# ------------------------------------------------- --------------------------------- #
# SMB Settings Reference Manual #
# # # # # # #
# ------------------------------------------------- --------------------------------- #
[global]
# ------------------------------------------------- -------------------------------- ## Workgroup = NT-DOMAIN-NAME or Workgroup-Name # Working Group Settings The local network uses the working group name (or a domain). Otherwise, Windows customers cannot discover this Samba server from their network neighbors. Of course, if you are setting up a domain, set security = domain into such Workgroup = sa119 # --------------------------- -------------------------------------------------- - #
# ------------------------------------------------- -------------------------------- ## Server string is the equivalent of the nt description Field # server string is A brief description of the local server, which will be used as the properties of this server, returns to #Browser, which is displayed in the Windows client as a description of this server. Server string = linux SMB # -------------------------------------------- ----------------------------------------------
# ------------------------------------------------- -------------------------------- ## this option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the "loopback" interface. for more examples of the syntax see # the smb.conf man page # can be used to restrict access to this samba The IP address range of the client's client to provide security restrictions. During the default, this line configuration is commented, that is, all customers can access this computer so that there is a certain security issue. # 0009 can be like this hosts allow = 192.168.0. The entire network number can be accessed, and the other will refuse to connect (note the last ".") Hosts allow = 192.168.0. # -------------- -------------------------------------------------- ------------------ #
# ------------------------------------------------- -------------------------------- ## if you want to automatically load your printer List Rather # Than Setting Them Up Individually Then Youll Need THIS # These settings are printer resources for setting the Samba server, and Load Printer = yes allows the Samba server to share the printer of the server. #printer? ......... I didn't ............. printcap name = / etc / printcapload printers = yes # ------------- -------------------------------------------------- ------------------- ## ----------------------------- -------------------------------------------------- - ## IT Should Not Be Necessary To Spell Out The Print System Type Unless Print Systems Include: # BSD, Sysv, PLP, Lprng, AIX, HPUX, QNX # Defines Print System Type printing = lprng # --------------------------------------------- ------------------------------------- #
# ------------------------------------------------- -------------------------------- ## uncomment this if you want a guest account, you must add this to / ETC / Passwd # OtherWise The User "Nobody" is used # Due to the Mircrosoft Customer No user's concept, sometimes the server with no user and password will be used, it is necessary to map this request to a user in the system. The Samba server can access the system safely. Guest Account defines such requests to correspond to user permissions under UNIX. For safety reasons, this account cannot be written in the system, usually add a private account, such as pcguest. If this setting is commented, the system defaults to perform a request for Windows customers using Nobody. It is recommended not to use Nobody users because many programs in the system use it default, so there is a security issue. #Weually, you can set the security = share in the following switch, so that the SMB service is working on the shared level, delete the Nobody account in the system, open guest account = pcguest (remove ";") # Add a SMB group in the system GroupAdd -g 300 SMB # Add SMB Visitor account UserAdd -u 300 -g 300 -d / dev / null -s / dev / null smBGUEST This will be used with SMBGUEST account to shoot access request # Note that when you put Security = user settings (SMB service is working in user level) One but verification failed, will return to Share level guest account = smbguest # --------------------- -------------------------------------------------- ----------- #
# ------------------------------------------------- --------------------------------- ## this tells samba to use a seat log file for each machine # That Connects # This defines the log file path of Samba,% m is used to represent the NetBIOS computer name from the access, and if the user-level authentication is used, the% U represents different login users. For example, access the log of the Samba server from a computer that is Cainiao, will be recorded in the /var/log/samba/cainiao.log file. # Some variables Description: #% s = Current Service Name #% P = The root of the current service #% u = User name #% g = Current user said in the main working group #% u = user current conversation A #% g = user's main working group #% h = Home directory #% v = Samba service version number of the home directory #% v = Samba service. #% h = host name #% m = client's NetBIOS name #% m = client name #% n = NIS server name #% P = NIS Server Name #% P = NIS Server Name #% P = NIS Server Name #% P = NIS Service Home Catalog #% R = Say the protocol level (value can be Core, CorePlus, lantn1, lanman2, nt1) #% d = ID #% a = client's system #% i = client IP #% T = Current date and time log file = /VAR/LOG/SAMBA /%I.log #-------------------------- -------------------------------------------------- ------ ## ------------------------------------------------------------------------------------------------------------------------------- ---------------------------------------- ## put a capping on the size of the Log Files (in kb). # max log size Defines the storage restrictions of each log file. The default is 0, (unlimited) # must be defined, prevent hard drives from being exploded ^ _ ^ max log size = 20 # --------------------- -------------------------------------------------- --------- #
# ------------------------------------------------- --------------------------------- ## security mode. Most People Will Want User Level Security. See # security_level. TXT for Details. # authentication, including simple shared grade authentication and user-level authentication. Unix uses user-level authentication methods for multi-user operating systems. When using user-level authentication, the Samba server uses the UNIX operating system to authenticate the user, which is an independent authentication method. Sometimes I hope that all servers use the same authentication database to be unified authentication, so there is a domain-based unified authentication mode. In one domain, users only need to authenticate through the domain controller, and other SMB servers in the domain will recognize the authentication of the domain controller. In order to support the Samba server support the domain authentication method, there are two different setup methods, one for real domain authentication, the other for server authentication, and configure the Samba server to verify the user through the server, this requires the specified security = server And specify the name of the Password Server as NT domain controller. The way the authentication server cannot provide some features provided in advance, but its applicable range is not limited to the domain, and the network using the workgroup can also use the unified authentication machine by unified authentication server. # A total of 4 service levels, named #Share: No security level, any user can not access resources on the server username and password. #user: Samba's default configuration requires users to provide username and password prior to access to shared resources. #server: and the User Security Level, but the username and password are submitted to another server to verify, such as submit to a #nt server. If the submits fail, it will be refunded to the USER security level to push it. #domain: This security level requires a Windows main domain controller on the network, and Samba submits the username and password to verify it. Security = share # ---------------------------------------------- ------------------------------------
# ------------------------------------------------- -------------------------------- ## USE Password Server Option Only with security = Server # The argument list may include : # Password server = my_pdc_name [my_bdc_name] # or to auto-locate the domain controller / s # password server = * # When the service level uses Server or Domain, they need to set this; Password Server =
# ------------------------------------------------- --------------------------------- ## Password Level Allows matching of _n_ character # all Combinations of Upper and lower case. # System When sending a user password, convert the password into a capital re-send, which is inconsistent with Samba's password, this parameter can set the number of uppercase letters allowed in the password, so Samba is based on this The number is case the received password is reorganized to try the correctness of the password with the reorganized password attempt. The larger the number, the more the number of combinations, the longer the verification time, and the safety will become lower. For example, n = 2, the user's password is ABCD, but it is actually ABCD. Samba will make this ABCD to select the recombination. The combined results can be: ABCD, ABCD, ABCD, ABCD, ABCD, ABCD, ABCD, ABCD, ABCD, ABCD, ABCD. So if there is no need, it is set to zero. In this case, Samba only tries twice, one is the received password, and the other is that this password is lowercase. UserName Level = 8 is similar. Password Level = 8; username level = 8 # --------------------------------------- ------------------------------------------ ## ----- -------------------------------------------------- --------------------------- ## you may wish ion. Please read # encryption.txt, win95.txt and winnt. TXT in the samba documentation. # do not enable this Option UNSS You Have Read Those Documents When authentication is performed, the encryption port is transmitted, so that security is guaranteed. Of course your Windows workstation should be supported. Because some old-fashioned Windows systems are not supported by default (Win95? It's not a few people now.) Encrypt passwords = YES # Defines SMB account password file path SMB Passwd file = / etc / samba / smbpasswd # ----- -------------------------------------------------- ---------------------------- #
# ------------------------------------------------- -------------------------------- ## The folload is needed to keep smbclient from spouting spurious errors #hen samba is BUILT WITH Support for SSL. # When using SSL mode, the location of the SSL certificate is defined here.; SSL CA CERTFILE = /usR/share/ssl/certs/ca-bundle.crt#--------- -------------------------------------------------- ----------------------- #
# ------------------------------------------------- -------------------------------- ## The folload area ueded to allow password Changing from windows to # Update the Linux sytsem password also # NOTE:. Use these with encrypt passwords and smb passwd file above # NOTE2:. You do NOT need these to allow workstations to change only # the encrypted SMB passwords They allow the Unix password # to be kept in sync with. The SMB Password. # Set whether you can synchronize UNIX, SMB password .unix password sync = yespasswd program = / usr / bin / passwd% upasswd chat = * new * password *% N / N * Retype * new * password *% N / N * passwd: * all * authentication * tokens * Updated * surcessful all * # --------------------------------- ------------------------------------------------- # ------------------------------------------------- -------------------------------- ## You can use pams password change control flag for samba. If # enabled, Then Pam Will Be Used for Password Changes When Requested # by an smb client instead of the program listed in passwd program. # it Should B E Possible to enable this without changing your passwd # Chat parameter for most setups.
Pam Password Change = YES # -------------------------------------------- ----------------------------------------------
# ------------------------------------------------- -------------------------------- ## UNIX Users CAN Map To Different SMB User Names # User Mapping Document Client The user is treated as a user root when the user is an admin or administrator connection. You can open / etc / samba / smbusers to see what is there?; Username map = / etc / samba / smbusers # ------------------------- -------------------------------------------------- -------- #
# ------------------------------------------------- ---------------------------------- ## using the folly Your Enables you to customize your configuration # on a per machineine Basis. THE% M gets replaced with the netbios name # of the machine That IS Connecting # Use different SMB.conf files for different connections. This makes the SMB server more powerful and flexible. Of course, behind the powerful flexibility, it will make the settings more complicated, so I didn't open this parameter. I am afraid ^ _ ^; include = /etc/samba/smb.conf.%M #---------------------------------------------------------------------------------------------------------------------------------------------------- -------------------------------------------------- - ## --------------------------------------------------------------------------------------------------------------------------------------------------------------- ------------------------------------ ## this parameter will control whather not samba shouth Obey Pams # account and session management directives. The default behavior is # to use PAM for clear text authentication only and to ignore any # account or session management. Note that Samba always ignores PAM # for authentication in the case of encrypt passwords = yes
Obey Pam Restrictions = YES # -------------------------------------------- ----------------------------------------------
# ------------------------------------------------- -------------------------------- ## MOST PEOPLE WILL FIND THAT this option gives. # See Speed. TXT and The Manual Pages for Details # is used to configure how to process TCP. Not very clear, not much nonsense. Who knows? Socket Options = TCP_NODELAY SO_RCVBUF = 8192 SO_SNDBUF = 8192 # ---------------------------------------- --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
# ------------------------------------------------- -------------------------------- ## configure samba to use multiple interfaces # if you have multiple network interfaces1 you Must List Them # Here. See The Man Page for Details. # This is the setting to bind the SMB service to a specific network interface. Other SMB service will run on all network interfaces. Interfaces = 192.168.12.2/24 192.168.13.2/24 # ------------------------------------ ---------------------------------------------- ## - -------------------------------------------------- ------------------------------ ## When accessing the shared resource, first get the list of resources in the network, default Lower Browser is maintained by each computer in the network. But there is no need to maintain a list of resources throughout the entire resource list, and the task of maintaining the current resource list is done by several special computers on the network, these computers are called Browser # configure Remote Browse List synchronisation here # Request Announcement to, OR browse list sync from: # a specific host or from / to a whole subnet (see below); remote browse sync = 192.168.3.25 192.168.5.255 # Cause this host to announce itself to local subnets here; remote announce = 192.168.1.255 192.168 .2.44 # ----------------------------------------------- ----------------------------------- #
# ------------------------------------------------- -------------------------------- ## Browser Control Options: # set local master to no if you dont want samba To Become A Master # Browser On Your Network. OtherWise THE NORMAL ELECTION Rules Apply # Set whether the SAM server can be used as the primary browser in the network; local master = no # -------------- -------------------------------------------------- ------------------ #
# ------------------------------------------------- -------------------------------- ## os Level Determines The Precedency of this Server in Master Browser # ELECTITIONS. Deasonable # Browser priority setting; OS Level = 33 # --------------------------------- -------------------------------------------------
# ------------------------------------------------- -------------------------------- ## domain master specifies samba to be the domain master browser. This # allows samba To Collate Browse Lists Between Subnets. DONT USE # if You Already Have A Windows NT Domain Controller Doing this job # Set whether the SMB server can do as a domain, if your network already has PDC (Main domain control Can't set here. Domain master = yes # ------------------------------------------------------------------------------------------------------------------------------------------------------ ----------------------------------------------
# ------------------------------------------------- --------------------------------- ## preferred master causes Samba to Force a local browser electric on startup # and gives IT a signally higher chance of winning the election; preferred master = yes # ----------------------------------- ------------------------------------------------ #
# ------------------------------------------------- -------------------------------- ## enable this if you want samba to be a domain logon server for # windows95 WorkStations. # Activate SMB domain login server. Domain logons = YES # -------------------------------------------- ----------------------------------------------
# ------------------------------------------------- -------------------------------- ## if you enable Domain logons the you may want a per-machine or # Per User Logon Script # Run A Specific Logon Batch File Per Workstation (Machine) # If you log in in Domain, you must set the login script. # Each workstation landing script. Logon script =% m.bat # ----------------------------------------- ----------------------------------------- #
# ------------------------------------------------- --------------------------------- ## Run a Specific Logon Batch File Per Username # Each user's landing script . Logon script =% u.bat # --------------------------------------------------------------------------------------------------------------------------------------------------------------- ---------------------------------------- ## ------- -------------------------------------------------- ------------------------- ## WHERE to Store Roving Profiles (Only for Win95 and Winnt) #% l Substitutions for this Servers Netbios Name,% U is username # you must uncomment the [profiles] Share Below; logon path = //% l / profiles /% u # ----------------------- -------------------------------------------------- --------- #
# ------------------------------------------------- -------------------------------- ## The following is some settings related to the WINS (Network Naming Service) server, I am not very clear, knowing friends, I can help with it. # Windows Internet Name Serving Support Section: # Wins Support - Tells The Nmbd Component of Samba To Enable ITS WINS Server; Wins Support = YES
# Wins Server - Tells The Nmbd Components of Samba To Be A Wins Client # Note: Samba Can Be Either A Wins Server, OR A WINS Client, But Not Both; Wins Server = W.x.y.z
# Wins proxy - Tells Samba to Answer Name Resolution Queries on # Behalf of a Non Wins Capable Client, for this to work there... The default is no .; wins proxy = yes
# DNS Proxy - Tells Samba WHETHER OR NOT To try to resolve netbios name # via DNS nslookups. The Built-in default for verses 1.9.17 is Yes, # this has been change in version 1.9.18 to no.dns proxy = NO # ------------------------------------------------- --------------------------------- #
# ------------------------------------------------- --------------------------------- ## case preservation can be beha Handy - System default is _no_ # Note: Thase Can Be set on a per share base # When setting a copy file; preserve case = no; short preserve case = no # --------------------- -------------------------------------------------- ----------- ## ------------------------------------- -------------------------------------------- ## Default Case IS NORMALLY UPPER CASE for All DOS FILES # Set whether the file name is uppercase or lowercase, change it into small, I like small, 嘿 ~ default case = limited # ------------- -------------------------------------------------- ----------------- #
# ------------------------------------------------- -------------------------------- ## Be Very Careful with Case Sensitivity - IT CAN Break Things! # Setting Is it sensitive, or no or add ";" CASE SENSITIVE = No # -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -------------------------------------------------- #
# ------------------------------------------------- -------------------------------- ## first look at these big parameters: # [xxxx]: Definition Share the name of the resource. #comment = xxxx: Define a description of the shared resource. #path = / home / share: Defines the physical path to the shared resource. #Writeable = YES | NO: Defines whether the directory can be written. #readonly = yes | No: Home! #Valid users = user (@group): Set the user or group that can access the shared resource. #invalid users = user (@group): Sets the user or group that disables access to the shared resource. #read list = user (@Group): Set the user or group that can read the shared resource. #WRITE LIST = User (@Group): Sets the user or group that can be read and written to the shared resource. #admin list = user (@group): Set the user or group that can manage the shared resource. #guest ok = yes | NO: Set whether the shared resource can be accessed by a guest account. #public = yes | NO: Also, it is different. #hide dot files = yes | No: Whether to display a hidden file. That is, "." Starts with the file. # Directory Mode 0755: Defines the permissions for the new directory. #CREATE MODE 0755: Defines the permissions of the new file. #Wide Links = YES | NO: Defines whether the connection symbol can be used. # Browseable = YES | NO: Network Browse table Show #MAX Connections = N The largest connection number #force create mode 0755 Forced file properties #force directory mode 0755 Forced Directory Properties #force User Force File Lord #Share MODCE = YES | No Whether the current user uses #Client Code Page = 950 Chinese setting # probably commonly used. One thing to note is that the permissions setup problem, such as: Defining a name: Tools shared resources. The path is / home / smbhome /, and you have used Writeable = YES or WRITE LIST = USER (@Group) to define it. But can't write, why? Please check the permissions of the / home / smbhome directory. That is to say, the permissions set by the system are higher than those set by SMB. # Let's use a list to explain how to set shares. Let's comment all the following fields that are not commented below. The default setting is unsafe. # 1. Build a shared share. You can access anonymously and can only read. User SMBUSER1 can write and read. # 2.groupadd -g 300 SMB / * Creating a SMB group * / # 3.UserAdd -u 300 -g 300 -d / dev / null -s / dev / null smbguest / * established guest account * / # 4.smbguest And you are defined in the guest account = SMBGUEST field.
# 5.Useradd -u 301 -g 300 -d / dev / null -s / dev / null smbuser1 / * Create SMBUSER1 account * / # 6.security = user / * Set the SMB service to user level * / # 7. MKDIR / Home / SMBHOME / * Establish / Home / SMBHOME Directory * / # 8.chown smbuser1 / home / smbhome / * Set the host * / # 9.chgrp SMB / Home / SMBHOME / * Settings Group * / # 10. Chmod 0775 / home / smbHome / * Setup Permissions * / # 11. SMBPASSWD -A SMBUSER1 / * Create a SMBUSER1 account and set a password. If SMBPASSWD does not work on your system, use SMBADDUSER. * / [share] comment = Linux SharePath = / Home / SMBHomeGuest OK = YESWRITE LIST = SMBUSER1PRINTABLE = NODIRECTORY MODE LINKS = No # Some Tips and Tips: # 推 Wetroke Use VI to modify because it can make your eyes feel Happy. # After the completion is complete, you need to restart the SMB service to make your settings take effect, you can use Service Smb Restart (if this instruction does not work on your system, you can try the following: /etc/rc.d/ InIT.D / Samba Restart or /etc/rc.d/init.d/smb restart) # You can use the TestParm | More command to test if your SMB.conf file has syntax errors and gives each parameter details Understanding the settings. # Hmomes This shared is special, and it is generally not set to the setting path to this directory. When the client issues a service request, then search the password file / etc / passwd get the user's Home directory. With the HOMES segment, Samba can get the user's Home directory and share it. # ------------------------------------------------- --------------------------------- ## --------------- ----------------- Share definitions ------------------------------- - # [homes] comment = Home Directoriesbrowseable = nowritable = yesvalid users =% Screate mode = 0755directory mode = 0755printable = nowide links = no # If you want users samba doesnt recognize to be mapped to a guest user; map to guest = bad user
# Un-comment the following and create the netlogon directory for Domain Logons; [netlogon]; comment = Network Logon Service; path = / usr / local / samba / lib / netlogon; guest ok = yes; writable = no; share modes = NO
# Un-comment the following to provide a specific roving profile share # the default is to use the users home directory; [Profiles]; path = / usr / local / samba / profiles; browseable = no; guest ok = yes # NOTE: If you have a BSD-style print system there is no need to # specifically define each individual printer; [printers]; comment = All Printers; path = / var / spool / samba; browseable = no # Set public = yes to allow user Guest account to print; guest ok = no; writable = NO; printable = yes
# This one is useful for people; [tmp]; comment = temporary file space; path = / tmp; read only = no; public = yes
# A publicly accessible directory, but read only, except for people in # the "staff" group; [public]; comment = Public Stuff; path = / home / samba; public = yes; writable = yes; printable = no; write List = @staff
... # Other examples ## A private printer, usable only by fred Spool data will be placed in freds # home directory Note that fred must have write access to the spool directory, # wherever it is;. [Fredsprn]; comment = Freds printer; valid users = fred; PATH = / home / fred; printer = freds_printer; public = no; writable = no; printable = yes
. # A private directory, usable only by fred Note that fred requires write # access to the directory;. [Fredsdir]; comment = Freds Service; path = / usr / somewhere / private; valid users = fred; public = no; writable = yes; printable = NO
# A service which has a different directory for each machine that connects # this allows you to tailor configurations to incoming machines. You could # also use the% U option to tailor it by user name. # The% m gets replaced with the machine name "[pchome]; comment = pc Directories; PATH = / usr / local / pc /% m; public = no; Writable = yes # a publicly accessible Directory, Read / Write To All Users. Note That All Files # created in the directory by users will be owned by the default user, so # any user with access can delete any other users files. Obviously this # directory must be writable by the default user. Another user could of course # be specified, in Which case all this user instead.; [public]; PATH = / usr / yes; only guest = yes; writable = yes; printable = no; print
# The following two entries demonstrate how to share a directory so that two # users can place files there that will be owned by the specific users. In this # setup, the directory should be writable by both users and should have the # sticky bit set on it to prevent abuse Obviously this could be extended to # as many users as required;.. [myshare]; comment = Marys and Freds stuff; path = / usr / somewhere / shared; valid users = mary fred; public = no; Writable = yes; printable = no; create mask = 0765
