. Further documentation is present at samba.org's site.
[global] - workgroup = arbeitsgruppe + netbios name = POLLUX + workgroup = KELLERSet name of computer and of workgroup (actually, domain)
guest account = nobody
keep alive = 30
- os level = 2
+ os level = 65
Set the os level higher, to make sure that the Smb server always wins
browsing elections (honey, please may call me Dubya).
+ encrypt passwords = yesUse windows-encrypted passwords (stored in the /etc/smbpasswd file). Necessary for operating as a primary domain controller.
+ unix password sync = true + passwd chat = *assword* %n\n OK* + passwd program = /usr/sbin/changePasswd %uWhen changing windows password, automatically change Unix password too. The two latter lines define which program to use to do this.
+ username map = /etc/smb.usermapMapping of usernames between Unix an Windows (not actually used, apart for guest)
+ unix realname = yesSupply full name (Finger information) to client, for display in Control-Alt-Del box for instance. Not sure whether it actually works...
+ security mask = 01777 + directory security mask = 01777Names bits which can be set using Windows permissions dialog (i.e. all).
+ + domain admin group = admin ; Uncomment the following, if you want to use an existing ; NT-Server to authenticate users, but don't forget thatThe admin user may act as a Windows administrator.
@@ -18,26 +24,41 @@
; password server = 192.168.1.10
; encrypt passwords = yes
- printing = bsd
+ printing = lprng
printcap name = /etc/printcap
Our printing system is LPRng rather than BSD.
- load printers = yes + load printers = noDo not automatically export all printers defined in /etc/printcap as Windows printer, but rather define them explicitly later in this file.
+ socket options = TCP_NODELAY SO_SNDBUF=16384 SO_RCVBUF=16384Performance tuning...
+ widelinks = no + getwd cache = yesDo not follow symbolic links outside of share. Security option to prevent students from circumventing "locked classroom" type restrictions. The second line makes sure performance doesn't suffer too much.
map to guest = Bad User
+ time server = yes
Act as a time server (so that NET TIME works for time
synchronisation).
+ + character set = iso8859-1 + client code page = 850 + ; Uncomment this, if you want to integrate your server ; into an existing net e.g. with NT-WS to prevent nettraffic ; local master = noSet code pages; used for correct handling of accented characters in file names.
@@ -37,7 +50,8 @@ ; If you want Samba to act as a wins server, please set ; 'wins support = yes' - wins support = no + wins support = yes + name resolve order = wins bcast ; If you want Samba to use an existing wins server, ; please uncomment the following line and replaceAct as a wins server. For resolving names, first use wins, then broadcast.
; Do you wan't samba to act as a logon-server for ; your windows 95/98 clients, so uncomment the ; following: -; logon script =%U.bat -; domain logons = yes -; domain master = yes + domain logons = yesSupport windows 95/98 domain logons.
+ domain master = yesAct as a Wins domain browse master
+ + logon drive = "H:"Logon drive for Windows NT clients.
+ logon script ="%a\STARTUP.BAT" +Script to be executed when the user logs in to a client computer. %a is replaced by the server with the architecture of the machine: Win95 for Windows 95, or WinNT for Windows NT. The string is then sent to the client, which prepends Z: and fetches the giving script and executes it. Because the path is interpreted on the client, you need to use backslash (\) rather than a plain slash.
[netlogon] write list = admin path=/home/samba/netlogon browseable = yes writeable = no guest only = yesShare where the startup scripts are kept.
[oldhome] comment = Heimatverzeichnis path = "%H" browseable = yes read only = no create mode = 0711 force create mode = 0700 force directory mode = 0711 writeable = yes ; hide files = /Mail/mbox/Old home share (which is the complete Unix home, rather than just the "main" subdirectory)
[homes] comment = Heimatverzeichnis path = "%H/main" valid users = %S browseable = no read only = no create mode = 0711 force create mode = 0700 force directory mode = 0711 writeable = yes hide files = /Mail/mbox/ root preexec = /usr/X11R6/bin/sessreg -l %m -h %M -a %U root postexec = /usr/X11R6/bin/sessreg -l %m -h %M -d %UHome share. Note the preexec and postexec scripts, which maintain the last/who records. This works because for (almost) all Windows login, the home share is mounted. So the home share is appropriate for tracing user login/logouts.
[proxyauth] comment = Authentication proxy browseable = no read only = yes path = /home/samba/proxyauthFlag share used by Squid to check username/passwords. If Squid can map this share using the supplied user name and password, this means that the password is correct.
[classe]
comment = shared directory for a class
hide dot files = no
browseable = no
write list = @sop
create mode = 0775
force create mode = 0755
; aknaff: à faire: force create mode à 775 afin que le groupe
; (enseignant) puisse modifier les fichiers
;force create mode = 0755
writable = yes
force group = %G
; force group = ens
; Aknaff: à faire forcer le group à ens pour que l'enseignant puisse
; accéder/modifier les fichiers
path = /home/classes/%G/commun
Classe share (G: drive). Shared by all students of a class
[membre] comment = shared directory for a class path=/home/classes/%G/membres/%U browseable = no force group = ens writeable = yes create mode = 0770 force create mode = 0770 hide dot files = noMembre share (P: drive). Specific for student; but teacher do have write rights.
[classes]
valid users = @ens @sop
writable = yes
comment = all classes
force group = ens
force user = ens
path = /home/classes
browseable = yes
Share containing all classes. For use by teacher (indeed, teachers
don't have their own classe share (singular), because they are not
tied to one particular class. They should instead use the classes
share, which has a directory of all classes.
[printers] comment = All Printers browseable = no printable = yes public = no read only = yes create mode = 0700 directory = /tmpPrinters pseudo share (not used?)
[web] comment = personal home pages path=%H/public_html browseable = yes writeable = yes create mode = 0755 hide dot files = noPersonal web page of student.
[private] comment = private data area path=%H/private browseable = no writeable = yes create mode = 0755 hide dot files = noPrivate share of student. Nobody, except the student himself (and root) should have access to this.
cdrom] comment = Linux CD-ROM path = /cdrom read only = yes locking = no browseable = yesCD-Rom in server's drive.
[public]
comment = Répertoire de distribution public
path = /home/public
; write list = @ens
writeable = yes
browseable = yes
Public share writeable by all teachers, and readable by
everybody. Useful for distributing documents to students,
independentally of class.
[homep]
delete readonly = yes
valid users =admin pgordo mborsche mteusch tousch
comment = Homepage de l'école
browseable = no
force create mode = 664
force directory mode = 775
create mode = 664
writable = yes
force group = webmast
path = /home/fun/webmast/www
School's web page. Visible under http://www.ltnb.lu
[prep_homep]
delete readonly = yes
valid users =admin pgordo mborsche mteusch tousch
comment = Homepage de l'école (brouillon)
browseable = no
force create mode = 664
force directory mode = 775
create mode = 664
writable = yes
force group = webmast
path = /home/fun/webmast/prep
School's "draft" homepage. Not accessible from outside school. Useful
for testing changes, before publishing them to the world. Visible
under http://prep.ltnb.lu
[intranet]
delete readonly = yes
valid users =admin pgordo @ens mborsche mteusch tousch
comment = Intranet
browseable = no
force create mode = 664
force directory mode = 775
create mode = 664
writable = yes
force group = webmast
path = /home/fun/webmast/intranet
School's "intranet" homepage, intended for publishing matters which
are only of interest to the school itself (such as for instance
canteen's menu, timetables, exam results, ...). Not accessible from
outside. Visible under http://intranet.ltnb.lu
[install]
comment = softwares a installer
path = /home/samba/install
write list = admin @power
Software install share. Writable by admin and power users. Useful for
storing installation files for software to be installed on many
computers at once. However, usually we recommend UDPCast for this.
[turingprint]
comment = turing HP 4050N
printer = turingprint
printer driver = HP LaserJet 4050 Series PS
postscript = yes
browseable = yes
public = yes
printable = yes
read only = yes
create mode = 0700
directory = /tmp
Turing printer. Other printers look more or less similar.