# Date: 16-04-2004
# Global parameters
# Notes on Mounting shares from other windows machine into linux /mnt
# Create a directory /mnt/muruga. It is good if you put the server name for mount
# Create a directory /mnt/muruga/sujatha. Its good if you put netbios name of machine you want to share
# In /etc/mtab put the following line given below
# //muruga/sujatha /mnt/muruga/sujatha smbfs 0 0
# In /etc/fstab put the following line given below
# //muruga/sujatha /mnt/muruga/sujatha smb username=padmaja,pas sword=pad, 0 0
# Now go to windows machine padmaja and make the c drive shareable with username and password as above.
# Did you know using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
; include = /etc/smb.conf.%m
# Do you know that you can mount harddisk share of other clients into linux share
#
# smbmount //sujatha/c /mnt/samba/ -o username=ramesh
#
# The above command will mount sujatha named netbios machine with share c into /mnt/samba/. The user name is
# share user name and it will prompt for a password
# Normally you can put this fstab
#//MS-SERVER-NAME/MS -Windows-Share /home/linux-user-id/ MS-SERVER-NAME/MS-Wi ndows-Share smbfs credentials=/home/li nux-user-id/.smbpass word,workgroup=MS-WI NDOWS-DOMAIN,uid=lin ux-user-id,gid=linux -user-group-name 0 0
# Some samba test
# testprns: Test printer access in samba
# smbprint: Print drom samba to samba printers
# smbrun: Run external programs from server
# nmblookup -B muruga __SAMBA__. You should get back the IP address of your Samba server.
# nmblookup -B ACLIENT '*' You should get the PC's IP address back. If you do not then the client software on
# the PC isn't installed correctly, or isn't started, or you got the name of the PC wrong.
# nmblookup -d 2 '*' .A number of NetBIOS/TCP/IP hosts on the network should respond.
# To send a popup message to window
# smbclient -M sujatha
# Hello this is from me
# Ctrl + d
[global]
# -------------------- - Start: Fine Tuning
; Reduce the overhead that Samba uses to scan for timeouts
change notify timeout = 300
; Open files with no connections are closed after 15 minutes
deadtime = 15
; Files that have UNIX permissions that prohibit access are hidden from users
hide unreadable = yes
; The root user and the wheel group are not allowed access
invalid users = root @wheel
; We want a minimum level of logging
log level = 1
; Again, all our clients are Windows XP
; min protocol = NT1
; All our computers are Windows XP
; lanman auth = no
; We're (mostly) on a Local Area Network, so these settings are appropriate
socket options = TCP_NODELAY SO_RCVBUF=8192 IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192
; We allow clients to set their clock to ours using the NET TIME parameter
time server = yes
; Uncommenting this willtell Samba to use a separate log file for each machine
; that connects. Good for testing.
;log file = /var/log/samba/log.% m
# -------------------- -- End: Fine Tuning
# -------------------- -- Start: Netbios & Workgroup setup
; netbios name can be different from unix host name
netbios name = MURUGA
; workgroup in windows terminology means windows domain
workgroup = STRADE
server string = Samba %v File Server
; Allow traffic on network interface
interfaces = 192.168.0.1/24 127.0.0.1/24
; Winpopup message handler
message command = csh -c 'xedit %s;rm %s' &
# -------------------- -- End: Netbios & Workgroup setup
# -------------------- -- Start: Password Authintication
; Use password authintication from smbpasswd
passdb backend = smbpasswd
; Updates passwd files if its changed in smbpasswd
unix password sync = Yes
; And use encrypted password. This may cause problems with som win95 and win98 first edition
encrypt passwords = yes
; Tell where is the command for password
passwd program = /usr/bin/passwd %u
; For the password change dialog for users. Not necessary.
passwd chat = *New*UNIX*password* %n *ReType*new*UNIX*pas sword* %n *passwd:*all*authent ication*tokens*updat ed*successfully*
# -------------------- -- End: Password Authintication
# -------------------- ----- Start: Primary Domain Related
; We don't want to compete for browse master elections - we win always
os level = 255
; Below mentioned codes are required if you want samba to act as a PDC for windows network
preferred master = yes
domain master = yes
local master = yes
security = user
; The code below are used for domain logon by clients
domain logons = yes
# -------------------- ------- End: Primary Domain Related
# -------------------- ----- Start: WINS Server Related
; This is all it needs to setup a wins server. If this server is acting as wins server
; then commend next two lines.
; wins server = 192.168.0.100
; Below line will force the server we have made as the name resolver even if there is a
; broadcast from another machine. Use this if WINS server is on another subnet. Otherwise
; the broadcast will reach the WINS server regardless of any proxying.
; wins proxy = yes
; Comment this section if this is not acting as a wins server. This should be commended if
; you enable the winserver option above. Only either of the one should be there.
wins support = yes
;This determines the order of name resolution for netbios
name resolve order = lmhosts hosts wins bcast
; If you have a dns and need to use that for name resolution then use below option
; dns proxy = yes
# -------------------- ----- End: WINS Server Related
# -------------------- ----- Start: Printing Configuration
; if you want to automatically load your printer list rather
; than setting them up individually then you'll need this
printcap name = /etc/printcap
load printers = no
# It should not be necessary to spell out the print system type unless
# yours is non-standard. Currently supported print systems include:
# bsd, sysv, plp, lprng, aix, hpux, qnx
printing = bsd
; Uncomment this if you want a guest account, you must add this to /etc/passwd
; otherwise the user "nobody" is used
; guest account = pcguest
# -------------------- ------- End: Printing Configuration
# -------------------- ------ Start:Important Security Related
bind interfaces only = True
interfaces = eth1 lo
; -- Security -- This sees to it that only allowed network are as said in hosts allow
hosts deny = All 0.0.0.0/0
hosts allow = 192.168.0.0/255.255. 255.0 127.0.0.1
; Fix Samba permissions so when you create a file/directory, the
; UNIX perms are correct too!
create mask = 0770
directory mask = 0750
invalid users = root bin daemon adm sync shutdown halt mail news uucp operator gopher
;------------------- ------- End :Important Security Related
; Now if we want a machine trust account which is necessary for winnt, win2000 and above we need below line
; It adds machine to the samba PDC automatically. I M P O R T A N T
add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/False -M %u
; The path shown as /usr/sbin/useradd should point to wherever your system stores the useradd program.
; This setting as shown will work on most GNU/Linux systems.
; You can create trusted machine accounts on your Samba PDC two ways. The first method is to create manually the
; password with a known value (such as the lower case netbios name of the machine) before you join the machine to
; the domain. The other method creates the trusted machine account when the admin joins the machine to the domain.
; This second method uses the session key of the administrative account as an encryption key for setting the
; password to a random value. The second method is much more secure than the first method, and is recommended.
; Currently, Samba requires a Linux user id from which a Microsoft Windows NT system id can be generated.
; For this reason, you'll need to add a configuration line to your smb.conf file if you want your Samba PDC to
; add Linux user ids on the fly when users access the server from a trusted machine. In your global settings of
; the smb.conf file, add the setting:
; To manually add a trusted machine account, you must first create an entry in your /etc/passwd file. For example,
; let's say you're adding the machine "elaine" manually to your domain. Using your favorite text editor as root,
; open your /etc/password file and create an entry that looks like this:
; elaine$:x:505:501:NT Machine:/dev/null:/b in/false
; The appended "$" to the user "Elaine" in the /etc/passwd entry signifies this as a machine account. The rest of
; the settings establish the account without a home directory and no shell access. Once you've created this entry,
; add the user to your smbpasswd file with the following command run as the superuser root:
; smbpasswd -s -m elaine
; You should then immediately join the machine to the domain with your NT Admin applet.
#logon path = \%Nprofiles%u
; This option specifies the drive letter on an NT client to which the home directory
; specified with the logon home option will be mapped.
; Note that this option will work with Windows NT clients only.
logon drive = H:
logon home = \%L%U.profile s
;logon path = \%Lprofiles%U
logon path = \%L%u
logon script = %U.bat
; into to be case insensitive for windows compatability
preserve case = yes
case sensitive = no
; We will use guest account to facilitate printing to a printer connected on windows machine
;Make sure to add the smbguest account to system's password file. Use command given below
# groupadd smbguest
# useradd smbguest -g smbguest -d /dev/null -s /bin/false
; Only now guest will work
#guest account = smbguest
[netlogon]
; To use the logon script, we need to have a share called netlogon on our server.
; Don't forget that the Unix directory shared this way must be readable and executable
; for all of the users.
comment = Logon scripts and policies
; The path of logon scripts for users or machine as per your choice
; This must be set up in the Win95 setup in the registry with ``remote update''
; and ``automatic path'' in the Network settings of the registry. This is where
; we put the Config.POL file and all those individual .bat files. Make sure the logon
; scripts (which will be kept in the directory specified in the [netlogon] section)
; use DOS-style line endings; a good way to ensure that is to use a DOS editor
; on a DOS system to create the files.
path = /export/samba/logon
public = no
writeable = no
browsable = no
[profiles]
# the default path is to use the user's home directory
path = /usr/samba/ntprofile
browsable = no
writeable = yes
create mask = 0600
directory mask = 0700
[IPC$]
; -- Security -- This sees to it that only allowed network IPC are as said in hosts allow
hosts allow = 192.168.0.0/24 127.0.0.1
hosts deny = 0.0.0.0/0
[printers]
# In some cases you will nee to chmod 4777 /var/spool/lpd/lp
comment = "Windows Printer"
path = /var/spool/lpd/samba
; If the above path does not work use the one below
;path = /var/spool/lpd/lp
read only = yes
#printcap name = /etc/printcap
printable = yes
public = no
writable = no
lpq command = /usr/bin/lpq -P%p
lprm command = /usr/bin/lprm -P%p %j
lppause command = /usr/sbin/lpc stop %p
lpresume command = /usr/sbin/lpc start %p
create mode = 0700
browseable = no
#load printers = yes
[fax]
comment = FAX (mgetty+sendfax)
path = /tmp
printable = yes
public = yes
writable = no
create mode = 0700
browseable = yes
guest ok = no
[homes]
;Normally dont use a homes share. Its better to create individual shares
comment = Home Directory of %u
browseable = no
; By default, the home directories are exported read only. Change next
; parameter to "no" if you want to be able to write to them.
read only = no
; File creation mask is set to 0700 for security reasons. If you want to
; create files with group=rw permissions, set next parameter to 0775.
create mask = 0700
; Directory creation mask is set to 0700 for security reasons. If you want to
;create dirs. with group=rw permissions, set next parameter to 0775.
directory mask = 0700
[narayanan]
comment = Narayanan's Home
path = /home/ramesh
read only = no
[ramesh]
comment = Ramesh's Home
path = /home/ramesh
read only = no
[ullas]
comment = T.Ullas's Home
path = /home/ullas
read only = no
[padmaja]
comment = Padmaja's Home
path = /home/padmaja
read only = no
[pattabi]
comment = Pattabi's Home
path = /home/pattabi
read only = no
[shreekant]
comment = Shreekant's Home
path = /home/shreekant
read only = no
[cdrom1]
comment = CD Writer in Server
path = /mnt/cdrom
public = yes
read only = yes
;you may need to use "root preexec/postexec
preexec = mount /mnt/cdrom1
postexec = umount /mnt/cdrom1
[cdrom]
fake oplocks = yes
comment = CD Drive in Server
path = /mnt/cdrom
public = yes
read only = yes
;you may need to use "root preexec/postexec
preexec = mount /mnt/cdrom
postexec = umount /mnt/cdrom
[accounting]
comment = Accounting Department Directory
writeable = yes
; The valid users who can access this directory are users of unix group accounting
valid users = @accounting
; Now there should be a directory for this section. Create it anywhere its safe. Apply these
; unix commands after the creation of directory.
; # chgrp account /home/samba/accounti ng. # chmod 770 /home/samba/accounti ng
path = /home/samba/accounti ng
create mode = 0660
directory mode = 0770
[ServerFloppy]
comment = Floppy Drive in the Server
path = /mnt/floppy
public = yes
read only = yes
;you may need to use "root preexec/postexec
preexec = mount /mnt/fd0 -t msdos /mnt/floppy
postexec = umount /mnt/floppy
[backup]
comment = Backup Folder
browseable = yes
read only = yes
path = /mnt/backup/
; The command below makes this read only share writable for stated users
write list = ramesh ullas
No comments:
Post a Comment