SMB.CONF without plenken

From: amalek (amalek_at_amalek.co.uk)
Date: 12/27/04 

Date: Mon, 27 Dec 2004 13:18:12 +0000

#
# Sample configuration file for the Samba suite for
# Debian GNU/Linux.
#
#
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the
# options listed
# here. Samba has a huge number of configurable options most of which
# are not shown in this example
#
# Any line which starts with a ; (semi-colon) or a (hash)
# is a comment and is ignored. In this example we will use a hash
# for commentary and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command
# "testparm -s" to check that you have not many any basic syntactic
# errors.
#

#======================= Global Settings =======================

[global]
# domain name is CHAPTER3
workgroup = CHAPTER3

# set this server to be the domain Time Server
time server = yes

# passwd chat allows users to change their domain/samba/unix passwords
# from their windows computers. This works !
passwd chat = *New*Password* \
%n\n*Re-enter*new*password* %n\n *password*changed*

# username map creates a one-one between windows names and
# unix names. the only entry is root = Administrator
# Only need this if your unix names and windows names are different
# which they are not and shouldnt be.
username map = /etc/samba/smbusers

#### Debugging/Accounting ####

# This tells Samba to use a separate log file for each machine
# that connects
   log file = /var/log/samba/log.%m

# Put a capping on the size of the log files (in Kb).
   max log size = 1000

# If you want Samba to only log through syslog then set the following
# parameter to 'yes'.
;   syslog only = no

# We want Samba to log a minimum amount of information to syslog. Everything
# should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log
# through syslog you should set the following parameter to something higher.
   syslog = 0

# Do something sensible when Samba crashes: mail the admin a backtrace
   panic action = /usr/share/samba/panic-action %d

#####################

# What naming service and in what order should we use to resolve host names
# to IP addresses
name resolve order = wins bcast hosts

#####################################################
#  add user script delete user script etc etc
#####################################################
#
# The following group of commands are used in conjunction
# with an existing NT domain controller PDC.
#
# We've seen that a Unix user is needed for each Windows users allowed tolog
# on to the Samba server. In a small organisation, it's not a problem to add
# them manually and to keep the synchronisation manually also.
# But in large organisations, it's sometimes not easy to perform all these
#  tasks manually, but because Samba is great it has two parameters to
#  automatically add and remove  Unix users.
#
# These parameters are add user script and delete user script. The value
# they take is the name of a program or a script wich takes a username
#  as argument and creates a Unix account with it. In the value you type in,
# don't forget to use  the macro %u to represent the Unix user.
#
# This leads to something like this :
#
#  [global]
#   add user script = /usr/sbin/useradd %u -g smbusers
#   delete user script = /usr/sbin/userdel %u
#
# Here we use the standard Unix useradd and userdel command to add or remove
# the user. The flag -g is used to give the name of the primary Unix group
# of the newly created Unix user.
#
# Samba will run the 'add user script' command when a user connect to it
# he's authenticated by the PDC and does not have a corresponding Unix user
# id .  The 'delete user script' command is run when a user connect to Samba
# doesn't exist on the PDC anymore but still have a unix account.
#
# This will maintain the list of Unix users in synchronization with
# the Domain user list.
#
# This apply to users which exist in the domain where Samba is located
# but also to
# any user defined in any domain trusted by the domain where Samba is found
# (Of course allow trusted domains must be set on yes to be able to create
# a  unix account for members of other domains.)

;add user script = /usr/sbin/useradd -m `%u`
;delete user script = /usr/sbin/userdel -r `%u`
;add group script = /usr/sbin/groupadd  `%g`
;delete group script = /usr/sbin/groupdel  `%g`
;add user to group script = /usr/sbin/usermod -G  `%g` `%u`
;add machine script = /usr/sbin/useradd \ -s /bin/false -d /dev/null `%u`

#######################################
# logon scripts
#######################################
# Each logon script should be stored at the base of the [netlogon] share.
# For example, if the base of the [netlogon] share is /export/samba/logon
# and the
# logon script is jeff.bat, the file should be located at
# /export/samba/logon/jeff.bat. When a user logs on to a domain
# that contains a logon script, he will see a small dialog that informs
# them that the script is executing, as well as any output the script
# generates in an MS-DOS-like box.
#
# One warning: because these scripts are loaded by Windows and executed on
# the Windows side, they must consist of DOS formatted
# carriage-return/linefeed
# characters instead of Unix carriage returns. It's best to use a DOS- or
# Windows-based editor to create them.
#
# Here is an example of a logon script that sets the current time to match
# that o the Samba server and maps two network drives, h and i, to
# individual shares on the server:
#
#  Reset the current time to that shown by the server.
#  We must have the "time server = yes" option in the
#  smb.conf for this to work.
#
# echo Setting Current Time...
# net time \\hydra /set /yes
#
#  Here we map network drives to shares on the Samba
#  server
# echo Mapping Network Drives to Samba Server Hydra...
# net use h: \\hydra\data
# net use i: \\hydra\network
#
logon script = logon.bat

###################################
# roaming profiles
###################################
#
# Samba will provide roaming profiles if it is configured for domain logons
# and you  provide a tree of directories pointed to by the logon
# path option.
# This option is typically used with one of the user variables, as shown
# in this example:

#
# [global]
#       domain logons = yes
#       security = user
#       workgroup = SIMPLE
#       os level = 34
#       local master = yes
#       preferred master = yes
#       domain master = yes
#
#       logon path =  \\knoppix\profile\%U
#
# We need to create a new share to support the profiles, which is a basic
# disk share accessible only by the Samba process' user ( root). This
# share must be writeable, but should not be browseable. In addition, we
# must create a directory
# for each user who wishes to log on (based on how we specified our logon
# path in the example above), which is accessible only by that user.
# For an added
# measure of security, we use the directory mode and create mode options to
# keep anyone who connects to it from viewing or altering the files created
# in those directories:
#
# [profile]
# comment = User profiles
# path = /export/samba/profile
# create mode = 0600
# directory mode = 0700
# writable = yes
# browsable = no
#
# Once a user initially logs on, the Windows client will create a user.dat
# ntuser.dat file - depending on which operating system the client is
# running. The
# client then uploads the contents of the desktop, the Start Menu, the
# Network
# Neighborhood, and the programs folders in individual folders in the
# directory.
# When the user subsequently logs on, those contents will be downloaded from
# the server and activated for the client machine with which the user
# is logging
# on. When he or she logs off, those contents will be uploaded back on
# the server  until the next time the user connects.
#
# leaving logon path=  blank effectively disables roaming profiles
# roaming profiles are disabled here
logon path =

# automatically maps the users home drive to the letter specified
# works with the [homes] section
logon drive = H:
domain logons = yes
preferred master = yes
wins support = yes

[homes]
valid users = %S
read only = no
browseable = no

[netlogon]
path=/data
writeable = no
browseable = no

[accounts]
path=/data/accounts
valid users = %G
read only = no

[finances]
path=/data/finances
valid users = %G
read only = no

Relevant Pages

  • smb.conf for DOMAIN LOGONS , PASSWORD CHANGES ETC
    ... # Sample configuration file for the Samba suite for Debian GNU/Linux. ... # unix names. ... # add user script delete user script etc etc ... # Each logon script should be stored at the base of the ...
    (alt.os.linux)
  • Re: XP and Fedora Core 3 through router - share resources?
    ... Samba has a huge number of configurable options (perhaps too ... server string = Samba Server ... # set local master to no if you don't want Samba to become a master ... # per user logon script ...
    (comp.os.linux.setup)
  • Re: what version?? need file sharing and web server
    ... to set up a folded called /homemedia, this is shared using samba ... # server string is the equivalent of the NT Description field ... # working to ease installation and configuration of linpopup and samba. ...
    (uk.comp.os.linux)
  • Re: XP and Fedora Core 3 through router - share resources?
    ... Samba has a huge number of configurable options (perhaps too ... server string = Samba Server ... # set local master to no if you don't want Samba to become a master ... # per user logon script ...
    (comp.os.linux.setup)
  • Re: Help for Samba configuration
    ... Samba has a huge number of configurable options (perhaps too ... # server string is the equivalent of the NT Description field ... # Log File let you specify where to put logs and how to split them up. ... # Domain Logons let Samba be a domain logon server for Windows workstations. ...
    (Fedora)