## Sample configuration file for the Samba suite for Debian GNU/Linux.### Th

1. #
2. # Sample configuration file for the Samba suite for Debian GNU/Linux.
3. #
4. #
5. # This is the main Samba configuration file. You should read the
6. # smb.conf(5) manual page in order to understand the options listed
7. # here. Samba has a huge number of configurable options most of which
8. # are not shown in this example
9. #
10. # Some options that are often worth tuning have been included as
11. # commented-out examples in this file.
12. # - When such options are commented with ";", the proposed setting
13. # differs from the default Samba behaviour
14. # - When commented with "#", the proposed setting is the default
15. # behaviour of Samba but the option is considered important
16. # enough to be mentioned here
17. #
18. # NOTE: Whenever you modify this file you should run the command
19. # "testparm" to check that you have not made any basic syntactic
20. # errors.
21.  
22. #======================= Global Settings =======================
23.  
24. [global]
25.  
26. # Special configuration for Apple's Time Machine
27. # catia - maps MacOS filename encodings to a form most Linux filesystems support
28. # fruit - provides Apple’s proprietary extensions to SMB
29. # acl_xattr - stores NTFS Access Control Lists (ACLs) in Extended Attributes (EAs)
30. # streams_xattr - stores NTFS alternate data streams in POSIX xattrs
31. vfs objects = catia fruit streams_xattr
32. fruit:aapl = yes
33. fruit:advertise_fullsync = true
34. fruit:time machine = yes
35. fruit:resource = xattr
36. fruit:nfs_aces = no
37. fruit:model = Xserve
38. # Security
39. interfaces = 192.168.0.0/16 fe80::208:9bff:fef9:648b%eth0/64
40. bind interfaces only = yes
41. server role = standalone server
42. workgroup = WORKGROUP
43. client min protocol = SMB2_02
44. server min protocol = SMB2_02
45. server max protocol = SMB3_11
46. encrypt passwords = yes
47. ;smb encrypt = off
48. smb ports = 445
49. restrict anonymous = 2
50. unix password sync = yes
51. pam password change = yes
52. passwd program = /usr/bin/passwd %u
53. passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
54. # Unneeded features
55. disable netbios = yes
56. enhanced browsing = no
57. host msdfs = no
58. load printers = no
59. printcap cache time = 0
60. printcap name = /dev/null
61. # dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver
62. dcerpc endpoint servers = rpcecho
63. # server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate, dns
64. server services = rpc
65. rpc_server:epmapper = disabled
66. rpc_server:winreg = disabled
67. rpc_server:lsarpc = disabled
68. rpc_server:samr = disabled
69. rpc_server:netlogon = disabled
70. rpc_server:netdfs = disabled
71. rpc_server:dssetup = disabled
72. rpc_server:wkssvc = disabled
73. rpc_server:spoolss = disabled
74. rpc_server:svcctl = disabled
75. rpc_server:ntsvcs = disabled
76. rpc_server:eventlog = disabled
77. rpc_server:initshutdown = disabled
78. rpc_server:mdssvc = disabled
79. allow dns updates = disabled
80. dns proxy = no
81. enable core files = no
82. name resolve order = host bcast
83. # Performance
84. ;use sendfile = yes
85.  
86. #### Debugging/Accounting ####
87.  
88. # This tells Samba to use a separate log file for each machine
89. # that connects
90. log file = /var/log/samba/log.%m
91. log level = 1
92.  
93. # Cap the size of the individual log files (in KiB).
94. max log size = 1000
95.  
96. # We want Samba to only log to /var/log/samba/log.{smbd,nmbd}.
97. # Append syslog@1 if you want important messages to be sent to syslog too.
98. logging = file
99.  
100. # Do something sensible when Samba crashes: mail the admin a backtrace
101. panic action = /usr/share/samba/panic-action %d
102.  
103. ############ Misc ############
104.  
105. # Some defaults for winbind (make sure you're not using the ranges
106. # for something else.)
107. ; idmap config * : backend = tdb
108. ; idmap config * : range = 3000-7999
109. ; idmap config YOURDOMAINHERE : backend = tdb
110. ; idmap config YOURDOMAINHERE : range = 100000-999999
111. ; template shell = /bin/bash
112.  
113. #======================= Share Definitions =======================
114.  
115. [Time Machine]
116. path = /data/backup/timemachine/%U
117. valid users = %U
118. browseable = Yes
119. writable = Yes
120. read only = No
121. inherit acls = Yes
122. spotlight = No
123. block size = 524288
124. dfree command = /usr/local/bin/dfree
125. dfree cache time = 120