|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
# number of configurable options, most of which are not shown in this example.
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
# and using Samba:
|
|
Anoop C S |
bc1977 |
# https://wiki.samba.org/index.php/User_Documentation
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
# In this file, lines starting with a semicolon (;) or a hash (
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
# NOTE: Run the "testparm" command after modifying this file to check for basic
|
|
Anoop C S |
bc1977 |
# syntax errors.
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
#---------------
|
|
Anoop C S |
bc1977 |
# Security-Enhanced Linux (SELinux) Notes:
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
# root user to turn this Boolean on:
|
|
Anoop C S |
bc1977 |
# setsebool -P samba_domain_controller on
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
# Boolean on:
|
|
Anoop C S |
bc1977 |
# setsebool -P samba_enable_home_dirs on
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
# with samba_share_t so that SELinux allows Samba to read and write to it. Do
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
# Run the "ls -ldZ /path/to/directory" command to view the current SELinux
|
|
Anoop C S |
bc1977 |
# label for a given directory.
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
# chcon command to temporarily change a label:
|
|
Anoop C S |
bc1977 |
# chcon -t samba_share_t /path/to/directory
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
# directories. To share such directories and only allow read-only permissions:
|
|
Anoop C S |
bc1977 |
# setsebool -P samba_export_all_ro on
|
|
Anoop C S |
bc1977 |
# To share such directories and allow read and write permissions:
|
|
Anoop C S |
bc1977 |
# setsebool -P samba_export_all_rw on
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
# To run scripts (preexec/root prexec/print command/...), copy them to the
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
# their existing SELinux labels, which may be labels that SELinux does not allow
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
# Run the "restorecon -R -v /var/lib/samba/scripts" command as the root user to
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
#--------------
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
#======================= Global Settings =====================================
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
[global]
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
# ----------------------- Network-Related Options -------------------------
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
# workgroup = the Windows NT domain name or workgroup name, for example, MYGROUP.
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
# maximum is 15 characters.
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
# interfaces = used to configure Samba to listen on multiple network interfaces.
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
# configure which of those interfaces Samba listens on. Never omit the localhost
|
|
Anoop C S |
bc1977 |
# interface (lo).
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
# per-share basis.
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
# can set it to SMB2 if you want experimental SMB2 support.
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
workgroup = MYGROUP
|
|
Anoop C S |
bc1977 |
server string = Samba Server Version %v
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
# --------------------------- Logging Options -----------------------------
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
# log file = specify where log files are written to and how they are split.
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
# max log size = specify the maximum size log files are allowed to reach. Log
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
# log files split per-machine:
|
|
Anoop C S |
bc1977 |
log file = /var/log/samba/log.%m
|
|
Anoop C S |
bc1977 |
# maximum size of 50KB per log file, then rotate:
|
|
Anoop C S |
bc1977 |
max log size = 50
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
# ----------------------- Standalone Server Options ------------------------
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
# security = the mode Samba runs in. This can be set to user, share
|
|
Anoop C S |
bc1977 |
# (deprecated), or server (deprecated).
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
# passdb backend = the backend used to store user information in. New
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
# is required for tdbsam. The "smbpasswd" utility is available for backwards
|
|
Anoop C S |
bc1977 |
# compatibility.
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
security = user
|
|
Anoop C S |
bc1977 |
passdb backend = tdbsam
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
# ----------------------- Domain Members Options ------------------------
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
# security = must be set to domain or ads.
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
# passdb backend = the backend used to store user information in. New
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
# is required for tdbsam. The "smbpasswd" utility is available for backwards
|
|
Anoop C S |
bc1977 |
# compatibility.
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
# realm = only use the realm option when the "security = ads" option is set.
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
# password server = only use this option when the "security = server"
|
|
Anoop C S |
bc1977 |
# option is set, or if you cannot use DNS to locate a Domain Controller. The
|
|
Anoop C S |
bc1977 |
# argument list can include My_PDC_Name, [My_BDC_Name], and [My_Next_BDC_Name]:
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
# password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
# Use "password server = *" to automatically locate Domain Controllers.
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
; password server = <NT-Server-Name>
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
# ----------------------- Domain Controller Options ------------------------
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
# security = must be set to user for domain controllers.
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
# passdb backend = the backend used to store user information in. New
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
# is required for tdbsam. The "smbpasswd" utility is available for backwards
|
|
Anoop C S |
bc1977 |
# compatibility.
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
# Samba to collate browse lists between subnets. Do not use the "domain master"
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
# domain logons = allows Samba to provide a network logon service for Windows
|
|
Anoop C S |
bc1977 |
# workstations.
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
# scripts must be provided in a share named NETLOGON.
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
; security = user
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
# (%m):
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
; logon path = \\%L\Profiles\%u
|
|
Anoop C S |
bc1977 |
# use an empty path to disable profile support:
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
# machine to add or delete corresponding UNIX accounts:
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
; add user script = /usr/sbin/useradd "%u" -n -g users
|
|
Anoop C S |
bc1977 |
; add group script = /usr/sbin/groupadd "%g"
|
|
Anoop C S |
bc1977 |
; add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u"
|
|
Anoop C S |
bc1977 |
; delete user script = /usr/sbin/userdel "%u"
|
|
Anoop C S |
bc1977 |
; delete user from group script = /usr/sbin/userdel "%u" "%g"
|
|
Anoop C S |
bc1977 |
; delete group script = /usr/sbin/groupdel "%g"
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
# ----------------------- Browser Control Options ----------------------------
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
# local master = when set to no, Samba does not become the master browser on
|
|
Anoop C S |
bc1977 |
# your network. When set to yes, normal election rules apply.
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
# preferred master = when set to yes, Samba forces a local browser election at
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
; local master = no
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
#----------------------------- Name Resolution -------------------------------
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
# wins support = when set to yes, the NMBD component of Samba enables its WINS
|
|
Anoop C S |
bc1977 |
# server.
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
# wins proxy = when set to yes, Samba answers name resolution queries on behalf
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
# dns proxy = when set to yes, Samba attempts to resolve NetBIOS names via DNS
|
|
Anoop C S |
bc1977 |
# nslookups.
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
# --------------------------- Printing Options -----------------------------
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
# system.
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
# loaded, rather than setting them up individually.
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
load printers = yes
|
|
Anoop C S |
bc1977 |
cups options = raw
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
# --------------------------- File System Options ---------------------------
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
# The options in this section can be un-commented if the file system supports
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
# "user_xattr" mount option). These options allow the administrator to specify
|
|
Anoop C S |
bc1977 |
# that DOS attributes are stored in extended attributes and also make sure that
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
#
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
# (in the [global] section) makes them the default for all shares.
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
; map archive = no
|
|
Anoop C S |
bc1977 |
; map hidden = no
|
|
Anoop C S |
bc1977 |
; map read only = no
|
|
Anoop C S |
bc1977 |
; map system = no
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
#============================ Share Definitions ==============================
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
[homes]
|
|
Anoop C S |
bc1977 |
comment = Home Directories
|
|
Anoop C S |
bc1977 |
browseable = no
|
|
Anoop C S |
bc1977 |
writable = yes
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
[printers]
|
|
Anoop C S |
bc1977 |
comment = All Printers
|
|
Anoop C S |
bc1977 |
path = /var/spool/samba
|
|
Anoop C S |
bc1977 |
browseable = no
|
|
Anoop C S |
bc1977 |
guest ok = no
|
|
Anoop C S |
bc1977 |
writable = no
|
|
Anoop C S |
bc1977 |
printable = yes
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
; [netlogon]
|
|
Anoop C S |
bc1977 |
; comment = Network Logon Service
|
|
Anoop C S |
bc1977 |
; path = /var/lib/samba/netlogon
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
; [Profiles]
|
|
Anoop C S |
bc1977 |
; path = /var/lib/samba/profiles
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
# A publicly accessible directory that is read only, except for users in the
|
|
Anoop C S |
bc1977 |
# "staff" group (which have write permissions):
|
|
Anoop C S |
bc1977 |
; [public]
|
|
Anoop C S |
bc1977 |
; comment = Public Stuff
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
; public = yes
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|
|
Anoop C S |
bc1977 |
|