Shulou(Shulou.com)06/02 Report--

This article mainly explains the "detailed explanation of the parameters commonly used in the Samba configuration file". The content of the explanation in the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn the "detailed explanation of the parameters commonly used in the Samba configuration file".

Detailed explanation of common parameters of Samba configuration file

The main configuration file for Samba is called smb.conf, which defaults to the / etc/samba/ directory.

Smb.conf contains multiple segments, each starting with the segment name and ending with the next segment name. Each paragraph name is placed in the middle of square brackets. The format of the parameters for each segment is: name = reference. One segment name and parameter on one line in the configuration file, regardless of case.

With the exception of the [global] section, all segments can be treated as a shared resource. The segment name is the name of the shared resource, and the parameters in the segment are the attributes of the shared resource.

After Samba is installed, use the testparm command to test whether the smb.conf is configured correctly. Use the testparm-v command to list the configuration parameters supported by smb.conf in detail.

Global parameters:

= Global Settings =

[global]

Config file = / usr/local/samba/lib/smb.conf.%m

Note: config file allows you to overwrite the default configuration file with another configuration file. If the file does not exist, the item is invalid. This parameter is useful to make the samba configuration more flexible, allowing a samba server to simulate multiple servers with different configurations. For example, if you want PC1 (hostname) to use its own configuration file when accessing Samba Server, configure a file called smb.conf.pc1 for PC1 under / etc/samba/host/, and then add config file = / etc/samba/host/smb.conf.%m to smb.conf. In this way, when PC1 requests to connect to Samba Server, smb.conf.%m is replaced with smb.conf.pc1. In this way, for PC1, the Samba service it uses is defined by smb.conf.pc1, while other machines accessing Samba Server still apply smb.conf.

Workgroup = WORKGROUP

Description: set the workgroup or domain to which Samba Server will join.

Server string = Samba Server Version% v

Description: set the comments for Samba Server, which can be any string or unfilled. Macro% v indicates that the version number of the Samba is displayed.

Netbios name = smbserver

Description: sets the NetBIOS name of Samba Server. If left empty, the first part of the server's DNS name is used by default. Netbios name and workgroup names should not be set to the same.

Interfaces = lo eth0 192.168.12.2, 24 192.168.13.2, 24

Description: set which network card Samba Server monitors, you can write the name of the network card, you can also write the IP address of the network card.

Hosts allow = 127.00. 192.168.1. 192.168.10.1

Description: indicates the client that is allowed to connect to Samba Server, with multiple parameters separated by spaces. It can be represented by an IP or a network segment. Hosts deny is the opposite of hosts allow.

For example: hosts allow=172.17.2.EXCEPT172.17.2.50

It means that it is allowed to come from 172.17.2. Host connection, but exclude 172.17.2.50

Hosts allow=172.17.2.0/255.255.0.0

Indicates that all host connections from the 172.17.2.0Universe 255.255.0.0 subnet are allowed

Hosts allow=M1,M2

Indicates that connections from M1 and M2 computers are allowed

Hosts allow=@xq

Indicates that all computer connections from the XQ domain are allowed

Max connections = 0

Description: max connections is used to specify the maximum number of connections to the Samba Server. If the number of connections is exceeded, new connection requests are rejected. 0 means no limit.

Deadtime = 0

Description: deadtime is used to set the time to disconnect a connection that has not opened any files. The unit is minutes, and 0 means that Samba Server does not automatically disconnect any connections.

Time server = yes/no

Description: time server is used to set up a time server that makes nmdb a windows client.

Log file = / var/log/samba/log.%m

Description: sets the storage location of Samba Server log files and the name of log files. Add a macro% m (hostname) to the file name to indicate that a separate log file is recorded for each machine accessing Samba Server. If pc1 and pc2 have visited Samba Server, two log files, log.pc1 and log.pc2, will be left in the / var/log/samba directory.

Max log size = 50

Description: set the maximum capacity of Samba Server log files. Unit: kB,0 means no limit.

Security = user

Description: sets the authentication method for users to access Samba Server. There are four authentication methods.

Share: users do not need to provide a username and password to access Samba Server, so the security performance is low.

The user:Samba Server shared directory can only be accessed by authorized users, and Samba Server is responsible for checking the correctness of the account and password. The account number and password should be established in this Samba Server.

Server: rely on other Windows NT/2000 or Samba Server to verify the user's account and password, which is a kind of proxy authentication. In this security mode, the system administrator can centralize all Windows users and passwords on one NT system, use Windows NT for Samba authentication, and the remote server can automatically authenticate all users and passwords. If authentication fails, Samba will use user-level security mode as an alternative.

Domain: domain security level, using the primary domain controller (PDC) to complete authentication.

Passdb backend = tdbsam

Description: passdb backend means the user backend. There are currently three types of backend: smbpasswd, tdbsam, and ldapsam. Sam should be an abbreviation for security account manager (secure account Management).

1.smbpasswd: the way to do this is to use smb's own tool smbpasswd to give system users (real

User or virtual user) sets a Samba password that the client uses to access Samba resources. The smbpasswd file is in the / etc/samba directory by default, but sometimes it is created manually.

2.tdbsam: this way is to use a database file to build the user database. The database file is called passdb.tdb and defaults to the / etc/samba directory. The passdb.tdb user database can use smbpasswd-a to establish Samba users, but the Samba users to be established must first be system users. We can also use the pdbedit command to set up a Samba account. The pdbedit command has a lot of parameters, and we list a few major ones.

Pdbedit-a username: create a new Samba account.

Pdbedit-x username: delete the Samba account.

Pdbedit-L: list Samba users and read passdb.tdb database files.

Pdbedit-Lv: lists the details of the list of Samba users.

Pdbedit-c "[D]"-u username: suspend the Samba user's account.

Pdbedit-c "[]"-u username: restore the account of this Samba user.

3.ldapsam: this method is based on LDAP account management to authenticate users. First set up the LDAP service, and then set "passdb backend = ldapsam:ldap://LDAP Server"

Encrypt passwords = yes/no

Description: whether to encrypt the authentication password. Because windows operating systems now use encrypted passwords, it is generally necessary to turn this on. However, the configuration file is turned on by default.

Smbpasswd file = / etc/samba/smbpasswd

Description: used to define the password file for samba users. If you don't have a smbpasswd file, you need to create it manually.

Username map = / etc/samba/smbusers

Description: used to define user name mapping, for example, you can replace root with administrator, admin, etc. However, it should be defined in advance in the smbusers file. For example: root = administrator admin, so you can use administrator or admin to log in to Samba Server instead of root, which is closer to the habits of windows users.

Guest account = nobody

Description: used to set the guest user name.

Socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

Description: used to set the Socket options for the session between the server and the client, you can optimize the transmission speed.

Domain master = yes/no

Description: set whether the Samba server should become the domain master browser, which can manage browsing services across subdomains.

Local master = yes/no

Description: local master is used to specify whether Samba Server attempts to become the master browser for the local domain. If set to no, it will never become the primary browser for the local domain. But even if it is set to yes, it does not mean that the Samba Server can become the main browser and still need to participate in the election.

Preferred master = yes/no

Note: setting Samba Server to force the election of the main browser as soon as it is powered on can improve the chance that Samba Server will become the main browser of the local domain. If this parameter is specified as yes, it is best to specify domain master as yes as well. Note when using this parameter: if other machines (whether windows NT or other Samba Server) in the subnet where this Samba Server is located are also designated as the primary master browser, these machines will broadcast heavily on the network due to competing for the main browser, affecting network performance.

If there are more than one Samba Server in the same area, set the above three parameters to one.

Os level = 200

Description: set the os level of the samba server. This parameter determines whether Samba Server has a chance to become the primary browser for the local domain. Os level from 0 to 255 the os level of WinNT is 32 and the os level of Win95rac98 is 1. The os level for Windows 2000 is 64. If set to 0, it means that Samba Server will lose its browsing selection. If you want Samba Server to be PDC, set its os level value higher.

Domain logons = yes/no

Description: set whether Samba Server should be used as the local domain controller. This is required for both the primary domain controller and the backup domain controller.

Logon. =% u.bat

Description: when the user logs in with the windows client, then Samba will provide a login file. If set to% u.bat, a login file is provided for each user. If there are more people, it will be more troublesome. It can be set to a specific file name, such as start.bat, so that users will execute start.bat after logging in, instead of setting a login file for each user. This file should be placed in the directory path set by path in [netlogon].

Wins support = yes/no

Description: sets whether the samba server provides wins services.

Wins server = wins server IP address

Description: sets whether Samba Server uses another wins server to provide wins services.

Wins proxy = yes/no

Description: sets whether Samba Server enables the wins proxy service.

Dns proxy = yes/no

Description: sets whether Samba Server enables the dns proxy service.

Load printers = yes/no

Description: sets whether to share the printer when starting Samba.

Printcap name = cups

Description: set up the configuration file for the shared printer.

Printing = cups

Description: sets the type of Samba shared printer. Now the supported printing systems are: bsd, sysv, plp, lprng, aix, hpux, qnx

Shared parameters:

= Share Definitions =

[shared name]

Comment = any string

Description: comment is a description of the share and can be any string.

Path = shared directory path

Description: path is used to specify the path to the shared directory. Macros such as% u and% m can be used instead of the Netbios names of unix users and clients in the path, which are mainly used for the [homes] shared domain. For example, if we are not going to use the home segment as the customer's share, but instead create a directory under / home/share/ for each Linux user with his user name as his shared directory, so that path can be written as: path = / home/share/%u;. When the user connects to the share, the specific path will be replaced by his user name. Note that the user name path must exist, otherwise, the client will not be able to find the network path when accessing. Similarly, if we divide directories not by users, but by clients, and create a path with its netbios name for each machine on the network that can access samba, as a shared resource for different machines, we can write: path = / home/share/%m.

Browseable = yes/no

Description: browseable is used to specify whether the share can be browsed.

Writable = yes/no

Description: writable is used to specify whether the share path is writable.

Available = yes/no

Description: available is used to specify whether the shared resource is available.

Admin users = the manager of the share

Description: admin users is used to specify the administrator of the share (has full control over the share). In samba 3.0, this is not valid if the user authentication method is set to "security=share".

For example: admin users = bobyuan,jane (multiple users are separated by commas).

Valid users = users who are allowed to access the share

Description: valid users is used to specify the users who are allowed to access the shared resource.

For example: valid users = bobyuan,@bob,@tech (multiple users or groups are separated by commas, and "@ + group name" is used if you want to join a group. )

Invalid users = users who are prohibited from accessing the share

Description: invalid users is used to specify users who are not allowed to access this shared resource.

For example: invalid users = root,@bob (multiple users or groups are separated by commas. )

Write list = users who are allowed to write to the share

Description: write list is used to specify who can write files under this share.

For example: write list = bobyuan,@bob

Public = yes/no

Description: public is used to specify whether the share allows guest account access.

Guest ok = yes/no

Explanation: the meaning is the same as "public".

Several special shares:

[homes]

Comment = Home Directories

Browseable = no

Writable = yes

Valid users =% S

; valid users = MYDOMAIN\% S

[printers]

Comment = All Printers

Path = / var/spool/samba

Browseable = no

Guest ok = no

Writable = no

Printable = yes

[netlogon]

Comment = Network Logon Service

Path = / var/lib/samba/netlogon

Guest ok = yes

Writable = no

Share modes = no

[Profiles]

Path = / var/lib/samba/profiles

Browseable = no

Guest ok = yes

Thank you for your reading, the above is the content of "detailed explanation of parameters commonly used in Samba configuration file". After the study of this article, I believe you have a deeper understanding of the detailed explanation of parameters commonly used in Samba configuration file, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.