# This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options (perhaps too # many!) most of which are not shown in this example # # For a step to step guide on installing, configuring and using samba, # read the Samba-HOWTO-Collection. This may be obtained from: # http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf # # Many working examples of smb.conf files can be found in the # Samba-Guide which is generated daily and can be downloaded from: # http://www.samba.org/samba/docs/Samba-Guide.pdf # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentry and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command "testparm" # to check that you have not made any basic syntactic errors. # #======================= Global Settings ===================================== # 全局设置 [global] # workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH # 工作组名称 workgroup = MYGROUP # server string is the equivalent of the NT Description field # 服务描述符 server string = Samba Server # 设置Samba的NetBIOS名称,默认使用该服务器的DNS名称的第一部分 ; netbios name = smbserver # Samba协议最低版本级别,从低到高依次是:LANMAN1, LANMAN2, NT1, SMB2, SMB3 ; server min protocol = NT1 # Samba协议最高版本级别,NT1是SMB1协议,SMB2_02和SMB2_10是SMB2协议, # SMB3_00,SMB3_02和SMB3_11是SMB3协议 ; server max protocol = SMB3_11 # Server role. Defines in which mode Samba will operate. Possible # values are "standalone server", "member server", "classic primary # domain controller", "classic backup domain controller", "active # directory domain controller". # # Most people will want "standalone server" or "member server". # Running as "active directory domain controller" will require first # running "samba-tool domain provision" to wipe databases and create a # new domain. # Samba服务模式,standalone代表独立模式(user),member server代表成员模式(domain) server role = standalone # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the "loopback" interface. For more examples of the syntax see # the smb.conf man page # 允许主机访问,以IP地址或主机名限制 ; hosts allow = 192.168.1. 192.168.2. 127. # Uncomment this if you want a guest account, you must add this to /etc/passwd # otherwise the user "nobody" is used # 来宾账号 ; guest account = pcguest # this tells Samba to use a separate log file for each machine # that connects # 每台机器的连接都使用分隔的日志文件 log file = /usr/local/samba/var/log.%m # Put a capping on the size of the log files (in Kb). # 设置日志文件大小上限 max log size = 50 # 用户访问Samba的验证方式,有以下几种: # auto 默认值,根据 server role 来决定 # user 用户密码登录,系统账户需添加进samba库变成samba用户 # domain 由NT的域控制器来进行身份验证 # ads 即Active Directory Service,samba3.0新增的身份验证方式 ; security = user # 指定 security = domain或ads 时,身份验证服务器的地址 ; password server = w.x.y.z # Specifies the Kerberos or Active Directory realm the host is part of # 指定主机所属的 Kerberos 或 Active Directory 领域 ; realm = MY_REALM # Backend to store user information in. New installations should # use either tdbsam or ldapsam. smbpasswd is available for backwards # compatibility. tdbsam requires no further configuration. # 储存用户信息的後端,通常用tdbsam或ldapsam,默认tdbsam ; passdb backend = tdbsam # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting. # Note: Consider carefully the location in the configuration file of # this line. The included file is read at that point. # 导入每台机器单独配置的文件(包括默认的smb.conf配置) ; include = /usr/local/samba/lib/smb.conf.%m # 替换每台机器单独配置的文件(不使用默认的smb.conf配置) ; config file = /usr/local/samba/lib/smb.conf.%m # Configure Samba to use multiple interfaces # If you have multiple network interfaces then you must list them # here. See the man page for details. # 网络接口,可以是网卡名也可以是网卡地址 ; interfaces = 192.168.12.2/24 192.168.13.2/24 # 断开没有打开任何文件的连接的时间。单位是分钟,0代表不限制 ; deadtime = 0 # Where to store roving profiles (only for Win95 and WinNT) # %L substitutes for this servers netbios name, %U is username # You must uncomment the [Profiles] share below # 此选项采用标准替换,允许您为每个用户或计算机使用单独的登录脚本 ; logon path = \\%L\Profiles\%U # Windows Internet Name Serving Support Section: # WINS Support - Tells the NMBD component of Samba to enable it's WINS Server # Windows网络名称服务支持,告知NMBD开启其WINS Server ; wins support = yes # WINS Server - Tells the NMBD components of Samba to be a WINS Client # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both # WINS Server的IP地址,Samba作为WINS Server的客户端 ; wins server = w.x.y.z # WINS Proxy - Tells Samba to answer name resolution queries on # behalf of a non WINS capable client, for this to work there must be # at least one WINS Server on the network. The default is NO. # 设置Samba Server是否开启WINS代理服务 ; wins proxy = yes # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names # via DNS nslookups. The default is NO. # Samba是否尝试通过DNS查询NetBIOS名称 dns proxy = no # These scripts are used on a domain controller or stand-alone # machine to add or delete corresponding unix accounts # 这些脚本用于Samba增加或删除相应的unix账户 ; add user script = /usr/sbin/useradd %u ; add group script = /usr/sbin/groupadd %g ; add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u ; delete user script = /usr/sbin/userdel %u ; delete user from group script = /usr/sbin/deluser %u %g ; delete group script = /usr/sbin/groupdel %g # 是否在启动Samba时就共享打印机 ; load printers = yes # 共享打印机的配置文件 ; printcap name = /etc/printcap #============================ Share Definitions ============================== # 共享定义 # 本地用户家目录共享 [homes] # 共享的描述 comment = Home Directories # 是否可浏览 browsable = no # 是否可写 writable = yes # Un-comment the following and create the netlogon directory for Domain Logons # 取消注释以下内容并为域登录创建网络登录目录 ; [netlogon] ; comment = Network Logon Service ; path = /usr/local/samba/lib/netlogon ; guest ok = yes ; writable = no ; share modes = no # Un-comment the following to provide a specific roving profile share # the default is to use the user's home directory # 取消注释以下内容以提供特定的配置文件共享,默认为使用用户的主目录 ;[Profiles] ; path = /usr/local/samba/profiles ; browsable = no ; guest ok = yes # NOTE: If you have a BSD-style print system there is no need to # specifically define each individual printer # 本地打印机共享 [printers] # 共享的描述 comment = All Printers # 共享的路径 path = /usr/spool/samba # 是否可浏览 browsable = no # Change 'guest ok' from 'no' to 'yes' to allow the 'guest account' user to print # 是否允许guest账户访问 guest ok = no # 是否可写 writable = no # 是否可打印 printable = yes # Samba共享打印机的类型。支持的:BSD,AIX,LPRNG,PLP,SYSV,HPUX,QNX,SOFTQ,CUPS,IPRINT ; printing = lprng # This one is useful for people to share files # 实用的临时共享文件 ;[tmp] ; comment = Temporary file space ; path = /tmp ; read only = no ; public = yes # A publicly accessible directory, but read only, except for people in # the "staff" group # 一个公共访问共享目录(仅可读),在"staff"组内用户才有可写权限 ;[public] ; comment = Public Stuff ; path = /home/samba ; public = yes ; writable = no ; printable = no ; write list = @staff # Other examples. # # A private printer, usable only by fred. Spool data will be placed in fred's # home directory. Note that fred must have write access to the spool directory, # wherever it is. ;[fredsprn] ; comment = Fred's Printer ; valid users = fred ; path = /homes/fred ; printer = freds_printer ; public = no ; writable = no ; printable = yes # A private directory, usable only by fred. Note that fred requires write # access to the directory. # 一个私有目录,只能由 fred 使用 ;[fredsdir] ; comment = Fred's Service ; path = /usr/somewhere/private ; valid users = fred ; public = no ; writable = yes ; printable = no # a service which has a different directory for each machine that connects # this allows you to tailor configurations to incoming machines. You could # also use the %U option to tailor it by user name. # The %m gets replaced with the machine name that is connecting. # 对于每台计算机具有不同共享目录 ;[pchome] ; comment = PC Directories ; path = /usr/pc/%m ; public = no ; writable = yes # A publicly accessible directory, read/write to all users. Note that all files # created in the directory by users will be owned by the default user, so # any user with access can delete any other user's files. Obviously this # directory must be writable by the default user. Another user could of course # be specified, in which case all files would be owned by that user instead. # 可公开访问的目录,对所有用户都可读写 ;[public] ; path = /usr/somewhere/else/public ; public = yes ; only guest = yes ; writable = yes ; printable = no # The following two entries demonstrate how to share a directory so that two # users can place files there that will be owned by the specific users. In this # setup, the directory should be writable by both users and should have the # sticky bit set on it to prevent abuse. Obviously this could be extended to # as many users as required. # 以下两个条目演示如何共享目录,以便两个用户可以在其中放置将由特定用户拥有的文件。 # 在此设置中,目录应可由两个用户写入,并应在其上设置粘滞位以防止滥用。 # 显然,这可以根据需要扩展到任意数量的用户。 ;[myshare] ; comment = Mary's and Fred's stuff ; path = /usr/somewhere/shared ; valid users = mary fred ; public = no ; writable = yes ; printable = no ; create mask = 0765 # 有关共享的详细设置,如下: # 共享名称 ;[sharename] # 共享的描述 ; comment = share strings # 共享的路径 ; path = share/to/path # 是否可浏览 ; browsable = yes/no # 是否可写 ; writable = yes/no # 是否可打印 ; printable = yes/no # 是否可用 ; available = yes/no # 此共享的管理员账户 ; admin users = adminname # 允许访问共享资源的账户 ; valid users = user1, @group1 # 禁止访问共享资源的账户 ; invalid users = user1, @group1 # 允许写入共享资源的账户 ; write list = allowusers # 是否允许guest账户访问 ; guest ok = yes/no # 等同于"guest ok" ; public = yes/no # 创建文件的权限位 ; create mask = xxxx