| blob | cb9f632b18ca35a6142d1ab006fe87052df8742a |
1 # This is the main Samba configuration file. You should read the
2 # smb.conf(5) manual page in order to understand the options listed
3 # here. Samba has a huge number of configurable options (perhaps too
4 # many!) most of which are not shown in this example
5 #
6 # Any line which starts with a ; (semi-colon) or a # (hash)
7 # is a comment and is ignored. In this example we will use a #
8 # for commentry and a ; for parts of the config file that you
9 # may wish to enable
10 #
11 # NOTE: Whenever you modify this file you should run the command "testparm"
12 # to check that you have not many any basic syntactic errors.
13 #
14 #======================= Global Settings =====================================
15 [global]
17 ##
18 ## Basic Server Settings
19 ##
21 # workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4
22 workgroup = MYGROUP
24 # server string is the equivalent of the NT Description field
25 server string = Samba Server
27 # This option is important for security. It allows you to restrict
28 # connections to machines which are on your local network. The
29 # following example restricts access to two C class networks and
30 # the "loopback" interface. For more examples of the syntax see
31 # the smb.conf man page
32 ; hosts allow = 192.168.1. 192.168.2.0./24 192.168.3.0/255.255.255.0 127.0.0.1
34 # Uncomment this if you want a guest account, you must add this to /etc/passwd
35 # otherwise the user "nobody" is used
36 ; guest account = pcguest
38 # this tells Samba to use a separate log file for each machine
39 # that connects
40 log file = /usr/local/samba/var/log.%m
42 # How much information do you want to see in the logs?
43 # default is only to log critical messages
44 ; log level = 1
46 # Put a capping on the size of the log files (in Kb).
47 max log size = 50
49 # Security mode. Most people will want user level security. See
50 # security_level.txt for details.
51 security = user
53 # Using the following line enables you to customise your configuration
54 # on a per machine basis. The %m gets replaced with the netbios name
55 # of the machine that is connecting.
56 # Note: Consider carefully the location in the configuration file of
57 # this line. The included file is read at that point.
58 ; include = /usr/local/samba/lib/smb.conf.%m
60 # Most people will find that this option gives better performance.
61 # See speed.txt and the manual pages for details
62 # You may want to add the following on a Linux system:
63 # SO_RCVBUF=8192 SO_SNDBUF=8192
64 ; socket options = TCP_NODELAY
66 # Configure Samba to use multiple interfaces
67 # If you have multiple network interfaces and want to limit smbd will
68 # use, list the ones desired here. Otherwise smbd & nmbd will bind to all
69 # active interfaces on the system. See the man page for details.
70 ; interfaces = 192.168.12.2/24 192.168.13.2/24
72 # Should smbd report that it has MS-DFS Capabilities? Only available
73 # if --with-msdfs was passed to ./configure
74 ; host msdfs = yes
76 ##
77 ## Network Browsing
78 ##
79 # set local master to no if you don't want Samba to become a master
80 # browser on your network. Otherwise the normal election rules apply
81 ; local master = no
83 # OS Level determines the precedence of this server in master browser
84 # elections. The default value (20) should be reasonable
85 ; os level = 20
87 # Domain Master specifies Samba to be the Domain Master Browser. This
88 # allows Samba to collate browse lists between subnets. Don't use this
89 # if you already have a Windows NT domain controller doing this job
90 ; domain master = yes
92 # Preferred Master causes Samba to force a local browser election on startup
93 # and gives it a slightly higher chance of winning the election
94 ; preferred master = yes
97 ##
98 ## WINS & Name Resolution
99 ##
100 # Windows Internet Name Serving Support Section:
101 # WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
102 ; wins support = yes
104 # WINS Server - Tells the NMBD components of Samba to be a WINS Client
105 # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
106 ; wins server = w.x.y.z
108 # WINS Proxy - Tells Samba to answer name resolution queries on
109 # behalf of a non WINS capable client, for this to work there must be
110 # at least one WINS Server on the network. The default is NO.
111 ; wins proxy = yes
113 # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
114 # via DNS nslookups.
115 dns proxy = no
118 ##
119 ## Passwords & Authentication
120 ##
121 # Use password server option only with security = server
122 # The argument list may include:
123 # password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
124 # or to auto-locate the domain controller/s
125 ; password server = *
126 ; password server = <NT-Server-Name>
128 # You may wish to use password encryption. Please read
129 # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
130 # Do not enable this option unless you have read those documents
131 ; encrypt passwords = yes
133 # Should smbd obey the session and account lines in /etc/pam.d/samba ?
134 # only available if --with-pam was used at compile time
135 ; obey pam restrictions = yes
137 # When using encrypted passwords, Samba can synchronize the local
138 # UNIX password as well. You will also need the "passwd chat" parameters
139 ; unix password sync = yes
141 # how should smbd talk to the local system when changing a UNIX
142 # password? See smb.conf(5) for details
143 ; passwd chat = <custom chat string>
145 # This is only available if you compiled Samba to include --with-pam
146 # Use PAM for changing the password
147 ; pam password change = yes
149 ##
150 ## Domain Control
151 ##
152 # Enable this if you want Samba act as a domain controller.
153 # make sure you have read the Samba-PDC-HOWTO included in the documentation
154 # before enabling this parameter
155 ; domain logons = yes
157 # if you enable domain logons then you may want a per-machine or
158 # per user logon script
159 # run a specific logon batch file per workstation (machine)
160 ; logon script = %m.bat
161 # run a specific logon batch file per username
162 ; logon script = %U.bat
164 # Where to store roving profiles (only for Win95 and WinNT)
165 # %L substitutes for this servers netbios name, %U is username
166 # You must uncomment the [Profiles] share below
167 ; logon path = \\%L\Profiles\%U
169 # UNC path specifying the network location of the user's home directory
170 # only used when acting as a DC for WinNT/2k/XP. Ignored by Win9x clients
171 ; logon home = \\%L\%U
173 # What drive should the "logon home" be mounted at upon login ?
174 # only used when acting as a DC for WinNT/2k/XP. Ignored by Win9x clients
175 ; logon drive = H:
177 ##
178 ## Printing
179 ##
181 # If you want to automatically load your printer list rather
182 # than setting them up individually then you'll need this
183 load printers = yes
185 # you may wish to override the location of the printcap file
186 ; printcap name = /etc/printcap
188 # on SystemV system setting printcap name to lpstat should allow
189 # you to automatically obtain a printer list from the SystemV spool
190 # system
191 ; printcap name = lpstat
193 # It should not be necessary to specify the print system type unless
194 # it is non-standard. Currently supported print systems include:
195 # bsd, sysv, plp, lprng, aix, hpux, qnx
196 ; printing = bsd
198 # Enable this to make Samba 2.2 behavior just like Samba 2.0
199 # not recommended nuless you are sure of what you are doing
200 ; disable spoolss = yes
202 # list of users and groups which should be able to remotely manage
203 # printer drivers installed on the server
204 ; printer admin = root, +ntadmin
207 ##
208 ## Winbind
209 ##
211 # specify the uid range which can be used by winbindd
212 # to allocate uids for Windows users as necessary
213 ; winbind uid = 10000-65000
215 # specify the uid range which can be used by winbindd
216 # to allocate uids for Windows users as necessary
217 ; winbind gid = 10000-65000
219 # Define a home directory to be given to passwd(5) style entries
220 # generated by libnss_winbind.so. You can use variables here
221 ; winbind template homedir = /home/%D/%U
223 # Specify a shell for all winbind user entries return by the
224 # libnss_winbind.so library.
225 ; winbind template shell = /bin/sh
227 # What character should be used to separate the DOMAIN and Username
228 # for a Windows user. The default is DOMAIN\user, but many people
229 # prefer DOMAIN+user
230 ; winbind separator = +
233 #============================ Share Definitions ==============================
234 [homes]
235 comment = Home Directories
236 browseable = no
237 writable = yes
238 valid users = %S
240 # Un-comment the following and create the netlogon directory for Domain Logons
241 ; [netlogon]
242 ; comment = Network Logon Service
243 ; path = /usr/local/samba/lib/netlogon
244 ; guest ok = yes
245 ; writable = no
246 ; share modes = no
249 # Un-comment the following to provide a specific roving profile share
250 # the default is to use the user's home directory
251 ;[Profiles]
252 ; path = /usr/local/samba/profiles
253 ; browseable = no
254 ; guest ok = yes
257 # NOTE: If you have a BSD-style print system there is no need to
258 # specifically define each individual printer
259 [printers]
260 comment = All Printers
261 path = /usr/spool/samba
262 browseable = no
263 # Set public = yes to allow user 'guest account' to print
264 guest ok = no
265 writable = no
266 printable = yes
268 # This one is useful for people to share files
269 #[tmp]
270 # comment = Temporary file space
271 # path = /tmp
272 # read only = no
273 # public = yes
276 # MS-DFS support is only available if Samba was compiled to
277 # include --with-msdfs
278 ;[dfsroot]
279 ; dfs root = yes
282 # A publicly accessible directory, but read only, except for people in
283 # the "staff" group
284 ;[public]
285 ; comment = Public Stuff
286 ; path = /home/samba
287 ; public = yes
288 ; writable = yes
289 ; printable = no
290 ; write list = @staff
293 ##
294 ## Other examples.
295 ##
297 # A private printer, usable only by fred. Spool data will be placed in fred's
298 # home directory. Note that fred must have write access to the spool directory,
299 # wherever it is.
300 #[fredsprn]
301 # comment = Fred's Printer
302 # valid users = fred
303 # path = /homes/fred
304 # printer = freds_printer
305 # public = no
306 # writable = no
307 # printable = yes
309 # A private directory, usable only by fred. Note that fred requires write
310 # access to the directory.
311 #[fredsdir]
312 # comment = Fred's Service
313 # path = /usr/somewhere/private
314 # valid users = fred
315 # public = no
316 # writable = yes
317 # printable = no
319 # a service which has a different directory for each machine that connects
320 # this allows you to tailor configurations to incoming machines. You could
321 # also use the %U option to tailor it by user name.
322 # The %m gets replaced with the machine name that is connecting.
323 #[pchome]
324 # comment = PC Directories
325 # path = /usr/pc/%m
326 # public = no
327 # writable = yes
329 # A publicly accessible directory, read/write to all users. Note that all files
330 # created in the directory by users will be owned by the default user, so
331 # any user with access can delete any other user's files. Obviously this
332 # directory must be writable by the default user. Another user could of course
333 # be specified, in which case all files would be owned by that user instead.
334 #[public]
335 # path = /usr/somewhere/else/public
336 # public = yes
337 # only guest = yes
338 # writable = yes
339 # printable = no
341 # The following two entries demonstrate how to share a directory so that two
342 # users can place files there that will be owned by the specific users. In this
343 # setup, the directory should be writable by both users and should have the
344 # sticky bit set on it to prevent abuse. Obviously this could be extended to
345 # as many users as required.
346 #[myshare]
347 # comment = Mary's and Fred's stuff
348 # path = /usr/somewhere/shared
349 # valid users = mary fred
350 # public = no
351 # writable = yes
352 # printable = no
353 # create mask = 0765