific users. In this setup, the directory should be
writable by # both users and should have the sticky bit set on it
to prevent abuse. # Obviously this could be extended to as many
users as required.
;[myshare] ; comment = Mary’s and Fred’s stuff ; path =
/usr/somewhere/shared ; valid users = mary fred ; public = no
; writable = yes ; printable = no ; create mask = 0765