## Setting up smb.conf ## Daniel Jung mimiandi@bh.mbn.or.jp
Setting up smb.conf
Now you know how to start samba, but before you actually start the samba daemons you need to set up smb.conf.
We need smb.conf (man 5 smb.conf) which is located in /usr/local/samba/lib by default (this would differ if you changed your $BASEDIR in the Makefile).
There should be sample conf file in /usr/local/samba-version/examples. If you can't find it, you can always search for it using
"find".
Like most other applications, the *.conf file is what you need to know in order to run the application
properly. Due to the large number of options that are available in smb.conf, I am only going to discuss parts of them. I am sure there is a reference on available options at http://www.samba.org
I recommend you open the example smb.conf in another terminal window at this time.
Two types of parameters in smb.conf
global: for overall behavior of the samba server such as
security policy, network tuning ...
services: for behavior of specific services such as access
control, browsing, authentication ...
Within smb.conf, there are three special sections: [global], [homes] and [printers]. Let's take a look at these three as they are main
core of the smb.conf. Following smb.conf is just sample I just used to test (minimum options).
[homes]
comment = description here
browseable = no
writable = yes
valid users = %S (%S represents username used to access it.)
* browseable = no : only user can see his or her
directory when browsing.
* valid users = %S : one of ways to prevent others to
access your directory.
* There are some Macros available, check man 5 smb.conf
[printers]
comment = description here
path = /usr/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
I have also added in [global] like below to share all available printers.
load printers = yes
printcap name = /etc/printcap
* If you want to allow guest to print, you have to
set guest ok = yes
Warning: create guest account group with min user
rights. Avoid using nobody which is default
if guest account is not set. An example guest
account would the ftp user (one way of giving
guest min rights).
* writable = no is one of security measures to
prevent client to write to spool directory.
[global]
I will omit this part since global part is well
explained in example smb.conf.
However, I am going to discuss one option in [global] that is "Browser Election".
Some definitions you might want to know if you didn't know already.
Browsing: act of looking at resources available on a Windows
network
Browse list: list of other hosts and domains that is on
network. For example, under win95,98 and NT 4.0
"network neighborhood" is example of a browse
list.
Master browser: computer that maintains the Browse list
Backup browser: computer that keeps copy of Browse list in case the
master goes down.
Browser election protocol: protocol (unfair) that decides which
computer becomes master browser. I
say unfair because it favors NT
rather than other OSes. (Server and
Workstation)
There should be at least two browsers in your domain or NT group, master browser and one or more backup browser (samba can't run as backup browser).
So who should be master browser? It really depends on your choice. But if your NT machine is the primary domain controller, then let NT be. But, if you believe that you must have samba as master browser, here is how you can do that.
Within [global]
local master = yes
preferred master = yes
os level = 17
local master = yes: this guarantees that samba will participate
in the election and that's all it does.
preferred master = yes: this forces browse election when samba
first comes on-line.
os level = 17: samba will be considered equal as win NT 4.0
in the election.
*If you want samba to be master browser all the time set os
level to 255. By setting it to 0, samba will always lose the
election.
I hope this article was somewhat helpful in understanding samba. If you are looking for troubleshooting tips, please check samba.org. If you have any questions or comments please email me at mimiandi@bh.mbn.or.jp.
- Daniel
|