## Setting Up smb.conf ## Daniel Jung Now you know how to start samba, but before you actually start the samba daemons you need to set up smb.conf. We need smb.conf (man 5 smb.conf) which is located in /usr/local/samba/lib by default (this would differ if you changed your $BASEDIR in the Makefile). There should be sample conf file in /usr/local/samba-version/examples. If you can't find it, you can always search for it using "find". Like most other applications, the *.conf file is what you need to know in order to run the application properly. Due to the large number of options that are available in smb.conf, I am only going to discuss parts of them. I am sure there is a reference on available options at http://www.samba.org/. I recommend you open the example smb.conf in another terminal window at this time. Two types of parameters in smb.conf global: for overall behavior of the samba server such as security policy, network tuning ... services: for behavior of specific services such as access control, browsing, authentication ... Within smb.conf, there are three special sections: [global], [homes] and [printers]. Let's take a look at these three as they are main core of the smb.conf. Following smb.conf is just sample I just used to test (minimum options). [homes] comment = description here browseable = no writable = yes valid users = %S (%S represents username used to access it.) * browseable = no : only user can see his or her directory when browsing. * valid users = %S : one of ways to prevent others to access your directory. * There are some Macros available, check man 5 smb.conf [printers] comment = description here path = /usr/spool/samba browseable = no guest ok = no writable = no printable = yes I have also added in [global] like below to share all available printers. load printers = yes printcap name = /etc/printcap * If you want to allow guest to print, you have to set guest ok = yes Warning: create guest account group with min user rights. Avoid using nobody which is default if guest account is not set. An example guest account would the ftp user (one way of giving guest min rights). * writable = no is one of security measures to prevent client to write to spool directory. [global] I will omit this part since global part is well explained in example smb.conf. However, I am going to discuss one option in [global] that is "Browser Election" Some definitions you might want to know if you didn't know already. Browsing: act of looking at resources available on a Windows network Browse list: list of other hosts and domains that is on network. For example, under win95,98 and NT 4.0 "network neighborhood" is example of a browse list. Master browser: computer that maintains the Browse list Backup browser: computer that keeps copy of Browse list in case the master goes down. Browser election protocol: protocol (unfair) that decides which computer becomes master browser. I say unfair because it favors NT rather than other OSes. (Server and Workstation) There should be at least two browsers in your domain or NT group, master browser and one or more backup browser (samba can't run as backup browser). So who should be master browser? It really depends on your choice. But if your NT machine is the primary domain controller, then let NT be. But, if you believe that you must have samba as master browser, here is how you can do that. Within [global] local master = yes preferred master = yes os level = 17 local master = yes: this guarantees that samba will participate in the election and that's all it does. preferred master = yes: this forces browse election when samba first comes on-line. os level = 17: samba will be considered equal as win NT 4.0 in the election. *If you want samba to be master browser all the time set os level to 255. By setting it to 0, samba will always lose the election. I hope this article was somewhat helpful in understanding samba. If you are looking for troubleshooting tips, please check samba.org. If you have any questions or comments please email me at mimiandi@bh.mbn.or.jp. - Daniel $Id: samba1.txt,v 1.1 2000/02/16 08:07:52 jim Exp $