出售域名!  关于Linux

Appendix A. Example Configuration Files

Earlier in this book, we provided information on how to set parameters inside the Samba configuration file, but rarely have we shown an example of a complete file that can actually be used to run a server. In this appendix, we provide examples of complete configuration files for running Samba in the various modes we've discussed. Using one of these examples, you can run Samba as a workgroup authentication server, workgroup server, primary domain controller, or domain member server.

We have kept the examples simple so that they have the most universal application. They can be used as starting templates, which you can easily modify to fit your own needs, to get a Samba server up and running with minimal delay. The comments inside the files indicate what needs to be changed, and how, to work on a particular system on your network.

Samba in a Workgroup

If your network is configured as a workgroup, adding a Samba server is pretty simple. Samba even lets you add features, such as user-level security and WINS, that would normally require an expensive Windows NT/2000 Server.

Samba in a Windows NT Domain

When operating in a Windows NT domain, Samba can act either as a primary domain controller or as a domain member server.

Primary Domain Controller

Setting up Samba as a primary domain controller is more complicated than the other configurations. However, the extra difficulty is offset by having a more secure network and additional features such as logon scripts and roaming profiles. In the following configuration file, we also include support for a Microsoft Dfs share:

[global]
    # Replace "toltec" with the hostname of your system.
    netbios name = toltec
    # Replace "METRAN" with the name of your Windows NT domain.
    workgroup = METRAN
    # Run a WINS server
    wins support = yes
    
    # Always act as the local master browser
    # and domain master browser.  Do not allow
    # any other system to take over these roles!
    domain master = yes
    local master = yes
    preferred master = yes
    os level = 255
    # Perform domain authentication.
    security = user
    encrypt passwords = yes
    domain logons = yes
    
    # The location of user profiles for Windows NT/2000/XP.
    logon path = \\%L\profiles\%u\%m
    # Users' Windows home directories and storage of Win95/98/Me roaming profiles.
    logon drive = G:
    logon home = \\toltec\%u\.win_profile\%m
    # The following line is optional because
    # Samba always offers NetBIOS time service.
    # This causes it to also be advertised:
    time server = yes
    # The logon script used for all users,
    # Relative to [netlogon] share directory.
    logon script = logon.bat
    # The group identifying administrative users.
    # If you have domain users in the Domain Admins
    # group, use them here instead of "jay".
    domain admin group = root jay
    # For adding machine accounts automatically.
    # This example works on Linux. For other host
    # operating systems, you might need a different
    # command.
    add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u
    # Provide Microsoft Dfs support.
    host msdfs = yes
# The netlogon share is required for
# functioning as the primary domain controller.
# Make sure the directory used for the path exists.
[netlogon]
    path = /usr/local/samba/lib/netlogon
    writable = no
    browsable = no
# The profiles share is for storing
# Windows NT/2000/XP roaming profiles.
# Use your own path, and make sure
# the directory exists.
[profiles]
    path = /home/samba-ntprof
    writable = yes
    create mask = 0600
    directory mask = 0700
    browsable = no
[homes]
    comment = Home Directory
    browsable = no
    read only = no
    map archive = yes
# The Dfs share.
# Use your own path, making
# sure the directory exists.
[dfs]
    comment = Dfs share
    path = /usr/local/samba/dfs
    msdfs root = yes
# A shared directory, accessible by all domain users.
# Use your own share name and path.
[d]
    comment = %u's Home Directory
    path = /d
    create mask = 0700
    read only = no

See Chapter 4 for more information on configuring Samba as a primary domain controller, and see Chapter 8 for more information about setting up a Microsoft Dfs share.


TOC

© 2015 Host by Unixetc