The Samba-Bugzilla – Attachment 5084 Details for
Bug 6986
Segfault in auth_ntlmssp_end
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
smb.conf
smb.conf (text/plain), 13.09 KB, created by
Orion Poplawski
on 2009-12-11 11:29:13 UTC
(
hide
)
Description:
smb.conf
Filename:
MIME Type:
Creator:
Orion Poplawski
Created:
2009-12-11 11:29:13 UTC
Size:
13.09 KB
patch
obsolete
># this is the main Samba configuration file. You should read the ># smb.conf(5) manual page in order to understand the options listed ># here. Samba has a huge number of configurable options (perhaps too ># many!) most of which are not shown in this example ># ># Any line which starts with a ; (semi-colon) or a # (hash) ># is a comment and is ignored. In this example we will use a # ># for commentry and a ; for parts of the config file that you ># may wish to enable ># ># NOTE: Whenever you modify this file you should run the command "testparm" ># to check that you have not made any basic syntactic errors. ># >#======================= Global Settings ===================================== >[global] > ># workgroup = NT-Domain-Name or Workgroup-Name > workgroup = CO-RA > ># server string is the equivalent of the NT Description field > server string = CoRA Network Server > ># This option is important for security. It allows you to restrict ># connections to machines which are on your local network. The ># following example restricts access to two C class networks and ># the "loopback" interface. For more examples of the syntax see ># the smb.conf man page > hosts allow = .cora.nwra.com 127. > ># if you want to automatically load your printer list rather ># than setting them up individually then you'll need this > printcap name = /etc/printcap > load printers = yes > ># It should not be necessary to spell out the print system type unless ># yours is non-standard. Currently supported print systems include: ># bsd, sysv, plp, lprng, aix, hpux, qnx, cups > printing = cups > use client driver = yes > ># This option tells cups that the data has already been rasterized > cups options = raw > ># Uncomment this if you want a guest account, you must add this to /etc/passwd ># otherwise the user "nobody" is used > guest account = winguest > ># this tells Samba to use a separate log file for each machine ># that connects > log file = /var/log/samba/%m.log > log level = 1o > ># Put a capping on the size of the log files (in Kb). > max log size = 0 > ># Security mode. Most people will want user level security. See ># security_level.txt for details. > security = user > ># Use password server option only with security = server ># The argument list may include: ># password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name] ># or to auto-locate the domain controller/s ># password server = * >; password server = <NT-Server-Name> > ># Password Level allows matching of _n_ characters of the password for ># all combinations of upper and lower case. >; password level = 8 >; username level = 8 > > passdb backend = ldapsam:ldap://ldap.cora.nwra.com > ldap ssl = start_tls > ldap admin dn = cn=Directory Manager > ldap suffix = dc=nwra,dc=com > ldap user suffix = ou=People > ldap group suffix = ou=Groups > ldap machine suffix = ou=Computers > #ldap password sync = yes > ># You may wish to use password encryption. Please read ># ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. ># Do not enable this option unless you have read those documents > encrypt passwords = yes >; smb passwd file = /etc/samba/smbpasswd > ># The following is needed to keep smbclient from spouting spurious errors ># when Samba is built with support for SSL. >; ssl CA certFile = /usr/share/ssl/certs/ca-bundle.crt > ># The following are needed to allow password changing from Windows to ># update the Linux system password also. ># NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above. ># NOTE2: You do NOT need these to allow workstations to change only ># the encrypted SMB passwords. They allow the Unix password ># to be kept in sync with the SMB password. > unix password sync = yes > #unix password sync = no > passwd program = /usr/bin/passwd %u > passwd chat debug = yes > passwd chat = Changing*password*for*user* %n\n *Retype*new*UNIX*password:* %n\n *LDAP*password*information*changed* >; passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* > ># You can use PAM's password change control flag for Samba. If ># enabled, then PAM will be used for password changes when requested ># by an SMB client instead of the program listed in passwd program. ># It should be possible to enable this without changing your passwd ># chat parameter for most setups. > > #pam password change = yes > pam password change = no > ># Unix users can map to different SMB User names > username map = /etc/samba/smbusers > ># Using the following line enables you to customise your configuration ># on a per machine basis. The %m gets replaced with the netbios name ># of the machine that is connecting >; include = /etc/samba/smb.conf.%m > ># This parameter will control whether or not Samba should obey PAM's ># account and session management directives. The default behavior is ># to use PAM for clear text authentication only and to ignore any ># account or session management. Note that Samba always ignores PAM ># for authentication in the case of encrypt passwords = yes > > obey pam restrictions = yes > ># Most people will find that this option gives better performance. ># See speed.txt and the manual pages for details > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > ># Configure Samba to use multiple interfaces ># If you have multiple network interfaces then you must list them ># here. See the man page for details. > interfaces = 192.168.0.154 > bind interfaces only = true > ># Configure remote browse list synchronisation here ># request announcement to, or browse list sync from: ># a specific host or from / to a whole subnet (see below) >; remote browse sync = 192.168.3.25 192.168.5.255 ># Cause this host to announce itself to local subnets here >; remote announce = 192.168.1.255 192.168.2.44 > ># Browser Control Options: ># set local master to no if you don't want Samba to become a master ># browser on your network. Otherwise the normal election rules apply >; local master = no > ># OS Level determines the precedence of this server in master browser ># elections. The default value should be reasonable > os level = 99 > ># Domain Master specifies Samba to be the Domain Master Browser. This ># allows Samba to collate browse lists between subnets. Don't use this ># if you already have a Windows NT domain controller doing this job > domain master = yes > ># Preferred Master causes Samba to force a local browser election on startup ># and gives it a slightly higher chance of winning the election > preferred master = yes > ># Enable this if you want Samba to be a domain logon server for ># Windows95 workstations. > domain logons = yes > ># if you enable domain logons then you may want a per-machine or ># per user logon script ># run a specific logon batch file per workstation (machine) >; logon script = %m.bat ># run a specific logon batch file per username > logon script = %U.bat > ># Where to store roving profiles (only for Win95 and WinNT) ># %L substitutes for this servers netbios name, %U is username ># You must uncomment the [Profiles] share below > logon path = \\%N\%U\profile > > logon drive = H: > logon home = \\%N\%U > > ># Windows Internet Name Serving Support Section: ># WINS Support - Tells the NMBD component of Samba to enable it's WINS Server > wins support = yes > ># WINS Server - Tells the NMBD components of Samba to be a WINS Client ># Note: Samba can be either a WINS Server, or a WINS Client, but NOT both >; wins server = w.x.y.z > ># WINS Proxy - Tells Samba to answer name resolution queries on ># behalf of a non WINS capable client, for this to work there must be ># at least one WINS Server on the network. The default is NO. >; wins proxy = yes > ># DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names ># via DNS nslookups. The built-in default for versions 1.9.17 is yes, ># this has been changed in version 1.9.18 to no. > dns proxy = yes > ># Case Preservation can be handy - system default is _no_ ># NOTE: These can be set on a per share basis >; preserve case = no >; short preserve case = no ># Default case is normally upper case for all DOS files >; default case = lower ># Be very careful with case sensitivity - it can break things! >; case sensitive = no ># If you want users samba doesn't recognize to be mapped to a guest user > map to guest = bad user > > time server = yes > ># For winbindd trust > idmap uid = 10000-20000 > idmap gid = 10000-20000 > >#============================ Share Definitions ============================== >[homes] > comment = Home Directories > browseable = yes > writable = yes > valid users = %S > create mode = 0664 > directory mode = 0775 ># We store profiles here so disable cacheing > csc policy = disable > > ># Un-comment the following and create the netlogon directory for Domain Logons >[netlogon] > comment = Network Logon Service > path = /var/netlogon > guest ok = yes > writable = no > share modes = no > >[web] > comment = CoRA web documents > browseable = yes > path = /data/web > create mode = 2664 > writable = yes > public = no > oplocks = no > level2 oplocks = no > locking = no > >[ftp] > comment = CoRA ftp file repository > path = /home/ftp > browseable = yes > create mode = 644 > writable = yes > public = no > oplocks = no > level2 oplocks = no > >[data] > comment = Data drives > path = /data > browseable = yes > public = no > writeable = yes > oplocks = no > level2 oplocks = no > >[home] > comment = Home dir > path = /export/home > browseable = yes > public = no > writeable = no > oplocks = no > level2 oplocks = no > >[local] > comment = Local dir > path = /export/local > browseable = yes > public = no > writeable = no > oplocks = no > level2 oplocks = no > >[staff] > comment = Staff Documents > path = /export/home/staff > browseable = no > public = no > write list = @staff > create mask = 2660 > directory mask = 2770 > >[proposals] > comment = Proposal Documents > path = /export/home/proposals > browseable = no > public = no > write list = @staff, dbraun >; create mask = 2660 >; directory mask = 2770 > >[scans] > comment = Scanned Documents > path = /export/home/scans > browseable = yes > public = yes > writeable = yes > guest ok = yes > ># Un-comment the following to provide a specific roving profile share ># the default is to use the user's home directory >;[Profiles] >; path = /usr/local/samba/profiles >; browseable = no >; guest ok = yes > > ># NOTE: If you have a BSD-style print system there is no need to ># specifically define each individual printer >[printers] > comment = All Printers > path = /var/spool/samba > browseable = yes > guest ok = yes > writable = no > printable = yes > write list = @wheel, root > >[print$] > comment = Printer Driver Download Area > path = /var/lib/samba/drivers > browseable = yes > guest ok = yes > read only = yes > write list = @wheel, root > ># This one is useful for people to share files >;[tmp] >; comment = Temporary file space >; path = /tmp >; read only = no >; public = yes > ># A publicly accessible directory, but read only, except for people in ># the "staff" group >;[public] >; comment = Public Stuff >; path = /home/samba >; public = yes >; writable = yes >; printable = no >; write list = @staff > ># Other examples. ># ># A private printer, usable only by fred. Spool data will be placed in fred's ># home directory. Note that fred must have write access to the spool directory, ># wherever it is. >;[fredsprn] >; comment = Fred's Printer >; valid users = fred >; path = /home/fred >; printer = freds_printer >; public = no >; writable = no >; printable = yes > ># A private directory, usable only by fred. Note that fred requires write ># access to the directory. >;[fredsdir] >; comment = Fred's Service >; path = /usr/somewhere/private >; valid users = fred >; public = no >; writable = yes >; printable = no > ># a service which has a different directory for each machine that connects ># this allows you to tailor configurations to incoming machines. You could ># also use the %U option to tailor it by user name. ># The %m gets replaced with the machine name that is connecting. >;[pchome] >; comment = PC Directories >; path = /usr/local/pc/%m >; public = no >; writable = yes > ># A publicly accessible directory, read/write to all users. Note that all files ># created in the directory by users will be owned by the default user, so ># any user with access can delete any other user's files. Obviously this ># directory must be writable by the default user. Another user could of course ># be specified, in which case all files would be owned by that user instead. >;[public] >; path = /usr/somewhere/else/public >; public = yes >; only guest = yes >; writable = yes >; printable = no > ># The following two entries demonstrate how to share a directory so that two ># users can place files there that will be owned by the specific users. In this ># setup, the directory should be writable by both users and should have the ># sticky bit set on it to prevent abuse. Obviously this could be extended to ># as many users as required. >;[myshare] >; comment = Mary's and Fred's stuff >; path = /usr/somewhere/shared >; valid users = mary fred >; public = no >; writable = yes >; printable = no >; create mask = 0765
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 6986
:
5083
| 5084