Samba configuration file Common parameters detailed-ok

Source: Internet
Author: User
Tags ldap

The main configuration file for Samba is called smb.conf, which is the default in the/etc/samba/directory. smb.conf contains multiple segments, each of which begins with a segment name, until the next name. Each segment name is placed in the middle of the square brackets. The format of each segment parameter is: name = refers to. A segment name and parameter in a single line in the configuration file, with the segment name and parameter name not case-sensitive. in addition to the [global] segment, all segments can be viewed as a shared resource. The segment name is the name of the shared resource, and the parameter in the segment is the attribute of the shared resource. after Samba is installed, use the Testparm command to test whether the smb.conf configuration is correct. Use the testparm–v command to list smb.conf supported configuration parameters in detail. Global Parameters:==================global Settings =================== [Global] config file =/usr/local/samba/lib/smb.conf.%mDescription: Config file allows you to overwrite the default profile with another configuration file. If the file does not exist, the entry is not valid. This parameter is useful to make the samba configuration more flexible and allows a samba server to emulate multiple servers with different configurations. For example, if you want the PC1 (hostname) computer to use its own configuration file when accessing Samba server, first/etc/samba/host/ Under PC1, configure a file named SMB.CONF.PC1, and then add: Config file =/etc/samba/host/smb.conf.%m in smb.conf. This allows smb.conf.%m to be replaced with SMB.CONF.PC1 when the PC1 request connects to Samba server. Thus, for PC1, the Samba service it uses is defined by SMB.CONF.PC1, while other machines accessing Samba server are still applying smb.conf. workgroup = WorkgroupDescription: Sets the workgroup or domain to be joined by Samba Server. Server string = Samba server Version%vDescription: Set a note for Samba Server, which can be any string or not. The macro%v indicates the version number of the samba that is displayed. NetBIOS name = SmbserverDescription: Sets the NetBIOS name of the samba server. If you do not, the first part of the server's DNS name is used by default. NetBIOS name and workgroup names are not set to the same. interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24Note: Set which network cards the Samba server listens to, write the NIC name, or write the IP address of the network card. The hosts allow = 127. 192.168.1.192.168.10.1Description: Represents a client that is allowed to connect to the Samba server, with multiple parameters separated by a space. Can be represented by an IP, or by a network segment. The hosts deny is just the opposite of the hosts allow. For example: Hosts allow=172.17.2.except172.17.2.50indicates that a host connection from 172.17.2.*.* is allowed, but excludes 172.17.2.50hosts allow=172.17.2.0/255.255.0.0indicates that all host connections from the 172.17.2.0/255.255.0.0 subnet are allowedhosts allow=m1,m2indicates that two computers from M1 and M2 are allowed to connecthosts [email protected]indicates that all computer connections from the XQ domain are allowed max connections = 0Description: Max connections is used to specify the maximum number of connections to the Samba server. If the number of connections is exceeded, the new connection request is rejected. 0 means no limit. deadtime = 0Description: Deadtime is used to set the time to disconnect a connection that does not have any files open. The unit is minutes, and 0 means Samba server does not automatically cut off any connections. Time Server = yes/noDescription: Time server is used to set up a nmdb to become a Windows client. log file =/var/log/samba/log.%mDescription: Sets the storage location and log file name of the Samba server log file. Add a macro%m (host name) after the file name to indicate that a log file is logged separately for each machine that accesses Samba server. If PC1 and PC2 have visited Samba Server, they will leave LOG.PC1 and log.pc2 two log files in the/var/log/samba directory. max log size =Description: Set the maximum capacity of the Samba server log file, in kb,0 for no limit. Security = UserDescription: A total of four authentication methods were set up to verify how users access Samba server. 1. share : user access to Samba server does not require a user name and password, and security can be low. 2. User:the Samba server shared directory can only be accessed by authorized users, and Samba server is responsible for checking the correctness of the account and password. The account number and password are to be established in this Samba server. 3. Server: relying on other Windows nt/2000 or Samba server to verify the user's account and password, is a proxy authentication. In this safe mode, the system administrator can centralize all Windows users and passwords on an NT system, use Windows NT for Samba authentication, the remote server can automatically authenticate all users and passwords, if authentication fails, Samba will use the user-level security mode as an alternative. 4. domain : zone security level, using the primary domain controller (PDC) to complete authentication. Passdb backend = TdbsamDescription: Passdb backend is the user backstage meaning. There are currently three types of backstage: SMBPASSWD, Tdbsam and Ldapsam. Sam should be a shorthand for Security account Manager (secure accounts management). 1.smbpasswd: This is the way to use SMB's own tool SMBPASSWD to give system users (realuser or virtual user) sets a samba password that the client uses to access samba resources. The smbpasswd file is in the/etc/samba directory by default, but it is sometimes created manually. 2.tdbsam : This method uses a database file to establish the user database. The database file is called Passdb.tdb, which is the default in the/etc/samba directory. The PASSDB.TDB user database can use Smbpasswd–a to build Samba users, but the samba user to be established must first be a system user. We can also use the pdbedit command to create a samba account. The parameters of the Pdbedit command are many, and we list several major ones. pdbedit–a Username: Create a new samba account. pdbedit–x Username: Delete Samba account. pdbedit–l: Lists the list of Samba users and reads the PASSDB.TDB database file. PDBEDIT–LV: Lists the details of the Samba user list. pdbedit–c "[D]" –u Username: suspend the Samba user's account. pdbedit–c "[]" –u username: Restore the Samba user's account. 3.ldapsam : This approach is based on the LDAP account management method to verify the user. Start by establishing the LDAP service and then setting "Passdb backend = Ldapsam:ldap://ldap Server" Encrypt passwords = Yes/noDescription: Whether to encrypt the authentication password. Because the Windows operating system now uses an encrypted password, it is generally important to turn it on. However, the configuration file is turned on by default. SMB passwd file =/etc/samba/smbpasswdDescription: The password file used to define the samba user. SMBPASSWD file if not, you need to create it manually. username map =/etc/samba/smbusersDescription: Used to define user name mappings, such as the ability to change root to Administrator, admin, and so on. However, it should be defined in the Smbusers file beforehand. For example: root = Administrator admin, so you can use the administrator or admin two users to replace the root of the samba Server, more close to the habit of Windows users. Guest account = NobodyDescription: Used to set the guest user name. Socket options = tcp_nodelay so_rcvbuf=8192 so_sndbuf=8192Description: The socket option used to set the session between the server and the client optimizes the transfer speed. Domain master = yes/noDescription: To set whether the Samba server will be the domain master browser, the domain master browser can manage browsing services across the subnet domain. Local master = yes/noDescription: The local master is used to specify whether Samba server is attempting to become the local domain master browser. If set to No, it will never become the local domain master browser. But even if set to Yes, it does not mean that the Samba server will become the master browser and will need to participate in the election. Preferred master = yes/noDescription: Setting up Samba server to force a master browser election is an opportunity to increase Samba server as the local domain master browser. If this parameter is specified as Yes, it is better to specify domain master as yes. When using this parameter, note that if other machines (whether Windows NT or other Samba server) are designated as primary master browsers on the same subnet as this Samba server, then these machines will be broadcast on the network because of contention for the master browser, affecting network performance. If there are multiple samba servers in the same area, set the above three parameters to one. OS level =Description: Sets the OS level for the Samba server. This parameter determines whether Samba server has the opportunity to become the master browser for the local domain. OS level from 0 to 255,winnt is 32,win95/98 OS level is 1. The OS level for Windows 2000 is 64. If set to 0, it means that Samba server will lose its browse selection. If you want to make Samba server the PDC, set its OS level to a larger value. Domain logons = yes/noDescription: Sets whether Samba server is to be a local domain controller. Both the primary domain controller and the backup domain controller need to be enabled. logon. =%u.batDescription: When the user logs in with a Windows client, Samba will provide a login file. If set to%u.bat, then provide a login file for each user. If people are more, it is more troublesome. Can be set to a specific file name, such as Start.bat, then the user login will go to execute start.bat, instead of setting a login file for each user. This file is to be placed under the directory path of the [Netlogon] path setting. wins support = Yes/noDescription: Sets whether the Samba server provides WINS services. WINS Server = WINS servers IP addressDescription: Sets whether Samba server provides WINS services using a different WINS server. wins proxy = yes/noDescription: Sets whether Samba server opens the WINS proxy service. DNS proxy = yes/noDescription: Sets whether Samba server turns on the DNS proxy service. Load printers = yes/noDescription: Sets whether the printer is shared when Samba is started. printcap name = CupsDescription: Sets the configuration file for the shared printer. printing = CupsDescription: Sets the type of samba shared printer. Now supported print systems are: BSD, SYSV, PLP, LPRng, AIX, Hpux, QNX Shared parameters:================== Share Definitions ================== [ share name] comment = arbitrary string Description: Comment is a description of the share, which can be any string. Path = shared directory path Description: Path is used to specify the paths to the shared directory. You can use a macro such as%u,%m instead of the NetBIOS name of the UNIX user and client in the path, and use a macro to represent the primary use of the [homes] shared domain. For example, if we do not intend to use the home segment as the customer's share, but in/home/share/for each Linux user with his user name to create a directory, as his shared directory, so that path can be written as: path =/home/share/%u;. When the user connects to this share the specific path will be replaced by his user name, note that the user name path must exist, otherwise, the client will not find the network path when accessing. Similarly, if we do not divide the directory by the user, but instead use the client to partition the directory, each machine that can access samba on the network has its own path to its NetBIOS name, and as a shared resource for different machines, it can be written as follows: Path =/home/share/%m. browseable = yes/noDescription: Browseable is used to specify whether the share can be browsed. writable = yes/noDescription: Writable is used to specify whether the shared path is writable. available = yes/noDescription: Available is used to specify whether the shared resource is available. Admin users = Manager of this share Description: The admin users use to specify the administrator for the share (with Full Control permissions on the share). In Samba 3.0, this entry is not valid if the user authentication method is set to "Security=share". For example: admin users =bobyuan,jane (separated by commas between multiple users). Valid users = Allow access to the shared user Description: The valid user is used to specify which users are allowed access to the shared resource. For example: Valid users = Bobyuan, @bob, @tech (multiple users or groups are separated by commas, if you want to join a group it is represented by the "@+ group name". ) Invalid users = prohibit access to the shared user Description: The invalid user is used to specify users who are not allowed to access the shared resource. For example: invalid users = root, @bob (separated by commas between multiple users or groups.) ) Write list = user allowed to write to the shareDescription: The Write list is used to specify the user who can write to the file under the share. For example: Write list = Bobyuan, @bob Public = yes/noDescription: Public is used to specify whether the share allows the Guest account access. Guest OK = yes/noDescription: Meaning is the same as "public". several special shares:[Homes]comment = Home directoriesbrowseable = nowritable = yesValid users =%s; Valid users = mydomain\%s[Printers]comment = all PrintersPath =/var/spool/sambabrowseable = noGuest OK = nowritable = noprintable = yes[Netlogon]comment = Network Logon ServicePath =/var/lib/samba/netlogonGuest OK = yeswritable = noShare modes = no[Profiles]Path =/var/lib/samba/profilesbrowseable = noGuest OK = yes

Samba profile Common parameters-ok

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.