+ +F. Sample Configuration File

This appendix gives an example of a production +smb.conf file and looks at how many of the options are used in practice. The following is a slightly disguised version of one we used at a corporation with five Linux servers, five Windows for Workgroups clients and three NT Workstation clients:

+# smb.conf -- File Server System for: 1 Example.COM  BSC & Management Office 
+[globals]
+	workgroup = 1EG_BSC
+	interfaces = 10.10.1.14/24

+We provide this service on only one of the machine's interfaces. The +interfaces option sets its address and netmask, where +/24 is the same as using the netmask 255.255.255.0:

+	comment = Samba ver. %v
+	preexec = csh -c `echo /usr/samba/bin/smbclient \
+                     -M %m -I %I` &

+We use the +preexec command to log information about all connections by machine name (%m) and IP address (%I):

+	# smbstatus will output various info on current status
+	status = yes
+	browseable = yes
+	printing = bsd
+
+	# the username that will be used for access to services
+	# specified with 'guest = ok'
+	guest account = samba

+The default guest account was +nobody, uid -1, which produced log messages on one of our machines saying "your server is being unfriendly," so we created a specific Samba guest account for browsing and printing:

+	# superuser account - admin privilages to shares, with no
+	# restrictions
+	# WARNING - use this with care: files can be modified,
+	# regardless of file permissions
+	admin users = root
+
+	# who is NOT allowed to connect to ANY service
+	invalid users = @wheel, mail, deamon, adt

+Daemons can't use Samba, only people. The +invalid +users option closes a security hole; it prevents intruders from breaking in by pretending to be a daemon process.

+	# hosts that are ALLOWED or DENIED from connecting to ANY service
+	hosts allow = 10.10.1.
+	hosts deny = 10.10.1.6
+	
+	# where the lock files will be located
+	lock directory = /var/lock/samba/locks
+		
+	# debug log files 
+	# %m = separate log for each NetBIOS name (each machine)
+	log file = /var/log/samba/log.%m
+
+	# We send priority 0, 1 and 2 messages to the system logs
+	syslog = 2
+		
+	# If a WinPopup message is sent to the server,
+	# redirect it to a user via e-mail
+	
+	message command = /bin/mail -s 'message from #% on %m' \
+						 pkelly < %s; rm %s
+
+# ---------------------------------------------------
+# [globals] Performance Tuning
+# ---------------------------------------------------
+	
+	# caching algorithm to reduce time doing getwd() calls.  
+	getwd cache = yes
+
+	socket options = TCP_NODELAY
+
+	# tell the server whether the client is present and
+	# responding in seconds
+	keep alive = 60
+
+	# num minutes of inactivity before a connection is
+	# considered dead
+	dead time = 30 
+
+	read prediction = yes
+	share modes = yes
+	max xmit = 17384 
+	read size = 512

+The +share +modes, +max, +xinit, and +read +size options are machine-specific (see Appendix B, Samba Performance Tuning):

+	# locking is done by the server
+	locking = yes
+
+	# control whether dos style attributes should be mapped
+	# to unix execute bits
+	map hidden = yes
+	map archive = yes
+	map system = yes

+The three +map options will work only on shares with a create mode that includes the execute bits (0111). Our +homes and +printers shares won't honor them, but the [www] share will:

+# ---------------------------------------------------------
+# [globals] Security and Domain Logon Services
+# ---------------------------------------------------------	
+# connections are made with UID and GID, not as shares
+	security = user
+
+# boolean variable that controls whether passwords
+# will be encrypted
+	encrypt passwords = yes
+	passwd chat = "*New password:*" %n\r "*New password (again):*" %n\r \ "*Password changed*"
+	passwd program = /usr/bin/passwd %u
+	
+# Always become the local master browser
+	domain master = yes
+	preferred master = yes
+	os level = 34
+	
+# For domain logons to work correctly. Samba acts as a
+# primary domain controller.
+	domain logons = yes
+	
+# Logon script to run for user off the server each time
+# username (%U) logs in.  Set the time, connect to shares,
+# virus checks, etc.
+	logon script = scripts\%U.bat
+
+[netlogon]
+	comment = "Domain Logon Services"
+	path = /u/netlogon
+	writable = yes
+	create mode = 444
+	guest ok = no
+	volume = "Network"

+This share, discussed in Chapter 6, Users, Security, and Domains, is required for Samba to work smoothly in a Windows NT domain:

+# -----------------------------------------------------------
+# [homes] User Home Directories
+# -----------------------------------------------------------
+[homes]
+	comment = "Home Directory for : %u "
+	path = /u/users/%u

+The password file of the Samba server specifies each person's home directory as +/home/machine_name/person, which NFS converts to point to the actual physicl location under +/u/users. The +path option in the +[homes] share tells Samba the actual (non-NFS) location:

+	guest ok = no
+	read only = no
+	create mode = 644
+	writable = yes
+	browseable = no 
+
+# -----------------------------------------------------------
+# [printers] System Printers
+# -----------------------------------------------------------
+[printers]
+	comment = "Printers"
+	path = /var/spool/lpd/samba
+	printcap name = /etc/printcap
+	printable = yes
+	public = no 
+	writable = no
+
+	lpq command = /usr/bin/lpq -P%p
+	lprm command = /usr/bin/lprm -P%p %j
+	lppause command = /usr/sbin/lpc stop %p
+	lpresume command = /usr/sbin/lpc start %p
+
+	create mode = 0700
+
+	browseable = no 
+	load printers = yes  
+
+# -----------------------------------------------------------
+# Specific Descriptions: [programs] [data] [retail]
+# -----------------------------------------------------------
+[programs]
+	comment = "Shared Programs %T"
+	volume = "programs"

+Shared Programs shows up in the Network Neighborhood, and +programs is the volume name you specify when an installation program wants to know the label of the CD-ROM from which it thinks it's loading:

+	path = /u/programs
+	public = yes
+	writeable = yes
+	printable = no
+	create mode = 664
+[cdrom]
+	comment = "Unix CDROM"
+	path = /u/cdrom
+	public = no 
+	writeable = no 
+	printable = no
+	volume = "cdrom"
+
+[data]
+	comment =  "Data Directories %T"
+	path = /u/data
+	public = no
+	create mode = 770
+	writeable = yes
+	volume = "data"
+
+[nt4]
+	comment =  "NT4 Server"
+	path = /u/systems/nt4
+	public = yes 
+	create mode = 770
+	writeable = yes
+	volume = "nt4_server"
+
+[www]
+	comment =  "WWW System"
+	path = /usr/www/http
+	public = yes 
+	create mode = 775
+	writeable = yes
+	volume = "www_system"

+The +[www] share is the directory used on the Unix server to serve web pages. Samba makes the directory available to local PC users so the art department can update web pages.

+ +	+ +
+D. Downloading Samba with CVS	+ +	+

Using Samba

+ +F. Sample Configuration File