I have just realised that I missed some share definitions in this conf file. I will add them when I can.


  1. name of this machine on the network (doesn't have to be the same
  2. as the hostname

netbios name = SERVER

  1. workgroup = NT-Domain-Name or Workgroup-Name

workgroup = WLUG

  1. server string is the equivalent of the NT Description field

server string = WaikatoLinuxUsersGroup PDC Server

  1. This option is important for security. It allows you to restrict
  2. connections to machines which are on your local network.

hosts allow = 192.168.0.

  1. this tells Samba to use a separate log file for each machine
  2. that connects

log file = /var/log/samba/%m.log

  1. Put a capping on the size of the log files (in Kb).

max log size = 0

  1. Security mode. Most people will want user level security. See
  2. security_level.txt for details.

security = user

  1. Password Level allows matching of n characters of the password for
  2. all combinations of upper and lower case.

password level = 8 username level = 8

  1. You may wish to use password encryption. Please read
  2. ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
  3. Do not enable this option unless you have read those documents

encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd

  1. The following is needed to keep smbclient from spouting spurious errors
  2. when Samba is built with support for SSL.

ssl CA certFile = /usr/share/ssl/certs/ca-bundle.crt

  1. The following are needed to allow password changing from Windows to
  2. update the Linux sytsem password also.
  3. NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above.
  4. NOTE2: You do NOT need these to allow workstations to change only
  5. the encrypted SMB passwords. They allow the Unix password
  6. to be kept in sync with the SMB password.

unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = New*password %n\n Retype*new*password %n\n \

  • passwd:all*authentication*tokens*updated*successfully
  1. You can use PAM's password change control flag for Samba. If
  2. enabled, then PAM will be used for password changes when requested
  3. by an SMB client instead of the program listed in passwd program.
  4. It should be possible to enable this without changing your passwd
  5. chat parameter for most setups.

pam password change = yes

  1. Unix users can map to different SMB User names
  2. username map = /etc/samba/smbusers
  3. This parameter will control whether or not Samba should obey PAM's
  4. account and session management directives. The default behavior is
  5. to use PAM for clear text authentication only and to ignore any
  6. account or session management. Note that Samba always ignores PAM
  7. for authentication in the case of encrypt passwords = yes

obey pam restrictions = no

  1. Most people will find that this option gives better performance.
  2. See speed.txt and the manual pages for details

socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

  1. Configure Samba to use multiple interfaces
  2. If you have multiple network interfaces then you must list them
  3. here. See the man page for details.

interfaces =

  1. Configure remote browse list synchronisation here
  2. request announcement to, or browse list sync from:
  3. a specific host or from / to a whole subnet (see below)
  4. remote browse sync =
  5. Cause this host to announce itself to local subnets here

remote announce =

  1. Browser Control Options:
  2. set local master to no if you don't want Samba to become a master
  3. browser on your network. Otherwise the normal election rules apply

local master = yes

  1. OS Level determines the precedence of this server in master browser
  2. elections. The default value should be reasonable

os level = 64

  1. Domain Master specifies Samba to be the Domain Master Browser. This
  2. allows Samba to collate browse lists between subnets. Don't use this
  3. if you already have a Windows NT domain controller doing this job

domain master = yes

  1. Preferred Master causes Samba to force a local browser election on
  2. startup and gives it a slightly higher chance of winning the election

preferred master = yes

  1. Enable this if you want Samba to be a domain logon server for
  2. Windows workstations.

domain logons = yes

  1. if you enable domain logons then you may want a per-machine or
  2. per user logon script
  3. run a specific logon batch file per workstation (machine)
  4. logon script = %m.bat
  5. run a specific logon batch file per username
  6. logon script = %U.bat
  7. Where to store roving profiles (only for Win95 and WinNT)
  8. %L substitutes for this servers netbios name, %U is username
  9. You must uncomment the [Profiles? share below

logon path = \\%L\Profiles\%U

  1. Windows Internet Name Serving Support Section:
  2. WINS Support - Tells the NMBD component of Samba to enable it's
  3. WINS Server

wins support = yes

logon drive = Z: logon home = \\%L\%U

  1. WINS Server - Tells the NMBD components of Samba to be a WINS Client
  2. Note: Samba can be either a WINS Server, or a WINS Client, but
  3. NOT both
  4. wins server = w.x.y.z
  5. WINS Proxy - Tells Samba to answer name resolution queries on
  6. behalf of a non WINS capable client, for this to work there must be
  7. at least one WINS Server on the network. The default is NO.
  8. wins proxy = yes
  9. DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
  10. via DNS nslookups. The built-in default for versions 1.9.17 is yes,
  11. this has been changed in version 1.9.18 to no.
  12. dns proxy = no
  13. Case Preservation can be handy - system default is no
  14. NOTE: These can be set on a per share basis
  15. preserve case = no
  16. short preserve case = no
  17. Default case is normally upper case for all DOS files

default case = lower

  1. Be very careful with case sensitivity - it can break things!

case sensitive = no

  1. Script to run when adding users/machines to the domain

add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false \

  • M %u
  1. If you're on Debian, you can use the following line:
  2. add user script = /usr/sbin/adduser --home /dev/null \
  3. --ingroup machines --shell /bin/false --no-create-home \
  4. --disabled-login --gecos "SAMBA Machine Account" --force-badname %u