- -F. Sample Configuration File

This appendix gives an example of a production -smb.conf file and looks at how many of the options are used in practice. The following is a slightly disguised version of one we used at a corporation with five Linux servers, five Windows for Workgroups clients and three NT Workstation clients:

-# smb.conf -- File Server System for: 1 Example.COM  BSC & Management Office 
-[globals]
-	workgroup = 1EG_BSC
-	interfaces = 10.10.1.14/24

-We provide this service on only one of the machine's interfaces. The -interfaces option sets its address and netmask, where -/24 is the same as using the netmask 255.255.255.0:

-	comment = Samba ver. %v
-	preexec = csh -c `echo /usr/samba/bin/smbclient \
-                     -M %m -I %I` &

-We use the -preexec command to log information about all connections by machine name (%m) and IP address (%I):

-	# smbstatus will output various info on current status
-	status = yes
-	browseable = yes
-	printing = bsd
-
-	# the username that will be used for access to services
-	# specified with 'guest = ok'
-	guest account = samba

-The default guest account was -nobody, uid -1, which produced log messages on one of our machines saying "your server is being unfriendly," so we created a specific Samba guest account for browsing and printing:

-	# superuser account - admin privilages to shares, with no
-	# restrictions
-	# WARNING - use this with care: files can be modified,
-	# regardless of file permissions
-	admin users = root
-
-	# who is NOT allowed to connect to ANY service
-	invalid users = @wheel, mail, deamon, adt

-Daemons can't use Samba, only people. The -invalid -users option closes a security hole; it prevents intruders from breaking in by pretending to be a daemon process.

-	# hosts that are ALLOWED or DENIED from connecting to ANY service
-	hosts allow = 10.10.1.
-	hosts deny = 10.10.1.6
-	
-	# where the lock files will be located
-	lock directory = /var/lock/samba/locks
-		
-	# debug log files 
-	# %m = separate log for each NetBIOS name (each machine)
-	log file = /var/log/samba/log.%m
-
-	# We send priority 0, 1 and 2 messages to the system logs
-	syslog = 2
-		
-	# If a WinPopup message is sent to the server,
-	# redirect it to a user via e-mail
-	
-	message command = /bin/mail -s 'message from #% on %m' \
-						 pkelly < %s; rm %s
-
-# ---------------------------------------------------
-# [globals] Performance Tuning
-# ---------------------------------------------------
-	
-	# caching algorithm to reduce time doing getwd() calls.  
-	getwd cache = yes
-
-	socket options = TCP_NODELAY
-
-	# tell the server whether the client is present and
-	# responding in seconds
-	keep alive = 60
-
-	# num minutes of inactivity before a connection is
-	# considered dead
-	dead time = 30 
-
-	read prediction = yes
-	share modes = yes
-	max xmit = 17384 
-	read size = 512

-The -share -modes, -max, -xinit, and -read -size options are machine-specific (see Appendix B, Samba Performance Tuning):

-	# locking is done by the server
-	locking = yes
-
-	# control whether dos style attributes should be mapped
-	# to unix execute bits
-	map hidden = yes
-	map archive = yes
-	map system = yes

-The three -map options will work only on shares with a create mode that includes the execute bits (0111). Our -homes and -printers shares won't honor them, but the [www] share will:

-# ---------------------------------------------------------
-# [globals] Security and Domain Logon Services
-# ---------------------------------------------------------	
-# connections are made with UID and GID, not as shares
-	security = user
-
-# boolean variable that controls whether passwords
-# will be encrypted
-	encrypt passwords = yes
-	passwd chat = "*New password:*" %n\r "*New password (again):*" %n\r \ "*Password changed*"
-	passwd program = /usr/bin/passwd %u
-	
-# Always become the local master browser
-	domain master = yes
-	preferred master = yes
-	os level = 34
-	
-# For domain logons to work correctly. Samba acts as a
-# primary domain controller.
-	domain logons = yes
-	
-# Logon script to run for user off the server each time
-# username (%U) logs in.  Set the time, connect to shares,
-# virus checks, etc.
-	logon script = scripts\%U.bat
-
-[netlogon]
-	comment = "Domain Logon Services"
-	path = /u/netlogon
-	writable = yes
-	create mode = 444
-	guest ok = no
-	volume = "Network"

-This share, discussed in Chapter 6, Users, Security, and Domains, is required for Samba to work smoothly in a Windows NT domain:

-# -----------------------------------------------------------
-# [homes] User Home Directories
-# -----------------------------------------------------------
-[homes]
-	comment = "Home Directory for : %u "
-	path = /u/users/%u

-The password file of the Samba server specifies each person's home directory as -/home/machine_name/person, which NFS converts to point to the actual physicl location under -/u/users. The -path option in the -[homes] share tells Samba the actual (non-NFS) location:

-	guest ok = no
-	read only = no
-	create mode = 644
-	writable = yes
-	browseable = no 
-
-# -----------------------------------------------------------
-# [printers] System Printers
-# -----------------------------------------------------------
-[printers]
-	comment = "Printers"
-	path = /var/spool/lpd/samba
-	printcap name = /etc/printcap
-	printable = yes
-	public = no 
-	writable = no
-
-	lpq command = /usr/bin/lpq -P%p
-	lprm command = /usr/bin/lprm -P%p %j
-	lppause command = /usr/sbin/lpc stop %p
-	lpresume command = /usr/sbin/lpc start %p
-
-	create mode = 0700
-
-	browseable = no 
-	load printers = yes  
-
-# -----------------------------------------------------------
-# Specific Descriptions: [programs] [data] [retail]
-# -----------------------------------------------------------
-[programs]
-	comment = "Shared Programs %T"
-	volume = "programs"

-Shared Programs shows up in the Network Neighborhood, and -programs is the volume name you specify when an installation program wants to know the label of the CD-ROM from which it thinks it's loading:

-	path = /u/programs
-	public = yes
-	writeable = yes
-	printable = no
-	create mode = 664
-[cdrom]
-	comment = "Unix CDROM"
-	path = /u/cdrom
-	public = no 
-	writeable = no 
-	printable = no
-	volume = "cdrom"
-
-[data]
-	comment =  "Data Directories %T"
-	path = /u/data
-	public = no
-	create mode = 770
-	writeable = yes
-	volume = "data"
-
-[nt4]
-	comment =  "NT4 Server"
-	path = /u/systems/nt4
-	public = yes 
-	create mode = 770
-	writeable = yes
-	volume = "nt4_server"
-
-[www]
-	comment =  "WWW System"
-	path = /usr/www/http
-	public = yes 
-	create mode = 775
-	writeable = yes
-	volume = "www_system"

-The -[www] share is the directory used on the Unix server to serve web pages. Samba makes the directory available to local PC users so the art department can update web pages.

- -	- -
-D. Downloading Samba with CVS	- -	-

Using Samba

- -F. Sample Configuration File