1# This is the main Samba configuration file. You should read the 2# smb.conf(5) manual page in order to understand the options listed 3# here. Samba has a huge number of configurable options (perhaps too 4# many!) most of which are not shown in this example 5# 6# Any line which starts with a ; (semi-colon) or a # (hash) 7# is a comment and is ignored. In this example we will use a # 8# for commentry and a ; for parts of the config file that you 9# may wish to enable 10# 11# NOTE: Whenever you modify this file you should run the command "testparm" 12# to check that you have not made any basic syntactic errors. 13# 14#======================= Global Settings ===================================== 15[global] 16 17# workgroup = NT-Domain-Name or Workgroup-Name 18 workgroup = MYGROUP 19 20# server string is the equivalent of the NT Description field 21 server string = Samba Server 22 23# This option is important for security. It allows you to restrict 24# connections to machines which are on your local network. The 25# following example restricts access to two C class networks and 26# the "loopback" interface. For more examples of the syntax see 27# the smb.conf man page 28; hosts allow = 192.168.1. 192.168.2. 127. 29 30# if you want to automatically load your printer list rather 31# than setting them up individually then you'll need this 32 printcap name = /etc/printcap 33 load printers = yes 34 35# It should not be necessary to spell out the print system type unless 36# yours is non-standard. Currently supported print systems include: 37# bsd, sysv, plp, lprng, aix, hpux, qnx 38; printing = bsd 39 40# Uncomment this if you want a guest account, you must add this to /etc/passwd 41# otherwise the user "nobody" is used 42; guest account = pcguest 43 44# this tells Samba to use a separate log file for each machine 45# that connects 46 #log file = /var/log/samba/%m.log 47# all information in one file 48 log file = /var/log/samba/log.smbd 49 50# Put a capping on the size of the log files (in Kb). 51 max log size = 50 52 53# Security mode. Most people will want user level security. See 54# security_level.txt for details. 55 security = user 56# Use password server option only with security = server 57; password server = <NT-Server-Name> 58 59# Password Level allows matching of _n_ characters of the password for 60# all combinations of upper and lower case. 61; password level = 8 62; username level = 8 63 64# You may wish to use password encryption. Please read 65# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. 66# Do not enable this option unless you have read those documents 67; encrypt passwords = yes 68; smb passwd file = /etc/samba/smbpasswd 69 70# The following are needed to allow password changing from Windows to 71# update the Linux system password also. 72# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above. 73# NOTE2: You do NOT need these to allow workstations to change only 74# the encrypted SMB passwords. They allow the Unix password 75# to be kept in sync with the SMB password. 76; unix password sync = Yes 77; passwd program = /usr/bin/passwd %u 78; passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* 79 80# Unix users can map to different SMB User names 81; username map = /etc/samba/smbusers 82 83# Using the following line enables you to customise your configuration 84# on a per machine basis. The %m gets replaced with the netbios name 85# of the machine that is connecting 86; include = /etc/samba/smb.conf.%m 87 88# Most people will find that this option gives better performance. 89# See speed.txt and the manual pages for details 90 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 91 92# Configure Samba to use multiple interfaces 93# If you have multiple network interfaces then you must list them 94# here. See the man page for details. 95; interfaces = 192.168.12.2/24 192.168.13.2/24 96 97# Configure remote browse list synchronisation here 98# request announcement to, or browse list sync from: 99# a specific host or from / to a whole subnet (see below) 100; remote browse sync = 192.168.3.25 192.168.5.255 101# Cause this host to announce itself to local subnets here 102; remote announce = 192.168.1.255 192.168.2.44 103 104# Browser Control Options: 105# set local master to no if you don't want Samba to become a master 106# browser on your network. Otherwise the normal election rules apply 107; local master = no 108 109# OS Level determines the precedence of this server in master browser 110# elections. The default value should be reasonable 111; os level = 33 112 113# Domain Master specifies Samba to be the Domain Master Browser. This 114# allows Samba to collate browse lists between subnets. Don't use this 115# if you already have a Windows NT domain controller doing this job 116; domain master = yes 117 118# Preferred Master causes Samba to force a local browser election on startup 119# and gives it a slightly higher chance of winning the election 120; preferred master = yes 121 122# Enable this if you want Samba to be a domain logon server for 123# Windows95 workstations. 124; domain logons = yes 125 126# if you enable domain logons then you may want a per-machine or 127# per user logon script 128# run a specific logon batch file per workstation (machine) 129; logon script = %m.bat 130# run a specific logon batch file per username 131; logon script = %U.bat 132 133# Where to store roving profiles (only for Win95 and WinNT) 134# %L substitutes for this servers netbios name, %U is username 135# You must uncomment the [Profiles] share below 136; logon path = \\%L\Profiles\%U 137 138# All NetBIOS names must be resolved to IP Addresses 139# 'Name Resolve Order' allows the named resolution mechanism to be specified 140# the default order is "host lmhosts wins bcast". "host" means use the unix 141# system gethostbyname() function call that will use either /etc/hosts OR 142# DNS or NIS depending on the settings of /etc/host.config, /etc/nsswitch.conf 143# and the /etc/resolv.conf file. "host" therefore is system configuration 144# dependant. This parameter is most often of use to prevent DNS lookups 145# in order to resolve NetBIOS names to IP Addresses. Use with care! 146# The example below excludes use of name resolution for machines that are NOT 147# on the local network segment 148# - OR - are not deliberately to be known via lmhosts or via WINS. 149; name resolve order = wins lmhosts bcast 150 151# Windows Internet Name Serving Support Section: 152# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server 153; wins support = yes 154 155# WINS Server - Tells the NMBD components of Samba to be a WINS Client 156# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both 157; wins server = w.x.y.z 158 159# WINS Proxy - Tells Samba to answer name resolution queries on 160# behalf of a non WINS capable client, for this to work there must be 161# at least one WINS Server on the network. The default is NO. 162; wins proxy = yes 163 164# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names 165# via DNS nslookups. The built-in default for versions 1.9.17 is yes, 166# this has been changed in version 1.9.18 to no. 167 dns proxy = no 168 169# Case Preservation can be handy - system default is _no_ 170# NOTE: These can be set on a per share basis 171; preserve case = no 172; short preserve case = no 173# Default case is normally upper case for all DOS files 174; default case = lower 175# Be very careful with case sensitivity - it can break things! 176; case sensitive = no 177 178#============================ Share Definitions ============================== 179[homes] 180 comment = Home Directories 181 browseable = no 182 writable = yes 183 184# Un-comment the following and create the netlogon directory for Domain Logons 185; [netlogon] 186; comment = Network Logon Service 187; path = /home/netlogon 188; guest ok = yes 189; writable = no 190; share modes = no 191 192 193# Un-comment the following to provide a specific roving profile share 194# the default is to use the user's home directory 195;[Profiles] 196; path = /home/profiles 197; browseable = no 198; guest ok = yes 199 200 201# NOTE: If you have a BSD-style print system there is no need to 202# specifically define each individual printer 203[printers] 204 comment = All Printers 205 path = /var/spool/samba 206 browseable = no 207# Set public = yes to allow user 'guest account' to print 208 guest ok = no 209 writable = no 210 printable = yes 211 212# This one is useful for people to share files 213;[tmp] 214; comment = Temporary file space 215; path = /tmp 216; read only = no 217; public = yes 218 219# A publicly accessible directory, but read only, except for people in 220# the "staff" group 221;[public] 222; comment = Public Stuff 223; path = /home/samba 224; public = yes 225; read only = yes 226; write list = @staff 227 228# Other examples. 229# 230# A private printer, usable only by fred. Spool data will be placed in fred's 231# home directory. Note that fred must have write access to the spool directory, 232# wherever it is. 233;[fredsprn] 234; comment = Fred's Printer 235; valid users = fred 236; path = /homes/fred 237; printer = freds_printer 238; public = no 239; writable = no 240; printable = yes 241 242# A private directory, usable only by fred. Note that fred requires write 243# access to the directory. 244;[fredsdir] 245; comment = Fred's Service 246; path = /usr/somewhere/private 247; valid users = fred 248; public = no 249; writable = yes 250; printable = no 251 252# a service which has a different directory for each machine that connects 253# this allows you to tailor configurations to incoming machines. You could 254# also use the %u option to tailor it by user name. 255# The %m gets replaced with the machine name that is connecting. 256;[pchome] 257; comment = PC Directories 258; path = /usr/pc/%m 259; public = no 260; writable = yes 261 262# A publicly accessible directory, read/write to all users. Note that all files 263# created in the directory by users will be owned by the default user, so 264# any user with access can delete any other user's files. Obviously this 265# directory must be writable by the default user. Another user could of course 266# be specified, in which case all files would be owned by that user instead. 267;[public] 268; path = /usr/somewhere/else/public 269; public = yes 270; only guest = yes 271; writable = yes 272; printable = no 273 274# The following two entries demonstrate how to share a directory so that two 275# users can place files there that will be owned by the specific users. In this 276# setup, the directory should be writable by both users and should have the 277# sticky bit set on it to prevent abuse. Obviously this could be extended to 278# as many users as required. 279;[myshare] 280; comment = Mary's and Fred's stuff 281; path = /usr/somewhere/shared 282; valid users = mary fred 283; public = no 284; writable = yes 285; printable = no 286; create mask = 0765 287 288 289