Detailed samba configuration parameters

Detailed samba configuration parameters:

First, the global configuration parameters 

workgroup = WORKGROUP
Description: set a workgroup or domain Samba Server to be added.

server string = Samba Server Version% v
Description: Set Comment Samba Server, which can be any string, you can not fill. Macro% v represents the Samba version number is displayed.

netbios name = smbserver
Description: Sets the NetBIOS name of the Samba Server. If you do not fill, the default will use the first part of the server's DNS name. netbios name and workgroup name set to do the same.

interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
Description: Set Samba Server which monitor card, you can write the name of the card, you can also write the IP address of the network card.

. hosts allow = 127. 192.168.1 192.168.10.1
Description: indicates Samba Server allows connections to clients, a plurality of parameters separated by a space. IP can be a representation, you can also use a network representation. hosts deny and hosts allow just the opposite.
For example: hosts allow = 172.17.2.EXCEPT172.17.2.50
expressed from a host 172.17.2 * allowable connections, excluding 172.17.2.50.
The hosts the allow = 172.17.2.0 / 255.255.0.0
represents allowable from 172.17.2.0/255.255. 0.0 all hosts connected subnet
hosts allow = M1, M2
represents allowing M1 and M2 from two computers connected
hosts allow = @ pega
represents all permissible domain connected computers from pega

max connections = 0
Description: max connections used to specify the maximum number of connection Samba Server. If the number exceeds the connection, the new connection request will be denied. 0 means no limit.

deadtime = 0
Description: deadtime is used to set a cut off time is not connected to any open file. In minutes, 0 for Samba Server does not automatically cut off any connection.

time server = yes / no
Description: time server to be used to set the time to make nmdb server windows client.

log file = /var/log/samba/log.%m
Description: Sets the storage location and the log file name Samba Server log file. After the file name plus macro% m (host name), he told each visit Samba Server machines are recording a single log file. If pc1, pc2 visited Samba Server, will leave log.pc1 and log.pc2 two log files in / var / log / samba directory.

max log size = 50
Description: Sets the maximum capacity Samba Server log file, in units of kB, 0 means unlimited.

security = user
instructions: set user access authentication Samba Server, and a total of four authentication methods.
1. share: user access Samba Server does not require a user name and password, low safety performance.
2. user: Samba Server shared directory can only authorized users access the Samba Server is responsible for checking the correctness of the account number and password. Account and password to be established in the Samba Server in.
3. server: relying on other Windows NT / 2000 or Samba Server to verify the user's account and password, and a proxy authentication. In this safe mode, the system administrator can put all the Windows users and passwords to focus on an NT system, use Windows NT authentication carried out Samba, the remote server can automatically authenticate all users and password, if authentication fails, the user-level Samba safe mode as an alternative way.
4. domain: domain security level, using the primary domain controller (PDC) to perform authentication.

passdb backend = tdbsam
Description: passdb backend user backend is the meaning. There are three backend: smbpasswd, tdbsam and ldapsam. sam should be the security account manager (Security Accounts Manager) shorthand.
1.smbpasswd: The way is to use smb own tools smbpasswd to set up a resource Samba password, the client will use this password to access Samba to system users (real users or virtual users). smbpasswd files by default in the / etc / samba directory, but sometimes you want to manually set up the file.
2.tdbsam: The way is to use a database file to build the user database. Database file called passdb.tdb, by default in / etc / samba directory. passdb.tdb smbpasswd -a user database can be used to create a Samba user, but to establish a Samba user must first users of the system. We can also use Samba pdbedit command to create an account. Many parameters pdbedit command, we list a few major.
　　pdbedit -a username: New Samba account.
　　pdbedit -x username: Delete Samba account.
　　pdbedit -L: lists the Samba user list, read passdb.tdb database files.
　　pdbedit -Lv: Detailed Samba user list of lists.
　　pdbedit -c "[D]" -u username: Samba suspend the user's account.
　　pdbedit -c "[]" -u username : Samba restore the user's account.
3.ldapsam: The way is LDAP-based account management to authenticate users. First, to establish the LDAP service, and then set the "passdb backend = ldapsam: ldap: // LDAP Server"

encrypt passwords = yes / no
Description: Whether the authentication password. Because now the windows operating system is using encrypted passwords, it is generally open to this. However, the default configuration file is turned on.

smb passwd file = / etc / samba / smbpasswd
Description: samba used to define the user password file. smbpasswd file if it does not want to create a new manual.

username map = / etc / samba / smbusers
Description: User name used to define a mapping, such as root may be replaced by administrator, admin like. However, to be defined first in smbusers file. For example: root = administrator admin, so you can use both administrator or admin user to replace the root landing Samba Server, closer to the windows user habits.

guest account = nobody
instructions: to set the guest user name.

socket options = TCP_NODELAY SO_RCVBUF = 8192 SO_SNDBUF = 8192
Description: Set Socket Option for the session between the server and the client, the transmission speed can be optimized.

domain master = yes / no
Description: Set whether Samba server to be the domain master browser domain master browser can manage across subdomains browsing service.

local master = yes / no
Description: local master used to specify whether Samba Server attempt to become the local domain master browser. If set to no, it will never become a local domain master browser. But even if set to yes, it does not mean that the Samba Server can become the master browser, you also need to participate in the elections.

preferred master = yes / no
Description: Samba Server set a boot on the master browser forces an election, you can improve the Samba Server to be a local domain master browser chance. If this parameter is specified as yes, it is best to also specify the domain master to yes. Pay attention when using this parameter: If there are other machines (either windows NT or other Samba Server) located in subnet this Samba Server can also be specified when the primary master browser, because these machines will compete for the main browsers Daihatsu broadcast on the network, affecting network performance.
If you have multiple Samba Server within the same area, the above three parameters are set in a can.

os level = 200
Description: Sets the os level samba server. This parameter determines whether Samba Server have the opportunity to become the master browser local domain. os level from 0 to 255, winNT the os level is 32, os level win95 / 98 is 1. Windows 2000-os level is 64. If set to 0, it means that Samba Server will lose browsing options. If you want to become Samba Server PDC, then it's os level value is set larger.

domain logons = yes / no
Description: Set whether to do Samba Server-based domain controller. Primary domain controller and backup domain controllers need to enable this.

logon script =% u.bat
Description: When users log in with windows client, Samba will provide a landing gear. If set to% u.bat, then it would have to provide a landing gear for each user. If more people, it would be too much trouble. Can be set to a specific file name, such as start.bat, then the user will log in to perform start.bat, without setting a login profile for each user. To be placed in this document [Netlogon] directory path path provided.

wins support = yes / no
Description: samba server is set up to provide services wins.

wins server = wins server IP address
Description: Set whether Samba Server using other wins wins server service.

wins proxy = yes / no
Description: Set whether to open wins Samba Server Agent service.

dns proxy = yes / no
Description: Set whether to open dns Samba Server Agent service.

load printers = yes / no
Description: Set whether Samba when you start to share the printer.

printcap name = cups
Description: Sets the shared printer configuration file.

printing = cups
Description: Sets the type Samba shared printer. Now supports the printing system: bsd, sysv, plp, lprng , aix, hpux, qnx

Second, the share configuration parameters:

Share Definitions ================== ================== #
[Share name]

comment = any string
Description: comment is the description of a shared, can be any string.

path = path shared directory
Description: path Specifies the path to the shared directory. U% can be used, instead of the path of such macro% m in the Netbios unix user name and the client, using the macro to a main [Homes] shared domain. For example: If we do not intend to use the home as a customer segment share, but in the / home / share / under for each Linux user with his user name to build a directory, as he shared directory, this path can be written as: path = / home / share /% u;. Users connect to a specific shared path when it will be replaced by his user name, user name should pay attention to this path must exist. Otherwise, the client will not be found when accessing the network path. Similarly, if we are not in the user directory to divide, but to the client to divide directory on your network can access each samba machines are each to build a path to its netbios name, as different machines to share resources, to can be written: path = / home / share / % m.

browseable = yes / no
Description: browseable used to specify whether the shares can browse.

writable = yes / no
Description: writable shared path used to specify whether the writable.

available = yes / no
Description: available specifying whether the shared resource is available.

admin users = the shared manager
Description: admin users to specify the shared administrator (the shared have full control). In samba 3.0, if the user authentication mode set to "security = share", this invalid.
For example: admin users = david, sandy (a plurality of users separated by commas).

valid users = allow users to access the shared
Description: valid users to specify a user permitted to access the shared resource.
For example: valid users = david, @ dave , @ tech ( intermediate groups or a plurality of users separated by commas, if you want to join a group with a "group name @", respectively.)

invalid users = blocks access to the shared user
instructions: invalid users to specify a user allowed to access the shared resource.
For example: invalid users = root, @ bob ( a plurality of users or groups, separated by commas.)

write list = allow writing the shared user
instructions: write list to specify the user can write a file in the share.
For example: write list = david, @ dave

public = yes / no
DESCRIPTION: public share used to specify whether to allow the guest account access.

guest ok = yes / no
Note: the same meaning as "public".