version 10, including all changes.
.
Rev |
Author |
# |
Line |
7 |
GavinGrieve |
1 |
!I have just realised that I missed some share definitions in this conf file. I will add them when I can. |
6 |
CraigBox |
2 |
|
1 |
GavinGrieve |
3 |
[[global] |
3 |
GavinGrieve |
4 |
# name of this machine on the network (doesn't have to be the same |
|
|
5 |
# as the hostname |
1 |
GavinGrieve |
6 |
netbios name = SERVER |
|
|
7 |
|
|
|
8 |
# workgroup = NT-Domain-Name or Workgroup-Name |
|
|
9 |
workgroup = WLUG |
|
|
10 |
|
|
|
11 |
# server string is the equivalent of the NT Description field |
|
|
12 |
server string = WaikatoLinuxUsersGroup PDC Server |
|
|
13 |
|
|
|
14 |
# This option is important for security. It allows you to restrict |
|
|
15 |
# connections to machines which are on your local network. |
|
|
16 |
hosts allow = 192.168.0. |
|
|
17 |
|
|
|
18 |
# this tells Samba to use a separate log file for each machine |
|
|
19 |
# that connects |
|
|
20 |
log file = /var/log/samba/%m.log |
|
|
21 |
|
|
|
22 |
# Put a capping on the size of the log files (in Kb). |
|
|
23 |
max log size = 0 |
|
|
24 |
|
|
|
25 |
# Security mode. Most people will want user level security. See |
|
|
26 |
# security_level.txt for details. |
|
|
27 |
security = user |
|
|
28 |
|
|
|
29 |
# Password Level allows matching of _n_ characters of the password for |
|
|
30 |
# all combinations of upper and lower case. |
|
|
31 |
password level = 8 |
|
|
32 |
username level = 8 |
|
|
33 |
|
|
|
34 |
# You may wish to use password encryption. Please read |
|
|
35 |
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. |
|
|
36 |
# Do not enable this option unless you have read those documents |
|
|
37 |
encrypt passwords = yes |
|
|
38 |
smb passwd file = /etc/samba/smbpasswd |
|
|
39 |
|
|
|
40 |
# The following is needed to keep smbclient from spouting spurious errors |
|
|
41 |
# when Samba is built with support for SSL. |
|
|
42 |
ssl CA certFile = /usr/share/ssl/certs/ca-bundle.crt |
|
|
43 |
|
|
|
44 |
# The following are needed to allow password changing from Windows to |
|
|
45 |
# update the Linux sytsem password also. |
|
|
46 |
# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above. |
|
|
47 |
# NOTE2: You do NOT need these to allow workstations to change only |
|
|
48 |
# the encrypted SMB passwords. They allow the Unix password |
|
|
49 |
# to be kept in sync with the SMB password. |
|
|
50 |
unix password sync = Yes |
|
|
51 |
passwd program = /usr/bin/passwd %u |
2 |
GavinGrieve |
52 |
passwd chat = *New*password* %n\n *Retype*new*password* %n\n \ |
|
|
53 |
*passwd:*all*authentication*tokens*updated*successfully* |
1 |
GavinGrieve |
54 |
|
|
|
55 |
# You can use PAM's password change control flag for Samba. If |
|
|
56 |
# enabled, then PAM will be used for password changes when requested |
|
|
57 |
# by an SMB client instead of the program listed in passwd program. |
|
|
58 |
# It should be possible to enable this without changing your passwd |
|
|
59 |
# chat parameter for most setups. |
|
|
60 |
pam password change = yes |
|
|
61 |
|
|
|
62 |
# Unix users can map to different SMB User names |
|
|
63 |
# username map = /etc/samba/smbusers |
|
|
64 |
|
|
|
65 |
# This parameter will control whether or not Samba should obey PAM's |
|
|
66 |
# account and session management directives. The default behavior is |
|
|
67 |
# to use PAM for clear text authentication only and to ignore any |
|
|
68 |
# account or session management. Note that Samba always ignores PAM |
|
|
69 |
# for authentication in the case of encrypt passwords = yes |
|
|
70 |
obey pam restrictions = no |
|
|
71 |
|
|
|
72 |
# Most people will find that this option gives better performance. |
|
|
73 |
# See speed.txt and the manual pages for details |
|
|
74 |
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 |
|
|
75 |
|
|
|
76 |
# Configure Samba to use multiple interfaces |
|
|
77 |
# If you have multiple network interfaces then you must list them |
|
|
78 |
# here. See the man page for details. |
5 |
GavinGrieve |
79 |
interfaces = 192.168.0.254/24 |
1 |
GavinGrieve |
80 |
|
|
|
81 |
# Configure remote browse list synchronisation here |
|
|
82 |
# request announcement to, or browse list sync from: |
|
|
83 |
# a specific host or from / to a whole subnet (see below) |
|
|
84 |
# remote browse sync = 192.168.3.25 192.168.5.255 |
|
|
85 |
# Cause this host to announce itself to local subnets here |
5 |
GavinGrieve |
86 |
remote announce = 192.168.0.255 |
1 |
GavinGrieve |
87 |
|
|
|
88 |
# Browser Control Options: |
|
|
89 |
# set local master to no if you don't want Samba to become a master |
|
|
90 |
# browser on your network. Otherwise the normal election rules apply |
|
|
91 |
local master = yes |
|
|
92 |
|
|
|
93 |
# OS Level determines the precedence of this server in master browser |
|
|
94 |
# elections. The default value should be reasonable |
|
|
95 |
os level = 64 |
|
|
96 |
|
|
|
97 |
# Domain Master specifies Samba to be the Domain Master Browser. This |
|
|
98 |
# allows Samba to collate browse lists between subnets. Don't use this |
|
|
99 |
# if you already have a Windows NT domain controller doing this job |
|
|
100 |
domain master = yes |
|
|
101 |
|
4 |
GavinGrieve |
102 |
# Preferred Master causes Samba to force a local browser election on |
|
|
103 |
# startup and gives it a slightly higher chance of winning the election |
1 |
GavinGrieve |
104 |
preferred master = yes |
|
|
105 |
|
|
|
106 |
# Enable this if you want Samba to be a domain logon server for |
8 |
CraigBox |
107 |
# Windows workstations. |
1 |
GavinGrieve |
108 |
domain logons = yes |
|
|
109 |
|
|
|
110 |
# if you enable domain logons then you may want a per-machine or |
|
|
111 |
# per user logon script |
|
|
112 |
# run a specific logon batch file per workstation (machine) |
|
|
113 |
# logon script = %m.bat |
|
|
114 |
# run a specific logon batch file per username |
|
|
115 |
# logon script = %U.bat |
|
|
116 |
|
|
|
117 |
# Where to store roving profiles (only for Win95 and WinNT) |
|
|
118 |
# %L substitutes for this servers netbios name, %U is username |
|
|
119 |
# You must uncomment the [[Profiles] share below |
|
|
120 |
logon path = \\%L\Profiles\%U |
|
|
121 |
|
|
|
122 |
# Windows Internet Name Serving Support Section: |
4 |
GavinGrieve |
123 |
# WINS Support - Tells the NMBD component of Samba to enable it's |
|
|
124 |
# WINS Server |
1 |
GavinGrieve |
125 |
wins support = yes |
|
|
126 |
|
|
|
127 |
logon drive = Z: |
8 |
CraigBox |
128 |
logon home = \\%L\%U |
1 |
GavinGrieve |
129 |
|
|
|
130 |
# WINS Server - Tells the NMBD components of Samba to be a WINS Client |
4 |
GavinGrieve |
131 |
# Note: Samba can be either a WINS Server, or a WINS Client, but |
|
|
132 |
# NOT both |
1 |
GavinGrieve |
133 |
# wins server = w.x.y.z |
|
|
134 |
|
|
|
135 |
# WINS Proxy - Tells Samba to answer name resolution queries on |
|
|
136 |
# behalf of a non WINS capable client, for this to work there must be |
|
|
137 |
# at least one WINS Server on the network. The default is NO. |
|
|
138 |
# wins proxy = yes |
|
|
139 |
|
|
|
140 |
# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names |
|
|
141 |
# via DNS nslookups. The built-in default for versions 1.9.17 is yes, |
|
|
142 |
# this has been changed in version 1.9.18 to no. |
|
|
143 |
# dns proxy = no |
|
|
144 |
|
|
|
145 |
# Case Preservation can be handy - system default is _no_ |
|
|
146 |
# NOTE: These can be set on a per share basis |
|
|
147 |
# preserve case = no |
|
|
148 |
# short preserve case = no |
|
|
149 |
# Default case is normally upper case for all DOS files |
|
|
150 |
default case = lower |
|
|
151 |
# Be very careful with case sensitivity - it can break things! |
|
|
152 |
case sensitive = no |
|
|
153 |
|
|
|
154 |
# Script to run when adding users/machines to the domain |
4 |
GavinGrieve |
155 |
add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false \ |
|
|
156 |
-M %u |
8 |
CraigBox |
157 |
|
|
|
158 |
# If you're on Debian, you can use the following line: |
|
|
159 |
# add user script = /usr/sbin/adduser --home /dev/null \ |
9 |
CraigBox |
160 |
# --ingroup machines --shell /bin/false --no-create-home \ |
10 |
CraigBox |
161 |
# --disabled-login --gecos "SAMBA Machine Account" --force-badname %u |