1:[global] 2: workgroup = <domain-name> 3: netbios name = <name> 4: server string = <name> 5: time server = yes 6: domain logons = yes 7: domain master = yes 8: domain admin group = root 9: logon path = \\slyph\profiles\%U 10: logon home = \\%L\%U 11: logon script = logon.bat 12: os level = 255 13: local master = yes 14: preferred master = yes 15: wins support = yes 16: dns proxy = yes 17: security = user 18: encrypt passwords = Yes 19: smb passwd file = /etc/samba/smbpasswd 20: kernel oplocks = no 21: hide dot files = yes 22: create mask = 0700 23: directory mask = 0700 24: log file = /var/log/samba/%m.log 25: max log size = 10 26: socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 |
2 | The name you want to use for your domain |
3,4 | The name for your machine and any description you want to give it |
5 | If you want windows clients to be able to synchronize time with your server |
6,7 | Needed for the PDC functionality |
8 | The group which has all the domain administrator usernames |
9 | Where your users roaming profiles are kept. Not used if you do not use profiles |
10 | Each users home directory |
11 | This is logon script executed upon logon, if you want to customize it per user, use %U.bat |
12,13,14 | These are required to make the server the domain and browser master in your network |
15 | This makes your server a WINS master server |
16 | This helps in network browsing by clients |
17 | This means that your share security will be dictated by the username provided |
18,19 | This needed to for security and to state where your smbpasswd file is |
20-26 | General Samba options I have found useful |
1:[homes] 2: comment = Home Directories 3: path = %H 4: valid users = %S root 5: force user = %S 6: browseable = no 7: writable = yes 8: create mode = 0600 9: directory mode = 0700 |
1 | The share name, very important as this is how it will be known to be accessed |
2 | Just a comment for the share |
3 | The folder on the server the share points to. %H is the home directory associated with the username by the server |
4 | This lists who can access the server, in this case %S is the user and root is the admin group |
5 | Forces any access to be viewed as from the stated user |
6 | Not normally browseable by windows clients |
7 | Self-explanatory, this share can be written to |
8,9 | Specifies the mask used when creating new files or directories |
1:[netlogon] 2: comment = Network Logon Service 3: path = /var/local/netlogon 4: admin users = root 5: guest ok = Yes 6: browseable = No 7: writable = No 8: share modes = no 9: 10:[profiles] 11: path = /var/local/profiles 12: browseable = no 13: writable = yes 14: guest ok = yes |
1,10 | The share names. These are particularly important as they dictate the function |
3,11 | The physical directory on the server the shares access. Make sure they exist before use with proper user rights |
4 | Obviously you only want the administrators to have write access here |
5,14 | This is to allow anyone access to the shares |
6,12 | This means that the shares are not normally browseable |
# # The first value passed is the user name # The second value passed is the password # Example: ./add-user john longpassword # UADD=/usr/sbin/useradd SADD=/usr/bin/smbpasswd PWD=/usr/bin/passwd GID=5001 HOME=/home $UADD -g $GID -d $HOME/$1 -m $1 echo $2 | $PWD $1 --stdin $SADD -a $1 $2 |
# # The first value passed is the pc name # The dollar sign is very important # Example: ./add-pc bobpc$ # UADD=/usr/sbin/useradd SADD=/usr/bin/smbpasswd GID=6001 HOME=/dev/null SHLL=/dev/null $UADD -g $GID -d $HOME -s $SHLL $1 NAME=`echo $1 | cut -f 1 -d "$"` $SADD -am $1 |