Samba’s main configuration file is /etc/samba/smb.conf
The main configuration file consists of two parts
Global Settings (lines 55-245)
These settings are all options related to the overall operating environment of the Samba service, and its setting items are for all shared resources.
Share Definitions (246-tailing)
This setting is for the individual settings of the shared directory and only affects the current shared resources.
Global parameters:
#==================Global Settings ===================
[global]
config file = /usr/local/samba/lib/smb.conf.%m
Description: config file allows you to use another configuration file to override the default configuration file. If the file does not exist, this entry has no effect. This parameter is very useful and can make the Samba configuration more flexible, allowing one Samba server to simulate multiple servers with different configurations. For example, if you want PC1 (host name) to use its own configuration file when accessing Samba Server, first configure a file named smb.conf.pc1 for PC1 under /etc/samba/host/. Then add: config file = /etc/samba/host/smb.conf.%m to smb.conf. In this way, when PC1 requests to connect to the Samba Server, smb.conf.%m is replaced by smb.conf.pc1. In this way, for PC1, the Samba service it uses is defined by smb.conf.pc1, while other machines still use smb.conf to access the Samba Server.
workgroup = WORKGROUP
Description: Set the workgroup or domain that Samba Server wants to join.
server string = Samba Server Version %v
Description: Set the comment of Samba Server, which can be any string or left blank. The macro %v indicates the Samba version number.
netbios name = smbserver
Description: Set the NetBIOS name of Samba Server. If left blank, the first part of the server's DNS name will be used by default. Do not set the netbios name and workgroup name to be the same.
interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
Description: Set which network cards Samba Server listens to. You can write the network card name or the IP address of the network card.
hosts allow = 127. 192.168.1. 192.168.10.1
Description: Indicates that clients are allowed to connect to Samba Server. Multiple parameters are separated by spaces. It can be represented by an IP or a network segment. hosts deny is just the opposite of hosts allow.
For example: hosts allow=172.17.2.EXCEPT172.17.2.50
means that host connections from 172.17.2.* are allowed, but 172.17.2.50 is excluded.
hosts allow=172.17.2.0/255.255.0.0
means that connections from 172.17.2.0/255.255 are allowed. All hosts in the 0.0 subnet are connected
hosts allow=M1, M2
means that two computers from M1 and M2 are allowed to connect
hosts allow=@pega
means that all computers from the pega domain are allowed to connect.
max connections = 0
Description: max connections is used to specify the maximum number of connections to Samba Server. If the number of connections is exceeded, new connection requests will be rejected. 0 means no limit.
deadtime = 0
Description: deadtime is used to set the time to disconnect a connection that does not open any files. The unit is minutes, 0 means that Samba Server will not automatically cut off any connections.
time server = yes/no
Description: time server is used to set nmdb to become the time server of the windows client.
log file = /var/log/samba/log.%m
Description: Set the storage location and log file name of the Samba Server log file. Add a macro %m (host name) after the file name to record a separate log file for each machine that accesses Samba Server. If pc1 and pc2 have accessed Samba Server, two log files, log.pc1 and log.pc2, will be left in the /var/log/samba directory.
max log size = 50
Description: Set the maximum capacity of the Samba Server log file in kB, 0 means no limit.
security = user
description: Set the authentication method for users to access Samba Server. There are four authentication methods in total.
1. share: Users do not need to provide a user name and password to access Samba Server, and the security performance is low.
2. user: The Samba Server shared directory can only be accessed by authorized users. Samba Server is responsible for checking the correctness of the account and password. The account and password must be established in this Samba Server.
3. Server: Relying on other Windows NT/2000 or Samba Server to verify the user's account and password, which is a kind of proxy verification. In this security mode, the system administrator can centralize all Windows users and passwords on an NT system and use Windows NT for Samba authentication. The remote server can automatically authenticate all users and passwords. If authentication fails, Samba will use user level Safe mode as an alternative.
4. domain: domain security level, using the primary domain controller (PDC) to complete authentication.
passdb backend = tdbsam
Description: passdb backend means user backend. There are currently three backends: smbpasswd, tdbsam and ldapsam. SAM should be the abbreviation of security account manager.
1.smbpasswd: This method uses smb's own tool smbpasswd to set a Samba password for the system user (real user or virtual user), and the client uses this password to access Samba resources. The smbpasswd file is in the /etc/samba directory by default, but sometimes the file needs to be created manually.
2.tdbsam: This method uses a database file to create a user database. The database file is called passdb.tdb and is located in the /etc/samba directory by default. The passdb.tdb user database can use smbpasswd –a to create a Samba user, but the Samba user to be created must first be a system user. We can also use the pdbedit command to create a Samba account. The pdbedit command has many parameters, we list a few main ones.
pdbedit –a username: Create a new Samba account.
pdbedit –x username: Delete the Samba account.
pdbedit –L: List the Samba user list and read the passdb.tdb database file.
pdbedit –Lv: List details of the Samba user list.
pdbedit –c “[D]” –u username: Suspend the Samba user’s account.
pdbedit –c “[]” –u username: Restore the Samba user’s account.
3.ldapsam: This method is based on the LDAP account management method to authenticate users. First, establish the LDAP service, and then set "passdb backend = ldapsam:ldap://LDAP Server"
encrypt passwords = yes/no
Description: Whether to encrypt the authentication password. Because the current Windows operating system uses encrypted passwords, this option is generally turned on. However, the configuration file is enabled by default.
smb passwd file = /etc/samba/smbpasswd
Description: Used to define the password file of the samba user. If the smbpasswd file does not exist, you must create it manually.
username map = /etc/samba/smbusers
Description: used to define user name mapping, for example, root can be replaced with administrator, admin, etc. But it must be defined in the smbusers file in advance. For example: root = administrator admin, so you can use administrator or admin to log in to Samba Server instead of root, which is closer to the habits of Windows users.
guest account = nobody
Description: Used to set the guest username.
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
Description: Used to set the Socket options for the session between the server and the client, which can optimize the transmission speed.
domain master = yes/no
Description: Set whether the Samba server should become the domain master browser. The domain master browser can manage browsing services across subdomains.
local master = yes/no
Description: local master is used to specify whether Samba Server attempts to become the local domain master browser. If set to no, it will never become the local domain master browser. But even if it is set to yes, it does not mean that the Samba Server can become the master browser and needs to participate in the election.
preferred master = yes/no
Description: Setting Samba Server to force a master browser election as soon as it is started can increase the chance of Samba Server becoming the master browser of the local domain. If this parameter is specified as yes, it is best to specify the domain master as yes. Please note when using this parameter: If there are other machines (whether Windows NT or other Samba Server) in the subnet where this Samba Server is located, they are also designated as the primary master browser, then these machines will compete for the master browser. Broadcasting on the network affects network performance.
If there are multiple Samba Servers in the same area, just set the above three parameters to one.
os level = 200
Description: Set the os level of the samba server. This parameter determines whether Samba Server has the opportunity to become the master browser of the local domain. The os level ranges from 0 to 255. The os level of winNT is 32 and the os level of win95/98 is 1. The os level of Windows 2000 is 64. If set to 0, it means that Samba Server will lose browsing selection. If you want Samba Server to become a PDC, set its os level value larger.
domain logos = yes/no
Description: Set whether Samba Server should be used as a local domain controller. Both the primary domain controller and the backup domain controller need to turn this on.
logon script = %u.bat
Description: When the user logs in using a windows client, Samba will provide a login file. If set to %u.bat, a login file must be provided for each user. If there are more people, it will be more troublesome. It can be set to a specific file name, such as start.bat, then start.bat will be executed after the user logs in, instead of setting a login file for each user. This file should be placed in the directory path set by the path of [netlogon].
wins support = yes/no
Description: Set whether the samba server provides wins service.
wins server = wins server IP address
Description: Set whether Samba Server uses other wins servers to provide wins services.
wins proxy = yes/no
Description: Set whether Samba Server opens the wins proxy service.
dns proxy = yes/no
Description: Set whether Samba Server enables the dns proxy service.
load printers = yes/no
Description: Set whether to share printers when starting Samba.
printcap name = cups
Description: Set the configuration file of the shared printer.
printing = cups
Description: Set the type of Samba shared printer. Currently supported printing systems are: bsd, sysv, plp, lprng, aix, hpux, qnx
Shared parameters:
#================== Share Definitions ==================
[share name]
comment = any string
Note: comment is a description of the share and can be any string.
path = shared directory path
Description: path is used to specify the path of the shared directory. You can use macros such as %u and %m to replace the Netbios name of the unix user and client in the path. The macro representation is mainly used for the [homes] shared domain. For example: If we do not plan to use the home segment as a customer share, but create a directory for each Linux user with his user name under /home/share/ as his shared directory, then the path can be written as: path = /home/share/%u; . When a user connects to this share, the specific path will be replaced by his user name. Please note that this user name path must exist, otherwise, the client will not be able to find the network path when accessing. Similarly, if we divide the directory not by users, but by clients, and create a path with its netbios name for each machine on the network that can access Samba, as a shared resource for different machines, then You can write it like this: path = /home/share/%m.
browseable = yes/no
Description: browseable is used to specify whether the share can be browsed.
writable = yes/no
Description: writable is used to specify whether the shared path is writable.
available = yes/no
Description: available is used to specify whether the shared resource is available.
admin users = administrator of the share
Description: admin users is used to specify the administrator of the share (has full control permissions on the share). In Samba 3.0, if the user authentication method is set to "security=share", this item is invalid.
For example: admin users =david,sandy (separate multiple users with commas).
valid users = users allowed to access the share
Description: valid users is used to specify users allowed to access the shared resource.
For example: valid users = david, @dave, @tech (multiple users or groups are separated by commas. If you want to join a group, use "@group name".)
invalid users = users who are prohibited from accessing the share.
Description: invalid users is used to specify users who are not allowed to access the shared resources.
For example: invalid users = root, @bob (multiple users or groups are separated by commas.)
write list = users allowed to write to the share
Description: write list is used to specify users who can write files under the share.
For example: write list = david,@dave
public = yes/no
Description: public is used to specify whether the share is allowed to be accessed by the guest account.
guest ok = yes/no
Description: The meaning is the same as "public".
Several special shares:
[homes]
comment = Home Directories
browseable = no
writable = yes
valid users = %S
; valid users = MYDOMAIN\%S
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = yes
writable = no
share modes = no
[Profiles]
path = /var/lib/samba/profiles
browseable = no
guest ok = yes
After Samba is installed, use the testparm command to test whether the smb.conf configuration is correct. Use the testparm -v command to list the configuration parameters supported by smb.conf in detail.