+# This is the main Samba configuration file. For detailed information about the
+# options listed here, refer to the smb.conf(5) manual page. Samba has a huge
+# number of configurable options, most of which are not shown in this example.
+#
+# The Official Samba 3.2.x HOWTO and Reference Guide contains step-by-step
+# guides for installing, configuring, and using Samba:
+# http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
+#
+# The Samba-3 by Example guide has working examples for smb.conf. This guide is
+# generated daily: http://www.samba.org/samba/docs/Samba-Guide.pdf
+#
+# In this file, lines starting with a semicolon (;) or a hash (#) are
+# comments and are ignored. This file uses hashes to denote commentary and
+# semicolons for parts of the file you may wish to configure.
+#
+# Note: Run the "testparm" command after modifying this file to check for basic
+# syntax errors.
+#
+#---------------
+# Security-Enhanced Linux (SELinux) Notes:
+#
+# Turn the samba_domain_controller Boolean on to allow Samba to use the useradd
+# and groupadd family of binaries. Run the following command as the root user to
+# turn this Boolean on:
+# setsebool -P samba_domain_controller on
+#
+# Turn the samba_enable_home_dirs Boolean on if you want to share home
+# directories via Samba. Run the following command as the root user to turn this
+# Boolean on:
+# setsebool -P samba_enable_home_dirs on
+#
+# If you create a new directory, such as a new top-level directory, label it
+# with samba_share_t so that SELinux allows Samba to read and write to it. Do
+# not label system directories, such as /etc/ and /home/, with samba_share_t, as
+# such directories should already have an SELinux label.
+#
+# Run the "ls -ldZ /path/to/directory" command to view the current SELinux
+# label for a given directory.
+#
+# Set SELinux labels only on files and directories you have created. Use the
+# chcon command to temporarily change a label:
+# chcon -t samba_share_t /path/to/directory
+#
+# Changes made via chcon are lost when the file system is relabeled or commands
+# such as restorecon are run.
+#
+# Use the samba_export_all_ro or samba_export_all_rw Boolean to share system
+# directories. To share such directories and only allow read-only permissions:
+# setsebool -P samba_export_all_ro on
+# To share such directories and allow read and write permissions:
+# setsebool -P samba_export_all_rw on
+#
+# To run scripts (preexec/root prexec/print command/...), copy them to the
+# /var/lib/samba/scripts/ directory so that SELinux will allow smbd to run them.
+# Note that if you move the scripts to /var/lib/samba/scripts/, they retain
+# their existing SELinux labels, which may be labels that SELinux does not allow
+# smbd to run. Copying the scripts will result in the correct SELinux labels.
+# Run the "restorecon -R -v /var/lib/samba/scripts" command as the root user to
+# apply the correct SELinux labels to these files.
+#
+#--------------
+#
+#======================= Global Settings =====================================
+
+[global]
+
+# ----------------------- Network-Related Options -------------------------
+#
+# workgroup = the Windows NT domain name or workgroup name, for example, MYGROUP.
+#
+# server string = the equivalent of the Windows NT Description field.
+#
+# netbios name = used to specify a server name that is not tied to the hostname.
+#
+# interfaces = used to configure Samba to listen on multiple network interfaces.
+# If you have multiple interfaces, you can use the "interfaces =" option to
+# configure which of those interfaces Samba listens on. Never omit the localhost
+# interface (lo).
+#
+# hosts allow = the hosts allowed to connect. This option can also be used on a
+# per-share basis.
+#
+# hosts deny = the hosts not allowed to connect. This option can also be used on
+# a per-share basis.
+#
+# max protocol = used to define the supported protocol. The default is NT1. You
+# can set it to SMB2 if you want experimental SMB2 support.
+#
+ workgroup = MYGROUP
+ server string = Samba Server Version %v
+
+; netbios name = MYSERVER
+
+; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
+; hosts allow = 127. 192.168.12. 192.168.13.
+
+; max protocol = SMB2
+
+# --------------------------- Logging Options -----------------------------
+#
+# log file = specify where log files are written to and how they are split.
+#
+# max log size = specify the maximum size log files are allowed to reach. Log
+# files are rotated when they reach the size specified with "max log size".
+#
+
+ # log files split per-machine:
+ log file = /var/log/samba/log.%m
+ # maximum size of 50KB per log file, then rotate:
+ max log size = 50
+
+# ----------------------- Standalone Server Options ------------------------
+#
+# security = the mode Samba runs in. This can be set to user, share
+# (deprecated), or server (deprecated).
+#
+# passdb backend = the backend used to store user information in. New
+# installations should use either tdbsam or ldapsam. No additional configuration
+# is required for tdbsam. The "smbpasswd" utility is available for backwards
+# compatibility.
+#
+
+ security = user
+ passdb backend = tdbsam
+
+
+# ----------------------- Domain Members Options ------------------------
+#
+# security = must be set to domain or ads.
+#
+# passdb backend = the backend used to store user information in. New
+# installations should use either tdbsam or ldapsam. No additional configuration
+# is required for tdbsam. The "smbpasswd" utility is available for backwards
+# compatibility.
+#
+# realm = only use the realm option when the "security = ads" option is set.
+# The realm option specifies the Active Directory realm the host is a part of.
+#
+# password server = only use this option when the "security = server"
+# option is set, or if you cannot use DNS to locate a Domain Controller. The
+# argument list can include My_PDC_Name, [My_BDC_Name], and [My_Next_BDC_Name]:
+#
+# password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
+#
+# Use "password server = *" to automatically locate Domain Controllers.
+
+; security = domain
+; passdb backend = tdbsam
+; realm = MY_REALM
+
+; password server = <NT-Server-Name>
+
+# ----------------------- Domain Controller Options ------------------------
+#
+# security = must be set to user for domain controllers.
+#
+# passdb backend = the backend used to store user information in. New
+# installations should use either tdbsam or ldapsam. No additional configuration
+# is required for tdbsam. The "smbpasswd" utility is available for backwards
+# compatibility.
+#
+# domain master = specifies Samba to be the Domain Master Browser, allowing
+# Samba to collate browse lists between subnets. Do not use the "domain master"
+# option if you already have a Windows NT domain controller performing this task.
+#
+# domain logons = allows Samba to provide a network logon service for Windows
+# workstations.
+#
+# logon script = specifies a script to run at login time on the client. These
+# scripts must be provided in a share named NETLOGON.
+#
+# logon path = specifies (with a UNC path) where user profiles are stored.
+#
+#
+; security = user
+; passdb backend = tdbsam
+
+; domain master = yes
+; domain logons = yes
+
+ # the following login script name is determined by the machine name
+ # (%m):
+; logon script = %m.bat
+ # the following login script name is determined by the UNIX user used:
+; logon script = %u.bat
+; logon path = \\%L\Profiles\%u
+ # use an empty path to disable profile support:
+; logon path =
+
+ # various scripts can be used on a domain controller or a stand-alone
+ # machine to add or delete corresponding UNIX accounts:
+
+; add user script = /usr/sbin/useradd "%u" -n -g users
+; add group script = /usr/sbin/groupadd "%g"
+; add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u"
+; delete user script = /usr/sbin/userdel "%u"
+; delete user from group script = /usr/sbin/userdel "%u" "%g"
+; delete group script = /usr/sbin/groupdel "%g"
+
+
+# ----------------------- Browser Control Options ----------------------------
+#
+# local master = when set to no, Samba does not become the master browser on
+# your network. When set to yes, normal election rules apply.
+#
+# os level = determines the precedence the server has in master browser
+# elections. The default value should be reasonable.
+#
+# preferred master = when set to yes, Samba forces a local browser election at
+# start up (and gives itself a slightly higher chance of winning the election).
+#
+; local master = no
+; os level = 33
+; preferred master = yes
+
+#----------------------------- Name Resolution -------------------------------
+#
+# This section details the support for the Windows Internet Name Service (WINS).
+#
+# Note: Samba can be either a WINS server or a WINS client, but not both.
+#
+# wins support = when set to yes, the NMBD component of Samba enables its WINS
+# server.
+#
+# wins server = tells the NMBD component of Samba to be a WINS client.
+#
+# wins proxy = when set to yes, Samba answers name resolution queries on behalf
+# of a non WINS capable client. For this to work, there must be at least one
+# WINS server on the network. The default is no.
+#
+# dns proxy = when set to yes, Samba attempts to resolve NetBIOS names via DNS
+# nslookups.
+
+; wins support = yes
+; wins server = w.x.y.z
+; wins proxy = yes
+
+; dns proxy = yes
+
+# --------------------------- Printing Options -----------------------------
+#
+# The options in this section allow you to configure a non-default printing
+# system.
+#
+# load printers = when set you yes, the list of printers is automatically
+# loaded, rather than setting them up individually.
+#
+# cups options = allows you to pass options to the CUPS library. Setting this
+# option to raw, for example, allows you to use drivers on your Windows clients.
+#
+# printcap name = used to specify an alternative printcap file.
+#
+
+ load printers = yes
+ cups options = raw
+
+; printcap name = /etc/printcap
+ # obtain a list of printers automatically on UNIX System V systems:
+; printcap name = lpstat
+; printing = cups
+
+# --------------------------- File System Options ---------------------------
+#
+# The options in this section can be un-commented if the file system supports
+# extended attributes, and those attributes are enabled (usually via the
+# "user_xattr" mount option). These options allow the administrator to specify
+# that DOS attributes are stored in extended attributes and also make sure that
+# Samba does not change the permission bits.
+#
+# Note: These options can be used on a per-share basis. Setting them globally
+# (in the [global] section) makes them the default for all shares.
+
+; map archive = no
+; map hidden = no
+; map read only = no
+; map system = no
+; store dos attributes = yes
+
+
+#============================ Share Definitions ==============================
+
+[homes]
+ comment = Home Directories
+ browseable = no
+ writable = yes
+; valid users = %S
+; valid users = MYDOMAIN\%S
+
+[printers]
+ comment = All Printers
+ path = /var/spool/samba
+ browseable = no
+ guest ok = no
+ writable = no
+ printable = yes
+
+# Un-comment the following and create the netlogon directory for Domain Logons:
+; [netlogon]
+; comment = Network Logon Service
+; path = /var/lib/samba/netlogon
+; guest ok = yes
+; writable = no
+; share modes = no
+
+# Un-comment the following to provide a specific roving profile share.
+# The default is to use the user's home directory:
+; [Profiles]
+; path = /var/lib/samba/profiles
+; browseable = no
+; guest ok = yes
+
+# A publicly accessible directory that is read only, except for users in the
+# "staff" group (which have write permissions):
+; [public]
+; comment = Public Stuff
+; path = /home/samba
+; public = yes
+; writable = yes
+; printable = no
+; write list = +staff
projects / people / amarx / ipfire-3.x.git / commitdiff
