# Einfache Konfigurationsdatei für Debian GNU/Linux-Samba. # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentary and a ; for parts of the config file that you # may wish to enable # Zeilen mit ; oder # am Anfang werden als Kommentar gewertet # Hier dient # fuer Kommentare und ; für zuschaltbare Optionen # Wenn diese Datei modifiziert wurde, sollte immer mit # auf grundlegende Syntax-Errors gecheckt werden. #======================= Globale Einstellungen ======================= [global] ## Browsing/Identification ### # Arbeitsgruppenname muss gleich sein in allen Betriebssystemen workgroup = Heimnetz # so kann ein vom Linux-Hostnamen abweichener Samba-Servername definiert werden, max. 15 Zeichen netbios name = samba-hobbyraum # nur an dieses Netzwerk binden, dadurch kein Zugriff vom Internet, folgendes Format einhalten: # interfaces = Netzwerk/Netzwerkmaske localhost (127.0.0.1) ;24 ist Kurzform von 255.255.255.0 interfaces = 192.168.178.0/24 127.0.0.1 vmnet1 # fuer LUG Bautzen #interfaces = 192.168.1.0/24 127.0.0.1 vmnet1 bind interfaces only = yes # Samba soll den Namensdienst erhalten (höchste Prioritaet vor anderen (Windows)-Clients) os level = 254 # allg. Vorgabe der Dateirechte für neue Dateien (create mask) / Ordner (directory mask) # in oktaler Form, dreistellig (Besitzer/Gruppe/Andere) create mask = 644 directory mask = 755 # server string is the equivalent of the NT Description field # Windows Internet Name Serving Support Section: # WINS Support - Tells the NMBD component of Samba to enable its WINS Server ; wins support = no wins support = no ; Reihenfolge der Windows-Namensaufloesung festlegen name resolve order = wins bcast hosts # WINS Server - Tells the NMBD components of Samba to be a WINS Client # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both ; wins server = w.x.y.z # This will prevent nmbd to search for NetBIOS names through DNS. dns proxy = no # What naming service and in what order should we use to resolve host names # to IP addresses ; name resolve order = lmhosts host wins bcast #### Networking #### # The specific set of interfaces / networks to bind to # This can be either the interface name or an IP address/netmask; # interface names are normally preferred ; interfaces = 127.0.0.0/8 eth0 # Only bind to the named interfaces and/or networks; you must use the # 'interfaces' option above to use this. # It is recommended that you enable this feature if your Samba machine is # not protected by a firewall or is a firewall itself. However, this # option cannot handle dynamic or non-broadcast interfaces correctly. ; bind interfaces only = true #### Debugging/Accounting #### # This tells Samba to use a separate log file for each machine # that connects log file = /var/log/samba/log.%m # Put a capping on the size of the log files (in Kb). max log size = 1000 # If you want Samba to only log through syslog then set the following # parameter to 'yes'. ; syslog only = no # We want Samba to log a minimum amount of information to syslog. Everything # should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log # through syslog you should set the following parameter to something higher. syslog = 0 # Do something sensible when Samba crashes: mail the admin a backtrace panic action = /usr/share/samba/panic-action %d ####### Authentication ####### # "security = user" is always a good idea. This will require a Unix account # in this server for every user accessing the server. See # /usr/share/doc/samba-doc/htmldocs/Samba-HOWTO-Collection/ServerType.html # in the samba-doc package for details. security = user # You may wish to use password encryption. See the section on # 'encrypt passwords' in the smb.conf(5) manpage before enabling. encrypt passwords = true # If you are using encrypted passwords, Samba will need to know what # password database type you are using. passdb backend = tdbsam obey pam restrictions = yes ; guest account = nobody invalid users = root # This boolean parameter controls whether Samba attempts to sync the Unix # password with the SMB password when the encrypted SMB password in the # passdb is changed. ; unix password sync = no # For Unix password sync to work on a Debian GNU/Linux system, the following # parameters must be set (thanks to Ian Kahan < for # sending the correct chat script for the passwd program in Debian Sarge). passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* . # This boolean controls whether PAM will be used for password changes # when requested by an SMB client instead of the program listed in # 'passwd program'. The default is 'no'. ; pam password change = no ########## Domains ########### # Is this machine able to authenticate users. Both PDC and BDC # must have this setting enabled. If you are the BDC you must # change the 'domain master' setting to no # ; domain logons = yes # # The following setting only takes effect if 'domain logons' is set # It specifies the location of the user's profile directory # from the client point of view) # The following required a [profiles] share to be setup on the # samba server (see below) ; logon path = \\%N\profiles\%U # Another common choice is storing the profile in the user's home directory ; logon path = \\%N\%U\profile # The following setting only takes effect if 'domain logons' is set # It specifies the location of a user's home directory (from the client # point of view) ; logon drive = H: ; logon home = \\%N\%U # The following setting only takes effect if 'domain logons' is set # It specifies the script to run during logon. The script must be stored # in the [netlogon] share # NOTE: Must be store in 'DOS' file format convention ; logon script = logon.cmd # This allows Unix users to be created on the domain controller via the SAMR # RPC pipe. The example command creates a user account with a disabled Unix # password; please adapt to your needs ; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u #================ Printing == Drucken ============================== # If you want to automatically load your printer list rather # than setting them up individually then you'll need this ; load printers = yes # lpr(ng) printing. You may wish to override the location of the # printcap file ; printing = bsd ; printcap name = /etc/printcap # CUPS printing. See also the cupsaddsmb(8) manpage in the # cupsys-client package. ; ; printcap name = cups # When using [print$], root is implicitly a 'printer admin', but you can # also give this right to other users to add drivers and set printer # properties ; printer admin = @lpadmin ############ Misc ############ # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting ; include = /home/samba/etc/smb.conf.%m # Most people will find that this option gives better performance. # See smb.conf(5) and /usr/share/doc/samba-doc/htmldocs/speed.html # for details # You may want to add the following on a Linux system: # SO_RCVBUF=8192 SO_SNDBUF=8192 socket options = TCP_NODELAY # The following parameter is useful only if you have the linpopup package # installed. The samba maintainer and the linpopup maintainer are # working to ease installation and configuration of linpopup and samba. ; message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' & # Domain Master specifies Smax. 15 Zeichenamba to be the Domain Master Browser. If this # machine will be configured as a BDC (a secondary logon server), you # must set this to 'no'; otherwise, the default behavior is recommended. ; domain master = auto # Some defaults for winbind (make sure you're not using the ranges # for something else.) ; idmap uid = 10000-20000 ; idmap gid = 10000-20000 ; template shell = /bin/bash #======== Share Definitions == Freigabedefinitionen ================== # Un-comment the following (and tweak the other settings below to suit) # to enable the default home directory shares. This will share each # user's home directory as \\server\username # Freigabe des Home-Ordners - (des jeweils angemeldeten Users) [homes] comment = Home Directories # Zugriffsrechte für /home-Verzeichnis des jeweils angemeldeten Users # create mask = 400: nur User darf Dateien lesen create mask = 400 # directory mask = 500: nur User darf Ordner öffnen und lesen directory mask = 500 # browseable = yes zeigt Freigabe jedem, no nur dem User browseable = no # valid users = %S valid users = carsten, doreen # writable = no erlaubt nur Lesezugriff writable = no veto files = /.*/ # Freigabe der Ordner /home/samba/archiv und /home/samba/datentausch, Verzeichnisse # wurden für den Datenaustausch mit Windows angelegt, Name ist frei wählbar # Freigabe [archiv] mit Pfad [archiv] path = /home/samba/archiv # sonstige Nutzer durfen nicht zugreifen, anderenfalls guest ok = yes guest ok = no # Schreibzugriff erlaubt, sonst read only = yes read only = yes # keine Unterscheidung zwischen Groß- und Kleinbuchstaben case sensitive = no # Freigabe [datentausch] mit Pfad [datentausch] path = /home/samba/datentausch guest ok = no read only = no case sensitive = no # Freigabe von im Linux gemountetem USB-Stick [usbdisk] path = /media/usbdisk guest ok = yes read only = no case sensitive = no # Windows clients look for this share name as a source of downloadable # Windows-Clients schauen auf diese Freigabe wie auf eine Downloadquelle # printer drivers [print$] comment = Printer Drivers # Verzeichnis des PrintSpoolers path = /var/lib/samba/printers # Alle Cups-Drucker für Windows exportieren [printers] comment = Drucker path = /tmp create mask = 0700 printable = yes browsable = yes admin users = +adm, +admin