# This is the main Samba configuration file. You should read the

# smb.conf(5) manual page in order to understand the options listed

# here. Samba has a huge number of configurable options (perhaps too

# many!) most of which are not shown in this example

#

# Any line which starts with a ; (semi-colon) or a # (hash)

# is a comment and is ignored. In this example we will use a #

# for commentry and a ; for parts of the config file that you

# may wish to enable

#

# NOTE: Whenever you modify this file you should run the command "testparm"

# to check that you have not made any basic syntactic errors.

#

#======================= Global Settings==============================

[global]

 

# workgroup = NT-Domain-Name or Workgroup-Name

   workgroup = MYGROUP

 

# server string is the equivalent of the NT Description field

   server string = Samba Server

 

# This option is important for security. It allows you to restrict

# connections to machines which are on your local network. The

# following example restricts access to two C class networks and

# the "loopback" interface. For more examples of the syntax see

# the smb.conf man page

;   hosts allow = 192.168.1. 192.168.2. 127.

 

# if you want to automatically load your printer list rather

# than setting them up individually then you'll need this

   printcap name = /etc/printcap

   load printers = yes

 

# It should not be necessary to spell out the print system type unless

# yours is non-standard. Currently supported print systems include:

# bsd, sysv, plp, lprng, aix, hpux, qnx

   printing = lprng

 

# Uncomment this if you want a guest account, you must add this to /etc/passwd

# otherwise the user "nobody" is used

;  guest account = pcguest

 

# this tells Samba to use a separate log file for each machine

# that connects

   log file = /var/log/samba/%m.log

 

# Put a capping on the size of the log files (in Kb).

   max log size = 0

 

# Security mode. Most people will want user level security. See

# security_level.txt for details.

   security = user

 

# Use password server option only with security = server

# The argument list may include:

#   password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]

# or to auto-locate the domain controller/s

#   password server = *

;   password server = <NT-Server-Name>

 

# Password Level allows matching of _n_ characters of the password for

# all combinations of upper and lower case.

;  password level = 8

;  username level = 8

 

# You may wish to use password encryption. Please read

# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.

# Do not enable this option unless you have read those documents

   encrypt passwords = yes

   smb passwd file = /etc/samba/smbpasswd

 

# The following is needed to keep smbclient from spouting spurious #errors when Samba is built with support for SSL.

;   ssl CA certFile = /usr/share/ssl/certs/ca-bundle.crt

 

# The following are needed to allow password changing from Windows to

# update the Linux system password also.

# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above.

# NOTE2: You do NOT need these to allow workstations to change only

#        the encrypted SMB passwords. They allow the Unix password

#        to be kept in sync with the SMB password.

   unix password sync = Yes

   passwd program = /usr/bin/passwd %u

   passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*

 

# You can use PAM's password change control flag for Samba. If

# enabled, then PAM will be used for password changes when requested

# by an SMB client instead of the program listed in passwd program.

# It should be possible to enable this without changing your passwd

# chat parameter for most setups.

 

   pam password change = yes

 

# Unix users can map to different SMB User names

;  username map = /etc/samba/smbusers

 

# Using the following line enables you to customise your configuration

# on a per machine basis. The %m gets replaced with the netbios name

# of the machine that is connecting

;   include = /etc/samba/smb.conf.%m

 

# This parameter will control whether or not Samba should obey PAM's

# account and session management directives. The default behavior is

# to use PAM for clear text authentication only and to ignore any

# account or session management. Note that Samba always ignores PAM

# for authentication in the case of encrypt passwords = yes

 

  obey pam restrictions = yes

 

# Most people will find that this option gives better performance.

# See speed.txt and the manual pages for details

   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

 

# Configure Samba to use multiple interfaces

# If you have multiple network interfaces then you must list them

# here. See the man page for details.

;   interfaces = 192.168.12.2/24 192.168.13.2/24

 

# Configure remote browse list synchronisation here

#  request announcement to, or browse list sync from:

#     a specific host or from / to a whole subnet (see below)

;   remote browse sync = 192.168.3.25 192.168.5.255

# Cause this host to announce itself to local subnets here

;   remote announce = 192.168.1.255 192.168.2.44

 

# Browser Control Options:

# set local master to no if you don't want Samba to become a master

# browser on your network. Otherwise the normal election rules apply

;   local master = no

 

# OS Level determines the precedence of this server in master browser

# elections. The default value should be reasonable

;   os level = 33

 

# Domain Master specifies Samba to be the Domain Master Browser. This

# allows Samba to collate browse lists between subnets. Don't use this

# if you already have a Windows NT domain controller doing this job

;   domain master = yes

 

# Preferred Master causes Samba to force a local browser election on startup

# and gives it a slightly higher chance of winning the election

;   preferred master = yes

 

# Enable this if you want Samba to be a domain logon server for

# Windows95 workstations.

;   domain logons = yes

 

# if you enable domain logons then you may want a per-machine or

# per user logon script

# run a specific logon batch file per workstation (machine)

;   logon script = %m.bat

# run a specific logon batch file per username

;   logon script = %U.bat

 

# Where to store roving profiles (only for Win95 and WinNT)

#        %L substitutes for this servers netbios name, %U is username

#        You must uncomment the [Profiles] share below

;   logon path = \\%L\Profiles\%U

 

# Windows Internet Name Serving Support Section:

# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server

;   wins support = yes

 

# WINS Server - Tells the NMBD components of Samba to be a WINS Client

#     Note: Samba can be either a WINS Server, or a WINS Client, but NOT both

;   wins server = w.x.y.z

 

# WINS Proxy - Tells Samba to answer name resolution queries on

# behalf of a non WINS capable client, for this to work there must be

# at least one   WINS Server on the network. The default is NO.

;   wins proxy = yes

 

# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names

# via DNS nslookups. The built-in default for versions 1.9.17 is yes,

# this has been changed in version 1.9.18 to no.

   dns proxy = no

 

# Case Preservation can be handy - system default is _no_

# NOTE: These can be set on a per share basis

;  preserve case = no

;  short preserve case = no

# Default case is normally upper case for all DOS files

;  default case = lower

# Be very careful with case sensitivity - it can break things!

;  case sensitive = no

 

#============================ Share Definitions =======================

[homes]

   comment = Home Directories

   browseable = no

   writable = yes

   valid users = %S

   create mode = 0664

   directory mode = 0775

# If you want users samba doesn't recognize to be mapped to a guest user

; map to guest = bad user

 

 

# Un-comment the following and create the netlogon directory for Domain Logons

; [netlogon]

;   comment = Network Logon Service

;   path = /usr/local/samba/lib/netlogon

;   guest ok = yes

;   writable = no

;   share modes = no

 

 

# Un-comment the following to provide a specific roving profile share

# the default is to use the user's home directory

;[Profiles]

;    path = /usr/local/samba/profiles

;    browseable = no

;    guest ok = yes

 

 

# NOTE: If you have a BSD-style print system there is no need to

# specifically define each individual printer

[printers]

   comment = All Printers

   path = /var/spool/samba

   browseable = no

# Set public = yes to allow user 'guest account' to print

   guest ok = no

   writable = no

   printable = yes

 

# This one is useful for people to share files

;[tmp]

;   comment = Temporary file space

;   path = /tmp

;   read only = no

;   public = yes

 

# A publicly accessible directory, but read only, except for people in

# the "staff" group

;[public]

;   comment = Public Stuff

;   path = /home/samba

;   public = yes

;   writable = yes

;   printable = no

;   write list = @staff

 

# Other examples.

#

# A private printer, usable only by fred. Spool data will be placed in #fred's home directory. Note that fred must have write access to the #spool directory, wherever it is.

;[fredsprn]

;   comment = Fred's Printer

;   valid users = fred

;   path = /home/fred

;   printer = freds_printer

;   public = no

;   writable = no

;   printable = yes

 

# A private directory, usable only by fred. Note that fred requires #write access to the directory.

;[fredsdir]

;   comment = Fred's Service

;   path = /usr/somewhere/private

;   valid users = fred

;   public = no

;   writable = yes

;   printable = no

 

# a service which has a different directory for each machine that #connects this allows you to tailor configurations to incoming #machines. You could also use the %U option to tailor it by user name.

# The %m gets replaced with the machine name that is connecting.

;[pchome]

;  comment = PC Directories

;  path = /usr/local/pc/%m

;  public = no

;  writable = yes

 

# A publicly accessible directory, read/write to all users. Note that #all files created in the directory by users will be owned by the #default user, so any user with access can delete any other user's #files. Obviously this directory must be writable by the default user. #Another user could of course be specified, in which case all files #would be owned by that user instead.

;[public]

;   path = /usr/somewhere/else/public

;   public = yes

;   only guest = yes

;   writable = yes

;   printable = no

 

# The following two entries demonstrate how to share a directory so #that two users can place files there that will be owned by the #specific users. In this setup, the directory should be writable by #both users and should have the sticky bit set on it to prevent abuse. #Obviously this could be extended to as many users as required.

;[myshare]

;   comment = Mary's and Fred's stuff

;   path = /usr/somewhere/shared

;   valid users = mary fred

;   public = no

;   writable = yes

;   printable = no

;   create mask = 0765