# This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options (perhaps too # many!) most of which are not shown in this example # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentry and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command "testparm" # to check that you have not made any basic syntactic errors. # # Note by Nick Urbanik # I have added settings from (commented out) the "sample config file" # in the Samba 2.2 PDC Howto, since this is used for PDC experiments. #======================= Global Settings ===================================== [global] netbios name = NICKU # workgroup = NT-Domain-Name or Workgroup-Name workgroup = HOME # server string is the equivalent of the NT Description field server string = Samba Server # The default log level is 0: ;log level = 3 passdb:10 auth:10 winbind:2 log level = 3 # With these settings, Windows 98 cannot log in, but XP can: ;client schannel = auto ;server schannel = auto ;client signing = auto ;server signing = auto server signing = auto ldap admin dn = cn=admin,dc=nicku,dc=org ;ldap admin dn = uid=admin,ou=People,dc=nicku,dc=org ldap ssl = no ldap delete dn = no ldap suffix = dc=nicku,dc=org ldap user suffix = ou=People ldap group suffix = ou=Group #ldap idmap suffix = ou=Idmap #idmap backend = ldap:ldap://localhost #idmap uid = 10000-20000 #idmap gid = 10000-20000 map acl inherit = Yes # Note: See page 149 of Samba-3 by Example, 2004, ISBN 0131472216 # This is why my setup didn't work! #ldap machine suffix = ou=Computers ldap machine suffix = ou=People # testparm now says that this does not work: # ldap trust ids = Yes ldap passwd sync = Yes ;ldap filter = "(&(uid=%u)(objectClass=sambaSamAccount))" # Nick: you need this for a PDC for Win2k clients: ;add machine script = /usr/sbin/smbldap-useradd -w -n -g computers -c 'Samba Machine PDC member' -d /dev/null -s /sbin/nologin %u add machine script = /usr/sbin/smbldap-useradd -w %u ; add group script = /usr/sbin/smbldap-groupadd %g # See the following, viewed on 17 March 2005: # http://samba.mirror.aarnet.edu.au/samba/docs/man/Samba-Guide/happy.html#ldapsetup add user script = /usr/sbin/smbldap-useradd -m "%u" delete user script = /usr/sbin/smbldap-userdel "%u" add group script = /usr/sbin/smbldap-groupadd -p "%g" delete group script = /usr/sbin/smbldap-groupdel "%g" add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" # Nick: create the group smbadm and add root and administrators to it # for a PDC for Win2k clients: # domain admin group not supported in samba 3. See the docs. ; domain admin group = @smbadm linus linus2 nicku # Samba supports Microsoft DFS on all MS platforms that understand it: # host msdfs = yes time server = yes # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the "loopback" interface. For more examples of the syntax see # the smb.conf man page hosts allow = 192.168.0. 127. # if you want to automatically load your printer list rather # than setting them up individually then you'll need this # printcap name = /etc/printcap load printers = yes # It should not be necessary to spell out the print system type unless # yours is non-standard. Currently supported print systems include: # bsd, sysv, plp, lprng, aix, hpux, qnx ; printing = bsd ; printing = lprng printing = cups use client driver = yes # This option tells cups that the data has already been rasterized cups options = raw # Uncomment this if you want a guest account, you must add this to /etc/passwd # otherwise the user "nobody" is used ; guest account = pcguest # this tells Samba to use a separate log file for each machine # that connects log file = /var/log/samba/%m.log # Put a capping on the size of the log files (in Kb). max log size = 0 # Security mode. Most people will want user level security. See # security_level.txt for details. # Nick: used to be security = share before I upgraded to RH 7. ; security = user ; security = share # You will also want security = user to use this as a PDC. security = user # Use password server option only with security = server ; password server = # Password Level allows matching of _n_ characters of the password for # all combinations of upper and lower case. ; password level = 8 ; username level = 8 # Required for Samba 3.0: #passdb backend = ldapsam:ldap://nicksbox.tyict.vtc.edu.hk smbpasswd guest # passdb backend = ldapsam:ldap://localhost smbpasswd guest passdb backend = ldapsam:ldap://localhost # You may wish to use password encryption. Please read # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. # Do not enable this option unless you have read those documents # Nick: For a PDC for win2k clients, enable both options: encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd # The following is needed to keep smbclient from spouting spurious errors # when Samba is built with support for SSL. # ssl CA certFile = /usr/share/ssl/certs/ca-bundle.crt # The following are needed to allow password changing from Windows to # update the Linux system password also. # NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above. # NOTE2: You do NOT need these to allow workstations to change only # the encrypted SMB passwords. They allow the Unix password # to be kept in sync with the SMB password. unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* # You can use PAM's password change control flag for Samba. If # enabled, then PAM will be used for password changes when requested # by an SMB client instead of the program listed in passwd program. # It should be possible to enable this without changing your passwd # chat parameter for most setups. pam password change = yes # Unix users can map to different SMB User names # Nick: we want this so that administrator gets mapped to root when # joining a machine to the domain: username map = /etc/samba/smbusers # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting ; include = /etc/samba/smb.conf.%m # This parameter will control whether or not Samba should obey PAM's # account and session management directives. The default behavior is # to use PAM for clear text authentication only and to ignore any # account or session management. Note that Samba always ignores PAM # for authentication in the case of encrypt passwords = yes obey pam restrictions = yes # Most people will find that this option gives better performance. # See speed.txt and the manual pages for details socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # Configure Samba to use multiple interfaces # If you have multiple network interfaces then you must list them # here. See the man page for details. ; interfaces = 192.168.12.2/24 192.168.13.2/24 # Nick, 17 March 2005: see # http://samba.mirror.aarnet.edu.au/samba/docs/man/Samba-Guide/happy.html#ch6-ldifadd interfaces = eth0, lo bind interfaces only = Yes # VMware: # This system appears to have a CIFS/SMB server (Samba) configured for # normal use. Note that if you want to offer service to Virtual # Machines running on the host-only network, you must modify your # /etc/smb.conf file to list the networks Samba should deal with. You # can do this by adding a line looking like this one: # interfaces = 192.168.0.2/255.255.255.0 208.151.93.225/255.255.255.255 # interfaces = 192.168.129.180/255.255.255.255 192.168.25.1/255.255.255.0 # Configure remote browse list synchronisation here # request announcement to, or browse list sync from: # a specific host or from / to a whole subnet (see below) ; remote browse sync = 192.168.3.25 192.168.5.255 # Cause this host to announce itself to local subnets here ; remote announce = 192.168.1.255 192.168.2.44 # Browser Control Options: # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply local master = yes # OS Level determines the precedence of this server in master browser # elections. The default value should be reasonable ; os level = 33 # Nick: set to os level = 65 for a PDC for Win2k clients: os level = 65 # Domain Master specifies Samba to be the Domain Master Browser. This # allows Samba to collate browse lists between subnets. Don't use this # if you already have a Windows NT domain controller doing this job domain master = yes # Preferred Master causes Samba to force a local browser election on startup # and gives it a slightly higher chance of winning the election preferred master = yes # Enable this if you want Samba to be a domain logon server for # Windows95 workstations. # Nick: you definitely want this turned on for a PDC: domain logons = yes # if you enable domain logons then you may want a per-machine or # per user logon script # run a specific logon batch file per workstation (machine) ; logon script = %m.bat # run a specific logon batch file per username ; logon script = %U.bat # Nick: use this for a PDC, and put scripts into /var/samba/netlogon/scripts: logon script = scripts\%U.bat # All NetBIOS names must be resolved to IP Addresses # 'Name Resolve Order' allows the named resolution mechanism to be specified # the default order is "host lmhosts wins bcast". "host" means use the unix # system gethostbyname() function call that will use either /etc/hosts OR # DNS or NIS depending on the settings of /etc/host.config, /etc/nsswitch.conf # and the /etc/resolv.conf file. "host" therefore is system configuration # dependant. This parameter is most often of use to prevent DNS lookups # in order to resolve NetBIOS names to IP Addresses. Use with care! # The example below excludes use of name resolution for machines that are NOT # on the local network segment # - OR - are not deliberately to be known via lmhosts or via WINS. ; name resolve order = wins lmhosts bcast # Windows Internet Name Serving Support Section: # WINS Support - Tells the NMBD component of Samba to enable it's WINS Server wins support = yes # WINS Server - Tells the NMBD components of Samba to be a WINS Client # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both ; wins server = w.x.y.z # WINS Proxy - Tells Samba to answer name resolution queries on # behalf of a non WINS capable client, for this to work there must be # at least one WINS Server on the network. The default is NO. ; wins proxy = yes # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names # via DNS nslookups. The built-in default for versions 1.9.17 is yes, # this has been changed in version 1.9.18 to no. dns proxy = no # Case Preservation can be handy - system default is _no_ # NOTE: These can be set on a per share basis preserve case = yes short preserve case = yes # Default case is normally upper case for all DOS files default case = lower # Be very careful with case sensitivity - it can break things! case sensitive = no logon home = \\%L\%U\.profile logon path = \\%L\profiles\%U #============================ Share Definitions ============================== [homes] comment = Home Directories browseable = no writable = yes valid users = %S create mode = 0664 directory mode = 0775 # oplocks = no # Un-comment the following and create the netlogon directory for Domain Logons ; [netlogon] ; comment = Network Logon Service ; path = /home/netlogon ; guest ok = yes ; writable = no ; share modes = no # Nick: this is necessary for a PDC for Win2k clients: [netlogon] comment = Network Logon Service path = /var/samba/netlogon guest ok = no write list = @smbadm share modes = no # Uncomment host msdfs = yes above if you enable this: [dfs] path = /var/samba/dfsroot msdfs root = yes # Un-comment the following to provide a specific roving profile share # the default is to use the user's home directory [profiles] path = /var/samba/profiles writable = yes profile acls = Yes ; create mask = 0600 ; directory mask = 0700 ; browseable = no ; guest ok = yes # See page 31 in chapter 4, "Printing support in Samba" # in Samba-HOWTO-Collection.pdf: [print$] path = /var/samba/printers guest ok = yes browseable = yes read only = yes write list = @smbadm # NOTE: If you have a BSD-style print system there is no need to # specifically define each individual printer [printers] comment = All Printers path = /var/spool/samba browseable = no # Set public = yes to allow user 'guest account' to print guest ok = yes printable = yes # This one is useful for people to share files ;[tmp] ; comment = Temporary file space ; path = /tmp ; read only = no ; public = yes # A publicly accessible directory, but read only, except for people in # the "staff" group ;[public] ; comment = Public Stuff ; path = /home/samba ; public = yes ; writable = yes ; printable = no ; write list = @staff # Other examples. # # A private printer, usable only by fred. Spool data will be placed in fred's # home directory. Note that fred must have write access to the spool directory, # wherever it is. ;[fredsprn] ; comment = Fred's Printer ; valid users = fred ; path = /homes/fred ; printer = freds_printer ; public = no ; printable = yes # A private directory, usable only by fred. Note that fred requires write # access to the directory. ;[fredsdir] ; comment = Fred's Service ; path = /usr/somewhere/private ; valid users = fred ; public = no ; writable = yes ; printable = no # a service which has a different directory for each machine that connects # this allows you to tailor configurations to incoming machines. You could # also use the %u option to tailor it by user name. # The %m gets replaced with the machine name that is connecting. ;[pchome] ; comment = PC Directories ; path = /usr/pc/%m ; public = no ; writable = yes # A publicly accessible directory, read/write to all users. Note that all files # created in the directory by users will be owned by the default user, so # any user with access can delete any other user's files. Obviously this # directory must be writable by the default user. Another user could of course # be specified, in which case all files would be owned by that user instead. ;[public] ; path = /usr/somewhere/else/public ; public = yes ; only guest = yes ; writable = yes ; printable = no # The following two entries demonstrate how to share a directory so that two # users can place files there that will be owned by the specific users. In this # setup, the directory should be writable by both users and should have the # sticky bit set on it to prevent abuse. Obviously this could be extended to # as many users as required. ;[myshare] ; comment = Mary's and Fred's stuff ; path = /usr/somewhere/shared ; valid users = mary fred ; public = no ; writable = yes ; printable = no ; create mask = 0765 # [ee111] # comment = EE111 teaching stuff # path = /home/nicku/work/teaching/ee111 # valid users = nicku @smbadm # public = no # writable = yes # printable = no # create mask = 0765 # # oplocks = false # [ee270] # comment = EE270 teaching stuff # public = no # valid users = nicku @smbadm # writable = yes # printable = no # create mask = 0765 # # oplocks = false # [scut] # comment = stuff for SCUT conference # path = /home/nicku/work/teaching/project/scut # valid users = nicku # public = no # writable = yes # printable = no # create mask = 0765 [linux] comment = Linux packages path = /var/ftp/pub public = yes only guest = yes writable = no printable = no [ogg] comment = mp3s path = /ogg public = yes only guest = yes writable = no printable = no [notlinux] comment = software that is not Linux path = /var/ftp/pub/notlinux public = yes only guest = yes writable = no printable = no [mnt] comment = a loop mount of Office 2000 CDROM path = /mnt public = yes only guest = yes writable = no printable = no [emily52] comment = Microprocessor lab software path = /home/nicku/emily52 public = yes only guest = yes writable = no printable = no [cdrom] comment = the cdrom path = /cdrom public = yes only guest = yes writeable = no printable = no [cdr] comment = the cdrom writer path = /cdr public = yes only guest = yes writeable = no printable = no [ossi] comment = OSSI teaching stuff path = /home/nicku/work/teaching/ict/ossi public = no valid users = nicku pam @smbadm write list = nicku @smbadm writable = no printable = no create mask = 0765 # oplocks = false [ftpspace] comment = ftp space, writable path = /var/ftp/pub public = no only guest = no writable = no valid users = nicku pam @smbadm write list = nicku @smbadm printable = no [admin] comment = Administration for ICT path = /home/nicku/work/admin/ict public = no valid users = nicku pam @smbadm write list = nicku @smbadm writable = no printable = no create mask = 0765 [teachingict] comment = Teaching material for ICT path = /home/nicku/work/teaching/ict public = no valid users = nicku pam @smbadm write list = nicku @smbadm writable = no printable = no create mask = 0765 [tmp] comment = Temporary file space path = /tmp writable = yes valid users = nicku pam root [share1] comment = Test share writable by students and admin only path = /var/samba/share1 valid users = @students @smbadm writable = yes [project2] comment = Excel spreadsheets for Project-2 path = /home/nicku/project-2 valid users = nicku pam root writeable = yes # Note: this is a copy of the cd on hard disk, not a loop mounted image. [search2] comment = Search and Learn Sesame Street adventure path = /.auto/.search valid users = @linusgames writeable = no write list = nicku pam root # Note: this is a loop mounted copy of the cdrom: [search] comment = Search and Learn Sesame Street adventure for 3 to 6 year olds path = /cdimage/search valid users = @linusgames writeable = no # write list = nicku pam root # Note: this is a loop mounted copy of the cdrom: [jumpst] comment = Jump Start Toddlers path = /.auto/jump-start-toddlers valid users = @linusgames writeable = no # write list = nicku pam root linus # Note: this is a loop mounted copy of the cdrom: [tubbies] comment = Teletubbies game path = /.auto/tubbies valid users = @linusgames writeable = no # write list = nicku pam root linus # Note: this is a loop mounted copy of the cdrom: [ss-toddler1] comment = Sesame Street Toddler disk 1 path = /.auto/sesame-street-toddler-1 valid users = @linusgames writeable = no #write list = nicku pam root linus # Note: this is a loop mounted copy of the cdrom: [ss-toddler2] comment = Sesame Street Toddler disk 2 path = /.auto/sesame-street-toddler-2 valid users = @linusgames writeable = no #write list = nicku pam root linus # Note: this is a loop mounted copy of the cdrom: [ss-toddler] comment = Sesame Street Toddler disk 1 path = /.auto/sesame-street-toddler valid users = @linusgames writeable = no # Note: this is a loop mounted copy of the cdrom: [ss-set-to-learn] comment = Sesame Street Get Set to Learn path = /.auto/sesame-street-get-set-to-learn valid users = @linusgames writeable = no # Note: this is a loop mounted copy of the cdrom: [ss-music-maker] comment = Sesame Street Music Maker path = /.auto/sesame-street-music-maker valid users = @linusgames writeable = no # Note: this is a loop mounted copy of the cdrom: [ss-abc] comment = Sesame Street ABC Letters path = /.auto/sesame-street-abc valid users = @linusgames writeable = no # Note: this is a loop mounted copy of the cdrom: [elmos-world] comment = Sesame Street: Create and Draw in Elmo's World path = /.auto/sesame-street-elmos-world valid users = @linusgames writeable = no # Note: this is a loop mounted copy of the cdrom: [snoopy] comment = Snoopy path = /.auto/snoopy valid users = @linusgames writeable = no # Note: this is a loop mounted copy of the cdrom: [elmo-grouchland] comment = Sesame Street: Elmo in Grouchland path = /.auto/elmo-in-grouchland valid users = @linusgames writeable = no # Note: this is a loop mounted copy of the cdrom: [preschool] comment = Winnie the Pooh, Was an error in reading the disk path = /.auto/preschool valid users = @linusgames writeable = no # Note: this is a loop mounted copy of the cdrom: [human-body] comment = Pong Pong's Learning Adventure: Mysteries of the Human Body path = /.auto/pong-pongs-adventure-mysteries-of-the-human-body valid users = @linusgames writeable = no # Note: this is a loop mounted copy of the cdrom: [animals] comment = Pong Pong's Learning Adventure: Animals path = /.auto/pong-pongs-adventure-animals valid users = @linusgames writeable = no # Note: this is a loop mounted copy of the cdrom: [looking-glass] comment = Elmo Through the Looking Glass path = /.auto/elmo-looking-glass valid users = @linusgames writeable = no # Loop mounted using the automounter: [beautiful-maths] comment = The only survivor of the 3 CD pack, beautiful {maths,english,chinese} path = /.auto/beautiful-maths valid users = @linusgames writeable = no # [kindergarten-1] # comment = Sesame Street Kindergarten disk 1 of 2 # path = /.auto/sesame-street-kindergarten-1 # valid users = @linusgames # writeable = no [kindergarten-2] comment = Sesame Street Kindergarten disk 2 of 2 path = /.auto/sesame-street-kindergarten-2 valid users = @linusgames writeable = no [windows98] comment = Windows 98 w7xtc 2ywfb k6bpt gmhmv b6fdy path = /.auto/windows98 valid users = @linusgames writeable = no [paper-carving] comment= Creative House of the Magic Oriental Zodiac: Paper Carving Workshop path = /.auto/paper-carving-workshop valid users = @linusgames writeable = no [zodiac] comment = Creative House of the Magic Oriental Zodiac: 3D Cartoon Adventures path = /.auto/3d-cartoon-adventures valid users = @linusgames writeable = no [printbox] comment = Creative House of the Magic Oriental Zodiac: Printing Treasure Box path = /.auto/printing-treasure-box valid users = @linusgames writeable = no [elmo-reading] comment = (Error reading last sector): Elmo's Reading (A) path = /.auto/elmo-reading valid users = @linusgames writeable = no [elmo-glass] comment = Elmo's Reading -- Glass (B) path = /.auto/elmo-glass valid users = @linusgames writeable = no [blues-art] comment = Blue's art time activities path = /.auto/blues-art-time-activities valid users = @linusgames writeable = no [getready] comment = DK My First Getting Ready for School path = /.auto/first-getting-ready-for-school valid users = @linusgames writeable = no [lego] comment = LEGO: My World School Skills path = /.auto/lego-school-skills valid users = @linusgames writeable = no [lego2] comment = LEGO: My World First Steps path = /.auto/lego-first-steps valid users = @linusgames writeable = no [thomas-t] comment = Thomas the Tank Engine: Trouble on the Tracks path = /.auto/thomas-trouble valid users = @linusgames writeable = no [math-boy-1] comment = Math Boy 1: Mon! Numbers are missing for ages 4-10 path = /.auto/mom-numbers-are-missing valid users = @linusgames writeable = no [deep-sea] comment = Sesame Street: Elmo's Deep Sea Adventure path = /.auto/elmo-deep-sea valid users = @linusgames writeable = no [grouchketeers] comment = Sesame Street: The Three Grouchketeers path = /.auto/ss-3-grouchketeers valid users = @linusgames writeable = no [readcount] comment = DK Play & Learn: Reading and Counting path = /.auto/reading-counting valid users = @linusgames writeable = no [maths-r-w] comment = DK Learning Ladder: Maths, Reading and Writing path = /.auto/maths-r-w valid users = @linusgames writeable = no [disphonics] comment = Disney Learing Ages 5--8: PHonics Quest path = /.auto/disney-phonics valid users = @linusgames writeable = no [jumpahead] comment = Jump Ahead Preschool: has an additional 18 audio tracks path = /.auto/jump-ahead valid users = @linusgames writeable = no [msdn1] comment = MSDN disk 1 from old Visual Studio 6 path = /.auto/msdn1 valid users = @linusgames writeable = no [msdn2] comment = MSDN disk 2 from old Visual Studio 6 path = /.auto/msdn2 valid users = @linusgames writeable = no [vis-studio6] comment = Visual Studio 6 path = /.auto/vis-studio6 valid users = @linusgames writeable = no