Appendix A. Example Configuration Files

Earlier in this book, we provided information on how to set parameters inside the Samba configuration file, but rarely have we shown an example of a complete file that can actually be used to run a server. In this appendix, we provide examples of complete configuration files for running Samba in the various modes we've discussed. Using one of these examples, you can run Samba as a workgroup authentication server, workgroup server, primary domain controller, or domain member server.

We have kept the examples simple so that they have the most universal application. They can be used as starting templates, which you can easily modify to fit your own needs, to get a Samba server up and running with minimal delay. The comments inside the files indicate what needs to be changed, and how, to work on a particular system on your network.

Samba in a Workgroup

If your network is configured as a workgroup, adding a Samba server is pretty simple. Samba even lets you add features, such as user-level security and WINS, that would normally require an expensive Windows NT/2000 Server.

Authentication and WINS Server

In a workgroup environment, Samba can be set up with share-level security and without offering WINS name service. This works and is simple, but we generally recommend that user-level security be enabled to allow Windows 95/98/Me systems to make use of it. Also, it only takes a single parameter to enable Samba as a WINS server, resulting in far better network efficiency. Here is the configuration file that does it:

[global]


    # replace "toltec" with your system's hostname





    netbios name = toltec





    # replace "METRAN" with the name of your workgroup





    workgroup = METRAN





    security = user


    encrypt passwords = yes





    # Run a WINS server





    wins support = yes





    # The following three lines ensure that the Samba


    # server will maintain the role of master browser.


    # Make sure no other Samba server has its OS level


    # set higher than it is here.





    local master = yes


    preferred master = yes


    os level = 65





# Make home directories on the server available to users.





[homes]


    comment = %u's Home Directory


    browsable = no


    read only = no


    map archive = yes





# This is a shared directory, accessible by all


# users. Use your own share name and path.





[d]


    path = /d


    create mask = 0700


    read only = no

Generally, you will use a configuration file similar to this one when adding your first Samba server to the workgroup.

Workgroup Server

Things are a little different if another system—either a Samba server or Windows NT/2000 server—is already handling WINS and/or authentication. In this case, Samba is configured to use that server for WINS. Here is a configuration file that does this:

[global]


    # replace "mixtec" with your system's hostname





    netbios name = mixtec





    # replace "METRAN" with your workgroup name





    workgroup = METRAN





    security = user


    encrypt passwords = yes





    # Replace "172.16.1.1" with the IP address


    # of your WINS server. If there is none,


    # omit this line.





    wins server = 172.16.1.1





    # The OS level is set to 17 to allow


    # this system to win over all Windows


    # versions, but not the Samba server 


    # that uses the configuration file


    # in the previous section.





    os level = 17





[homes]


    comment = %u's Home Directory


    browsable = no


    read only = no





# This is a shared directory, accessible by all


# users. Use your own share name and path.





[d]


    path = /d


    create mask = 0700


    read only = no

Once you have a server in your workgroup handling authentication and WINS, this is the configuration file to use when adding additional Samba servers to the workgroup.

Samba in a Windows NT Domain

When operating in a Windows NT domain, Samba can act either as a primary domain controller or as a domain member server.

Primary Domain Controller

Setting up Samba as a primary domain controller is more complicated than the other configurations. However, the extra difficulty is offset by having a more secure network and additional features such as logon scripts and roaming profiles. In the following configuration file, we also include support for a Microsoft Dfs share:

[global]


    # Replace "toltec" with the hostname of your system.





    netbios name = toltec





    # Replace "METRAN" with the name of your Windows NT domain.





    workgroup = METRAN





    # Run a WINS server





    wins support = yes


    


    # Always act as the local master browser


    # and domain master browser.  Do not allow


    # any other system to take over these roles!





    domain master = yes


    local master = yes


    preferred master = yes


    os level = 255





    # Perform domain authentication.





    security = user


    encrypt passwords = yes


    domain logons = yes


    


    # The location of user profiles for Windows NT/2000/XP.





    logon path = \\%L\profiles\%u\%m





    # Users' Windows home directories and storage of Win95/98/Me roaming profiles.





    logon drive = G:


    logon home = \\toltec\%u\.win_profile\%m





    # The following line is optional because


    # Samba always offers NetBIOS time service.


    # This causes it to also be advertised:





    time server = yes





    # The logon script used for all users,


    # Relative to [netlogon] share directory.





    logon script = logon.bat





    # The group identifying administrative users.


    # If you have domain users in the Domain Admins


    # group, use them here instead of "jay".





    domain admin group = root jay





    # For adding machine accounts automatically.


    # This example works on Linux. For other host


    # operating systems, you might need a different


    # command.





    add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u





    # Provide Microsoft Dfs support.





    host msdfs = yes





# The netlogon share is required for


# functioning as the primary domain controller.


# Make sure the directory used for the path exists.





[netlogon]


    path = /usr/local/samba/lib/netlogon


    writable = no


    browsable = no





# The profiles share is for storing


# Windows NT/2000/XP roaming profiles.


# Use your own path, and make sure


# the directory exists.





[profiles]


    path = /home/samba-ntprof


    writable = yes


    create mask = 0600


    directory mask = 0700


    browsable = no





[homes]


    comment = Home Directory


    browsable = no


    read only = no


    map archive = yes





# The Dfs share.


# Use your own path, making


# sure the directory exists.





[dfs]


    comment = Dfs share


    path = /usr/local/samba/dfs


    msdfs root = yes





# A shared directory, accessible by all domain users.


# Use your own share name and path.





[d]


    comment = %u's Home Directory


    path = /d


    create mask = 0700


    read only = no

See Chapter 4 for more information on configuring Samba as a primary domain controller, and see Chapter 8 for more information about setting up a Microsoft Dfs share.

Domain Member Server

In a domain that already has either a Samba PDC or Windows NT/2000 Server PDC, additional Samba servers can be added as domain member servers using the following configuration file:

[global]


    # Replace "mixtec" with the system's hostname.





    netbios name = mixtec





    # Replace "METRAN" with the name of your domain.





    workgroup = METRAN





    # Replace "172.16.1.1" with the


    # IP address of your WINS server.





    wins server = 172.16.1.1





    os level = 33


    


    security = domain


    encrypt passwords = yes


    password server = *





# Home directories.





[homes]


    comment = %u's Home Directory


    browsable = no


    read only = no


    map archive = yes





# This is an example printers


# share, which works for Linux.





[printers]


    printable = yes


    printing = BSD


    print command = /usr/bin/lpr -P%p %s


    path = /var/tmp


    min print space = 2000





# A shared directory, accessible by all domain users.


# Use your own share name and path.





[d]


    path = /d


    create mask = 0755


    read only = no

See Chapter 10 for more information on sharing printers with Samba.


TOC

© 2015 Host by Unixetc