. Further documentation is present at samba.org's site.
[global] - workgroup = arbeitsgruppe + netbios name = POLLUX + workgroup = KELLERSet name of computer and of workgroup (actually, domain)
guest account = nobody keep alive = 30 - os level = 2 + os level = 65Set the os level higher, to make sure that the Smb server always wins browsing elections (honey, please may call me Dubya).
+ encrypt passwords = yesUse windows-encrypted passwords (stored in the /etc/smbpasswd file). Necessary for operating as a primary domain controller.
+ unix password sync = true + passwd chat = *assword* %n\n OK* + passwd program = /usr/sbin/changePasswd %uWhen changing windows password, automatically change Unix password too. The two latter lines define which program to use to do this.
+ username map = /etc/smb.usermapMapping of usernames between Unix an Windows (not actually used, apart for guest)
+ unix realname = yesSupply full name (Finger information) to client, for display in Control-Alt-Del box for instance. Not sure whether it actually works...
+ security mask = 01777 + directory security mask = 01777Names bits which can be set using Windows permissions dialog (i.e. all).
+ + domain admin group = admin ; Uncomment the following, if you want to use an existing ; NT-Server to authenticate users, but don't forget thatThe admin user may act as a Windows administrator.
@@ -18,26 +24,41 @@ ; password server = 192.168.1.10 ; encrypt passwords = yes - printing = bsd + printing = lprng printcap name = /etc/printcapOur printing system is LPRng rather than BSD.
- load printers = yes + load printers = noDo not automatically export all printers defined in /etc/printcap as Windows printer, but rather define them explicitly later in this file.
+ socket options = TCP_NODELAY SO_SNDBUF=16384 SO_RCVBUF=16384Performance tuning...
+ widelinks = no + getwd cache = yesDo not follow symbolic links outside of share. Security option to prevent students from circumventing "locked classroom" type restrictions. The second line makes sure performance doesn't suffer too much.
map to guest = Bad User + time server = yesAct as a time server (so that NET TIME works for time synchronisation).
+ + character set = iso8859-1 + client code page = 850 + ; Uncomment this, if you want to integrate your server ; into an existing net e.g. with NT-WS to prevent nettraffic ; local master = noSet code pages; used for correct handling of accented characters in file names.
@@ -37,7 +50,8 @@ ; If you want Samba to act as a wins server, please set ; 'wins support = yes' - wins support = no + wins support = yes + name resolve order = wins bcast ; If you want Samba to use an existing wins server, ; please uncomment the following line and replaceAct as a wins server. For resolving names, first use wins, then broadcast.
; Do you wan't samba to act as a logon-server for ; your windows 95/98 clients, so uncomment the ; following: -; logon script =%U.bat -; domain logons = yes -; domain master = yes + domain logons = yesSupport windows 95/98 domain logons.
+ domain master = yesAct as a Wins domain browse master
+ + logon drive = "H:"Logon drive for Windows NT clients.
+ logon script ="%a\STARTUP.BAT" +Script to be executed when the user logs in to a client computer. %a is replaced by the server with the architecture of the machine: Win95 for Windows 95, or WinNT for Windows NT. The string is then sent to the client, which prepends Z: and fetches the giving script and executes it. Because the path is interpreted on the client, you need to use backslash (\) rather than a plain slash.
[netlogon] write list = admin path=/home/samba/netlogon browseable = yes writeable = no guest only = yesShare where the startup scripts are kept.
[oldhome] comment = Heimatverzeichnis path = "%H" browseable = yes read only = no create mode = 0711 force create mode = 0700 force directory mode = 0711 writeable = yes ; hide files = /Mail/mbox/Old home share (which is the complete Unix home, rather than just the "main" subdirectory)
[homes] comment = Heimatverzeichnis path = "%H/main" valid users = %S browseable = no read only = no create mode = 0711 force create mode = 0700 force directory mode = 0711 writeable = yes hide files = /Mail/mbox/ root preexec = /usr/X11R6/bin/sessreg -l %m -h %M -a %U root postexec = /usr/X11R6/bin/sessreg -l %m -h %M -d %UHome share. Note the preexec and postexec scripts, which maintain the last/who records. This works because for (almost) all Windows login, the home share is mounted. So the home share is appropriate for tracing user login/logouts.
[proxyauth] comment = Authentication proxy browseable = no read only = yes path = /home/samba/proxyauthFlag share used by Squid to check username/passwords. If Squid can map this share using the supplied user name and password, this means that the password is correct.
[classe] comment = shared directory for a class hide dot files = no browseable = no write list = @sop create mode = 0775 force create mode = 0755 ; aknaff: à faire: force create mode à 775 afin que le groupe ; (enseignant) puisse modifier les fichiers ;force create mode = 0755 writable = yes force group = %G ; force group = ens ; Aknaff: à faire forcer le group à ens pour que l'enseignant puisse ; accéder/modifier les fichiers path = /home/classes/%G/communClasse share (G: drive). Shared by all students of a class
[membre] comment = shared directory for a class path=/home/classes/%G/membres/%U browseable = no force group = ens writeable = yes create mode = 0770 force create mode = 0770 hide dot files = noMembre share (P: drive). Specific for student; but teacher do have write rights.
[classes] valid users = @ens @sop writable = yes comment = all classes force group = ens force user = ens path = /home/classes browseable = yesShare containing all classes. For use by teacher (indeed, teachers don't have their own classe share (singular), because they are not tied to one particular class. They should instead use the classes share, which has a directory of all classes.
[printers] comment = All Printers browseable = no printable = yes public = no read only = yes create mode = 0700 directory = /tmpPrinters pseudo share (not used?)
[web] comment = personal home pages path=%H/public_html browseable = yes writeable = yes create mode = 0755 hide dot files = noPersonal web page of student.
[private] comment = private data area path=%H/private browseable = no writeable = yes create mode = 0755 hide dot files = noPrivate share of student. Nobody, except the student himself (and root) should have access to this.
cdrom] comment = Linux CD-ROM path = /cdrom read only = yes locking = no browseable = yesCD-Rom in server's drive.
[public] comment = Répertoire de distribution public path = /home/public ; write list = @ens writeable = yes browseable = yesPublic share writeable by all teachers, and readable by everybody. Useful for distributing documents to students, independentally of class.
[homep] delete readonly = yes valid users =admin pgordo mborsche mteusch tousch comment = Homepage de l'école browseable = no force create mode = 664 force directory mode = 775 create mode = 664 writable = yes force group = webmast path = /home/fun/webmast/wwwSchool's web page. Visible under http://www.ltnb.lu
[prep_homep] delete readonly = yes valid users =admin pgordo mborsche mteusch tousch comment = Homepage de l'école (brouillon) browseable = no force create mode = 664 force directory mode = 775 create mode = 664 writable = yes force group = webmast path = /home/fun/webmast/prepSchool's "draft" homepage. Not accessible from outside school. Useful for testing changes, before publishing them to the world. Visible under http://prep.ltnb.lu
[intranet] delete readonly = yes valid users =admin pgordo @ens mborsche mteusch tousch comment = Intranet browseable = no force create mode = 664 force directory mode = 775 create mode = 664 writable = yes force group = webmast path = /home/fun/webmast/intranetSchool's "intranet" homepage, intended for publishing matters which are only of interest to the school itself (such as for instance canteen's menu, timetables, exam results, ...). Not accessible from outside. Visible under http://intranet.ltnb.lu
[install] comment = softwares a installer path = /home/samba/install write list = admin @powerSoftware install share. Writable by admin and power users. Useful for storing installation files for software to be installed on many computers at once. However, usually we recommend UDPCast for this.
[turingprint] comment = turing HP 4050N printer = turingprint printer driver = HP LaserJet 4050 Series PS postscript = yes browseable = yes public = yes printable = yes read only = yes create mode = 0700 directory = /tmpTuring printer. Other printers look more or less similar.