# This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options (perhaps too # many!) most of which are not shown in this example # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentry and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command "testparm" # to check that you have not made any basic syntactic errors. # #======================= Global Settings ===================================== [global] # Set the log (verbosity) level (0 <= log level <= 10) # log level = 3 # log file = /var/log/samba/log.%m ; max log size = 50 netbios name = ELMO workgroup = SHIRLEY host msdfs = yes server string = Mandrake 10.1 Samba Server %v hosts allow = 127. 192.168.4. 192.168.5. 192.168.6. 192.168.8. 192.168.128. 192.168.129. 192.168.0. hosts deny = 0.0.0.0/0 # interfaces = lo eth0 interfaces = lo eth0 eth2 bind interfaces only = yes remote browse sync = 192.168.128.1 # remote browse sync = 192.168.128.255 192.168.0.255 # remote announce = 192.168.4.255/SHIRLEY \ # 192.168.128.1/KCS 192.168.128.255/OFFICE # 192.168.0.201/HARVEY os level = 33 domain master = yes preferred master = yes local master = yes wins support = yes domain logons = yes guest account = smbguest security = user encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd username map = /etc/samba/smbusers # Password Level allows matching of _n_ characters of the password for # all combinations of upper and lower case. ; password level = 8 ; username level = 8 unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* # 12/15/02 null passwords = yes printing = cups # printing = sysv printcap name = cups load printers = yes printer admin = @lanadmin show add printer wizard = no #### print command = is ignored due to compiled with cups # using client side printer drivers. print command = /usr/bin/lpr-cups -r -P'%p' -J %J -o raw %s # using cups own drivers (use generic PostScript on clients). ; print command = /usr/bin/lpr-cups -r -P'%p' -J %J %s ; print command = /bin/cat %s > /tmp/printed.file lpq command = /usr/bin/lpq-cups -P'%p' lprm command = /usr/bin/lrpm-cups -P'%p' %j lppause command = /usr/bin/lp-cups -i %j -H hold lpresume command = /usr/bin/lp-cups -i %j -H resume queuepause command = /usr/bin/disable %p queueresume command = /usr/bin/enable %p preserve case = yes short preserve case = yes # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting ; include = /etc/samba/smb.conf.%m # 5. Browser Control and Networking Options: # Most people will find that this option gives better performance. # See speed.txt and the manual pages for details socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_KEEPALIVE # if you enable domain logons then you may want a per-machine or # per user logon script # run a specific logon batch file per workstation (machine) ; logon script = %m.bat # run a specific logon batch file per username # logon script = %m.bat # logon script = %G.bat logon script = %U.bat # Where to store roaming profiles for WinNT and Win2k # %L substitutes for this servers netbios name, %U is username # You must uncomment the [Profiles] share below logon path = \\%L\Profiles\%U # Where to store roaming profiles for Win9x. Be careful with this as it also # impacts where Win2k finds it's /HOME share logon home = \\%L\%U\.profile # logon drive = M: logon drive = Z: # The add user script is used by a domain member to add local user accounts # that have been authenticated by the domain controller, or by the domain # controller to add local machine accounts when adding machines to the domain. # The script must work from the command line when replacing the macros, # or the operation will fail. Check that groups exist if forcing a group. # Script for domain controller for adding machines: ; add user script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine Account' -s /bin/false -M %u # Script for domain member for addig local accounts for authenticated users: ; add user script = /usr/sbin/useradd -s /bin/false %u # 7. Name Resolution Options: # All NetBIOS names must be resolved to IP Addresses # 'Name Resolve Order' allows the named resolution mechanism to be specified # the default order is "host lmhosts wins bcast". "host" means use the unix # system gethostbyname() function call that will use either /etc/hosts OR # DNS or NIS depending on the settings of /etc/host.config, /etc/nsswitch.conf # and the /etc/resolv.conf file. "host" therefore is system configuration # dependant. This parameter is most often of use to prevent DNS lookups # in order to resolve NetBIOS names to IP Addresses. Use with care! # The example below excludes use of name resolution for machines that are NOT # on the local network segment # - OR - are not deliberately to be known via lmhosts or via WINS. name resolve order = lmhosts wins bcast # WINS Server - Tells the NMBD components of Samba to be a WINS Client # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both ; wins server = w.x.y.z # WINS Proxy - Tells Samba to answer name resolution queries on # behalf of a non WINS capable client, for this to work there must be # at least one WINS Server on the network. The default is NO. wins proxy = yes # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names # via DNS nslookups. The built-in default for versions 1.9.17 is yes, # this has been changed in version 1.9.18 to no. dns proxy = no # Enabling internationalization: # you can match a Windows code page with a UNIX character set. # Windows: 437 (US), 737 (GREEK), 850 (Latin1 - Western European), # 852 (Eastern Eu.), 861 (Icelandic), 932 (Cyrillic - Russian), # 936 (Japanese - Shift-JIS), 936 (Simpl. Chinese), 949 (Korean Hangul), # 950 (Trad. Chin.). # UNIX: ISO8859-1 (Western European), ISO8859-2 (Eastern Eu.), # ISO8859-5 (Russian Cyrillic), KOI8-R (Alt-Russ. Cyril.) # This is an example for french users: ; client code page = 850 ; character set = ISO8859-1 printable = no public = no writeable = no hide dot files = yes level2 oplocks = yes # turned on 08/12/03 ; kernel oplocks = no kernel oplocks = yes # turned on 08/12/03 deadtime = 2 # turned on 08/12/03 debug hires timestamp = yes # turned on 05/11/05 debug uid = yes debug pid = yes # 05/22/05 use client driver = no #============================ Share Definitions ============================== [homes] comment = Home Directories path = /home/%U/windows.m available = yes browseable = no valid users = %S writable = yes guest ok = no # only user = no directory mask = 2770 create mask = 770 store dos attributes = yes fake oplocks = yes veto files = /.htaccess/.MyDocuments/ delete veto files = no msdfs root = yes available = yes [webpages] comment = user webpages path = /home/%U/public_html browseable = no valid users = %U writeable = yes guest ok = no create mask = 0660 directory mask = 2770 store dos attributes = yes available = yes force create mode = 660 force directory mode = 2770 force user = apache force group = %U veto files = /.htaccess/ delete veto files = no # These two groups could eliminate the need for one drive # letter per group disk. [groupsro] comment = User R/O DFS share path = /lan/shares/dfsusersRO/%U browsable = no guest ok = no writeable = no create mask = 750 directory mask = 2750 map system = no map hidden = no map archive = no store dos attributes = yes available = yes [groupsrw] comment = Model for Read/Write shares path = /lan/shares/dfsusersRW/%U browseable = no guest ok = no writeable = no create mask = 770 directory mask = 2770 map system = no map hidden = no map archive = no store dos attributes = yes available = yes #====================================================================== # Un-comment the following and create the netlogon directory for Domain Logons [netlogon] comment = Network Logon Service path = /lan/win.admin/netlogon browseable = yes guest ok = yes writeable = no write list = @lanadmin create mask = 775 directory mask = 2775 map system = no map hidden = no map archive = no store dos attributes = yes available = yes fake oplocks = yes #Uncomment the following 2 lines if you would like your login scripts to #be created dynamically by ntlogon (check that you have it in the correct #locationn (the default of the ntlogon rpm available in contribs) ;root preexec = /usr/bin/ntlogon -u %U -g %G -o %a -d /var/lib/samba/netlogon ;root postexec = rm -f /var/lib/samba/netlogon/%U.bat # Un-comment the following to provide a specific roving profile share # the default is to use the user's home directory [Profiles] path = /lan/win.admin/profiles # browseable = no browseable = yes guest ok = no write list = @smbusers create mask = 0700 directory mask = 0700 store dos attributes = yes profile acls = yes available = yes ## For faxing from Windows with adiXein HFC #[Fax] # comment = Use this printer to send a fax. # print command = ( /usr/local/bin/printfax.pl %I %s %U %m; rm %s ) & # printable = yes # writable = no # guest ok = yes # path = /lan/win.admin/tmp.fax [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = yes writable = no printable = yes create mask = 1777 # This share is used for Windows NT-style point-and-print support. # To be able to install drivers, you need to be either root, or listed # in the printer admin parameter above. Note that you also need write access # to the directory and share definition to be able to upload the drivers. # For more information on this, please see the Printing Support Section of # /usr/share/doc/samba-2.2.1a/docs/Samba-HOWTO-Collection.pdf [print$] comment = Printer driver service path = /lan/win.admin/printers browseable = yes read only = yes guest ok = yes write list = @lanadmin create mask = 664 directory mask = 2775 available = yes # defaule case = upper # magle case = yes # preserve case = no # A useful application of samba is to make a PDF-generation service # To streamline this, install windows postscript drivers (preferably colour) # on the samba server, so that clients can automatically install them. # Note that this only works if 'printing' is *not* set to 'cups' [PDF-Generator] comment = PDF Generator (only valid users) path = /var/tmp guest ok = No printable = Yes printing = bsd #print command = /usr/share/samba/scripts/print-pdf file path win_path recipient IP & print command = /usr/share/samba/scripts/print-pdf "%s" "%H/windows.m/.MyDocuments/PDFs/" "//%L/%u" "%m" "%I" "%J" & lpq command = /bin/true #====================================================================== [pchome] comment = PC Directories path = /lan/shares/pchome/%m browseable = no guest ok = yes writeable = no write list = @lanadmin create mask = 0775 directory mask = 0775 map system = no map hidden = no map archive = no store dos attributes = yes fake oplocks = yes available = yes [allpchome] comment = all PC Directories path = /lan/shares/pchome browseable = no guest ok = no writeable = no write list = @lanadmin create mask = 0775 directory mask = 0775 map system = no map hidden = no map archive = no store dos attributes = yes fake oplocks = yes available = yes [Shortcuts] comment = Windows/MS-DOS applications icons path = /lan/shares/Shortcuts browseable = yes guest ok = yes # valid users = nobody @smbusers writeable = no write list = @lanadmin create mask = 755 directory mask = 755 map system = no map hidden = no map archive = no store dos attributes = yes # 10/04/02 fake oplocks = Yes available = yes #[Win95OEM] # copy = Shortcuts # comment = Windows 95 OEM CD # path = /lan/shares/Win95oem # available = yes #[MSProject95] # copy = Shortcuts # comment = Microsoft Project 95 installation # path = /lan/shares/MSProject95 # available = yes #============================== Models ================================ [zzmodelro] comment = Model for Read/Only shares path = /lan/shares/zzmodelro browsable = yes guest ok = yes writeable = no write list = @lanadmin create mask = 750 directory mask = 2750 map system = no map hidden = no map archive = no store dos attributes = yes fake oplocks = yes available = no [zzmodelrw] comment = Model for Read/Write shares path = /lan/shares/zzmodelrw browseable = yes guest ok = yes writeable = no write list = @smbusers create mask = 770 directory mask = 2770 map system = no map hidden = no map archive = no store dos attributes = yes available = no #============================ DSF Shares ============================== [programs] comment = Windows/MS-DOS programs path = /lan/shares/dfsprograms browseable = yes guest ok = yes writeable = no write list = @smbusers create mask = 750 directory mask = 2750 map system = no map hidden = no map archive = no store dos attributes = yes msdfs root = yes available = yes [games] comment = Games path = /lan/shares/dfsgames browsable = yes guest ok = yes valid users = @smbusers writeable = no write list = @lanadmin create mask = 750 directory mask = 2750 map system = no map hidden = no map archive = no store dos attributes = yes msdfs root = yes available = yes #====================================================================== [aoe] copy = zzmodelro comment = Age of Empires path = /lan/shares/games/aoe.v1.0c available = yes [aoe2] copy = zzmodelrw comment = Age of Empires II path = /lan/shares/games/aoe2.v2.0a available = yes [doom] copy = zzmodelro comment = Doom path = /lan/shares/games/doom available = yes [doom2] copy = zzmodelro comment = Doom II path = /lan/shares/games/doom2 available = yes [heretic] copy = zzmodelro comment = Heretic path = /lan/shares/games/heretic available = yes [heroes3] copy = zzmodelrw comment = Heroes 3 of Might and Magic (AB too) path = /lan/shares/games/heroes3.v1.4 available = yes [heroes3ab] copy = zzmodelrw comment = Heroes 3 of Might and Magic Armegedddon's Blade path = /lan/shares/games/heroes3ab available = yes [hexen] copy = zzmodelro comment = Hexen path = /lan/shares/games/hexen available = yes [quake2] copy = zzmodelro comment = Quake II games path = /lan/shares/games/quake2 available = yes [quake3] copy = zzmodelro comment = Quake III games (demo) path = /lan/shares/games/quake3 available = yes [starcraft] copy = zzmodelro comment = Starcraft / Broodwar path = /lan/shares/games/starcraft available = yes [diablo2] copy = zzmodelrw comment = Diablo2 / Lord of Destruction path = /lan/shares/games/diablo2 # write list = @lanadmin david available = yes [baldursgate2] copy = zzmodelro comment = Baldur's Gate II path = /lan/shares/games/bauldursgate2 available = yes [openoffice] copy = zzmodelro comment = OpenOffice.org 1.0.3.1 path = /lan/shares/programs/openoffice_1.0.3.1 available = yes [moraff] copy = zzmodelrw comment = Moraff games path = /lan/shares/games/moraff available = yes [quickverse] copy = zzmodelrw comment = Quickverse 5.1 path = /lan/shares/programs/quickverse_5.1 available = yes [follett] copy = zzmodelrw comment = Quickverse 5.1 path = /lan/shares/programs/follett available = yes [printmaster] copy = zzmodelro comment = PrintMaster 1 path = /lan/shares/programs/printmaster_11 available = yes [MSOffice2000] copy = zzmodelro comment = Microsoft Office 2000 installation path = /lan/shares/MSOffice2000 available = yes #====================================================================== [Apps16] comment = Windows/MS-DOS applications 16-bit path = /lan/shares/Apps16 browseable = yes guest ok = yes valid users = @smbusers writeable = no write list = @lanadmin # force group = smbusers create mask = 750 directory mask = 750 map system = no map hidden = no map archive = no store dos attributes = yes # 10/04/02 fake oplocks = Yes available = yes [Apps32] copy = Apps16 comment = Windows/MS-DOS applications 32-bit path = /lan/shares/Apps32 available = yes #===========================R/W Share Definitions ============================ [billprivate] comment = Directory for Windows administration path = /lan/shares/billprivate browseable = no guest ok = no valid users = @lanadmin write list = @lanadmin directory mask = 770 create mask = 770 map system = no map hidden = no map archive = no store dos attributes = yes available = yes [Apps] comment = Windows/MS-DOS applications (r/w) path = /lan/shares/Apps browseable = yes guest ok = yes # valid users = @smbusers writeable = no write list = @smbusers create mask = 770 directory mask = 770 map system = no map hidden = no map archive = no store dos attributes = yes msdfs root = yes available = yes [Wine] copy = Apps comment = Windows apps for wine path = /var/lib/wine [Family] comment = for Family group path = /lan/shares/family browseable = no guest ok = no valid users = @family writeable = no write list = @family create mask = 770 directory mask = 770 map system = no map hidden = no map archive = no store dos attributes = yes available = yes #[SFHtml] # copy = Family # comment = Web pages for https://www.shirleyfamily.net (r/w) # path = /home/webmaster/windows.m/Webpages/net/shirleyfamily/www # create mask = 644 # directory mask = 755 # map hidden = no # map archive = no # map system = no # available = yes # #[SFHtmlssl] # copy = Family # comment = Web pages for https://www.shirleyfamily.net (r/w) # path = /home/webmaster/windows.m/Webpages/net/shirleyfamily/sslweb # create mask = 644 # directory mask = 755 # map hidden = no # map archive = no # map system = no # available = yes [Parents] comment = for Parents group path = /lan/shares/parents browseable = no guest ok = no valid users = @parents writeable = no write list = @parents create mask = 770 directory mask = 2770 map system = no map hidden = no map archive = no store dos attributes = yes available = yes [ShirleyHomes] comment = for ShirleyHomes group path = /lan/shares/shirleyhomes browseable = no guest ok = no valid users = @shirleyhomes writeable = no write list = @shirleyhomes create mask = 770 directory mask = 770 map system = no map hidden = no map archive = no store dos attributes = yes available = yes #[KCShtml] # comment = KCS's website # path = /home/webmaster/websites/kcs # available = yes # browseable = no # valid users = @lanadmin # writeable = no # write list = @lanadmin # force group = lanadmin # create mask = 775 # directory mask = 775 [cdfarm] comment = Share for all server CD's path = /lan/cdfarm # browseable = yes # guest ok = yes valid users = @lanadmin writable = no force user = bill force group = lanadmin create mask = 711 directory mask = 710 map hidden = yes map system = yes map archive = yes fake oplocks = yes available = yes [cd00] comment = Share for server CD path = /lan/cdfarm/cd00 browseable = yes guest ok = yes create mask = 711 directory mask = 710 map hidden = yes map system = yes map archive = yes fake oplocks = yes available = yes [cd01] copy = cd00 comment = Share for server CD path = /lan/cdfarm/cd01 available = yes [cd02] copy = cd00 comment = Share for server CD path = /lan/cdfarm/cd02 available = yes [cd03] copy = cd00 comment = Share for server CD path = /lan/cdfarm/cd03 available = yes [cd04] copy = cd00 comment = Share for server CD path = /lan/cdfarm/cd04 available = yes [cd05] copy = cd00 comment = Share for server CD path = /lan/cdfarm/cd05 available = yes [cd06] copy = cd00 comment = Share for server CD path = /lan/cdfarm/cd06 available = yes [cd07] copy = cd00 comment = Share for server CD path = /lan/cdfarm/cd07 available = yes [cd08] copy = cd00 comment = Share for server CD path = /lan/cdfarm/cd08 available = yes [cd09] copy = cd00 comment = Share for server CD path = /lan/cdfarm/cd09 available = yes [PrintMasterArt] copy = cd00 comment = Share for PrintMaster 11.0 art CDs path = /lan/shares/printmaster11.0 available = yes