]>
Commit | Line | Data |
---|---|---|
093d622f CS |
1 | # This is the main Samba configuration file. For detailed information about the |
2 | # options listed here, refer to the smb.conf(5) manual page. Samba has a huge | |
3 | # number of configurable options, most of which are not shown in this example. | |
4 | # | |
5 | # The Official Samba 3.2.x HOWTO and Reference Guide contains step-by-step | |
6 | # guides for installing, configuring, and using Samba: | |
7 | # http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf | |
8 | # | |
9 | # The Samba-3 by Example guide has working examples for smb.conf. This guide is | |
10 | # generated daily: http://www.samba.org/samba/docs/Samba-Guide.pdf | |
11 | # | |
12 | # In this file, lines starting with a semicolon (;) or a hash (#) are | |
13 | # comments and are ignored. This file uses hashes to denote commentary and | |
14 | # semicolons for parts of the file you may wish to configure. | |
15 | # | |
16 | # Note: Run the "testparm" command after modifying this file to check for basic | |
17 | # syntax errors. | |
18 | # | |
19 | #--------------- | |
20 | # Security-Enhanced Linux (SELinux) Notes: | |
21 | # | |
22 | # Turn the samba_domain_controller Boolean on to allow Samba to use the useradd | |
23 | # and groupadd family of binaries. Run the following command as the root user to | |
24 | # turn this Boolean on: | |
25 | # setsebool -P samba_domain_controller on | |
26 | # | |
27 | # Turn the samba_enable_home_dirs Boolean on if you want to share home | |
28 | # directories via Samba. Run the following command as the root user to turn this | |
29 | # Boolean on: | |
30 | # setsebool -P samba_enable_home_dirs on | |
31 | # | |
32 | # If you create a new directory, such as a new top-level directory, label it | |
33 | # with samba_share_t so that SELinux allows Samba to read and write to it. Do | |
34 | # not label system directories, such as /etc/ and /home/, with samba_share_t, as | |
35 | # such directories should already have an SELinux label. | |
36 | # | |
37 | # Run the "ls -ldZ /path/to/directory" command to view the current SELinux | |
38 | # label for a given directory. | |
39 | # | |
40 | # Set SELinux labels only on files and directories you have created. Use the | |
41 | # chcon command to temporarily change a label: | |
42 | # chcon -t samba_share_t /path/to/directory | |
43 | # | |
44 | # Changes made via chcon are lost when the file system is relabeled or commands | |
45 | # such as restorecon are run. | |
46 | # | |
47 | # Use the samba_export_all_ro or samba_export_all_rw Boolean to share system | |
48 | # directories. To share such directories and only allow read-only permissions: | |
49 | # setsebool -P samba_export_all_ro on | |
50 | # To share such directories and allow read and write permissions: | |
51 | # setsebool -P samba_export_all_rw on | |
52 | # | |
53 | # To run scripts (preexec/root prexec/print command/...), copy them to the | |
54 | # /var/lib/samba/scripts/ directory so that SELinux will allow smbd to run them. | |
55 | # Note that if you move the scripts to /var/lib/samba/scripts/, they retain | |
56 | # their existing SELinux labels, which may be labels that SELinux does not allow | |
57 | # smbd to run. Copying the scripts will result in the correct SELinux labels. | |
58 | # Run the "restorecon -R -v /var/lib/samba/scripts" command as the root user to | |
59 | # apply the correct SELinux labels to these files. | |
60 | # | |
61 | #-------------- | |
62 | # | |
63 | #======================= Global Settings ===================================== | |
64 | ||
65 | [global] | |
66 | ||
67 | # ----------------------- Network-Related Options ------------------------- | |
68 | # | |
69 | # workgroup = the Windows NT domain name or workgroup name, for example, MYGROUP. | |
70 | # | |
71 | # server string = the equivalent of the Windows NT Description field. | |
72 | # | |
73 | # netbios name = used to specify a server name that is not tied to the hostname. | |
74 | # | |
75 | # interfaces = used to configure Samba to listen on multiple network interfaces. | |
76 | # If you have multiple interfaces, you can use the "interfaces =" option to | |
77 | # configure which of those interfaces Samba listens on. Never omit the localhost | |
78 | # interface (lo). | |
79 | # | |
80 | # hosts allow = the hosts allowed to connect. This option can also be used on a | |
81 | # per-share basis. | |
82 | # | |
83 | # hosts deny = the hosts not allowed to connect. This option can also be used on | |
84 | # a per-share basis. | |
85 | # | |
86 | # max protocol = used to define the supported protocol. The default is NT1. You | |
87 | # can set it to SMB2 if you want experimental SMB2 support. | |
88 | # | |
89 | workgroup = MYGROUP | |
90 | server string = Samba Server Version %v | |
91 | ||
92 | ; netbios name = MYSERVER | |
93 | ||
94 | ; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24 | |
95 | ; hosts allow = 127. 192.168.12. 192.168.13. | |
96 | ||
97 | ; max protocol = SMB2 | |
98 | ||
99 | # --------------------------- Logging Options ----------------------------- | |
100 | # | |
101 | # log file = specify where log files are written to and how they are split. | |
102 | # | |
103 | # max log size = specify the maximum size log files are allowed to reach. Log | |
104 | # files are rotated when they reach the size specified with "max log size". | |
105 | # | |
106 | ||
107 | # log files split per-machine: | |
108 | log file = /var/log/samba/log.%m | |
109 | # maximum size of 50KB per log file, then rotate: | |
110 | max log size = 50 | |
111 | ||
112 | # ----------------------- Standalone Server Options ------------------------ | |
113 | # | |
114 | # security = the mode Samba runs in. This can be set to user, share | |
115 | # (deprecated), or server (deprecated). | |
116 | # | |
117 | # passdb backend = the backend used to store user information in. New | |
118 | # installations should use either tdbsam or ldapsam. No additional configuration | |
119 | # is required for tdbsam. The "smbpasswd" utility is available for backwards | |
120 | # compatibility. | |
121 | # | |
122 | ||
123 | security = user | |
124 | passdb backend = tdbsam | |
125 | ||
126 | ||
127 | # ----------------------- Domain Members Options ------------------------ | |
128 | # | |
129 | # security = must be set to domain or ads. | |
130 | # | |
131 | # passdb backend = the backend used to store user information in. New | |
132 | # installations should use either tdbsam or ldapsam. No additional configuration | |
133 | # is required for tdbsam. The "smbpasswd" utility is available for backwards | |
134 | # compatibility. | |
135 | # | |
136 | # realm = only use the realm option when the "security = ads" option is set. | |
137 | # The realm option specifies the Active Directory realm the host is a part of. | |
138 | # | |
139 | # password server = only use this option when the "security = server" | |
140 | # option is set, or if you cannot use DNS to locate a Domain Controller. The | |
141 | # argument list can include My_PDC_Name, [My_BDC_Name], and [My_Next_BDC_Name]: | |
142 | # | |
143 | # password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name] | |
144 | # | |
145 | # Use "password server = *" to automatically locate Domain Controllers. | |
146 | ||
147 | ; security = domain | |
148 | ; passdb backend = tdbsam | |
149 | ; realm = MY_REALM | |
150 | ||
151 | ; password server = <NT-Server-Name> | |
152 | ||
153 | # ----------------------- Domain Controller Options ------------------------ | |
154 | # | |
155 | # security = must be set to user for domain controllers. | |
156 | # | |
157 | # passdb backend = the backend used to store user information in. New | |
158 | # installations should use either tdbsam or ldapsam. No additional configuration | |
159 | # is required for tdbsam. The "smbpasswd" utility is available for backwards | |
160 | # compatibility. | |
161 | # | |
162 | # domain master = specifies Samba to be the Domain Master Browser, allowing | |
163 | # Samba to collate browse lists between subnets. Do not use the "domain master" | |
164 | # option if you already have a Windows NT domain controller performing this task. | |
165 | # | |
166 | # domain logons = allows Samba to provide a network logon service for Windows | |
167 | # workstations. | |
168 | # | |
169 | # logon script = specifies a script to run at login time on the client. These | |
170 | # scripts must be provided in a share named NETLOGON. | |
171 | # | |
172 | # logon path = specifies (with a UNC path) where user profiles are stored. | |
173 | # | |
174 | # | |
175 | ; security = user | |
176 | ; passdb backend = tdbsam | |
177 | ||
178 | ; domain master = yes | |
179 | ; domain logons = yes | |
180 | ||
181 | # the following login script name is determined by the machine name | |
182 | # (%m): | |
183 | ; logon script = %m.bat | |
184 | # the following login script name is determined by the UNIX user used: | |
185 | ; logon script = %u.bat | |
186 | ; logon path = \\%L\Profiles\%u | |
187 | # use an empty path to disable profile support: | |
188 | ; logon path = | |
189 | ||
190 | # various scripts can be used on a domain controller or a stand-alone | |
191 | # machine to add or delete corresponding UNIX accounts: | |
192 | ||
193 | ; add user script = /usr/sbin/useradd "%u" -n -g users | |
194 | ; add group script = /usr/sbin/groupadd "%g" | |
195 | ; add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u" | |
196 | ; delete user script = /usr/sbin/userdel "%u" | |
197 | ; delete user from group script = /usr/sbin/userdel "%u" "%g" | |
198 | ; delete group script = /usr/sbin/groupdel "%g" | |
199 | ||
200 | ||
201 | # ----------------------- Browser Control Options ---------------------------- | |
202 | # | |
203 | # local master = when set to no, Samba does not become the master browser on | |
204 | # your network. When set to yes, normal election rules apply. | |
205 | # | |
206 | # os level = determines the precedence the server has in master browser | |
207 | # elections. The default value should be reasonable. | |
208 | # | |
209 | # preferred master = when set to yes, Samba forces a local browser election at | |
210 | # start up (and gives itself a slightly higher chance of winning the election). | |
211 | # | |
212 | ; local master = no | |
213 | ; os level = 33 | |
214 | ; preferred master = yes | |
215 | ||
216 | #----------------------------- Name Resolution ------------------------------- | |
217 | # | |
218 | # This section details the support for the Windows Internet Name Service (WINS). | |
219 | # | |
220 | # Note: Samba can be either a WINS server or a WINS client, but not both. | |
221 | # | |
222 | # wins support = when set to yes, the NMBD component of Samba enables its WINS | |
223 | # server. | |
224 | # | |
225 | # wins server = tells the NMBD component of Samba to be a WINS client. | |
226 | # | |
227 | # wins proxy = when set to yes, Samba answers name resolution queries on behalf | |
228 | # of a non WINS capable client. For this to work, there must be at least one | |
229 | # WINS server on the network. The default is no. | |
230 | # | |
231 | # dns proxy = when set to yes, Samba attempts to resolve NetBIOS names via DNS | |
232 | # nslookups. | |
233 | ||
234 | ; wins support = yes | |
235 | ; wins server = w.x.y.z | |
236 | ; wins proxy = yes | |
237 | ||
238 | ; dns proxy = yes | |
239 | ||
240 | # --------------------------- Printing Options ----------------------------- | |
241 | # | |
242 | # The options in this section allow you to configure a non-default printing | |
243 | # system. | |
244 | # | |
245 | # load printers = when set you yes, the list of printers is automatically | |
246 | # loaded, rather than setting them up individually. | |
247 | # | |
248 | # cups options = allows you to pass options to the CUPS library. Setting this | |
249 | # option to raw, for example, allows you to use drivers on your Windows clients. | |
250 | # | |
251 | # printcap name = used to specify an alternative printcap file. | |
252 | # | |
253 | ||
254 | load printers = yes | |
255 | cups options = raw | |
256 | ||
257 | ; printcap name = /etc/printcap | |
258 | # obtain a list of printers automatically on UNIX System V systems: | |
259 | ; printcap name = lpstat | |
260 | ; printing = cups | |
261 | ||
262 | # --------------------------- File System Options --------------------------- | |
263 | # | |
264 | # The options in this section can be un-commented if the file system supports | |
265 | # extended attributes, and those attributes are enabled (usually via the | |
266 | # "user_xattr" mount option). These options allow the administrator to specify | |
267 | # that DOS attributes are stored in extended attributes and also make sure that | |
268 | # Samba does not change the permission bits. | |
269 | # | |
270 | # Note: These options can be used on a per-share basis. Setting them globally | |
271 | # (in the [global] section) makes them the default for all shares. | |
272 | ||
273 | ; map archive = no | |
274 | ; map hidden = no | |
275 | ; map read only = no | |
276 | ; map system = no | |
277 | ; store dos attributes = yes | |
278 | ||
279 | ||
280 | #============================ Share Definitions ============================== | |
281 | ||
282 | [homes] | |
283 | comment = Home Directories | |
284 | browseable = no | |
285 | writable = yes | |
286 | ; valid users = %S | |
287 | ; valid users = MYDOMAIN\%S | |
288 | ||
289 | [printers] | |
290 | comment = All Printers | |
291 | path = /var/spool/samba | |
292 | browseable = no | |
293 | guest ok = no | |
294 | writable = no | |
295 | printable = yes | |
296 | ||
297 | # Un-comment the following and create the netlogon directory for Domain Logons: | |
298 | ; [netlogon] | |
299 | ; comment = Network Logon Service | |
300 | ; path = /var/lib/samba/netlogon | |
301 | ; guest ok = yes | |
302 | ; writable = no | |
303 | ; share modes = no | |
304 | ||
305 | # Un-comment the following to provide a specific roving profile share. | |
306 | # The default is to use the user's home directory: | |
307 | ; [Profiles] | |
308 | ; path = /var/lib/samba/profiles | |
309 | ; browseable = no | |
310 | ; guest ok = yes | |
311 | ||
312 | # A publicly accessible directory that is read only, except for users in the | |
313 | # "staff" group (which have write permissions): | |
314 | ; [public] | |
315 | ; comment = Public Stuff | |
316 | ; path = /home/samba | |
317 | ; public = yes | |
318 | ; writable = yes | |
319 | ; printable = no | |
320 | ; write list = +staff |