# Sample configuration file for the Samba suite for Debian GNU/Linux.### T

1. # Sample configuration file for the Samba suite for Debian GNU/Linux.
2. #
3. #
4. # This is the main Samba configuration file. You should read the
5. # smb.conf(5) manual page in order to understand the options listed
6. # here. Samba has a huge number of configurable options most of which
7. # are not shown in this example
8. #
9. # Some options that are often worth tuning have been included as
10. # commented-out examples in this file.
11. # - When such options are commented with ";", the proposed setting
12. # differs from the default Samba behaviour
13. # - When commented with "#", the proposed setting is the default
14. # behaviour of Samba but the option is considered important
15. # enough to be mentioned here
16. #
17. # NOTE: Whenever you modify this file you should run the command
18. # "testparm" to check that you have not made any basic syntactic
19. # errors.
20.  
21. #======================= Global Settings =======================
22.  
23. [global]
24.  
25. ## Browsing/Identification ###
26.  
27. # Change this to the workgroup/NT-domain name your Samba server will part of
28. workgroup = WORKGROUP
29. # Windows Internet Name Serving Support Section:
30. # WINS Support - Tells the NMBD component of Samba to enable its WINS Server
31. # wins support = no
32.  
33. # WINS Server - Tells the NMBD components of Samba to be a WINS Client
34. # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
35. ; wins server = w.x.y.z
36.  
37. # This will prevent nmbd to search for NetBIOS names through DNS.
38. dns proxy = no
39.  
40. min protocol = SMB1
41.  
42. #### Networking ####
43.  
44. # The specific set of interfaces / networks to bind to
45. # This can be either the interface name or an IP address/netmask;
46. # interface names are normally preferred
47. ; interfaces = 127.0.0.0/8 eth0
48.  
49. # Only bind to the named interfaces and/or networks; you must use the
50. # 'interfaces' option above to use this.
51. # It is recommended that you enable this feature if your Samba machine is
52. # not protected by a firewall or is a firewall itself. However, this
53. # option cannot handle dynamic or non-broadcast interfaces correctly.
54. ; bind interfaces only = yes
55. #### Debugging/Accounting ####
56.  
57. # This tells Samba to use a separate log file for each machine
58. # that connects
59. log file = /var/log/samba/log.%m
60.  
61. # Cap the size of the individual log files (in KiB).
62. max log size = 1000
63.  
64. # If you want Samba to only log through syslog then set the following
65. # parameter to 'yes'.
66. # syslog only = no
67.  
68. # We want Samba to log a minimum amount of information to syslog. Everything
69. # should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log
70. # through syslog you should set the following parameter to something higher.
71. syslog = 0
72.  
73. # Do something sensible when Samba crashes: mail the admin a backtrace
74. panic action = /usr/share/samba/panic-action %d
75.  
76.  
77. ####### Authentication #######
78.  
79. # Server role. Defines in which mode Samba will operate. Possible
80. # values are "standalone server", "member server", "classic primary
81. # domain controller", "classic backup domain controller", "active
82. # directory domain controller".
83. #
84. # Most people will want "standalone sever" or "member server".
85. # Running as "active directory domain controller" will require first
86. # running "samba-tool domain provision" to wipe databases and create a
87. # new domain.
88. server role = standalone server
89.  
90. # If you are using encrypted passwords, Samba will need to know what
91. # password database type you are using.
92. passdb backend = tdbsam
93.  
94. obey pam restrictions = yes
95.  
96. # This boolean parameter controls whether Samba attempts to sync the Unix
97. # password with the SMB password when the encrypted SMB password in the
98. # passdb is changed.
99. unix password sync = yes
100. running "samba-tool domain provision" to wipe databases and create a
101. # new domain.
102. server role = standalone server
103.  
104. # If you are using encrypted passwords, Samba will need to know what
105. # password database type you are using.
106. passdb backend = tdbsam
107.  
108. obey pam restrictions = yes
109.  
110. # This boolean parameter controls whether Samba attempts to sync the Unix
111. # password with the SMB password when the encrypted SMB password in the
112. # passdb is changed.
113. unix password sync = yes
114.  
115. # For Unix password sync to work on a Debian GNU/Linux system, the following
116. # parameters must be set (thanks to Ian Kahan <<kahan@informatik.tu-muenchen.de> for
117. # sending the correct chat script for the passwd program in Debian Sarge).
118. passwd program = /usr/bin/passwd %u
119. passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
120.  
121. # This boolean controls whether PAM will be used for password changes
122. # when requested by an SMB client instead of the program listed in
123. # 'passwd program'. The default is 'no'.
124. pam password change = yes
125.  
126. # This option controls how unsuccessful authentication attempts are mapped
127. # to anonymous connections
128. map to guest = bad user
129. # For Unix password sync to work on a Debian GNU/Linux system, the following
130. # parameters must be set (thanks to Ian Kahan <<kahan@informatik.tu-muenchen.de> for
131. # sending the correct chat script for the passwd program in Debian Sarge).
132. passwd program = /usr/bin/passwd %u
133. passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
134.  
135. # This boolean controls whether PAM will be used for password changes
136. # when requested by an SMB client instead of the program listed in
137. # 'passwd program'. The default is 'no'.
138. pam password change = yes
139.  
140. # This option controls how unsuccessful authentication attempts are mapped
141. # to anonymous connections
142. map to guest = bad user
143.  
144. ########## Domains ###########
145.  
146. #
147. # The following settings only takes effect if 'server role = primary
148. # classic domain controller', 'server role = backup domain controller'
149. # or 'domain logons' is set
150. #
151.  
152. # It specifies the location of the user's
153. # profile directory from the client point of view) The following
154. # required a [profiles] share to be setup on the samba server (see
155. # below)
156. ; logon path = \\%N\profiles\%U
157.  
158. ########## Domains ###########
159.  
160. #
161. # The following settings only takes effect if 'server role = primary
162. # classic domain controller', 'server role = backup domain controller'
163. # or 'domain logons' is set
164. #
165.  
166. # It specifies the location of the user's
167. # profile directory from the client point of view) The following
168. # required a [profiles] share to be setup on the samba server (see
169. # below)
170. ; logon path = \\%N\profiles\%U
171. # Another common choice is storing the profile in the user's home directory
172. # (this is Samba's default)
173. # logon path = \\%N\%U\profile
174.  
175. # The following setting only takes effect if 'domain logons' is set
176. # It specifies the location of a user's home directory (from the client
177. # point of view)
178. ; logon drive = H:
179. # logon home = \\%N\%U
180.  
181. # The following setting only takes effect if 'domain logons' is set
182. # It specifies the script to run during logon. The script must be stored
183. # in the [netlogon] share
184. # NOTE: Must be store in 'DOS' file format convention
185. ; logon script = logon.cmd
186. # logon path = \\%N\%U\profile
187.  
188. # The following setting only takes effect if 'domain logons' is set
189. # It specifies the location of a user's home directory (from the client
190. # point of view)
191. ; logon drive = H:
192. # logon home = \\%N\%U
193.  
194. # The following setting only takes effect if 'domain logons' is set
195. # It specifies the script to run during logon. The script must be stored
196. # in the [netlogon] share
197. # NOTE: Must be store in 'DOS' file format convention
198. ; logon script = logon.cmd
199.  
200. # This allows Unix users to be created on the domain controller via the SAMR
201. # RPC pipe. The example command creates a user account with a disabled Unix
202. # password; please adapt to your needs
203. ; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u
204.  
205. # This allows machine accounts to be created on the domain controller via the
206. # SAMR RPC pipe.
207. # The following assumes a "machines" group exists on the system
208. ; add machine script = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u
209.  
210. # This allows Unix groups to be created on the domain controller via the SAMR
211. # RPC pipe.
212. ; add group script = /usr/sbin/addgroup --force-badname %g
213.  
214. ############ Misc ############
215. # RPC pipe. The example command creates a user account with a disabled Unix
216. # password; please adapt to your needs
217. ; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u
218.  
219. # This allows machine accounts to be created on the domain controller via the
220. # SAMR RPC pipe.
221. # The following assumes a "machines" group exists on the system
222. ; add machine script = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u
223.  
224. # This allows Unix groups to be created on the domain controller via the SAMR
225. # RPC pipe.
226. ; add group script = /usr/sbin/addgroup --force-badname %g
227.  
228. ############ Misc ############
229.  
230. # Using the following line enables you to customise your configuration
231. # on a per machine basis. The %m gets replaced with the netbios name
232. # of the machine that is connecting
233. ; include = /home/samba/etc/smb.conf.%m
234.  
235. # Some defaults for winbind (make sure you're not using the ranges
236. # for something else.)
237. ; idmap uid = 10000-20000
238. ; idmap gid = 10000-20000
239. ; template shell = /bin/bash
240.  
241. # Setup usershare options to enable non-root users to share folders
242. # with the net usershare command.
243. # Using the following line enables you to customise your configuration
244. # on a per machine basis. The %m gets replaced with the netbios name
245. # of the machine that is connecting
246. ; include = /home/samba/etc/smb.conf.%m
247.  
248. # Some defaults for winbind (make sure you're not using the ranges
249. # for something else.)
250. ; idmap uid = 10000-20000
251. ; idmap gid = 10000-20000
252. ; template shell = /bin/bash
253.  
254. # Setup usershare options to enable non-root users to share folders
255. # with the net usershare command.
256.  
257. # Maximum number of usershare. 0 (default) means that usershare is disabled.
258. ; usershare max shares = 100
259.  
260. # Allow users who've been granted usershare privileges to create
261. # public shares, not just authenticated ones
262. usershare allow guests = yes
263.  
264. #======================= Share Definitions =======================
265.  
266. [homes]
267. comment = Home Directories
268. browseable = no
269.  
270. # By default, the home directories are exported read-only. Change the
271. # next parameter to 'no' if you want to be able to write to them.
272. ; usershare max shares = 100
273.  
274. # Allow users who've been granted usershare privileges to create
275. # public shares, not just authenticated ones
276. usershare allow guests = yes
277.  
278. #======================= Share Definitions =======================
279.  
280. [homes]
281. comment = Home Directories
282. browseable = no
283.  
284. # By default, the home directories are exported read-only. Change the
285. # next parameter to 'no' if you want to be able to write to them.
286. read only = yes
287.  
288. # File creation mask is set to 0700 for security reasons. If you want to
289. # create files with group=rw permissions, set next parameter to 0775.
290. create mask = 0700
291.  
292. # Directory creation mask is set to 0700 for security reasons. If you want to
293. # create dirs. with group=rw permissions, set next parameter to 0775.
294. directory mask = 0700
295.  
296. # By default, \\server\username shares can be connected to by anyone
297. # with access to the samba server.
298. # The following parameter makes sure that only "username" can connect
299. # to \\server\username
300. # This might need tweaking when using external authentication schemes
301. # File creation mask is set to 0700 for security reasons. If you want to
302. # create files with group=rw permissions, set next parameter to 0775.
303. create mask = 0700
304.  
305. # Directory creation mask is set to 0700 for security reasons. If you want to
306. # create dirs. with group=rw permissions, set next parameter to 0775.
307. directory mask = 0700
308.  
309. # By default, \\server\username shares can be connected to by anyone
310. # with access to the samba server.
311. # The following parameter makes sure that only "username" can connect
312. # to \\server\username
313. # This might need tweaking when using external authentication schemes
314. valid users = %S
315.  
316. # Un-comment the following and create the netlogon directory for Domain Logons
317. # (you need to configure Samba to act as a domain controller too.)
318. ;[netlogon]
319. ; comment = Network Logon Service
320. ; path = /home/samba/netlogon
321. ; guest ok = yes
322. ; read only = yes
323.  
324. # Un-comment the following and create the profiles directory to store
325. # users profiles (see the "logon path" option above)
326. # (you need to configure Samba to act as a domain controller too.)
327. # The path below should be writable by all users so that their
328. # profile directory may be created the first time they log on
329. Un-comment the following and create the netlogon directory for Domain Logons
330. # (you need to configure Samba to act as a domain controller too.)
331. ;[netlogon]
332. ; comment = Network Logon Service
333. ; path = /home/samba/netlogon
334. ; guest ok = yes
335. ; read only = yes
336.  
337. # Un-comment the following and create the profiles directory to store
338. # users profiles (see the "logon path" option above)
339. # (you need to configure Samba to act as a domain controller too.)
340. # The path below should be writable by all users so that their
341. # profile directory may be created the first time they log on
342. ;[profiles]
343. ; comment = Users profiles
344. ; path = /home/samba/profiles
345. ; guest ok = no
346. ; browseable = no
347. ; create mask = 0600
348. ; directory mask = 0700
349.  
350. [printers]
351. comment = All Printers
352. browseable = no
353. path = /var/spool/samba
354. printable = yes
355. guest ok = no
356. read only = yes create mask = 0700
357.  
358. # Windows clients look for this share name as a source of downloadable
359. # printer drivers
360. [print$]
361. comment = Printer Drivers
362. path = /var/lib/samba/printers
363. browseable = yes
364. read only = yes
365. guest ok = no
366. # Uncomment to allow remote administration of Windows print drivers.
367. # You may need to replace 'lpadmin' with the name of the group your
368. # admin users are members of.
369. # Please note that you also need to set appropriate Unix permissions
370. # to the drivers directory for these users to have write rights in it;
371. write list = root, @lpadmin