[global?
- name of this machine on the network (doesn't have to be the same
- as the hostname
netbios name = SERVER
- workgroup = NT-Domain-Name or Workgroup-Name
workgroup = WLUG
- server string is the equivalent of the NT Description field
server string = WaikatoLinuxUsersGroup PDC Server
- This option is important for security. It allows you to restrict
- connections to machines which are on your local network.
hosts allow = 192.168.0.
- this tells Samba to use a separate log file for each machine
- that connects
log file = /var/log/samba/%m.log
- Put a capping on the size of the log files (in Kb).
max log size = 0
- Security mode. Most people will want user level security. See
- security_level.txt for details.
security = user
- Password Level allows matching of n characters of the password for
- all combinations of upper and lower case.
password level = 8 username level = 8
- You may wish to use password encryption. Please read
- ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
- Do not enable this option unless you have read those documents
encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd
- The following is needed to keep smbclient from spouting spurious errors
- when Samba is built with support for SSL.
ssl CA certFile = /usr/share/ssl/certs/ca-bundle.crt
- The following are needed to allow password changing from Windows to
- update the Linux sytsem password also.
- NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above.
- NOTE2: You do NOT need these to allow workstations to change only
- the encrypted SMB passwords. They allow the Unix password
- to be kept in sync with the SMB password.
unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = New*password %n\n Retype*new*password %n\n \
- passwd:all*authentication*tokens*updated*successfully
- You can use PAM's password change control flag for Samba. If
- enabled, then PAM will be used for password changes when requested
- by an SMB client instead of the program listed in passwd program.
- It should be possible to enable this without changing your passwd
- chat parameter for most setups.
pam password change = yes
- Unix users can map to different SMB User names
- username map = /etc/samba/smbusers
- This parameter will control whether or not Samba should obey PAM's
- account and session management directives. The default behavior is
- to use PAM for clear text authentication only and to ignore any
- account or session management. Note that Samba always ignores PAM
- for authentication in the case of encrypt passwords = yes
obey pam restrictions = no
- Most people will find that this option gives better performance.
- See speed.txt and the manual pages for details
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
- Configure Samba to use multiple interfaces
- If you have multiple network interfaces then you must list them
- here. See the man page for details.
interfaces = 192.168.0.254/24
- Configure remote browse list synchronisation here
- request announcement to, or browse list sync from:
- a specific host or from / to a whole subnet (see below)
- remote browse sync = 192.168.3.25 192.168.5.255
- Cause this host to announce itself to local subnets here
remote announce = 192.168.0.255
- Browser Control Options:
- set local master to no if you don't want Samba to become a master
- browser on your network. Otherwise the normal election rules apply
local master = yes
- OS Level determines the precedence of this server in master browser
- elections. The default value should be reasonable
os level = 64
- Domain Master specifies Samba to be the Domain Master Browser. This
- allows Samba to collate browse lists between subnets. Don't use this
- if you already have a Windows NT domain controller doing this job
domain master = yes
- Preferred Master causes Samba to force a local browser election on
- startup and gives it a slightly higher chance of winning the election
preferred master = yes
- Enable this if you want Samba to be a domain logon server for
- Windows95 workstations.
domain logons = yes
- if you enable domain logons then you may want a per-machine or
- per user logon script
- run a specific logon batch file per workstation (machine)
- logon script = %m.bat
- run a specific logon batch file per username
- logon script = %U.bat
- Where to store roving profiles (only for Win95 and WinNT)
- %L substitutes for this servers netbios name, %U is username
- You must uncomment the [Profiles? share below
logon path = \\%L\Profiles\%U
- Windows Internet Name Serving Support Section:
- WINS Support - Tells the NMBD component of Samba to enable it's
- WINS Server
wins support = yes
logon drive = Z: logon home = \\server\%u
- WINS Server - Tells the NMBD components of Samba to be a WINS Client
- Note: Samba can be either a WINS Server, or a WINS Client, but
- NOT both
- wins server = w.x.y.z
- WINS Proxy - Tells Samba to answer name resolution queries on
- behalf of a non WINS capable client, for this to work there must be
- at least one WINS Server on the network. The default is NO.
- wins proxy = yes
- DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
- via DNS nslookups. The built-in default for versions 1.9.17 is yes,
- this has been changed in version 1.9.18 to no.
- dns proxy = no
- Case Preservation can be handy - system default is no
- NOTE: These can be set on a per share basis
- preserve case = no
- short preserve case = no
- Default case is normally upper case for all DOS files
default case = lower
- Be very careful with case sensitivity - it can break things!
case sensitive = no
- Script to run when adding users/machines to the domain
add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false \
- M %u
One page links to smb.PDC.conf: