| blob | 9f3dc4b56f31fd7bc2cfbc8b375d6b5b85e7d736 |
1 <html>
9 <p>Earlier in this book, we provided information on how to set
10 parameters inside the Samba configuration file, but rarely have we
11 shown an example of a complete file that can actually be used to run
12 a server. In this appendix, we provide examples of complete
13 configuration files for running Samba in the various modes
14 we've discussed. Using one of these examples, you
15 can run Samba as a workgroup authentication server, workgroup server,
16 primary domain controller, or domain member server.</p>
18 <p>We have kept the examples simple so that they have the most universal
19 application. They can be used as starting templates, which you can
20 easily modify to fit your own needs, to get a Samba server up and
21 running with minimal delay. The comments inside the files indicate
22 what needs to be changed, and how, to work on a particular system on
23 your network.</p>
31 <p>If your network is configured as a workgroup, adding a Samba server
32 is pretty simple. Samba even lets you add features, such as
33 user-level security and WINS, that would normally require an
41 <p>In a workgroup environment, Samba can be set up with share-level
42 security and without offering WINS name service. This works and is
43 simple, but we generally recommend that user-level security be
45 only takes a single parameter to enable Samba as a WINS server,
46 resulting in far better network efficiency.
48 that does it:</p>
53 netbios name = toltec
57 workgroup = METRAN
59 security = user
60 encrypt passwords = yes
62 # Run a WINS server
64 wins support = yes
66 # The following three lines ensure that the Samba
67 # server will maintain the role of master browser.
68 # Make sure no other Samba server has its OS level
69 # set higher than it is here.
71 local master = yes
72 preferred master = yes
73 os level = 65
75 # Make home directories on the server available to users.
77 [homes]
78 comment = %u's Home Directory
79 browsable = no
80 read only = no
81 map archive = yes
83 # This is a shared directory, accessible by all
84 # users. Use your own share name and path.
86 [d]
87 path = /d
88 create mask = 0700
89 read only = no</pre></blockquote>
91 <p>Generally, you will use a configuration file similar to this one when
93 workgroup.</p>
96 </div>
104 little different if another system—either a Samba server or
106 authentication. In this case, Samba is configured to use that server
107 for WINS. Here is a configuration file that does this:</p>
112 netbios name = mixtec
116 workgroup = METRAN
118 security = user
119 encrypt passwords = yes
122 # of your WINS server. If there is none,
123 # omit this line.
125 wins server = 172.16.1.1
127 # The OS level is set to 17 to allow
128 # this system to win over all Windows
129 # versions, but not the Samba server
130 # that uses the configuration file
131 # in the previous section.
133 os level = 17
135 [homes]
136 comment = %u's Home Directory
137 browsable = no
138 read only = no
140 # This is a shared directory, accessible by all
141 # users. Use your own share name and path.
143 [d]
144 path = /d
145 create mask = 0700
146 read only = no</pre></blockquote>
148 <p>Once you have a server in your workgroup handling authentication and
149 WINS, this is the configuration file to use when adding additional
150 Samba servers to the workgroup.</p>
153 </div>
156 </div>
164 <p>When operating in a Windows NT domain, Samba can act either as a
165 primary domain controller or as a domain member server.</p>
173 controller is more complicated than the other configurations.
174 However, the extra difficulty is offset by having a more secure
175 network and additional features such as logon scripts and roaming
176 profiles. In the following configuration file, we also include
177 support for a Microsoft Dfs share:</p>
182 netbios name = toltec
186 workgroup = METRAN
188 # Run a WINS server
190 wins support = yes
192 # Always act as the local master browser
193 # and domain master browser. Do not allow
194 # any other system to take over these roles!
196 domain master = yes
197 local master = yes
198 preferred master = yes
199 os level = 255
201 # Perform domain authentication.
203 security = user
204 encrypt passwords = yes
205 domain logons = yes
207 # The location of user profiles for Windows NT/2000/XP.
209 logon path = \\%L\profiles\%u\%m
211 # Users' Windows home directories and storage of Win95/98/Me roaming profiles.
213 logon drive = G:
214 logon home = \\toltec\%u\.win_profile\%m
216 # The following line is optional because
217 # Samba always offers NetBIOS time service.
218 # This causes it to also be advertised:
220 time server = yes
222 # The logon script used for all users,
223 # Relative to [netlogon] share directory.
225 logon script = logon.bat
227 # The group identifying administrative users.
228 # If you have domain users in the Domain Admins
231 domain admin group = root jay
233 # For adding machine accounts automatically.
234 # This example works on Linux. For other host
235 # operating systems, you might need a different
236 # command.
238 add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u
240 # Provide Microsoft Dfs support.
242 host msdfs = yes
244 # The netlogon share is required for
245 # functioning as the primary domain controller.
246 # Make sure the directory used for the path exists.
248 [netlogon]
249 path = /usr/local/samba/lib/netlogon
250 writable = no
251 browsable = no
253 # The profiles share is for storing
254 # Windows NT/2000/XP roaming profiles.
255 # Use your own path, and make sure
256 # the directory exists.
258 [profiles]
259 path = /home/samba-ntprof
260 writable = yes
261 create mask = 0600
262 directory mask = 0700
263 browsable = no
265 [homes]
266 comment = Home Directory
267 browsable = no
268 read only = no
269 map archive = yes
271 # The Dfs share.
272 # Use your own path, making
273 # sure the directory exists.
275 [dfs]
276 comment = Dfs share
277 path = /usr/local/samba/dfs
278 msdfs root = yes
280 # A shared directory, accessible by all domain users.
281 # Use your own share name and path.
283 [d]
284 comment = %u's Home Directory
285 path = /d
286 create mask = 0700
287 read only = no</pre></blockquote>
290 Samba as a primary domain controller, and see <a href="ch08.html">Chapter 8</a> for more information about setting up a
294 </div>
302 already has either a Samba PDC or Windows NT/2000 Server PDC,
303 additional Samba servers can be added as domain member servers using
304 the following configuration file:</p>
309 netbios name = mixtec
313 workgroup = METRAN
316 # IP address of your WINS server.
318 wins server = 172.16.1.1
320 os level = 33
322 security = domain
323 encrypt passwords = yes
324 password server = *
326 # Home directories.
328 [homes]
329 comment = %u's Home Directory
330 browsable = no
331 read only = no
332 map archive = yes
334 # This is an example printers
335 # share, which works for Linux.
337 [printers]
338 printable = yes
339 printing = BSD
340 print command = /usr/bin/lpr -P%p %s
341 path = /var/tmp
342 min print space = 2000
344 # A shared directory, accessible by all domain users.
345 # Use your own share name and path.
347 [d]
348 path = /d
349 create mask = 0755
350 read only = no</pre></blockquote>
353 printers with Samba.</p>
356 </div>
359 </div>
362 </body></html>