1<html> 2<body bgcolor="#ffffff"> 3 4<img src="samba2_xs.gif" border="0" alt=" " height="100" width="76" 5hspace="10" align="left" /> 6 7<h1 class="head0">Chapter 6. The Samba Configuration File</h1> 8 9 10<p><a name="INDEX-1"/>In 11previous chapters, we showed you how to install Samba on a Unix 12server and set up Windows clients to use a simple disk share. This 13chapter will show you how Samba can assume more productive roles on 14your network.</p> 15 16<p>Samba's daemons, <em class="emphasis">smbd</em> and 17<em class="emphasis">nmbd</em>, are controlled through a single ASCII 18file, <em class="filename">smb.conf</em>, that can contain over 300 unique 19options (also called parameters). Some of these options you will use 20and change frequently; others you might never use, depending on how 21much functionality you want Samba to offer its clients.</p> 22 23<p>This chapter introduces the structure of the Samba configuration file 24and shows you how to use options to create and modify disk shares. 25Subsequent chapters will discuss browsing, how to configure users, 26security, printing, and other topics related to implementing Samba on 27your network.</p> 28 29 30 31<div class="sect1"><a name="samba2-CHP-6-SECT-1"/> 32 33<h2 class="head1">The Samba Configuration File</h2> 34 35<p>The Samba configuration file, called <em class="filename">smb.conf</em> by 36default, uses the same format as Windows 37<em class="filename">.ini</em><a name="INDEX-2"/><a name="INDEX-3"/> files. If you have ever worked with a 38<em class="filename">.ini</em> file, you will find 39<em class="filename">smb.conf</em> easy to create and modify. Even if you 40haven't, you will find the format to be simple and 41easy to learn. Here is an example of a Samba 42<a name="INDEX-4"/>configuration 43file:</p> 44 45<blockquote><pre class="code">[global] 46 workgroup = METRAN 47 encrypt passwords = yes 48 wins support = yes 49 log level = 1 50 max log size = 1000 51 read only = no 52[homes] 53 browsable = no 54 map archive = yes 55[printers] 56 path = /var/tmp 57 printable = yes 58 min print space = 2000 59[test] 60 browsable = yes 61 read only = yes 62 path = /usr/local/samba/tmp</pre></blockquote> 63 64<p>This configuration file is based on the one we created in <a href="ch02.html">Chapter 2</a> and sets up a workgroup in which Samba 65authenticates users using encrypted passwords and the default 66user-level security method. Samba is providing WINS name server 67support. We've configured very basic event logging 68to use a log file not to exceed 1MB in size. The 69<tt class="literal">[homes]</tt> share has been added to allow Samba to 70create a disk share for the home directory of each user who has a 71standard Unix account on the server. In addition, each printer 72registered on the server will be publicly available, as will a single 73read-only share that maps to the 74<em class="filename">/usr/local/samba/tmp</em> directory.</p> 75 76 77<div class="sect2"><a name="samba2-CHP-6-SECT-1.1"/> 78 79<h3 class="head2">Configuration File Structure</h3> 80 81<p><a name="INDEX-5"/>Let's take another 82look at this configuration file, this time from a higher level:</p> 83 84<blockquote><pre class="code">[global] 85 ... 86[homes] 87 ... 88[printers] 89 ... 90[test] 91 ...</pre></blockquote> 92 93<p><a name="INDEX-6"/><a name="INDEX-7"/>The 94names inside the square brackets delineate unique 95<em class="firstterm">sections</em> of the <em class="filename">smb.conf</em> 96file; each section names the share (or service) to which the section 97refers. For example, the <tt class="literal">[test]</tt> and 98<tt class="literal">[homes]</tt> sections are unique disk shares; they 99contain options that map to specific directories on the Samba server. 100The <tt class="literal">[printers]</tt> share contains options that map to 101various printers on the server. All the sections defined in the 102<em class="filename">smb.conf</em> file, with the exception of the 103<tt class="literal">[global]</tt> section, will be available as a disk or 104printer share to clients connecting to the Samba server.</p> 105 106<p>The remaining lines are individual configuration options for that 107share. These options will continue until a new section is encountered 108or until the end of the file is reached. Each configuration option 109follows a simple format:</p> 110 111<blockquote><pre class="code"><em class="replaceable">option</em> = <em class="replaceable">value</em></pre></blockquote> 112 113<p><a name="INDEX-8"/>Options in 114the <em class="filename">smb.conf</em> file are set by assigning a value 115to them. We should warn you up front that some of the option names in 116Samba are poorly chosen. For example, <tt class="literal">read</tt> 117<tt class="literal">only</tt> is self-explanatory and is typical of many 118recent Samba options. The <tt class="literal">public</tt> option is an 119older option and is vague. It now has a less-confusing synonym 120<tt class="literal">guest</tt> <tt class="literal">ok</tt> (meaning it can be 121accessed by guests). <em class="emphasis">Appendix B</em> contains an 122alphabetical index of all the configuration options and their 123meanings.</p> 124 125 126<div class="sect3"><a name="samba2-CHP-6-SECT-1.1.1"/> 127 128<h3 class="head3">Whitespace, quotes, and commas</h3> 129 130<p>An important item to remember about configuration options is that all 131whitespace within the <em class="replaceable">value</em> is 132significant. For example, consider the following option:</p> 133 134<blockquote><pre class="code">volume = The Big Bad Hard Drive Number 3543</pre></blockquote> 135 136<p>Samba strips away the spaces up to the first <tt class="literal">T</tt> in 137<tt class="literal">The</tt>. These whitespaces are insignificant. The rest 138of the whitespaces are significant and will be recognized and 139preserved by Samba when reading in the file. Space is not significant 140in option names (such as <tt class="literal">read</tt> 141<tt class="literal">only</tt>), but we recommend you follow convention and 142keep spaces between the words of options.</p> 143 144<p>If you feel safer including quotation marks at the beginning and end 145of a configuration option's value, you can do so. 146Samba will ignore these quotation marks when it encounters them. 147Never use quotation marks around an option name; Samba will treat 148this as an error.</p> 149 150<p>Usually, you can use whitespaces or commas to separate a series of 151values in a list. These two options are equivalent:</p> 152 153<blockquote><pre class="code">netbios aliases = sales, accounting, payroll 154netbios aliases = sales accounting payroll</pre></blockquote> 155 156<p>In some cases, you must use one form of separation—sometimes 157spaces are required, and sometimes commas.</p> 158 159 160</div> 161 162 163 164<div class="sect3"><a name="samba2-CHP-6-SECT-1.1.2"/> 165 166<h3 class="head3">Capitalization</h3> 167 168<p><a name="INDEX-9"/>Capitalization 169is not important in the Samba configuration file except in locations 170where it would confuse the underlying operating system. For example, 171let's assume that you included the following option 172in a share that pointed to <em class="filename">/export/samba/simple 173</em>:</p> 174 175<blockquote><pre class="code">PATH = /EXPORT/SAMBA/SIMPLE</pre></blockquote> 176 177<p>Samba would have no problem with the <tt class="literal">path</tt> 178configuration option appearing entirely in capital letters. However, 179when it tries to connect to the given directory, it would be 180unsuccessful because the Unix filesystem <em class="emphasis">is</em> 181case-sensitive. Consequently, the path listed would not be found, and 182clients could not connect to the share.</p> 183 184 185</div> 186 187 188 189<div class="sect3"><a name="samba2-CHP-6-SECT-1.1.3"/> 190 191<h3 class="head3">Line continuation</h3> 192 193<p><a name="INDEX-10"/>You can continue a line in the 194Samba configuration file using the backslash, like this:</p> 195 196<blockquote><pre class="code">comment = The first share that has the primary copies \ 197 of the new Teamworks software product.</pre></blockquote> 198 199<p>Because of the backslash, these two lines will be treated as one line 200by Samba. The second line begins at the first nonwhitespace character 201that Samba encounters; in this case, the <tt class="literal">o</tt> in 202<tt class="literal">of</tt>.</p> 203 204 205</div> 206 207 208 209<div class="sect3"><a name="samba2-CHP-6-SECT-1.1.4"/> 210 211<h3 class="head3">Comments</h3> 212 213<p><a name="INDEX-11"/>You can 214insert comments in the <em class="filename">smb.conf</em> configuration 215file by starting a line with either a hash (<tt class="literal">#</tt>) or 216a semicolon ( <tt class="literal">;</tt> ). For this purpose, both 217characters are equivalent. For example, the first three lines in the 218following example would be considered comments:</p> 219 220<blockquote><pre class="code"># This is the printers section. We have given a minimum print 221; space of 2000 to prevent some errors that we've seen when 222; the spooler runs out of space. 223 224[printers] 225 public = yes 226 min print space = 2000</pre></blockquote> 227 228<p>Samba will ignore all comment lines in its configuration file; there 229are no limitations to what can be placed on a comment line after the 230initial hash mark or semicolon. Note that the line continuation 231character (<tt class="literal">\</tt>) will <em class="emphasis">not</em> be 232honored on a commented line. Like the rest of the line, it is 233ignored.</p> 234<a name="samba2-CHP-6-NOTE-128"/><blockquote class="note"><h4 class="objtitle">WARNING</h4> 235<p>Samba does not allow mixing of comment lines and parameters. Be 236careful not to put comments on the same line as anything else, such 237as:</p> 238 239 240<blockquote><pre class="code">path = /d # server's data partition</pre></blockquote> 241 242 243<p>Errors such as this, where the parameter value is defined with a 244string, can be tricky to notice. The <em class="emphasis">testparm</em> 245program won't complain, and the only clues 246you'll receive are that 247<em class="emphasis">testparm</em> reports the <tt class="literal">path</tt> 248parameter set to <tt class="literal">/d # server's data partition</tt>, and 249the failures that result when clients attempt to access the share.</p> 250</blockquote> 251 252 253</div> 254 255 256 257<div class="sect3"><a name="samba2-CHP-6-SECT-1.1.5"/> 258 259<h3 class="head3">Changes at runtime</h3> 260 261<p><a name="INDEX-12"/>You can modify the 262<em class="filename">smb.conf</em> configuration file and any of its 263options at any time while the Samba daemons are running. By default, 264Samba checks the configuration file every 60 seconds. If it finds any 265changes, they are immediately put into effect.</p> 266 267<a name="samba2-CHP-6-NOTE-129"/><blockquote class="note"><h4 class="objtitle">TIP</h4> 268<p>Having Samba check the configuration file automatically can be 269convenient, but it also means that if you edit 270<em class="filename">smb.conf</em> directly, you might be immediately 271changing your network's <a name="INDEX-13"/>configuration every time you save the 272file. If you're making anything more than a minor 273change, it may be wiser to copy <em class="filename">smb.conf</em> to a 274temporary file, edit that, run <tt class="literal">testparm</tt> 275<em class="replaceable">filename</em> to check it, and then copy the 276temporary file back to <em class="filename">smb.conf</em>. That way, you 277can be sure to put all your changes into effect at once, and only 278after you are confident that you have created the exact configuration 279you wish to implement.</p> 280</blockquote> 281 282<p>If you don't want to wait for the configuration file 283to be reloaded automatically, you can force a reload either by 284sending a hangup signal to the <em class="emphasis">smbd</em> and 285<em class="emphasis">nmbd</em> processes or simply by restarting the 286daemons. Actually, it can be a good idea to restart the daemons 287because it forces the clients to disconnect and reconnect, ensuring 288that the new configuration is applied to all clients. We showed you 289how to restart the daemons in <a href="ch02.html">Chapter 2</a>, and 290sending them a hangup (HUP) signal is very similar. On Linux, it can 291be done with the command:</p> 292 293<blockquote><pre class="code"># <tt class="userinput"><b>killall -HUP smbd nmbd</b></tt></pre></blockquote> 294 295<p>In this case, not all changes will be immediately recognized by 296clients. For example, changes to a share that is currently in use 297will not be registered until the client disconnects and reconnects to 298that share. In addition, server-specific parameters such as the 299workgroup or NetBIOS name of the server will not go into effect 300immediately either. (This behavior was implemented intentionally 301because it keeps active clients from being suddenly disconnected or 302encountering unexpected access problems while a session is open.) 303<a name="INDEX-14"/></p> 304 305 306</div> 307 308 309</div> 310 311 312<div class="sect2"><a name="samba2-CHP-6-SECT-1.2"/> 313 314<h3 class="head2">Variables</h3> 315 316<p><a name="INDEX-15"/>Because a 317new copy of the<em class="filename"> </em><em class="emphasis">smbd</em> daemon 318is created for each connecting client, it is possible for each client 319to have its own customized configuration file. Samba allows a 320limited, yet useful, form of variable substitution in the 321configuration file to allow information about the Samba server and 322the client to be included in the configuration at the time the client 323connects. Inside the configuration file, a variable begins with a 324percent sign (<tt class="literal">%</tt>), followed by a single upper- or 325lowercase letter, and can be used only on the right side of a 326configuration option (i.e., after the equal sign). An example is:</p> 327 328<blockquote><pre class="code">[pub] 329 path = /home/ftp/pub/%a</pre></blockquote> 330 331<p>The <tt class="literal">%a</tt><a name="INDEX-16"/> stands for the client 332system's architecture and will be replaced as shown 333in <a href="ch06.html#samba2-CHP-6-TABLE-1">Table 6-1</a>.</p> 334 335<a name="samba2-CHP-6-TABLE-1"/><h4 class="head4">Table 6-1. %a substitution</h4><table border="1"> 336 337 338 339<tr> 340<th> 341<p>Client operating system 342("architecture")</p> 343</th> 344<th> 345<p>Replacement string</p> 346</th> 347</tr> 348 349 350<tr> 351<td> 352<p>Windows for Workgroups</p> 353</td> 354<td> 355<p><tt class="literal">WfWg</tt></p> 356</td> 357</tr> 358<tr> 359<td> 360<p>Windows 95 and Windows 98</p> 361</td> 362<td> 363<p><tt class="literal">Win95</tt></p> 364</td> 365</tr> 366<tr> 367<td> 368<p>Windows NT</p> 369</td> 370<td> 371<p><tt class="literal">WinNT</tt></p> 372</td> 373</tr> 374<tr> 375<td> 376<p>Windows 2000 and Windows XP</p> 377</td> 378<td> 379<p><tt class="literal">Win2K</tt></p> 380</td> 381</tr> 382<tr> 383<td> 384<p>Samba</p> 385</td> 386<td> 387<p><tt class="literal">Samba</tt></p> 388</td> 389</tr> 390<tr> 391<td> 392<p>Any OS not listed earlier</p> 393</td> 394<td> 395<p><tt class="literal">UNKNOWN</tt></p> 396</td> 397</tr> 398 399</table> 400 401<p>In this example, Samba will assign a unique path for the 402<tt class="literal">[pub]</tt> share to client systems based on what 403operating system they are running. The paths that each client would 404see as its share differ according to the client's 405architecture:</p> 406 407<blockquote><pre class="code">/home/ftp/pub/WfwG 408/home/ftp/pub/Win95 409/home/ftp/pub/WinNT 410/home/ftp/pub/Win2K 411/home/ftp/pub/Samba 412/home/ftp/pub/UNKNOWN</pre></blockquote> 413 414<p>Using variables in this manner comes in handy if you wish to have 415different users run custom configurations based on their own unique 416characteristics or conditions. 417<a name="INDEX-17"/><a name="INDEX-18"/>Samba 418has 20 variables, as shown in <a href="ch06.html#samba2-CHP-6-TABLE-2">Table 6-2</a>.</p> 419 420<a name="samba2-CHP-6-TABLE-2"/><h4 class="head4">Table 6-2. Samba variables</h4><table border="1"> 421 422 423 424<tr> 425<th> 426<p>Variable</p> 427</th> 428<th> 429<p>Definition</p> 430</th> 431</tr> 432 433 434<tr> 435<td> 436<p><b class="emphasis-bold">Client variables</b></p> 437</td> 438</tr> 439<tr> 440<td> 441<p><tt class="literal">%a</tt><a name="INDEX-19"/></p> 442</td> 443<td> 444<p>Client's architecture (see <a href="ch06.html#samba2-CHP-6-TABLE-1">Table 6-1</a>)</p> 445</td> 446</tr> 447<tr> 448<td> 449<p><tt class="literal">%I</tt><a name="INDEX-20"/></p> 450</td> 451<td> 452<p>Client's IP address (e.g., 172.16.1.2)</p> 453</td> 454</tr> 455<tr> 456<td> 457<p><tt class="literal">%m</tt><a name="INDEX-21"/></p> 458</td> 459<td> 460<p>Client's NetBIOS name</p> 461</td> 462</tr> 463<tr> 464<td> 465<p><tt class="literal">%M</tt><a name="INDEX-22"/></p> 466</td> 467<td> 468<p>Client's DNS name</p> 469</td> 470</tr> 471<tr> 472<td> 473<p><b class="emphasis-bold">User variables</b></p> 474</td> 475</tr> 476<tr> 477<td> 478<p><tt class="literal">%u</tt><a name="INDEX-23"/></p> 479</td> 480<td> 481<p>Current Unix username</p> 482</td> 483</tr> 484<tr> 485<td> 486<p><tt class="literal">%U</tt><a name="INDEX-24"/></p> 487</td> 488<td> 489<p>Requested client username (not always used by Samba)</p> 490</td> 491</tr> 492<tr> 493<td> 494<p><tt class="literal">%H</tt><a name="INDEX-25"/></p> 495</td> 496<td> 497<p>Home directory of <tt class="literal">%u</tt></p> 498</td> 499</tr> 500<tr> 501<td> 502<p><tt class="literal">%g</tt><a name="INDEX-26"/></p> 503</td> 504<td> 505<p>Primary group of <tt class="literal">%u</tt></p> 506</td> 507</tr> 508<tr> 509<td> 510<p><tt class="literal">%G</tt><a name="INDEX-27"/></p> 511</td> 512<td> 513<p>Primary group of <tt class="literal">%U</tt></p> 514</td> 515</tr> 516<tr> 517<td> 518<p><b class="emphasis-bold">Share variables</b></p> 519</td> 520</tr> 521<tr> 522<td> 523<p><tt class="literal">%S</tt><a name="INDEX-28"/></p> 524</td> 525<td> 526<p>Current share's name</p> 527</td> 528</tr> 529<tr> 530<td> 531<p><tt class="literal">%P</tt><a name="INDEX-29"/></p> 532</td> 533<td> 534<p>Current share's root directory</p> 535</td> 536</tr> 537<tr> 538<td> 539<p><tt class="literal">%p</tt><a name="INDEX-30"/></p> 540</td> 541<td> 542<p>Automounter's path to the share's 543root directory, if different from <tt class="literal">%P</tt></p> 544</td> 545</tr> 546<tr> 547<td> 548<p><b class="emphasis-bold">Server variables</b></p> 549</td> 550</tr> 551<tr> 552<td> 553<p><tt class="literal">%d</tt><a name="INDEX-31"/></p> 554</td> 555<td> 556<p>Current server process ID</p> 557</td> 558</tr> 559<tr> 560<td> 561<p><tt class="literal">%h</tt><a name="INDEX-32"/></p> 562</td> 563<td> 564<p>Samba server's DNS hostname</p> 565</td> 566</tr> 567<tr> 568<td> 569<p><tt class="literal">%L</tt><a name="INDEX-33"/></p> 570</td> 571<td> 572<p>Samba server's NetBIOS name</p> 573</td> 574</tr> 575<tr> 576<td> 577<p><tt class="literal">%N</tt><a name="INDEX-34"/></p> 578</td> 579<td> 580<p>Home directory server, from the automount map</p> 581</td> 582</tr> 583<tr> 584<td> 585<p><tt class="literal">%v</tt><a name="INDEX-35"/></p> 586</td> 587<td> 588<p>Samba version</p> 589</td> 590</tr> 591<tr> 592<td> 593<p><b class="emphasis-bold">Miscellaneous variables</b></p> 594</td> 595</tr> 596<tr> 597<td> 598<p><tt class="literal">%R</tt><a name="INDEX-36"/></p> 599</td> 600<td> 601<p>The SMB protocol level that was negotiated</p> 602</td> 603</tr> 604<tr> 605<td> 606<p><tt class="literal">%T</tt><a name="INDEX-37"/></p> 607</td> 608<td> 609<p>The current date and time</p> 610</td> 611</tr> 612<tr> 613<td> 614<p><a name="INDEX-38"/>%$<em class="replaceable">var</em></p> 615</td> 616<td> 617<p>The value of environment variable <tt class="literal">var</tt></p> 618</td> 619</tr> 620 621</table> 622 623<p>Here's another example of using 624<a name="INDEX-39"/><a name="INDEX-40"/><a name="INDEX-41"/>variables: let's say there 625are five clients on your network, but one client, 626<tt class="literal">maya</tt>, requires a slightly different 627<tt class="literal">[homes]</tt> configuration. With Samba, 628it's simple to handle this:</p> 629 630<blockquote><pre class="code">[homes] 631 ... 632 include = /usr/local/samba/lib/smb.conf.%m 633 ...</pre></blockquote> 634 635<p>The <tt class="literal">include</tt> option here causes a separate 636configuration file for each particular NetBIOS machine 637(<tt class="literal">%m</tt>) to be read in addition to the current file. 638If the hostname of the client system is <tt class="literal">maya</tt>, and 639if a <em class="filename">smb.conf.maya</em> file exists in the 640<em class="filename">/usr/local/samba/lib</em> directory, Samba will 641insert that configuration file into the default one. If any 642configuration options are restated in 643<em class="filename">smb.conf.maya</em>, those values will override any 644options previously encountered in that share. Note that we say 645"previously." If any options are 646restated in the main configuration file after the 647<tt class="literal">include</tt> option, Samba will honor those restated 648values for the share in which they are defined.</p> 649 650<p>If the file specified by the <tt class="literal">include</tt> parameter 651does not exist, Samba will not generate an error. In fact, it 652won't do anything at all. This allows you to create 653only one extra configuration file for <tt class="literal">maya</tt> when 654using this strategy, instead of one for each client that is on the 655network.</p> 656 657<p>Client-specific configuration files can be used to customize 658particular clients. They also can be used to make debugging Samba 659easier. For example, if we have one client with a problem, we can use 660this approach to give it a private log file with a more verbose 661logging level. This allows us to see what Samba is doing without 662slowing down all the other clients or overflowing the disk with 663useless logs.</p> 664 665<p>You can use the variables in <a href="ch06.html#samba2-CHP-6-TABLE-2">Table 6-2</a> to give 666custom values to a variety of Samba options. We will highlight 667several of these options as we move through the next few chapters. 668<a name="INDEX-42"/></p> 669 670 671</div> 672 673 674</div> 675 676 677 678<div class="sect1"><a name="samba2-CHP-6-SECT-2"/> 679 680<h2 class="head1">Special Sections</h2> 681 682<p>Now that we've gotten our feet wet with variables, 683there are a few special sections of the Samba configuration file that 684we should talk about. Again, don't worry if you do 685not understand every configuration option listed here; 686we'll go over each of them in the upcoming chapters.</p> 687 688 689<div class="sect2"><a name="samba2-CHP-6-SECT-2.1"/> 690 691<h3 class="head2">The [ global] Section</h3> 692 693<p>The <tt class="literal">[global]</tt><a name="INDEX-43"/><a name="INDEX-44"/> section appears in virtually 694every Samba configuration file, even though it is not mandatory. 695There are two purposes for the <tt class="literal">[global]</tt> section. 696Server-wide settings are defined here, and any options that apply to 697shares will be used as a default in all share definitions, unless 698overridden within the share definition.</p> 699 700<p>To illustrate this, let's again look at the example 701at the beginning of the chapter:</p> 702 703<blockquote><pre class="code">[global] 704 workgroup = METRAN 705 encrypt passwords = yes 706 wins support = yes 707 log level = 1 708 max log size = 1000 709 read only = no 710[homes] 711 browsable = no 712 map archive = yes 713[printers] 714 path = /var/tmp 715 printable = yes 716 min print space = 2000 717[test] 718 browsable = yes 719 read only = yes 720 path = /usr/local/samba/tmp</pre></blockquote> 721 722<p>When a client connects to the <tt class="literal">[test]</tt> share, Samba 723first reads the <tt class="literal">[global]</tt> section and sets the 724option <tt class="literal">read</tt> <tt class="literal">only</tt> 725<tt class="literal">=</tt> <tt class="literal">no</tt> as the global default for 726each share it encounters throughout the configuration file. This 727includes the <tt class="literal">[homes]</tt> and <tt class="literal">[test]</tt> 728shares. When it reads the definition of the <tt class="literal">[test]</tt> 729share, it then finds the configuration option <tt class="literal">read</tt> 730<tt class="literal">only</tt> <tt class="literal">=</tt> <tt class="literal">yes</tt> 731and overrides the default from the <tt class="literal">[global]</tt> 732section with the value <tt class="literal">yes</tt>.</p> 733 734<p>Any option that appears before the first marked section is assumed to 735be a global option. This means that the <tt class="literal">[global]</tt> 736section heading is not absolutely required; however, we suggest you 737always include it for clarity and to ensure future compatibility.</p> 738 739 740</div> 741 742 743<div class="sect2"><a name="samba2-CHP-6-SECT-2.2"/> 744 745<h3 class="head2">The [ homes] Section</h3> 746 747<p>If a client attempts to connect to a share that 748doesn't appear in the <em class="filename">smb.conf</em> 749file, Samba will search for a 750<tt class="literal">[homes]</tt><a name="INDEX-45"/><a name="INDEX-46"/> share in the 751configuration file. If a <tt class="literal">[homes]</tt> share exists, the 752unresolved share name is assumed to be a Unix username. If that 753username appears in the password database on the Samba server, Samba 754assumes the client is a Unix user trying to connect to her home 755directory on the server.</p> 756 757<p>For example, assume a client system is connecting to the Samba server 758<tt class="literal">toltec</tt> for the first time and tries to connect to 759a share named <tt class="literal">[alice]</tt>. There is no 760<tt class="literal">[alice]</tt> share defined in the 761<em class="filename">smb.conf</em> file, but there is a 762<tt class="literal">[homes]</tt>, so Samba searches the password database 763file and finds an <tt class="literal">alice</tt> user account is present on 764the system. Samba then checks the password provided by the client 765against user <tt class="literal">alice</tt>'s Unix 766password—either with the password database file if 767it's using nonencrypted passwords or with 768Samba's <em class="filename">smbpasswd</em> file if 769encrypted passwords are in use. If the passwords match, Samba knows 770it has guessed right: the user <tt class="literal">alice</tt> is trying to 771connect to her home directory. Samba will then create a share called 772<tt class="literal">[alice]</tt> for her, with the share's 773path set to <tt class="literal">alice</tt>'s home 774directory.</p> 775 776<p>The process of using the <tt class="literal">[homes]</tt> section to create 777users (and dealing with their passwords) is discussed in more detail 778in <a href="ch09.html">Chapter 9</a>.</p> 779 780 781</div> 782 783 784<div class="sect2"><a name="samba2-CHP-6-SECT-2.3"/> 785 786<h3 class="head2">The [printers] Section</h3> 787 788<p>The third special section is called 789<tt class="literal">[printers]</tt><a name="INDEX-47"/><a name="INDEX-48"/> and is similar to 790<tt class="literal">[homes]</tt>. If a client attempts to connect to a 791share that isn't in the 792<em class="filename">smb.conf</em> file and its name 793can't be found in the password file, Samba will 794check to see if it is a printer share. Samba does this by reading the 795printer capabilities file (usually 796<em class="filename">/etc/printcap</em>) to see if the share name appears 797there.<a name="FNPTR-1"/><a href="#FOOTNOTE-1">[1]</a> If it does, Samba creates a share named after the 798printer.</p> 799 800<p>This means that as with <tt class="literal">[homes]</tt>, you 801don't have to maintain a share for each system 802printer in the <em class="filename">smb.conf</em> file. Instead, Samba 803honors the Unix printer registry if you ask it to, and it provides 804the registered printers to the client systems. However, there is a 805potential difficulty: if you have an account named 806<tt class="literal">fred</tt> and a printer named <tt class="literal">fred</tt>, 807Samba will always find the user account first, even if the client 808really needed to connect to the printer.</p> 809 810<p>The process of setting up the <tt class="literal">[printers]</tt> share is 811discussed in more detail in <a href="ch10.html">Chapter 10</a>.</p> 812 813 814</div> 815 816 817</div> 818 819 820 821<div class="sect1"><a name="samba2-CHP-6-SECT-3"/> 822 823<h2 class="head1">Configuration Options</h2> 824 825<p><a name="INDEX-49"/>Options in 826the Samba configuration files fall into one of two categories: 827<em class="firstterm">global</em> options or <em class="firstterm">share</em> 828options. Each category dictates where an option can appear in the 829configuration file.</p> 830 831<dl> 832<dt><b>Global options</b></dt> 833<dd> 834<p>Global options must appear in the <tt class="literal">[global]</tt> section 835and nowhere else. These are options that typically apply to the 836behavior of the Samba server itself and not to any of its shares.</p> 837</dd> 838 839 840 841<dt><b>Share options</b></dt> 842<dd> 843<p>Share options can appear in share definitions, the 844<tt class="literal">[global]</tt> section, or both. If they appear in the 845<tt class="literal">[global]</tt> section, they will define a default 846behavior for all shares unless a share overrides the option with a 847value of its own.</p> 848</dd> 849 850</dl> 851 852<p>In addition, configuration options can take three kinds of values. 853They are as follows:</p> 854 855<dl> 856<dt><b>Boolean</b></dt> 857<dd> 858<p>These are simply yes or no values, but can be represented by any of 859the following: <tt class="literal">yes</tt>, <tt class="literal">no</tt>, 860<tt class="literal">true</tt>, <tt class="literal">false</tt>, 861<tt class="literal">1</tt>, or <tt class="literal">0</tt>. The values are 862case-insensitive: <tt class="literal">YES</tt> is the same as 863<tt class="literal">yes</tt>.</p> 864</dd> 865 866 867 868<dt><b>Numeric</b></dt> 869<dd> 870<p>This is a decimal, hexadecimal, or octal number. The standard 871<tt class="literal">0x</tt><em class="emphasis">nn</em> syntax is used for 872hexadecimal and <tt class="literal">0</tt><em class="emphasis">nnn</em> for 873octal.</p> 874</dd> 875 876 877 878<dt><b>String</b></dt> 879<dd> 880<p>This is a string of case-sensitive characters, such as a filename or 881a username.</p> 882</dd> 883 884</dl> 885 886 887<div class="sect2"><a name="samba2-CHP-6-SECT-3.1"/> 888 889<h3 class="head2">Configuration File Options</h3> 890 891<p>You can instruct Samba to include or replace configuration options as 892it is processing them. The options to do this are summarized in <a href="ch06.html#samba2-CHP-6-TABLE-3">Table 6-3</a>.</p> 893 894<a name="samba2-CHP-6-TABLE-3"/><h4 class="head4">Table 6-3. Configuration file options</h4><table border="1"> 895 896 897 898 899 900 901<tr> 902<th> 903<p>Option</p> 904</th> 905<th> 906<p>Parameters</p> 907</th> 908<th> 909<p>Function</p> 910</th> 911<th> 912<p>Default</p> 913</th> 914<th> 915<p>Scope</p> 916</th> 917</tr> 918 919 920<tr> 921<td> 922<p><tt class="literal">config</tt> <tt class="literal">file</tt></p> 923</td> 924<td> 925<p>string (name of file)</p> 926</td> 927<td> 928<p>Sets the location of a configuration file to use instead of the 929current one</p> 930</td> 931<td> 932<p>None</p> 933</td> 934<td> 935<p>Global</p> 936</td> 937</tr> 938<tr> 939<td> 940<p><tt class="literal">include</tt></p> 941</td> 942<td> 943<p>string (name of file)</p> 944</td> 945<td> 946<p>Specifies an additional set of configuration options to be included 947in the configuration file</p> 948</td> 949<td> 950<p>None</p> 951</td> 952<td> 953<p>Global</p> 954</td> 955</tr> 956<tr> 957<td> 958<p><tt class="literal">copy</tt></p> 959</td> 960<td> 961<p>string (name of share)</p> 962</td> 963<td> 964<p>Allows you to clone the configuration options of another share in the 965current share</p> 966</td> 967<td> 968<p>None</p> 969</td> 970<td> 971<p>Share</p> 972</td> 973</tr> 974 975</table> 976 977 978<div class="sect3"><a name="samba2-CHP-6-SECT-3.1.1"/> 979 980<h3 class="head3">config file</h3> 981 982<p>The global <tt class="literal">config</tt><a name="INDEX-50"/> <tt class="literal">file</tt> 983option specifies a replacement configuration file that will be loaded 984when the option is encountered. If the target file exists, the 985remainder of the current configuration file, as well as the options 986encountered so far, will be discarded, and Samba will configure 987itself entirely with the options in the new file. Variables can be 988used with the <tt class="literal">config</tt> <tt class="literal">file</tt> 989option, which is useful in the event that you want to use a special 990configuration file based on the NetBIOS machine name or user of the 991client that is connecting.</p> 992 993<p>For example, the following line instructs Samba to use a 994configuration file specified by the NetBIOS name of the client 995connecting, if such a file exists. If it does, options specified in 996the original configuration file are ignored:</p> 997 998<blockquote><pre class="code">[global] 999 config file = /usr/local/samba/lib/smb.conf.%m</pre></blockquote> 1000 1001<p>If the configuration file specified does not exist, the option is 1002ignored, and Samba will continue to configure itself based on the 1003current file. This allows a default configuration file to serve most 1004clients, while providing for exceptions with customized configuration 1005files.</p> 1006 1007 1008</div> 1009 1010 1011 1012<div class="sect3"><a name="samba2-CHP-6-SECT-3.1.2"/> 1013 1014<h3 class="head3">include</h3> 1015 1016<p>This <a name="INDEX-51"/>option, discussed in greater detail 1017earlier, copies the target file into the current configuration file 1018at the point specified, as shown in <a href="ch06.html#samba2-CHP-6-FIG-1">Figure 6-1</a>. 1019This option also can be used with variables. You can use this option 1020as follows:</p> 1021 1022<blockquote><pre class="code">[global] 1023 include = /usr/local/samba/lib/smb.conf.%m</pre></blockquote> 1024 1025<p>If the configuration file specified does not exist, the option is 1026ignored. Options in the include file override any option specified 1027previously, but not options that are specified later. In <a href="ch06.html#samba2-CHP-6-FIG-1">Figure 6-1</a>, all three options will override their 1028previous values.</p> 1029 1030<div class="figure"><a name="samba2-CHP-6-FIG-1"/><img src="figs/sam2_0601.gif"/></div><h4 class="head4">Figure 6-1. The include option in a Samba configuration file</h4> 1031 1032<p>The <tt class="literal">include</tt> option does not work with the 1033variables <tt class="literal">%u</tt> (user), <tt class="literal">%P</tt> 1034(current share's root directory), or 1035<tt class="literal">%S</tt> (current share's name) because 1036they are not set at the time the <tt class="literal">include</tt> parameter 1037is processed.</p> 1038 1039 1040</div> 1041 1042 1043 1044<div class="sect3"><a name="samba2-CHP-6-SECT-3.1.3"/> 1045 1046<h3 class="head3">copy</h3> 1047 1048<p>The <tt class="literal">copy</tt><a name="INDEX-52"/> configuration option allows you to clone 1049the configuration options of the share name that you specify in the 1050current share. The target share must appear earlier in the 1051configuration file than the share that is performing the copy. For 1052example:</p> 1053 1054<blockquote><pre class="code">[template] 1055 writable = yes 1056 browsable = yes 1057 valid users = andy, dave, jay 1058 1059[data] 1060 path = /usr/local/samba 1061 copy = template</pre></blockquote> 1062 1063<p>Note that any options in the share that invoked the 1064<tt class="literal">copy</tt> directive will override those in the cloned 1065share; it does not matter whether they appear before or after the 1066<tt class="literal">copy</tt> directive. <a name="INDEX-53"/></p> 1067 1068 1069</div> 1070 1071 1072</div> 1073 1074 1075</div> 1076 1077 1078 1079<div class="sect1"><a name="samba2-CHP-6-SECT-4"/> 1080 1081<h2 class="head1">Server Configuration</h2> 1082 1083<p><a name="INDEX-54"/>We will now start from 1084scratch and build a configuration file for our Samba server. First we 1085will introduce three basic configuration options that can appear in 1086the <tt class="literal">[global]</tt> section of the 1087<em class="filename">smb.conf</em> file:</p> 1088 1089<blockquote><pre class="code">[global] 1090 # Server configuration parameters 1091 netbios name = toltec 1092 server string = Samba %v on %L 1093 workgroup = METRAN 1094 encrypt passwords = yes</pre></blockquote> 1095 1096<p>This configuration file is pretty simple; it advertises the Samba 1097server under the NetBIOS name <tt class="literal">toltec</tt>. In addition, 1098it places the system in the METRAN workgroup and displays a 1099description to clients that includes the Samba version number, as 1100well as the NetBIOS name of the Samba server.</p> 1101 1102<a name="samba2-CHP-6-NOTE-130"/><blockquote class="note"><h4 class="objtitle">TIP</h4> 1103<p>If you used the line <tt class="literal">encrypt passwords = yes</tt> in 1104your earlier configuration file, you should do so here as well.</p> 1105</blockquote> 1106 1107<p>If you like, you can go ahead and try this configuration file. Create 1108a file named <em class="filename">smb.conf</em> under the 1109<em class="filename">/usr/local/samba/lib</em> directory with the text 1110listed earlier. Then restart the Samba server and use a Windows 1111client to verify the results. Be sure that your Windows clients are 1112in the METRAN workgroup as well. After double-clicking the Network 1113Neighborhood on a Windows client, you should see a window similar to 1114<a href="ch06.html#samba2-CHP-6-FIG-2">Figure 6-2</a>. (In this figure, 1115<tt class="literal">Mixtec</tt> is another Samba server, 1116<tt class="literal">a</tt>nd <tt class="literal">Zapotec</tt> is a Windows 1117client.)</p> 1118 1119<div class="figure"><a name="samba2-CHP-6-FIG-2"/><img src="figs/sam2_0602.gif"/></div><h4 class="head4">Figure 6-2. Network Neighborhood showing Toltec, the Samba server</h4> 1120 1121<p>You can verify the <tt class="literal">server</tt> 1122<tt class="literal">string</tt> by listing the details of the Network 1123Neighborhood window (select Details in the View menu). You should see 1124a window similar to <a href="ch06.html#samba2-CHP-6-FIG-3">Figure 6-3</a>.</p> 1125 1126<div class="figure"><a name="samba2-CHP-6-FIG-3"/><img src="figs/sam2_0603.gif"/></div><h4 class="head4">Figure 6-3. Network Neighborhood details listing</h4> 1127 1128<p>If you were to click the <em class="filename">toltec</em> icon, a window 1129should appear that shows the services that it provides. In this case, 1130the window would be completely empty because there are no shares on 1131the server yet.</p> 1132 1133 1134<div class="sect2"><a name="samba2-CHP-6-SECT-4.1"/> 1135 1136<h3 class="head2">Server Configuration Options</h3> 1137 1138<p><a href="ch06.html#samba2-CHP-6-TABLE-4">Table 6-4</a> summarizes the server configuration 1139options introduced previously. All three of these options are global 1140in scope, so they must appear in the <tt class="literal">[global]</tt> 1141section of the configuration file.<a name="INDEX-55"/></p> 1142 1143<a name="samba2-CHP-6-TABLE-4"/><h4 class="head4">Table 6-4. Server configuration options</h4><table border="1"> 1144 1145 1146 1147 1148 1149 1150<tr> 1151<th> 1152<p>Option</p> 1153</th> 1154<th> 1155<p>Parameters</p> 1156</th> 1157<th> 1158<p>Function</p> 1159</th> 1160<th> 1161<p>Default</p> 1162</th> 1163<th> 1164<p>Scope</p> 1165</th> 1166</tr> 1167 1168 1169<tr> 1170<td> 1171<p><tt class="literal">netbios</tt> <tt class="literal">name</tt></p> 1172</td> 1173<td> 1174<p>string</p> 1175</td> 1176<td> 1177<p>NetBIOS name of the Samba server</p> 1178</td> 1179<td> 1180<p>Server's unqualified DNS hostname</p> 1181</td> 1182<td> 1183<p>Global</p> 1184</td> 1185</tr> 1186<tr> 1187<td> 1188<p><tt class="literal">workgroup</tt></p> 1189</td> 1190<td> 1191<p>string</p> 1192</td> 1193<td> 1194<p>NetBIOS group to which the server belongs</p> 1195</td> 1196<td> 1197<p>Defined at compile time</p> 1198</td> 1199<td> 1200<p>Global</p> 1201</td> 1202</tr> 1203<tr> 1204<td> 1205<p><tt class="literal">server</tt> <tt class="literal">string</tt></p> 1206</td> 1207<td> 1208<p>string</p> 1209</td> 1210<td> 1211<p>Descriptive string for the Samba server</p> 1212</td> 1213<td> 1214<p><tt class="literal">Samba %v</tt></p> 1215</td> 1216<td> 1217<p>Global</p> 1218</td> 1219</tr> 1220 1221</table> 1222 1223 1224<div class="sect3"><a name="samba2-CHP-6-SECT-4.1.1"/> 1225 1226<h3 class="head3">netbios name</h3> 1227 1228<p>The <tt class="literal">netbios</tt><a name="INDEX-56"/> <tt class="literal">name</tt> option 1229allows you to set the NetBIOS name of the server. For example:</p> 1230 1231<blockquote><pre class="code">netbios name = YORKVM1</pre></blockquote> 1232 1233<p>The default value for this configuration option is the 1234server's hostname—that is, the first part of 1235its fully qualified domain name. For example, a system with the DNS 1236name <tt class="literal">ruby.ora.com</tt> would be given the NetBIOS name 1237<tt class="literal">RUBY</tt> by default. While you can use this option to 1238restate the system's NetBIOS name in the 1239configuration file (as we did previously), it is more commonly used 1240to assign the Samba server a NetBIOS name other than its current DNS 1241name. Remember that the name given must follow the rules for valid 1242NetBIOS machine names as outlined in <a href="ch01.html">Chapter 1</a>.</p> 1243 1244<p>Changing the NetBIOS name of the server is not recommended unless you 1245have a good reason. One such reason might be if the hostname of the 1246system is not unique because the LAN is divided over two or more DNS 1247domains. For example, YORKVM1 is a good NetBIOS candidate for 1248<tt class="literal">vm1.york.example.com</tt> to differentiate it from 1249<tt class="literal">vm1.falkirk.example.com</tt>, which has the same 1250hostname but resides in a different DNS domain.</p> 1251 1252<p>Another use of this option is for relocating SMB services from a dead 1253or retired system. For example, if <tt class="literal">SALES</tt> is the 1254SMB server for the department and it suddenly dies, you could 1255immediately reset <tt class="literal">netbios</tt> <tt class="literal">name</tt> 1256<tt class="literal">=</tt> <tt class="literal">SALES</tt> on a backup Samba 1257server that's taking over for it. Users 1258won't have to change their drive mappings to a 1259different server; new connections to <tt class="literal">SALES</tt> will 1260simply go to the new server.</p> 1261 1262 1263</div> 1264 1265 1266 1267<div class="sect3"><a name="samba2-CHP-6-SECT-4.1.2"/> 1268 1269<h3 class="head3">workgroup</h3> 1270 1271<p>The <tt class="literal">workgroup</tt><a name="INDEX-57"/> parameter sets the 1272current workgroup (or domain) in which the Samba server will 1273advertise itself. Clients that wish to access shares on the Samba 1274server should be in the same NetBIOS group. Remember that workgroups 1275are really just NetBIOS group names and must follow the standard 1276NetBIOS naming conventions outlined in <a href="ch01.html">Chapter 1</a>.</p> 1277 1278<p>The default option for this parameter is set at compile time to 1279<tt class="literal">WORKGROUP</tt>. Because this is the default workgroup 1280name of every unconfigured Windows and Samba system, we recommend 1281that you always set your workgroup name in the Samba configuration 1282file. When choosing your workgroup name, try to avoid making it the 1283same name as a server or user. This will avoid possible problems with 1284WINS name resolution.</p> 1285 1286 1287</div> 1288 1289 1290 1291<div class="sect3"><a name="samba2-CHP-6-SECT-4.1.3"/> 1292 1293<h3 class="head3">server string</h3> 1294 1295<p>The <tt class="literal">server</tt><a name="INDEX-58"/> <tt class="literal">string</tt> 1296parameter defines a comment string that will appear next to the 1297server name in both the Network Neighborhood (when shown with the 1298Details view) and the comment entry of the Microsoft Windows printer 1299manager.<a name="FNPTR-2"/><a href="#FOOTNOTE-2">[2]</a> </p> 1300 1301<p>You can use variables to provide 1302information in the description. For example, our entry earlier was:</p> 1303 1304<blockquote><pre class="code">[global] 1305 server string = Samba %v on (%h)</pre></blockquote> 1306 1307<p>The default for this option simply presents the current version of 1308Samba and is equivalent to:</p> 1309 1310<a name="INDEX-59"/><blockquote><pre class="code">server string = Samba %v</pre></blockquote> 1311 1312 1313</div> 1314 1315 1316</div> 1317 1318 1319</div> 1320 1321 1322 1323<div class="sect1"><a name="samba2-CHP-6-SECT-5"/> 1324 1325<h2 class="head1">Disk Share Configuration</h2> 1326 1327<p><a name="INDEX-60"/><a name="INDEX-61"/>We mentioned in the previous section that 1328there were no disk shares on the <tt class="literal">toltec</tt> server. 1329Let's continue building the configuration file and 1330create an empty disk share called <tt class="literal">[data]</tt>. Here are 1331the additions that will do it:</p> 1332 1333<blockquote><pre class="code">[data] 1334 path = /export/samba/data 1335 comment = Data Drive 1336 volume = Sample-Data-Drive 1337 writable = yes</pre></blockquote> 1338 1339<p>The <tt class="literal">[data]</tt> share is typical for a Samba disk 1340share. The share maps to the directory <em class="filename">/export/samba/data 1341</em>on the Samba server. We've also provided 1342a comment that describes the share as a <tt class="literal">Data</tt> 1343<tt class="literal">Drive</tt>, as well as a volume name for the share 1344itself.</p> 1345 1346<p>Samba's default is to create a read-only share. As a 1347result, the <tt class="literal">writable</tt> option needs to be explicitly 1348set for each disk share you wish to make writable.</p> 1349 1350<p>We will also need to create the 1351<em class="filename">/export/samba/data</em> directory on the Samba server 1352with the following commands:</p> 1353 1354<blockquote><pre class="code"># <tt class="userinput"><b>mkdir /export/samba/data</b></tt> 1355# <tt class="userinput"><b>chmod 777 /export/samba/data</b></tt></pre></blockquote> 1356 1357<p>Now, if we connect to the <tt class="literal">toltec</tt> server again by 1358double-clicking its icon in the Windows Network Neighborhood, we will 1359see a single share entitled <tt class="literal">data</tt>, as shown in 1360<a href="ch06.html#samba2-CHP-6-FIG-4">Figure 6-4</a>. This share has read/write access, so 1361files can be copied to or from it.</p> 1362 1363<div class="figure"><a name="samba2-CHP-6-FIG-4"/><img src="figs/sam2_0604.gif"/></div><h4 class="head4">Figure 6-4. The initial data share on the Samba server</h4> 1364 1365 1366<div class="sect2"><a name="samba2-CHP-6-SECT-5.1"/> 1367 1368<h3 class="head2">Disk Share Configuration Options</h3> 1369 1370<p>The basic Samba configuration options for disk shares previously 1371introduced are listed in <a href="ch06.html#samba2-CHP-6-TABLE-5">Table 6-5</a>.</p> 1372 1373<a name="samba2-CHP-6-TABLE-5"/><h4 class="head4">Table 6-5. Basic share configuration options</h4><table border="1"> 1374 1375 1376 1377 1378 1379 1380<tr> 1381<th> 1382<p>Option</p> 1383</th> 1384<th> 1385<p>Parameters</p> 1386</th> 1387<th> 1388<p>Function</p> 1389</th> 1390<th> 1391<p>Default</p> 1392</th> 1393<th> 1394<p>Scope</p> 1395</th> 1396</tr> 1397 1398 1399<tr> 1400<td> 1401<p><tt class="literal">path</tt> <tt class="literal">(directory)</tt></p> 1402</td> 1403<td> 1404<p>string (directory name)</p> 1405</td> 1406<td> 1407<p>Sets the Unix directory that will be provided for a disk share or 1408used for spooling by a printer share.</p> 1409</td> 1410<td> 1411<p><tt class="literal">/tmp</tt></p> 1412</td> 1413<td> 1414<p>Share</p> 1415</td> 1416</tr> 1417<tr> 1418<td> 1419<p><tt class="literal">comment</tt></p> 1420</td> 1421<td> 1422<p>string</p> 1423</td> 1424<td> 1425<p>Sets the comment that appears with the share.</p> 1426</td> 1427<td> 1428<p>None</p> 1429</td> 1430<td> 1431<p>Share</p> 1432</td> 1433</tr> 1434<tr> 1435<td> 1436<p><tt class="literal">volume</tt></p> 1437</td> 1438<td> 1439<p>string</p> 1440</td> 1441<td> 1442<p>Sets the MS-DOS volume name for the share.</p> 1443</td> 1444<td> 1445<p>Share name</p> 1446</td> 1447<td> 1448<p>Share</p> 1449</td> 1450</tr> 1451<tr> 1452<td> 1453<p><tt class="literal">read only</tt></p> 1454</td> 1455<td> 1456<p>boolean</p> 1457</td> 1458<td> 1459<p>If <tt class="literal">yes</tt>, allows read-only access to a share.</p> 1460</td> 1461<td> 1462<p><tt class="literal">yes</tt></p> 1463</td> 1464<td> 1465<p>Share</p> 1466</td> 1467</tr> 1468<tr> 1469<td> 1470<p><tt class="literal">writable</tt> <tt class="literal">(write ok or writeable)</tt></p> 1471</td> 1472<td> 1473<p>boolean</p> 1474</td> 1475<td> 1476<p>If <tt class="literal">no</tt>, allows read-only access to a share. If 1477<tt class="literal">yes</tt>, both reading and writing are allowed.</p> 1478</td> 1479<td> 1480<p><tt class="literal">no</tt></p> 1481</td> 1482<td> 1483<p>Share</p> 1484</td> 1485</tr> 1486 1487</table> 1488 1489 1490<div class="sect3"><a name="samba2-CHP-6-SECT-5.1.1"/> 1491 1492<h3 class="head3">path</h3> 1493 1494<p>This <a name="INDEX-63"/>option, which has the synonym 1495<tt class="literal">directory</tt>, indicates the pathname for the root of 1496the shared directory or printer. You can choose any directory on the 1497Samba server, so long as the owner of the Samba process that is 1498connecting has read and write access to that directory. If the path 1499is for a printing share, it should point to a temporary directory 1500where files can be written on the server before being spooled to the 1501target printer ( <em class="filename"> /tmp</em> and 1502<em class="filename">/var/spool</em> are popular choices). If this path is 1503for a disk share, the contents of the folder representing the share 1504name on the client will match the contents of the directory on the 1505Samba server.</p> 1506 1507<p>The directory specified as the value for <tt class="literal">path</tt> can 1508be given as a relative path, in which case it will be relative to the 1509directory specified by the <tt class="literal">root</tt> 1510<tt class="literal">directory</tt> parameter. Because 1511<tt class="literal">root</tt> <tt class="literal">directory</tt> defaults to root 1512(<em class="filename">/</em> ), it is generally a good idea to use 1513absolute paths for the <tt class="literal">path</tt> parameter, unless 1514<tt class="literal">root</tt> <tt class="literal">directory</tt> has been set to 1515something other than the default.</p> 1516 1517 1518</div> 1519 1520 1521 1522<div class="sect3"><a name="samba2-CHP-6-SECT-5.1.2"/> 1523 1524<h3 class="head3">comment</h3> 1525 1526<p>The <tt class="literal">comment</tt><a name="INDEX-64"/> option allows you to enter a 1527comment that will be sent to the client when it attempts to browse 1528the share. The user can see the comment by using the Details view on 1529the share folder or with the <em class="emphasis">net view</em> command at 1530an MS-DOS prompt. For example, here is how you might insert a comment 1531for a share:</p> 1532 1533<blockquote><pre class="code">[network] 1534 comment = Network Drive 1535 path = /export/samba/network</pre></blockquote> 1536 1537<p>Be sure not to confuse the <tt class="literal">comment</tt> option, which 1538documents a Samba server's shares, with the 1539<tt class="literal">server</tt> <tt class="literal">string</tt> option, which 1540documents the server itself.</p> 1541 1542 1543</div> 1544 1545 1546 1547<div class="sect3"><a name="samba2-CHP-6-SECT-5.1.3"/> 1548 1549<h3 class="head3">volume</h3> 1550 1551<p>This <a name="INDEX-65"/>option allows you to specify the volume 1552name of the share, which would otherwise default to the name of the 1553share given in the <em class="filename">smb.conf</em> file.</p> 1554 1555<p>Some software installation programs check the volume name of the 1556distribution CD-ROM to make sure the correct CD-ROM is in the drive 1557before attempting to install from it. If you copy the contents of the 1558CD-ROM into a network share and wish to install from there, you can 1559use this option to make sure the installation program sees the 1560correct volume name:</p> 1561 1562<blockquote><pre class="code">[network] 1563 comment = Network Drive 1564 volume = ASVP-102-RTYUIKA 1565 path = /home/samba/network</pre></blockquote> 1566 1567 1568</div> 1569 1570 1571 1572<div class="sect3"><a name="samba2-CHP-6-SECT-5.1.4"/> 1573 1574<h3 class="head3">read only, writable</h3> 1575 1576<p>The options <tt class="literal">read</tt><a name="INDEX-66"/> <tt class="literal">only</tt> 1577and <tt class="literal">writable</tt><a name="INDEX-67"/> (also called 1578<tt class="literal">writeable</tt><a name="INDEX-68"/> or 1579<tt class="literal">write</tt><a name="INDEX-69"/> <tt class="literal">ok</tt> ) are really two 1580ways of saying the same thing, but they are approached from opposite 1581ends. For example, you can set either of the following options in the 1582<tt class="literal">[global]</tt> section or in an individual share:</p> 1583 1584<blockquote><pre class="code">read only = yes 1585writable = no</pre></blockquote> 1586 1587<p>If either option is set as shown, data can be read from a share, but 1588cannot be written to it. You might think you would need this option 1589only if you were creating a read-only share. However, note that this 1590read-only behavior is the <em class="emphasis">default</em> action for 1591shares; if you want to be able to write data to a share, you must 1592explicitly specify one of the following options in the configuration 1593file for each share:</p> 1594 1595<blockquote><pre class="code">read only = no 1596writable = yes</pre></blockquote> 1597 1598<p>If you specify more than one occurrence of either option, Samba will 1599adhere to the last value it encounters for the share. <a name="INDEX-70"/><a name="INDEX-71"/></p> 1600 1601 1602</div> 1603 1604 1605</div> 1606 1607 1608</div> 1609 1610 1611 1612<div class="sect1"><a name="samba2-CHP-6-SECT-6"/> 1613 1614<h2 class="head1">Networking Options with Samba</h2> 1615 1616<p><a name="INDEX-72"/><a name="INDEX-73"/>If 1617you're running <a name="INDEX-74"/><a name="INDEX-75"/>Samba on a multihomed 1618system (on multiple subnets), you will need to configure Samba to use 1619all the network interfaces. Another use for the options presented in 1620this section is to implement better security by allowing or 1621disallowing connections on the specified interfaces.</p> 1622 1623<p>Let's assume that our Samba server can access both 1624the subnets 192.168.220.* and 134.213.233.*. Here are our additions 1625to the configuration file to add the networking configuration 1626options:</p> 1627 1628<blockquote><pre class="code">[global] 1629 # Networking configuration options 1630 hosts allow = 192.168.220. 134.213.233. 1631 hosts deny = 192.168.220.102 1632 interfaces = 192.168.220.100/255.255.255.0 \ 1633 134.213.233.110/255.255.255.0 1634 bind interfaces only = yes</pre></blockquote> 1635 1636<p>Take a look at the <tt class="literal">hosts</tt><a name="INDEX-76"/> <tt class="literal">allow</tt> 1637and <tt class="literal">hosts</tt><a name="INDEX-77"/> <tt class="literal">deny</tt> options. If these 1638options sound familiar, you're probably thinking of 1639the <em class="filename">hosts.allow</em> and 1640<em class="filename">hosts.deny</em> files that are found in the 1641<em class="filename">/etc</em> directories of many Unix systems. The 1642purpose of these options is identical to those files; they provide a 1643means of security by allowing or denying the connections of other 1644hosts based on their IP addresses. We could use the 1645<em class="filename">hosts.allow</em> and <em class="filename">hosts.deny</em> 1646files, but we are using this method instead because there might be 1647services on the server that we want others to access without also 1648giving them access to Samba's disk or printer 1649shares.</p> 1650 1651<p>With the <tt class="literal">hosts</tt> <tt class="literal">allow</tt> option, 1652we've specified a 192.168.220 IP address, which is 1653equivalent to saying: "All hosts on the 192.168.220 1654subnet." However, we've explicitly 1655specified in a <tt class="literal">hosts</tt> <tt class="literal">deny</tt> line 1656that 192.168.220.102 is not to be allowed access.</p> 1657 1658<p>You might be wondering why 192.168.220.102 will be denied even though 1659it is still in the subnet matched by the <tt class="literal">hosts</tt> 1660<tt class="literal">allow</tt> option. It is important to understand how 1661Samba sorts out the rules specified by <tt class="literal">hosts</tt> 1662<tt class="literal">allow</tt> and <tt class="literal">hosts</tt> <tt class="literal">deny</tt> 1663:</p> 1664 1665<ol><li> 1666<p>If no <tt class="literal">allow</tt> or <tt class="literal">deny</tt> options are 1667defined anywhere in <em class="filename">smb.conf</em>, Samba will allow 1668connections from any system.</p> 1669</li><li> 1670<p>If <tt class="literal">hosts</tt> <tt class="literal">allow</tt> or 1671<tt class="literal">hosts</tt> <tt class="literal">deny</tt> options are defined 1672in the <tt class="literal">[global]</tt> section of 1673<em class="filename">smb.conf</em>, they will apply to all shares, even if 1674either option is defined in one or more of the shares.</p> 1675</li><li> 1676<p>If only a <tt class="literal">hosts</tt> <tt class="literal">allow</tt> option is 1677defined for a share, only the hosts listed will be allowed to use the 1678share. All others will be denied.</p> 1679</li><li> 1680<p>If only a <tt class="literal">hosts</tt> <tt class="literal">deny</tt> option is 1681defined for a share, any client which is not on the list will be able 1682to use the share.</p> 1683</li><li> 1684<p>If both a <tt class="literal">hosts</tt> <tt class="literal">allow</tt> and 1685<tt class="literal">hosts</tt> <tt class="literal">deny</tt> option are defined, 1686a host must appear in the allow list and not appear in the deny list 1687(in any form) to access the share. Otherwise, the host will not be 1688allowed.</p> 1689</li></ol><a name="samba2-CHP-6-NOTE-131"/><blockquote class="note"><h4 class="objtitle">WARNING</h4> 1690<p>Take care that you don't explicitly allow a host to 1691access a share, but then deny access to the entire subnet of which 1692the host is part.</p> 1693</blockquote> 1694 1695<p>Let's look at another example of that final item. 1696Consider the following options:</p> 1697 1698<blockquote><pre class="code">hosts allow = 111.222. 1699hosts deny = 111.222.333.</pre></blockquote> 1700 1701<p>In this case, only the hosts that belong to the subnet 111.222.*.* 1702will be allowed access to the Samba shares. However, if a client 1703belongs to the 111.222.333.* subnet, it will be denied access, even 1704though it still matches the qualifications outlined by 1705<tt class="literal">hosts</tt> <tt class="literal">allow</tt>. The client must 1706appear on the <tt class="literal">hosts</tt> <tt class="literal">allow</tt> list 1707and <em class="emphasis">must not</em> appear on the 1708<tt class="literal">hosts</tt> <tt class="literal">deny</tt> list to gain access 1709to a Samba share.</p> 1710 1711<p>The other two options that we've specified are 1712<tt class="literal">interfaces</tt> and <tt class="literal">bind</tt> 1713<tt class="literal">interface</tt> <tt class="literal">only</tt>. 1714Let's look at the <tt class="literal">interfaces</tt> 1715option first. Samba, by default, sends data only from the primary 1716network interface, which in our example is the 192.168.220.100 1717subnet. If we would like it to send data to more than that one 1718interface, we need to specify the complete list with the 1719<tt class="literal">interfaces</tt> option. In the previous example, 1720we've bound Samba to interface with both subnets 1721(192.168.220 and 134.213.233) on which the system is operating by 1722specifying the other network interface address: 134.213.233.100. If 1723you have more than one interface on your computer, you should always 1724set this option, as there is no guarantee that the primary interface 1725that Samba chooses will be the right one.</p> 1726 1727<p>Finally, the <tt class="literal">bind</tt> <tt class="literal">interfaces</tt> 1728<tt class="literal">only</tt> option instructs the 1729<em class="filename">nmbd</em> process not to accept any broadcast 1730messages other than on the subnets specified with the 1731<tt class="literal">interfaces</tt> option. This is different from the 1732<tt class="literal">hosts</tt> <tt class="literal">allow</tt> and 1733<tt class="literal">hosts</tt> <tt class="literal">deny</tt> options, which 1734prevent clients from making connections to services, but not from 1735receiving broadcast messages. Using the <tt class="literal">bind</tt> 1736<tt class="literal">interfaces</tt> <tt class="literal">only</tt> option is a way 1737to shut out all datagrams from foreign subnets. In addition, it 1738instructs the <em class="emphasis">smbd</em> process to bind to only the 1739interface list given by the <em class="emphasis">interfaces</em> option. 1740This restricts the networks that Samba will serve.</p> 1741 1742 1743<div class="sect2"><a name="samba2-CHP-6-SECT-6.1"/> 1744 1745<h3 class="head2">Networking Options</h3> 1746 1747<p>The networking options we introduced earlier are summarized in <a href="ch06.html#samba2-CHP-6-TABLE-6">Table 6-6</a>.</p> 1748 1749<a name="samba2-CHP-6-TABLE-6"/><h4 class="head4">Table 6-6. Networking configuration options</h4><table border="1"> 1750 1751 1752 1753 1754 1755 1756<tr> 1757<th> 1758<p>Option</p> 1759</th> 1760<th> 1761<p>Parameters</p> 1762</th> 1763<th> 1764<p>Function</p> 1765</th> 1766<th> 1767<p>Default</p> 1768</th> 1769<th> 1770<p>Scope</p> 1771</th> 1772</tr> 1773 1774 1775<tr> 1776<td> 1777<p><tt class="literal">hosts allow (allow</tt> <tt class="literal">hosts)</tt></p> 1778</td> 1779<td> 1780<p>string (list of hostnames)</p> 1781</td> 1782<td> 1783<p>Client systems that can connect to Samba.</p> 1784</td> 1785<td> 1786<p>None</p> 1787</td> 1788<td> 1789<p>Share</p> 1790</td> 1791</tr> 1792<tr> 1793<td> 1794<p><tt class="literal">hosts deny (deny</tt> <tt class="literal">hosts)</tt></p> 1795</td> 1796<td> 1797<p>string (list of hostnames)</p> 1798</td> 1799<td> 1800<p>Client systems that cannot connect to Samba.</p> 1801</td> 1802<td> 1803<p>None</p> 1804</td> 1805<td> 1806<p>Share</p> 1807</td> 1808</tr> 1809<tr> 1810<td> 1811<p><tt class="literal">interfaces</tt></p> 1812</td> 1813<td> 1814<p>string (list of IP/netmask combinations)</p> 1815</td> 1816<td> 1817<p>Network interfaces Samba will respond to. Allows correcting defaults.</p> 1818</td> 1819<td> 1820<p>System-dependent</p> 1821</td> 1822<td> 1823<p>Global</p> 1824</td> 1825</tr> 1826<tr> 1827<td> 1828<p><tt class="literal">bind</tt></p> 1829 1830<p><tt class="literal">interfaces only</tt></p> 1831</td> 1832<td> 1833<p>boolean</p> 1834</td> 1835<td> 1836<p>If set to <tt class="literal">yes</tt>, Samba will bind only to those 1837interfaces specified by the <tt class="literal">interfaces</tt> option.</p> 1838</td> 1839<td> 1840<p><tt class="literal">no</tt></p> 1841</td> 1842<td> 1843<p>Global</p> 1844</td> 1845</tr> 1846 1847</table> 1848 1849 1850<div class="sect3"><a name="samba2-CHP-6-SECT-6.1.1"/> 1851 1852<h3 class="head3">hosts allow</h3> 1853 1854<p>The <tt class="literal">hosts</tt> <tt class="literal">allow</tt> option 1855(sometimes written as <tt class="literal">allow</tt> 1856<tt class="literal">hosts</tt>) specifies the clients that have permission 1857to access shares on the Samba server, written as a comma- or 1858space-separated list of hostnames of systems or their IP addresses. 1859You can gain quite a bit of security by simply placing your 1860LAN's subnet address in this option.</p> 1861 1862<p>You can specify any of the following formats for this option:</p> 1863 1864<ul><li> 1865<p>Hostnames, such as <tt class="literal">ftp.example.com</tt> .</p> 1866</li><li> 1867<p>IP addresses, such as <tt class="literal">130.63.9.252</tt>.</p> 1868</li><li> 1869<p>Domain names, which can be differentiated from individual hostnames 1870because they start with a dot. For example, 1871<tt class="literal">.ora.com</tt> represents all systems within the 1872<em class="emphasis">ora.com</em> domain.</p> 1873</li><li> 1874<p>Netgroups, which start with an at sign (<tt class="literal">@</tt>), such 1875as <tt class="literal">@printerhosts</tt>. Netgroups are usually available 1876only on systems running NIS or NIS+. If netgroups are supported on 1877your system, there should be a <tt class="literal">netgroups</tt> manual 1878page that describes them in more detail.</p> 1879</li><li> 1880<p>Subnets, which end with a dot. For example, 1881<tt class="literal">130.63.9</tt>. means all the systems whose IP addresses 1882begin with 130.63.9.</p> 1883</li><li> 1884<p>The keyword <tt class="literal">ALL</tt>, which allows any client access.</p> 1885</li><li> 1886<p>The keyword <tt class="literal">EXCEPT</tt> followed by one or more names, 1887IP addresses, domain names, netgroups, or subnets. For example, you 1888could specify that Samba allow all hosts except those on the 1889192.168.110 subnet with <tt class="literal">hosts</tt> 1890<tt class="literal">allow</tt> <tt class="literal">=</tt> <tt class="literal">ALL</tt> 1891<tt class="literal">EXCEPT</tt> <tt class="literal">192.168.110</tt>. (remember 1892to include the trailing dot).</p> 1893</li></ul> 1894<p>Using the <tt class="literal">ALL</tt> keyword by itself is almost always a 1895bad idea because it means that crackers on any network can access 1896your Samba server.</p> 1897 1898<p>The hostname <tt class="literal">localhost</tt>, for the loopback address 1899127.0.0.1, is included in the <tt class="literal">hosts</tt> 1900<tt class="literal">allow</tt> list by default and does not need to be 1901listed explicitly unless you have specified the 1902<tt class="literal">bind</tt> <tt class="literal">interfaces</tt> 1903<tt class="literal">only</tt> parameter. This address is required for Samba 1904to work properly.</p> 1905 1906<p>Other than that, there is no default value for the 1907<tt class="literal">hosts</tt> <tt class="literal">allow</tt> configuration 1908option. The default course of action in the event that neither the 1909<tt class="literal">hosts</tt> <tt class="literal">allow</tt> or 1910<tt class="literal">hosts</tt> <tt class="literal">deny</tt> option is specified 1911in <em class="filename">smb.conf</em> is to allow access from all sources.</p> 1912 1913<a name="samba2-CHP-6-NOTE-132"/><blockquote class="note"><h4 class="objtitle">TIP</h4> 1914<p>If you specify <tt class="literal">hosts allow</tt> in the 1915<tt class="literal">[global]</tt> section, that definition will override 1916any <tt class="literal">hosts allow</tt> lines in the share definitions. 1917This is the opposite of the usual behavior, which is for parameters 1918set in share definitions to override default values set in the 1919<tt class="literal">[global]</tt> section.<a name="INDEX-78"/></p> 1920</blockquote> 1921 1922 1923</div> 1924 1925 1926 1927<div class="sect3"><a name="samba2-CHP-6-SECT-6.1.2"/> 1928 1929<h3 class="head3">hosts deny</h3> 1930 1931<p>The <tt class="literal">hosts</tt> <tt class="literal">deny</tt> option 1932(synonymous with <tt class="literal">deny</tt> <tt class="literal">hosts</tt>) 1933specifies client systems that do not have permission to access a 1934share, written as a comma- or space-separated list of hostnames or 1935their IP addresses. Use the same format for specifying clients as the 1936<tt class="literal">hosts</tt> <tt class="literal">allow</tt> option earlier. For 1937example, to restrict access to the server from everywhere but 1938<tt class="literal">example.com</tt>, you could write:</p> 1939 1940<blockquote><pre class="code">hosts deny = ALL EXCEPT .example.com</pre></blockquote> 1941 1942<p>There is no default value for the <tt class="literal">hosts</tt> 1943<tt class="literal">deny</tt> configuration option, although the default 1944course of action in the event that neither option is specified is to 1945allow access from all sources. Also, if you specify this option in 1946the <tt class="literal">[global]</tt> section of the configuration file, it 1947will override any <tt class="literal">hosts</tt> <tt class="literal">deny</tt> 1948options defined in shares. If you wish to deny access to specific 1949shares, omit both the <tt class="literal">hosts</tt> 1950<tt class="literal">allow</tt> and <tt class="literal">hosts</tt> 1951<tt class="literal">deny</tt> options from the <tt class="literal">[global]</tt> 1952section of the configuration file.</p> 1953 1954<a name="samba2-CHP-6-NOTE-133"/><blockquote class="note"><h4 class="objtitle">NOTE</h4> 1955<p>Never include the loopback address (<tt class="literal">localhost</tt> at 1956IP address 127.0.0.1) in the <tt class="literal">hosts deny</tt> list. The 1957<em class="filename">smbpasswd</em> program needs to connect through the 1958loopback address to the Samba server as a client to change a 1959user's encrypted password. If the loopback address 1960is disabled, the locally generated packets requesting the change of 1961the encrypted password will be discarded by Samba.</p> 1962 1963 1964<p>In addition, both local browsing propagation and some functions of 1965SWAT require access to the Samba server through the loopback address 1966and will not work correctly if this address is disabled. 1967<a name="INDEX-79"/></p> 1968</blockquote> 1969 1970 1971</div> 1972 1973 1974 1975<div class="sect3"><a name="samba2-CHP-6-SECT-6.1.3"/> 1976 1977<h3 class="head3">interfaces</h3> 1978 1979<p>The <tt class="literal">interfaces</tt><a name="INDEX-80"/> option specifies the 1980networks that you want the Samba server to recognize and respond to. 1981This option is handy if you have a computer that resides on more than 1982one network subnet. If this option is not set, Samba searches for the 1983primary network interface of the server (typically the first Ethernet 1984card) upon startup and configures itself to operate on only that 1985subnet. If the server is configured for more than one subnet and you 1986do not specify this option, Samba will only work on the first subnet 1987it encounters. You must use this option to force Samba to serve the 1988other subnets on your network.</p> 1989 1990<p>The value of this option is one or more sets of IP address/netmask 1991pairs, as in the following:</p> 1992 1993<blockquote><pre class="code">interfaces = 192.168.220.100/255.255.255.0 192.168.210.30/255.255.255.0</pre></blockquote> 1994 1995<p>You can optionally specify a 1996<a name="INDEX-81"/><a name="INDEX-82"/>CIDR format bitmask, like this:</p> 1997 1998<blockquote><pre class="code">interfaces = 192.168.220.100/24 192.168.210.30/24</pre></blockquote> 1999 2000<p>The number after the slash specifies the number of bits that will be 2001set in the netmask. For example, the number 24 means that the first 200224 (of 32) bits will be set in the bitmask, which is the same as 2003specifying 255.255.255.0 as the netmask. Likewise, 16 would be 2004equivalent to a netmask of 255.255.0.0, and 8 would be the same as a 2005netmask of 255.0.0.0.</p> 2006<a name="samba2-CHP-6-NOTE-135"/><blockquote class="note"><h4 class="objtitle">WARNING</h4> 2007<p>This option might not work correctly if you are using DHCP.</p> 2008</blockquote> 2009 2010 2011</div> 2012 2013 2014 2015<div class="sect3"><a name="samba2-CHP-6-SECT-6.1.4"/> 2016 2017<h3 class="head3">bind interfaces only</h3> 2018 2019<p>The <tt class="literal">bind</tt><a name="INDEX-83"/> 2020<tt class="literal">interfaces</tt> <tt class="literal">only</tt> option can be 2021used to force the <em class="emphasis">smbd</em> and 2022<em class="emphasis">nmbd</em> processes to respond only to those 2023addresses specified by the <tt class="literal">interfaces</tt> option. The 2024<em class="emphasis">nmbd</em> process normally binds to the all-addresses 2025interface (0.0.0.0.) on ports 137 and 138, allowing it to receive 2026broadcasts from anywhere. However, you can override this behavior 2027with the following:</p> 2028 2029<blockquote><pre class="code">bind interfaces only = yes</pre></blockquote> 2030 2031<p>This will cause Samba to ignore any packets (including broadcast 2032packets) whose source address does not correspond to any of the 2033network interfaces specified by the <tt class="literal">interfaces</tt> 2034option. You should avoid using this option if you want to allow 2035temporary network connections, such as those created through SLIP or 2036PPP. It's very rare that this option is needed, and 2037it should be used only by experts.</p> 2038 2039<a name="samba2-CHP-6-NOTE-136"/><blockquote class="note"><h4 class="objtitle">TIP</h4> 2040<p>If you set <tt class="literal">bind interfaces only</tt> to <tt class="literal">yes</tt> 2041, add the <a name="INDEX-84"/><a name="INDEX-85"/><a name="INDEX-86"/>local host 2042address (127.0.01) to the 2043"interfaces" list. Otherwise, 2044<em class="emphasis">smbpasswd</em> will be unable to connect to the 2045server using its default mode in order to change a password, local 2046browse list propagation will fail, and some functions of swat will 2047not work properly. <a name="INDEX-87"/><a name="INDEX-88"/></p> 2048</blockquote> 2049 2050 2051</div> 2052 2053 2054</div> 2055 2056 2057</div> 2058 2059 2060 2061<div class="sect1"><a name="samba2-CHP-6-SECT-7"/> 2062 2063<h2 class="head1">Virtual Servers</h2> 2064 2065<p><a name="INDEX-89"/>Virtual 2066servers can be used to create the illusion of having multiple servers 2067on the network, when in reality there is only one. The technique is 2068simple to implement: a system simply registers more than one NetBIOS 2069name in association with its IP address. There are tangible benefits 2070to doing this.</p> 2071 2072<p>For example, the accounting department might have an 2073<tt class="literal">accounting</tt> server, and clients of it would see 2074just the accounting disks and printers. The marketing department 2075could have its own server, <tt class="literal">marketing</tt>, with its own 2076reports, and so on. However, all the services would be provided by 2077one medium-size Unix server (and one relaxed administrator) instead 2078of having one small server per department.</p> 2079 2080 2081<div class="sect2"><a name="samba2-CHP-6-SECT-7.1"/> 2082 2083<h3 class="head2">Virtual Server Configuration Options</h3> 2084 2085<p><a name="INDEX-90"/><a name="INDEX-91"/>Samba will allow a server to use more 2086than one NetBIOS name with the <tt class="literal">netbios</tt> 2087<tt class="literal">aliases</tt> option. See <a href="ch06.html#samba2-CHP-6-TABLE-7">Table 6-7</a>.</p> 2088 2089<a name="samba2-CHP-6-TABLE-7"/><h4 class="head4">Table 6-7. Virtual server configuration options</h4><table border="1"> 2090 2091 2092 2093 2094 2095 2096<tr> 2097<th> 2098<p>Option</p> 2099</th> 2100<th> 2101<p>Parameters</p> 2102</th> 2103<th> 2104<p>Function</p> 2105</th> 2106<th> 2107<p>Default</p> 2108</th> 2109<th> 2110<p>Scope</p> 2111</th> 2112</tr> 2113 2114 2115<tr> 2116<td> 2117<p><tt class="literal">netbios</tt> <tt class="literal">aliases</tt></p> 2118</td> 2119<td> 2120<p>string (list of NetBIOS names)</p> 2121</td> 2122<td> 2123<p>Additional NetBIOS names to respond to, for use with multiple 2124"virtual" Samba servers</p> 2125</td> 2126<td> 2127<p>None</p> 2128</td> 2129<td> 2130<p>Global</p> 2131</td> 2132</tr> 2133 2134</table> 2135 2136 2137<div class="sect3"><a name="samba2-CHP-6-SECT-7.1.1"/> 2138 2139<h3 class="head3">netbios aliases</h3> 2140 2141<p>The <tt class="literal">netbios</tt><a name="INDEX-92"/> 2142<tt class="literal">aliases</tt> option can be used to give the Samba 2143server more than one NetBIOS name. Each NetBIOS name listed as a 2144value will be displayed in the Network Neighborhood of Windows 2145clients. When a connection is requested to any of the servers, it 2146will connect to the same Samba server.</p> 2147 2148<p>This might come in handy, for example, if you're 2149transferring three departments' data to a single 2150Unix server with larger and faster disks and are retiring or 2151reallocating the old Windows NT/2000 servers. If the three servers 2152are called <tt class="literal">sales</tt>, <tt class="literal">accounting</tt>, 2153and <tt class="literal">admin</tt>, you can have Samba represent all three 2154servers with the following options:</p> 2155 2156<blockquote><pre class="code">[global] 2157 netbios aliases = sales accounting admin 2158 include = /usr/local/samba/lib/smb.conf.%L</pre></blockquote> 2159 2160<p>See <a href="ch06.html#samba2-CHP-6-FIG-5">Figure 6-5</a> for what the Network Neighborhood 2161would display from a client. When a client attempts to connect to 2162Samba, it will specify the name of the server to which 2163it's trying to connect, which is made available in 2164the configuration file through the <tt class="literal">%L</tt> variable. If 2165the requested server is <tt class="literal">sales</tt>, Samba will include 2166the file <em class="filename">/usr/local/samba/lib/smb.conf.sales</em>. 2167This file might contain global and share declarations exclusively for 2168the sales team, such as the following:</p> 2169 2170<blockquote><pre class="code">[global] 2171 workgroup = SALES 2172 hosts allow = 192.168.10.255 2173 2174[sales2003] 2175 path = /usr/local/samba/sales/sales2003/ 2176...</pre></blockquote> 2177 2178<p>This particular example would set the workgroup to SALES as well and 2179set the IP address to allow connections only from the SALES subnet 2180(192.168.10). In addition, it would offer shares specific to the 2181sales department.</p> 2182 2183<div class="figure"><a name="samba2-CHP-6-FIG-5"/><img src="figs/sam2_0605.gif"/></div><h4 class="head4">Figure 6-5. Using NetBIOS aliases for a Samba server</h4> 2184 2185 2186</div> 2187 2188 2189</div> 2190 2191 2192</div> 2193 2194 2195 2196<div class="sect1"><a name="samba2-CHP-6-SECT-8"/> 2197 2198<h2 class="head1">Logging Configuration Options</h2> 2199 2200<p><a name="INDEX-93"/><a name="INDEX-94"/>Occasionally, 2201we need to find out what Samba is up to. This is especially true when 2202Samba is performing an unexpected action or is not performing at all. 2203To find out this information, we need to check 2204Samba's log files to see exactly why it did what it 2205did.</p> 2206 2207<p>Samba <a name="INDEX-95"/>log files 2208can be as brief or verbose as you like. Here is an example of what a 2209Samba log file looks like:</p> 2210 2211<blockquote><pre class="code">[2002/07/21 13:23:25, 3] smbd/service.c:close_cnum(514) 2212 maya (172.16.1.6) closed connection to service IPC$ 2213[2002/07/21 13:23:25, 3] smbd/connection.c:yield_connection(40) 2214 Yielding connection to IPC$ 2215[2002/07/21 13:23:25, 3] smbd/process.c:process_smb(615) 2216 Transaction 923 of length 49 2217[2002/07/21 13:23:25, 3] smbd/process.c:switch_message(448) 2218 switch message SMBread (pid 467) 2219[2002/07/21 13:23:25, 3] lib/doscalls.c:dos_ChDir(336) 2220 dos_ChDir to /home/samba 2221[2002/07/21 13:23:25, 3] smbd/reply.c:reply_read(2199) 2222 read fnum=4207 num=2820 nread=2820 2223[2002/07/21 13:23:25, 3] smbd/process.c:process_smb(615) 2224 Transaction 924 of length 55 2225[2002/07/21 13:23:25, 3] smbd/process.c:switch_message(448) 2226 switch message SMBreadbraw (pid 467) 2227[2002/07/21 13:23:25, 3] smbd/reply.c:reply_readbraw(2053) 2228 readbraw fnum=4207 start=130820 max=1276 min=0 nread=1276 2229[2002/07/21 13:23:25, 3] smbd/process.c:process_smb(615) 2230 Transaction 925 of length 55 2231[2002/07/21 13:23:25, 3] smbd/process.c:switch_message(448) 2232 switch message SMBreadbraw (pid 467)</pre></blockquote> 2233 2234<p>Much of this information is of use only to Samba programmers. 2235However, we will go over the meaning of some of these entries in more 2236detail in <a href="ch12.html">Chapter 12</a>.</p> 2237 2238<p>Samba contains six options that allow users to describe how and where 2239logging information should be written. Each of these are global 2240options and cannot appear inside a share definition. Here is an 2241example of some logging options that we are adding to our 2242configuration file:</p> 2243 2244<blockquote><pre class="code">[global] 2245 log level = 2 2246 log file = /var/log/samba.log.%m 2247 max log size = 50 2248 debug timestamp = yes</pre></blockquote> 2249 2250<p>Here, we've added a custom log file that reports 2251information up to debug level 2. This is a relatively light debugging 2252level. The logging level ranges from 1 to 10, where level 1 provides 2253only a small amount of information and level 10 provides a plethora 2254of low-level information. Levels 2 or 3 will provide us with useful 2255debugging information without wasting disk space on our server. In 2256practice, you should avoid using log levels greater than 3 unless you 2257are working on the Samba source code.</p> 2258 2259<p>The logging file is located in the <em class="filename">/var/log</em> 2260directory thanks to the <tt class="literal">log</tt> 2261<tt class="literal">file</tt> configuration option. However, we can use 2262variable substitution to create log files specifically for individual 2263users or clients, such as with the <tt class="literal">%m</tt> variable in 2264the following line:</p> 2265 2266<blockquote><pre class="code">log file = /usr/local/logs/samba.log.%m</pre></blockquote> 2267 2268<p>Isolating the log messages can be invaluable in tracking down a 2269network error if you know the problem is coming from a specific 2270client system or user.</p> 2271 2272<p>We've added a precaution to the log files: no one 2273log file can exceed 50 KB in size, as specified by the 2274<tt class="literal">max</tt> <tt class="literal">log</tt> <tt class="literal">size</tt> 2275option. If a log file exceeds this size, the contents are moved to a 2276file with the same name but with the suffix <em class="emphasis">.old</em> 2277appended. If the <em class="emphasis">.old</em> file already exists, it is 2278overwritten and its contents are lost. The original file is cleared, 2279waiting to receive new logging information. This prevents the hard 2280drive from being overwhelmed with Samba log files during the life of 2281the Samba daemons.</p> 2282 2283<p>We have decided to write the timestamps of the messages in the logs 2284with the <tt class="literal">debug</tt> <tt class="literal">timestamp</tt> 2285option, which is the default behavior. This will place a timestamp in 2286each message written to the logging file. If we were not interested 2287in this information, we could specify <tt class="literal">no</tt> for this 2288option instead.</p> 2289 2290 2291<div class="sect2"><a name="samba2-CHP-6-SECT-8.1"/> 2292 2293<h3 class="head2">Using syslog</h3> 2294 2295<p>If you wish to use the system logger 2296(<a name="INDEX-96"/>syslog<em class="filename"> 2297</em>) in addition to or in place of the standard Samba logging 2298file, Samba provides options for this as well. However, to use 2299syslog, the first thing you will have to do is make sure that Samba 2300was built with the <tt class="literal">configure</tt> 2301<tt class="literal">--with-syslog</tt> option. See <a href="ch02.html">Chapter 2</a> for more information on configuring and 2302compiling Samba. See <a href="appe.html">Appendix E</a> for more 2303information about the <tt class="literal">--with-syslog</tt> option.</p> 2304 2305<p>Once that is done, you will need to configure your 2306<em class="filename">/etc/syslog.conf</em><a name="INDEX-97"/> to accept logging information from Samba. 2307If there is not already a <tt class="literal">daemon.*</tt> entry in the 2308<em class="filename">/etc/syslog.conf</em> file, add the following:</p> 2309 2310<blockquote><pre class="code">daemon.* /var/log/daemon.log</pre></blockquote> 2311 2312<p>This specifies that any logging information from system daemons will 2313be stored in the <em class="filename">/var/log/daemon.log</em> file. This 2314is where the Samba information will be stored as well. From there, 2315you can set a value for the <tt class="literal">syslog</tt> parameter in 2316your Samba configuration file to specify which logging messages are 2317to be sent to syslog. Only messages that have debug levels lower than 2318the value of the <tt class="literal">syslog</tt> parameter will be sent to 2319syslog. For example, setting the following:</p> 2320 2321<blockquote><pre class="code">syslog = 3</pre></blockquote> 2322 2323<p>specifies that any logging messages with a level of 2 or below will 2324be sent to both syslog and the Samba logging files. (The mappings to 2325<em class="filename">syslog</em> priorities are described in the upcoming 2326section "syslog.") To continue the 2327example, let's assume that we have set the 2328<tt class="literal">log</tt> <tt class="literal">level</tt> option to 4. Logging 2329messages with levels of 2 and 1 will be sent to both syslog and the 2330Samba logging files, and messages with a level of 3 or 4 will be sent 2331to the Samba logging files, but not to syslog. If the 2332<tt class="literal">syslog</tt> value exceeds the <tt class="literal">log</tt> 2333<tt class="literal">level</tt> value, nothing will be sent to syslog.</p> 2334 2335<p>If you want to specify that messages be sent only to syslog—and 2336not to the standard Samba logging files—you can place this 2337option in the configuration file:</p> 2338 2339<blockquote><pre class="code">syslog only = yes</pre></blockquote> 2340 2341<p>If this is the case, any logging information above the number 2342specified in the <tt class="literal">syslog</tt> option will be discarded, 2343as with the <tt class="literal">log</tt> <tt class="literal">level</tt> option.</p> 2344 2345 2346</div> 2347 2348 2349<div class="sect2"><a name="samba2-CHP-6-SECT-8.2"/> 2350 2351<h3 class="head2">Logging Configuration Options</h3> 2352 2353<p><a href="ch06.html#samba2-CHP-6-TABLE-8">Table 6-8</a> lists each logging configuration option 2354that Samba can use.</p> 2355 2356<a name="samba2-CHP-6-TABLE-8"/><h4 class="head4">Table 6-8. Logging configuration options</h4><table border="1"> 2357 2358 2359 2360 2361 2362 2363<tr> 2364<th> 2365<p>Option</p> 2366</th> 2367<th> 2368<p>Parameters</p> 2369</th> 2370<th> 2371<p>Function</p> 2372</th> 2373<th> 2374<p>Default</p> 2375</th> 2376<th> 2377<p>Scope</p> 2378</th> 2379</tr> 2380 2381 2382<tr> 2383<td> 2384<p><tt class="literal">log file</tt></p> 2385</td> 2386<td> 2387<p>string (name of file)</p> 2388</td> 2389<td> 2390<p>Name of the log file that Samba is to use. Works with all variables.</p> 2391</td> 2392<td> 2393<p>Specified in Samba makefile</p> 2394</td> 2395<td> 2396<p>Global</p> 2397</td> 2398</tr> 2399<tr> 2400<td> 2401<p><tt class="literal">log level</tt></p> 2402 2403<p><tt class="literal">(debug level)</tt></p> 2404</td> 2405<td> 2406<p>numeric (0-10)</p> 2407</td> 2408<td> 2409<p>Amount of log/debug messages that are sent to the log file. 0 is 2410none; 3 is considerable.</p> 2411</td> 2412<td> 2413<p><tt class="literal">1</tt></p> 2414</td> 2415<td> 2416<p>Global</p> 2417</td> 2418</tr> 2419<tr> 2420<td> 2421<p><tt class="literal">max log size</tt></p> 2422</td> 2423<td> 2424<p>numeric (size in KB)</p> 2425</td> 2426<td> 2427<p>Maximum size of log file.</p> 2428</td> 2429<td> 2430<p><tt class="literal">5000</tt></p> 2431</td> 2432<td> 2433<p>Global</p> 2434</td> 2435</tr> 2436<tr> 2437<td> 2438<p><tt class="literal">debug timestamp</tt> <tt class="literal">(timestamp logs)</tt></p> 2439</td> 2440<td> 2441<p>boolean</p> 2442</td> 2443<td> 2444<p>If <tt class="literal">no</tt>, doesn't timestamp logs, 2445making them easier to read during heavy debugging.</p> 2446</td> 2447<td> 2448<p><tt class="literal">yes</tt></p> 2449</td> 2450<td> 2451<p>Global</p> 2452</td> 2453</tr> 2454<tr> 2455<td> 2456<p><tt class="literal">syslog</tt></p> 2457</td> 2458<td> 2459<p>numeric (0-10)</p> 2460</td> 2461<td> 2462<p>Level of messages sent to <em class="emphasis">syslog</em>. Those levels 2463below <tt class="literal">syslog</tt> <tt class="literal">level</tt> will be sent 2464to the system logger.</p> 2465</td> 2466<td> 2467<p><tt class="literal">1</tt></p> 2468</td> 2469<td> 2470<p>Global</p> 2471</td> 2472</tr> 2473<tr> 2474<td> 2475<p><tt class="literal">syslog only</tt></p> 2476</td> 2477<td> 2478<p>boolean</p> 2479</td> 2480<td> 2481<p>If <tt class="literal">yes</tt>, uses <em class="emphasis">syslog</em> entirely 2482and sends no output to the Samba log files.</p> 2483</td> 2484<td> 2485<p><tt class="literal">no</tt></p> 2486</td> 2487<td> 2488<p>Global</p> 2489</td> 2490</tr> 2491 2492</table> 2493 2494 2495<div class="sect3"><a name="samba2-CHP-6-SECT-8.2.1"/> 2496 2497<h3 class="head3">log file</h3> 2498 2499<p>By default, Samba writes log information to text files in the 2500<em class="filename">/usr/local/samba/var</em> directory. The 2501<tt class="literal">log</tt><a name="INDEX-98"/> <tt class="literal">file</tt> option can be 2502used to set the name of the log file to another location. For 2503example, to put the Samba log information in 2504<em class="filename">/usr/local/logs/samba.log</em>, you could use the 2505following:</p> 2506 2507<blockquote><pre class="code">[global] 2508 log file = /usr/local/logs/samba.log</pre></blockquote> 2509 2510<p>You can use variable substitution to create log files specifically 2511for individual users or clients.</p> 2512 2513<p>You can override the default log file location using the 2514<em class="emphasis">-l</em> command-line switch when either daemon is 2515started. However, this does not override the <tt class="literal">log</tt> 2516<tt class="literal">file</tt> option. If you do specify this parameter, 2517initial logging information will be sent to the file specified after 2518<em class="emphasis">-l</em> (or the default specified in the Samba 2519makefile) until the daemons have processed the 2520<em class="filename">smb.conf</em> file and know to redirect it to a new 2521log file.</p> 2522 2523 2524</div> 2525 2526 2527 2528<div class="sect3"><a name="samba2-CHP-6-SECT-8.2.2"/> 2529 2530<h3 class="head3">log level</h3> 2531 2532<p>The <tt class="literal">log</tt><a name="INDEX-99"/> <tt class="literal">level</tt> option 2533sets the amount of data to be logged. Normally this is set to 0 or 1. 2534However, if you have a specific problem, you might want to set it at 25353, which provides the most useful debugging information you would 2536need to track down a problem. Levels above 3 provide information 2537that's primarily for the developers to use for 2538chasing internal bugs, and it slows down the server considerably. 2539Therefore, we recommend that for normal day-to-day operation, you 2540avoid setting this option to anything above 3.</p> 2541 2542 2543</div> 2544 2545 2546 2547<div class="sect3"><a name="samba2-CHP-6-SECT-8.2.3"/> 2548 2549<h3 class="head3">max log size</h3> 2550 2551<p>The <tt class="literal">max</tt><a name="INDEX-100"/> <tt class="literal">log</tt> 2552<tt class="literal">size</tt> option sets the maximum size, in kilobytes, 2553of the debugging log file that Samba keeps. When the log file exceeds 2554this size, the current log file is renamed to add a 2555<em class="filename">.old</em> extension (erasing any previous file with 2556that name) and a new debugging log file is started with the original 2557name. For example:</p> 2558 2559<blockquote><pre class="code">[global] 2560 log file = /usr/local/logs/samba.log.%m 2561 max log size = 1000</pre></blockquote> 2562 2563<p>Here, if the size of any log file exceeds 1MB, Samba renames the log 2564file <em class="emphasis">samba.log</em>. 2565<em class="replaceable">machine-name</em><em class="emphasis">.old</em>, 2566and a new log file is generated. If there is already a file with the 2567<em class="emphasis">.old</em> extension, Samba deletes it. We highly 2568recommend setting this option in your configuration files because 2569debug logging (even at lower levels) can quietly eat away at your 2570available disk space. Using this option protects unwary 2571administrators from suddenly discovering that most of the space on a 2572disk or partition has been swallowed up by a single Samba log file.</p> 2573 2574 2575</div> 2576 2577 2578 2579<div class="sect3"><a name="samba2-CHP-6-SECT-8.2.4"/> 2580 2581<h3 class="head3">debug timestamp or timestamp logs</h3> 2582 2583<p>If you happen to be debugging a network problem and you find that the 2584timestamp information within the Samba log lines gets in the way, you 2585can turn it off by giving either the 2586<tt class="literal">timestamp</tt><a name="INDEX-101"/> <tt class="literal">logs</tt> or the 2587synonymous <tt class="literal">debug</tt><a name="INDEX-102"/> 2588<tt class="literal">timestamp</tt> option a value of <tt class="literal">no</tt>. 2589For example, a regular Samba log file presents its output in the 2590following form:</p> 2591 2592<blockquote><pre class="code">12/31/01 12:03:34 toltec (172.16.1.1) connect to server network as user jay</pre></blockquote> 2593 2594<p>With a <tt class="literal">no</tt> value for this option, the output would 2595appear without the timestamp:</p> 2596 2597<blockquote><pre class="code">toltec (172.16.1.1) connect to server network as user jay</pre></blockquote> 2598 2599 2600</div> 2601 2602 2603 2604<div class="sect3"><a name="samba2-CHP-6-SECT-8.2.5"/> 2605 2606<h3 class="head3">syslog</h3> 2607 2608<p>The <tt class="literal">syslog</tt><a name="INDEX-103"/> option causes Samba log 2609messages to be sent to the Unix system logger. The type of log 2610information to be sent is specified as a numeric value. Like the 2611<tt class="literal">log</tt> <tt class="literal">level</tt> option, it can be a 2612number from 0 to 10. Logging information with a level less than the 2613number specified will be sent to the system logger. Debug logs 2614greater than or equal to the <tt class="literal">syslog</tt> level, but 2615less than log level, will still be sent to the standard Samba log 2616files. For example:</p> 2617 2618<blockquote><pre class="code">[global] 2619 log level = 3 2620 syslog = 1</pre></blockquote> 2621 2622<p>With this, all logging information with a level of 0 would be sent to 2623the standard Samba logs and the system logger, while information with 2624levels 1, 2, and 3 would be sent only to the standard Samba logs. 2625Levels above 3 are not logged at all. All messages sent to the system 2626logger are mapped to a priority level that the syslogd daemon 2627understands, as shown in <a href="ch06.html#samba2-CHP-6-TABLE-9">Table 6-9</a>. The default 2628level is 1.</p> 2629 2630<a name="samba2-CHP-6-TABLE-9"/><h4 class="head4">Table 6-9. syslog priority conversion</h4><table border="1"> 2631 2632 2633 2634<tr> 2635<th> 2636<p>Log level</p> 2637</th> 2638<th> 2639<p>syslog priority</p> 2640</th> 2641</tr> 2642 2643 2644<tr> 2645<td> 2646<p>0</p> 2647</td> 2648<td> 2649<p><tt class="literal">LOG_ERR</tt></p> 2650</td> 2651</tr> 2652<tr> 2653<td> 2654<p>1</p> 2655</td> 2656<td> 2657<p><tt class="literal">LOG_WARNING</tt></p> 2658</td> 2659</tr> 2660<tr> 2661<td> 2662<p>2</p> 2663</td> 2664<td> 2665<p><tt class="literal">LOG_NOTICE</tt></p> 2666</td> 2667</tr> 2668<tr> 2669<td> 2670<p>3</p> 2671</td> 2672<td> 2673<p><tt class="literal">LOG_INFO</tt></p> 2674</td> 2675</tr> 2676<tr> 2677<td> 2678<p>4 and above</p> 2679</td> 2680<td> 2681<p><tt class="literal">LOG_DEBUG</tt></p> 2682</td> 2683</tr> 2684 2685</table> 2686 2687<p>If you wish to use <em class="emphasis">syslog</em>, you will have to run 2688<tt class="literal">configure</tt> <tt class="literal">--with-syslog</tt> when 2689compiling Samba, and you will need to configure your 2690<em class="filename">/etc/syslog.conf</em> to suit. (See <a href="ch06.html#samba2-CHP-6-SECT-8.1">Section 6.8.1</a>, earlier in this chapter.)</p> 2691 2692 2693</div> 2694 2695 2696 2697<div class="sect3"><a name="samba2-CHP-6-SECT-8.2.6"/> 2698 2699<h3 class="head3">syslog only</h3> 2700 2701<p>The <tt class="literal">syslog</tt><a name="INDEX-104"/> <tt class="literal">only</tt> option 2702tells Samba not to use its own logging files at all and to use only 2703the system logger. To enable this, specify the following option in 2704the global section of the Samba configuration file:</p> 2705 2706<a name="INDEX-105"/><a name="INDEX-106"/><a name="INDEX-107"/><blockquote><pre class="code">[global] 2707 syslog only = yes</pre></blockquote> 2708 2709 2710</div> 2711 2712 2713</div> 2714 2715 2716</div> 2717 2718<hr/><h4 class="head4">Footnotes</h4><blockquote><a name="FOOTNOTE-1"/> <p><a href="#FNPTR-1">[1]</a> Depending on your system, this file might not 2719be <em class="emphasis">/etc/printcap</em>. You can use the 2720<em class="emphasis">testparm</em> command that comes with Samba to dump 2721the parameter definitions and determine the value of the 2722<tt class="literal">printcap</tt> <tt class="literal">name</tt> configuration 2723option. The value assigned to it is the default value chosen when 2724Samba was configured and compiled, which should be correct.</p> 2725<a name="FOOTNOTE-2"/> <p><a href="#FNPTR-2">[2]</a> We are referring here to the window that 2726opens when a printer icon in the Printers control panel is 2727double-clicked.</p> </blockquote><hr/><h4 class="head4"><a href="toc.html">TOC</a></h4></body></html> 2728