--- /dev/null
+<html>
+<body bgcolor="#ffffff">
+
+<img src="samba2_xs.gif" border="0" alt=" " height="100" width="76"
+hspace="10" align="left" />
+<h1 class="head0">Appendix A. Example Configuration Files</h1>
+
+
+<p>Earlier in this book, we provided information on how to set
+parameters inside the Samba configuration file, but rarely have we
+shown an example of a complete file that can actually be used to run
+a server. In this appendix, we provide examples of complete
+configuration files for running Samba in the various modes
+we've discussed. Using one of these examples, you
+can run Samba as a workgroup authentication server, workgroup server,
+primary domain controller, or domain member server.</p>
+
+<p>We have kept the examples simple so that they have the most universal
+application. They can be used as starting templates, which you can
+easily modify to fit your own needs, to get a Samba server up and
+running with minimal delay. The comments inside the files indicate
+what needs to be changed, and how, to work on a particular system on
+your network.</p>
+
+
+
+<div class="sect1"><a name="samba2-APP-A-SECT-1"/>
+
+<h2 class="head1">Samba in a Workgroup</h2>
+
+<p>If your network is configured as a workgroup, adding a Samba server
+is pretty simple. Samba even lets you add features, such as
+user-level security and WINS, that would normally require an
+expensive Windows NT/2000 Server.</p>
+
+
+<div class="sect2"><a name="samba2-APP-A-SECT-1.1"/>
+
+<h3 class="head2">Authentication and WINS Server</h3>
+
+<p>In a workgroup environment, Samba can be set up with share-level
+security and without offering WINS name service. This works and is
+simple, but we generally recommend that user-level security be
+enabled to allow Windows 95/98/Me systems to make use of it. Also, it
+only takes a single parameter to enable Samba as a WINS server,
+resulting in far better network efficiency.
+<a name="INDEX-1"/><a name="INDEX-2"/><a name="INDEX-3"/>Here is the configuration file
+that does it:</p>
+
+<blockquote><pre class="code">[global]
+ # replace "toltec" with your system's hostname
+
+ netbios name = toltec
+
+ # replace "METRAN" with the name of your workgroup
+
+ workgroup = METRAN
+
+ security = user
+ encrypt passwords = yes
+
+ # Run a WINS server
+
+ wins support = yes
+
+ # The following three lines ensure that the Samba
+ # server will maintain the role of master browser.
+ # Make sure no other Samba server has its OS level
+ # set higher than it is here.
+
+ local master = yes
+ preferred master = yes
+ os level = 65
+
+# Make home directories on the server available to users.
+
+[homes]
+ comment = %u's Home Directory
+ browsable = no
+ read only = no
+ map archive = yes
+
+# This is a shared directory, accessible by all
+# users. Use your own share name and path.
+
+[d]
+ path = /d
+ create mask = 0700
+ read only = no</pre></blockquote>
+
+<p>Generally, you will use a configuration file similar to this one when
+<a name="INDEX-4"/><a name="INDEX-5"/>adding your first Samba server to the
+workgroup.</p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-APP-A-SECT-1.2"/>
+
+<h3 class="head2">Workgroup Server</h3>
+
+<p><a name="INDEX-6"/><a name="INDEX-7"/>Things are a
+little different if another system—either a Samba server or
+Windows NT/2000 server—is already handling WINS and/or
+authentication. In this case, Samba is configured to use that server
+for WINS. Here is a configuration file that does this:</p>
+
+<blockquote><pre class="code">[global]
+ # replace "mixtec" with your system's hostname
+
+ netbios name = mixtec
+
+ # replace "METRAN" with your workgroup name
+
+ workgroup = METRAN
+
+ security = user
+ encrypt passwords = yes
+
+ # Replace "172.16.1.1" with the IP address
+ # of your WINS server. If there is none,
+ # omit this line.
+
+ wins server = 172.16.1.1
+
+ # The OS level is set to 17 to allow
+ # this system to win over all Windows
+ # versions, but not the Samba server
+ # that uses the configuration file
+ # in the previous section.
+
+ os level = 17
+
+[homes]
+ comment = %u's Home Directory
+ browsable = no
+ read only = no
+
+# This is a shared directory, accessible by all
+# users. Use your own share name and path.
+
+[d]
+ path = /d
+ create mask = 0700
+ read only = no</pre></blockquote>
+
+<p>Once you have a server in your workgroup handling authentication and
+WINS, this is the configuration file to use when adding additional
+Samba servers to the workgroup.</p>
+
+
+</div>
+
+
+</div>
+
+
+
+<div class="sect1"><a name="samba2-APP-A-SECT-2"/>
+
+<h2 class="head1">Samba in a Windows NT Domain</h2>
+
+<p>When operating in a Windows NT domain, Samba can act either as a
+primary domain controller or as a domain member server.</p>
+
+
+<div class="sect2"><a name="samba2-APP-A-SECT-2.1"/>
+
+<h3 class="head2">Primary Domain Controller</h3>
+
+<p><a name="INDEX-8"/><a name="INDEX-9"/>Setting up Samba as a primary domain
+controller is more complicated than the other configurations.
+However, the extra difficulty is offset by having a more secure
+network and additional features such as logon scripts and roaming
+profiles. In the following configuration file, we also include
+support for a Microsoft Dfs share:</p>
+
+<blockquote><pre class="code">[global]
+ # Replace "toltec" with the hostname of your system.
+
+ netbios name = toltec
+
+ # Replace "METRAN" with the name of your Windows NT domain.
+
+ workgroup = METRAN
+
+ # Run a WINS server
+
+ wins support = yes
+
+ # Always act as the local master browser
+ # and domain master browser. Do not allow
+ # any other system to take over these roles!
+
+ domain master = yes
+ local master = yes
+ preferred master = yes
+ os level = 255
+
+ # Perform domain authentication.
+
+ security = user
+ encrypt passwords = yes
+ domain logons = yes
+
+ # The location of user profiles for Windows NT/2000/XP.
+
+ logon path = \\%L\profiles\%u\%m
+
+ # Users' Windows home directories and storage of Win95/98/Me roaming profiles.
+
+ logon drive = G:
+ logon home = \\toltec\%u\.win_profile\%m
+
+ # The following line is optional because
+ # Samba always offers NetBIOS time service.
+ # This causes it to also be advertised:
+
+ time server = yes
+
+ # The logon script used for all users,
+ # Relative to [netlogon] share directory.
+
+ logon script = logon.bat
+
+ # The group identifying administrative users.
+ # If you have domain users in the Domain Admins
+ # group, use them here instead of "jay".
+
+ domain admin group = root jay
+
+ # For adding machine accounts automatically.
+ # This example works on Linux. For other host
+ # operating systems, you might need a different
+ # command.
+
+ add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u
+
+ # Provide Microsoft Dfs support.
+
+ host msdfs = yes
+
+# The netlogon share is required for
+# functioning as the primary domain controller.
+# Make sure the directory used for the path exists.
+
+[netlogon]
+ path = /usr/local/samba/lib/netlogon
+ writable = no
+ browsable = no
+
+# The profiles share is for storing
+# Windows NT/2000/XP roaming profiles.
+# Use your own path, and make sure
+# the directory exists.
+
+[profiles]
+ path = /home/samba-ntprof
+ writable = yes
+ create mask = 0600
+ directory mask = 0700
+ browsable = no
+
+[homes]
+ comment = Home Directory
+ browsable = no
+ read only = no
+ map archive = yes
+
+# The Dfs share.
+# Use your own path, making
+# sure the directory exists.
+
+[dfs]
+ comment = Dfs share
+ path = /usr/local/samba/dfs
+ msdfs root = yes
+
+# A shared directory, accessible by all domain users.
+# Use your own share name and path.
+
+[d]
+ comment = %u's Home Directory
+ path = /d
+ create mask = 0700
+ read only = no</pre></blockquote>
+
+<p>See <a href="ch04.html">Chapter 4</a> for more information on configuring
+Samba as a primary domain controller, and see <a href="ch08.html">Chapter 8</a> for more information about setting up a
+Microsoft Dfs share. <a name="INDEX-10"/><a name="INDEX-11"/></p>
+
+
+</div>
+
+
+<div class="sect2"><a name="samba2-APP-A-SECT-2.2"/>
+
+<h3 class="head2">Domain Member Server</h3>
+
+<p><a name="INDEX-12"/><a name="INDEX-13"/>In a domain that
+already has either a Samba PDC or Windows NT/2000 Server PDC,
+additional Samba servers can be added as domain member servers using
+the following configuration file:</p>
+
+<blockquote><pre class="code">[global]
+ # Replace "mixtec" with the system's hostname.
+
+ netbios name = mixtec
+
+ # Replace "METRAN" with the name of your domain.
+
+ workgroup = METRAN
+
+ # Replace "172.16.1.1" with the
+ # IP address of your WINS server.
+
+ wins server = 172.16.1.1
+
+ os level = 33
+
+ security = domain
+ encrypt passwords = yes
+ password server = *
+
+# Home directories.
+
+[homes]
+ comment = %u's Home Directory
+ browsable = no
+ read only = no
+ map archive = yes
+
+# This is an example printers
+# share, which works for Linux.
+
+[printers]
+ printable = yes
+ printing = BSD
+ print command = /usr/bin/lpr -P%p %s
+ path = /var/tmp
+ min print space = 2000
+
+# A shared directory, accessible by all domain users.
+# Use your own share name and path.
+
+[d]
+ path = /d
+ create mask = 0755
+ read only = no</pre></blockquote>
+
+<p>See <a href="ch10.html">Chapter 10</a> for more information on sharing
+printers with Samba.</p>
+
+
+</div>
+
+
+</div>
+
+<hr/><h4 class="head4"><a href="toc.html">TOC</a></h4>
+</body></html>
projects / samba / blobdiff