diff options
Diffstat (limited to 'docs/htmldocs/using_samba/appa.html')
| -rw-r--r-- | docs/htmldocs/using_samba/appa.html | 362 |
1 files changed, 362 insertions, 0 deletions
diff --git a/docs/htmldocs/using_samba/appa.html b/docs/htmldocs/using_samba/appa.html new file mode 100644 index 0000000000..9f3dc4b56f --- /dev/null +++ b/docs/htmldocs/using_samba/appa.html @@ -0,0 +1,362 @@ +<html> +<body bgcolor="#ffffff"> + +<img src="samba2_xs.gif" border="0" alt=" " height="100" width="76" +hspace="10" align="left" /> +<h1 class="head0">Appendix A. Example Configuration Files</h1> + + +<p>Earlier in this book, we provided information on how to set +parameters inside the Samba configuration file, but rarely have we +shown an example of a complete file that can actually be used to run +a server. In this appendix, we provide examples of complete +configuration files for running Samba in the various modes +we've discussed. Using one of these examples, you +can run Samba as a workgroup authentication server, workgroup server, +primary domain controller, or domain member server.</p> + +<p>We have kept the examples simple so that they have the most universal +application. They can be used as starting templates, which you can +easily modify to fit your own needs, to get a Samba server up and +running with minimal delay. The comments inside the files indicate +what needs to be changed, and how, to work on a particular system on +your network.</p> + + + +<div class="sect1"><a name="samba2-APP-A-SECT-1"/> + +<h2 class="head1">Samba in a Workgroup</h2> + +<p>If your network is configured as a workgroup, adding a Samba server +is pretty simple. Samba even lets you add features, such as +user-level security and WINS, that would normally require an +expensive Windows NT/2000 Server.</p> + + +<div class="sect2"><a name="samba2-APP-A-SECT-1.1"/> + +<h3 class="head2">Authentication and WINS Server</h3> + +<p>In a workgroup environment, Samba can be set up with share-level +security and without offering WINS name service. This works and is +simple, but we generally recommend that user-level security be +enabled to allow Windows 95/98/Me systems to make use of it. Also, it +only takes a single parameter to enable Samba as a WINS server, +resulting in far better network efficiency. +<a name="INDEX-1"/><a name="INDEX-2"/><a name="INDEX-3"/>Here is the configuration file +that does it:</p> + +<blockquote><pre class="code">[global] + # replace "toltec" with your system's hostname + + netbios name = toltec + + # replace "METRAN" with the name of your workgroup + + workgroup = METRAN + + security = user + encrypt passwords = yes + + # Run a WINS server + + wins support = yes + + # The following three lines ensure that the Samba + # server will maintain the role of master browser. + # Make sure no other Samba server has its OS level + # set higher than it is here. + + local master = yes + preferred master = yes + os level = 65 + +# Make home directories on the server available to users. + +[homes] + comment = %u's Home Directory + browsable = no + read only = no + map archive = yes + +# This is a shared directory, accessible by all +# users. Use your own share name and path. + +[d] + path = /d + create mask = 0700 + read only = no</pre></blockquote> + +<p>Generally, you will use a configuration file similar to this one when +<a name="INDEX-4"/><a name="INDEX-5"/>adding your first Samba server to the +workgroup.</p> + + +</div> + + +<div class="sect2"><a name="samba2-APP-A-SECT-1.2"/> + +<h3 class="head2">Workgroup Server</h3> + +<p><a name="INDEX-6"/><a name="INDEX-7"/>Things are a +little different if another system—either a Samba server or +Windows NT/2000 server—is already handling WINS and/or +authentication. In this case, Samba is configured to use that server +for WINS. Here is a configuration file that does this:</p> + +<blockquote><pre class="code">[global] + # replace "mixtec" with your system's hostname + + netbios name = mixtec + + # replace "METRAN" with your workgroup name + + workgroup = METRAN + + security = user + encrypt passwords = yes + + # Replace "172.16.1.1" with the IP address + # of your WINS server. If there is none, + # omit this line. + + wins server = 172.16.1.1 + + # The OS level is set to 17 to allow + # this system to win over all Windows + # versions, but not the Samba server + # that uses the configuration file + # in the previous section. + + os level = 17 + +[homes] + comment = %u's Home Directory + browsable = no + read only = no + +# This is a shared directory, accessible by all +# users. Use your own share name and path. + +[d] + path = /d + create mask = 0700 + read only = no</pre></blockquote> + +<p>Once you have a server in your workgroup handling authentication and +WINS, this is the configuration file to use when adding additional +Samba servers to the workgroup.</p> + + +</div> + + +</div> + + + +<div class="sect1"><a name="samba2-APP-A-SECT-2"/> + +<h2 class="head1">Samba in a Windows NT Domain</h2> + +<p>When operating in a Windows NT domain, Samba can act either as a +primary domain controller or as a domain member server.</p> + + +<div class="sect2"><a name="samba2-APP-A-SECT-2.1"/> + +<h3 class="head2">Primary Domain Controller</h3> + +<p><a name="INDEX-8"/><a name="INDEX-9"/>Setting up Samba as a primary domain +controller is more complicated than the other configurations. +However, the extra difficulty is offset by having a more secure +network and additional features such as logon scripts and roaming +profiles. In the following configuration file, we also include +support for a Microsoft Dfs share:</p> + +<blockquote><pre class="code">[global] + # Replace "toltec" with the hostname of your system. + + netbios name = toltec + + # Replace "METRAN" with the name of your Windows NT domain. + + workgroup = METRAN + + # Run a WINS server + + wins support = yes + + # Always act as the local master browser + # and domain master browser. Do not allow + # any other system to take over these roles! + + domain master = yes + local master = yes + preferred master = yes + os level = 255 + + # Perform domain authentication. + + security = user + encrypt passwords = yes + domain logons = yes + + # The location of user profiles for Windows NT/2000/XP. + + logon path = \\%L\profiles\%u\%m + + # Users' Windows home directories and storage of Win95/98/Me roaming profiles. + + logon drive = G: + logon home = \\toltec\%u\.win_profile\%m + + # The following line is optional because + # Samba always offers NetBIOS time service. + # This causes it to also be advertised: + + time server = yes + + # The logon script used for all users, + # Relative to [netlogon] share directory. + + logon script = logon.bat + + # The group identifying administrative users. + # If you have domain users in the Domain Admins + # group, use them here instead of "jay". + + domain admin group = root jay + + # For adding machine accounts automatically. + # This example works on Linux. For other host + # operating systems, you might need a different + # command. + + add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u + + # Provide Microsoft Dfs support. + + host msdfs = yes + +# The netlogon share is required for +# functioning as the primary domain controller. +# Make sure the directory used for the path exists. + +[netlogon] + path = /usr/local/samba/lib/netlogon + writable = no + browsable = no + +# The profiles share is for storing +# Windows NT/2000/XP roaming profiles. +# Use your own path, and make sure +# the directory exists. + +[profiles] + path = /home/samba-ntprof + writable = yes + create mask = 0600 + directory mask = 0700 + browsable = no + +[homes] + comment = Home Directory + browsable = no + read only = no + map archive = yes + +# The Dfs share. +# Use your own path, making +# sure the directory exists. + +[dfs] + comment = Dfs share + path = /usr/local/samba/dfs + msdfs root = yes + +# A shared directory, accessible by all domain users. +# Use your own share name and path. + +[d] + comment = %u's Home Directory + path = /d + create mask = 0700 + read only = no</pre></blockquote> + +<p>See <a href="ch04.html">Chapter 4</a> for more information on configuring +Samba as a primary domain controller, and see <a href="ch08.html">Chapter 8</a> for more information about setting up a +Microsoft Dfs share. <a name="INDEX-10"/><a name="INDEX-11"/></p> + + +</div> + + +<div class="sect2"><a name="samba2-APP-A-SECT-2.2"/> + +<h3 class="head2">Domain Member Server</h3> + +<p><a name="INDEX-12"/><a name="INDEX-13"/>In a domain that +already has either a Samba PDC or Windows NT/2000 Server PDC, +additional Samba servers can be added as domain member servers using +the following configuration file:</p> + +<blockquote><pre class="code">[global] + # Replace "mixtec" with the system's hostname. + + netbios name = mixtec + + # Replace "METRAN" with the name of your domain. + + workgroup = METRAN + + # Replace "172.16.1.1" with the + # IP address of your WINS server. + + wins server = 172.16.1.1 + + os level = 33 + + security = domain + encrypt passwords = yes + password server = * + +# Home directories. + +[homes] + comment = %u's Home Directory + browsable = no + read only = no + map archive = yes + +# This is an example printers +# share, which works for Linux. + +[printers] + printable = yes + printing = BSD + print command = /usr/bin/lpr -P%p %s + path = /var/tmp + min print space = 2000 + +# A shared directory, accessible by all domain users. +# Use your own share name and path. + +[d] + path = /d + create mask = 0755 + read only = no</pre></blockquote> + +<p>See <a href="ch10.html">Chapter 10</a> for more information on sharing +printers with Samba.</p> + + +</div> + + +</div> + +<hr/><h4 class="head4"><a href="toc.html">TOC</a></h4> +</body></html> |