## Setting up smb.conf
## Daniel Jung mimiandi@bh.mbn.or.jp

                                           Setting up smb.conf

   Now you know how to start samba, but before you actually start the samba daemons you need to set up smb.conf. We need smb.conf (man 5 smb.conf) which is located in /usr/local/samba/lib by default (this would differ if you changed your $BASEDIR in the Makefile).

There should be sample conf file in /usr/local/samba-version/examples. If you can't find it, you can always search for it using "find".

Like most other applications, the *.conf file is what you need to know in order to run the application properly. Due to the large number of options that are available in smb.conf, I am only going to discuss parts of them. I am sure there is a reference on available options at http://www.samba.org

I recommend you open the example smb.conf in another terminal window at this time.

Two types of parameters in smb.conf

 global: for overall behavior of the samba server such as

  security policy, network tuning ...

 

 services: for behavior of specific services such as access

   control, browsing, authentication ...

 

Within smb.conf, there are three special sections: [global], [homes] and [printers]. Let's take a look at these three as they are main core of the smb.conf. Following smb.conf is just sample I just used to test (minimum options).

 [homes]

  comment = description here

  browseable = no

  writable = yes

  valid users = %S (%S represents username used to access it.)

  * browseable = no : only user can see his or her

   directory when browsing.

  * valid users = %S : one of ways to prevent others to

   access your directory.

  * There are some Macros available, check man 5 smb.conf

 

 [printers]

  comment = description here

  path = /usr/spool/samba

  browseable = no

  guest ok = no

  writable = no

  printable = yes

 

I have also added in [global] like below to share all available printers.

  load printers = yes

  printcap name = /etc/printcap

  * If you want to allow guest to print, you have to

   set guest ok = yes

  Warning: create guest account group with min user

   rights. Avoid using nobody which is default

   if guest account is not set.  An example guest

   account would the ftp user (one way of giving

   guest min rights).

  * writable = no is one of security measures to

   prevent client to write to spool directory.

 

 

 [global]

  I will omit this part since global part is well

  explained in example smb.conf.

 

However, I am going to discuss one option in [global] that is "Browser Election".

Some definitions you might want to know if you didn't know already.

 

 Browsing: act of looking at resources available on a Windows

   network 

 

 Browse list: list of other hosts and domains that is on

       network.  For example, under win95,98 and NT 4.0

       "network neighborhood" is example of a browse

       list.

 

 Master browser: computer that maintains the Browse list

 

 Backup browser: computer that keeps copy of Browse list in case the

   master goes down.

 

 Browser election protocol: protocol (unfair) that decides which

       computer becomes master browser.  I

       say unfair because it favors NT

       rather than other OSes. (Server and

       Workstation)

 

There should be at least two browsers in your domain or NT group, master browser and one or more backup browser (samba can't run as backup browser).

So who should be master browser? It really depends on your choice. But if your NT machine is the primary domain controller, then let NT be. But, if you believe that you must have samba as master browser, here is how you can do that.

Within [global]

 local master = yes

 preferred master = yes

 os level = 17

 

 local master = yes: this guarantees that samba will participate

       in the election and that's all it does.

 

 preferred master = yes: this forces browse election when samba

   first comes on-line.

 

 os level = 17: samba will be considered equal as win NT 4.0

         in the election.

 

 *If you want samba to be master browser all the time set os

  level to 255.  By setting it to 0, samba will always lose the

  election.

 

I hope this article was somewhat helpful in understanding samba. If you are looking for troubleshooting tips, please check samba.org. If you have any questions or comments please email me at mimiandi@bh.mbn.or.jp.

- Daniel

 
 

 
 

 
 

             [Home]      [FBSD Articles]      [Scripts Corner]      [Contribute]        [Search]      [FBSD Links]      [Files]

   About Us

FreeBSD Articles
   *Hardware
   *Networking
   *Security
   *Software
   *X Windows

Forums
Defcon1 Forum

Files / Scripts
Newbies Corner
Tech. Talk
Tips and Tricks

FreeBSD Links

Articles in other
Languages :
   *French Articles
   *Spanish Articles

Want to Help ?
       Click Here

Email Users

 
 

Header-Chuckie-2008

This site cannot be duplicated without permission

© 1998 - 2008 Defcon1, www.defcon1.org , Copyrights for all materials on this web site are held by the individual authors, artists, photographers or creators. Materials may not be reproduced or otherwise distributed without permission
of www.defcon1.org and the content's original author.