mg12's Blog

# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# For a step to step guide on installing, configuring and using samba, 
# read the Samba-HOWTO-Collection. This may be obtained from:
#  http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
#
# Many working examples of smb.conf files can be found in the 
# Samba-Guide which is generated daily and can be downloaded from: 
#  http://www.samba.org/samba/docs/Samba-Guide.pdf
#
# Any line which starts with a ; (semi-colon) or a # (hash) 
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not made any basic syntactic errors. 
#
#======================= Global Settings =====================================
[global]  // 设置全局环境

# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
   workgroup = MYGROUP  // 工作组名, 比如 Windows 的默认工作组是 MSHOME

# server string is the equivalent of the NT Description field
   server string = Samba Server  // 服务器名, 相当于 Windows 的计算机描述

# Security mode. Defines in which mode Samba will operate. Possible 
# values are share, user, server, domain and ads. Most people will want 
# user level security. See the Samba-HOWTO-Collection for details.
   security = user   // 共享方式, 可分为 share, user, server 与 domain 四个安全等级

# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
;   hosts allow = 192.168.1. 192.168.2. 127.   // 用于限制可以访问的 IP 范围, 比如 hosts allow = 192.168.1. 就是 hosts allow = 192.168.1.* ( *代表所有 ) 都可以访问. 如果屏蔽掉这句则表示所有 IP 都可以访问

# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
   load printers = yes  // 是否要将打印机共享

# you may wish to override the location of the printcap file
;   printcap name = /etc/printcap  // 打印机配置文件路径

# on SystemV system setting printcap name to lpstat should allow
# you to automatically obtain a printer list from the SystemV spool
# system
;   printcap name = lpstat

# It should not be necessary to specify the print system type unless
# it is non-standard. Currently supported print systems include:
# bsd, cups, sysv, plp, lprng, aix, hpux, qnx
;   printing = cups  // 是打印机的类型

# This option tells cups that the data has already been rasterized
cups options = raw

# Uncomment this if you want a guest account, you must add this to /etc/passwd
# otherwise the user "nobody" is used
;  guest account = pcguest  // 屏蔽掉则允许用户以匿名登录

# this tells Samba to use a separate log file for each machine
# that connects
   log file = /var/log/samba/%m.log  // 为每个登录 Samba 的用户建立不同的日志文件

# Put a capping on the size of the log files (in Kb).
   max log size = 50  // 日志文件的大小, 以 Kb 为计算单位, 如果是0的话就不限大小

# Use password server option only with security = server
# The argument list may include:
#   password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
# or to auto-locate the domain controller/s
#   password server = *
;   password server = <NT-Server-Name>  // 验证密码服务器. 当用户在 Windows 通过 Samba 访问 Linux 时, 会验证用户名和密码. 当 Windows 98 则只输入密码, 所以要将用户名设为与 Linux 帐号相同的名字. 当 security = share 时, 应该屏蔽这一行

# Use the realm option only with security = ads
# Specifies the Active Directory realm the host is part of
;   realm = MY_REALM

# Backend to store user information in. New installations should 
# use either tdbsam or ldapsam. smbpasswd is available for backwards 
# compatibility. tdbsam requires no further configuration.
;   passdb backend = tdbsam

# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting.
# Note: Consider carefully the location in the configuration file of
#       this line.  The included file is read at that point.
;   include = /usr/local/samba/lib/smb.conf.%m  // 定义每台计算机的基本配置文件

# Configure Samba to use multiple interfaces
# If you have multiple network interfaces then you must list them
# here. See the man page for details.
;   interfaces = 192.168.12.2/24 192.168.13.2/24  // 如果多个网络界面必须在此列出


# Browser Control Options:
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
;   local master = no

# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
;   os level = 33

# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
;   domain master = yes 

# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
;   preferred master = yes

# Enable this if you want Samba to be a domain logon server for 
# Windows95 workstations. 
;   domain logons = yes

# if you enable domain logons then you may want a per-machine or
# per user logon script
# run a specific logon batch file per workstation (machine)
;   logon script = %m.bat
# run a specific logon batch file per username
;   logon script = %U.bat

# Where to store roving profiles (only for Win95 and WinNT)
#        %L substitutes for this servers netbios name, %U is username
#        You must uncomment the [Profiles] share below
;   logon path = \\%L\Profiles\%U

# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
;   wins support = yes  // WINS Server 支持


# WINS Server - Tells the NMBD components of Samba to be a WINS Client
#Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
;   wins server = w.x.y.z  // WINS Server 客户端设置


# WINS Proxy - Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least oneWINS Server on the network. The default is NO.
;   wins proxy = yes  // WINS Proxy 设置


# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The default is NO.
   dns proxy = no   // DNS Proxy 设置, 默认不为客户做 DNS 查询


# These scripts are used on a domain controller or stand-alone 
# machine to add or delete corresponding unix accounts
;  add user script = /usr/sbin/useradd %u
;  add group script = /usr/sbin/groupadd %g
;  add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
;  delete user script = /usr/sbin/userdel %u
;  delete user from group script = /usr/sbin/deluser %u %g
;  delete group script = /usr/sbin/groupdel %g


#============================ Share Definitions ==============================
[homes]  // 自己访问自己的目录时的状态设置
   comment = Home Directories  // 说明目录或文件类型
   browseable = no  // 不能认其他认浏览
   writable = yes  // 用户可以写入自己的目录

# Un-comment the following and create the netlogon directory for Domain Logons
; [netlogon]  // 域用户登录目录的状态设置
;   comment = Network Logon Service
;   path = /usr/local/samba/lib/netlogon
;   guest ok = yes
;   writable = no
;   share modes = no


# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
;[Profiles]
;    path = /usr/local/samba/profiles
;    browseable = no
;    guest ok = yes


# NOTE: If you have a BSD-style print system there is no need to 
# specifically define each individual printer
[printers]  // 打印机设置
   comment = All Printers  // 共享全部打印机
   path = /usr/spool/samba  // 打印机池, 需要自行创建目录
   browseable = no
# Set public = yes to allow user 'guest account' to print  // 允许guest 使用打印机, 屏蔽掉允许所有人使用
   guest ok = no
   writable = no
   printable = yes  // 用户是否可以打印

# This one is useful for people to share files
;[tmp]  // 用户共享资源设置
;   comment = Temporary file space  // 说明描述
;   path = /tmp  // 共享文件所在路径
;   read only = no  // 是否只读
;   public = yes  // 是否共享

# A publicly accessible directory, but read only, except for people in
# the "staff" group
;[public]
;   comment = Public Stuff
;   path = /home/samba
;   public = yes
;   writable = yes
;   printable = no
;   write list = @staff

# Other examples. 
#
# A private printer, usable only by fred. Spool data will be placed in fred's
# home directory. Note that fred must have write access to the spool directory,
# wherever it is.
;[fredsprn]
;   comment = Fred's Printer
;   valid users = fred
;   path = /homes/fred
;   printer = freds_printer
;   public = no
;   writable = no
;   printable = yes

# A private directory, usable only by fred. Note that fred requires write
# access to the directory.
;[fredsdir]
;   comment = Fred's Service
;   path = /usr/somewhere/private
;   valid users = fred
;   public = no
;   writable = yes
;   printable = no

# a service which has a different directory for each machine that connects
# this allows you to tailor configurations to incoming machines. You could
# also use the %U option to tailor it by user name.
# The %m gets replaced with the machine name that is connecting.
;[pchome]
;  comment = PC Directories
;  path = /usr/pc/%m
;  public = no
;  writable = yes

# A publicly accessible directory, read/write to all users. Note that all files
# created in the directory by users will be owned by the default user, so
# any user with access can delete any other user's files. Obviously this
# directory must be writable by the default user. Another user could of course
# be specified, in which case all files would be owned by that user instead.
;[public]
;   path = /usr/somewhere/else/public
;   public = yes
;   only guest = yes
;   writable = yes
;   printable = no

# The following two entries demonstrate how to share a directory so that two
# users can place files there that will be owned by the specific users. In this
# setup, the directory should be writable by both users and should have the
# sticky bit set on it to prevent abuse. Obviously this could be extended to
# as many users as required.
;[myshare]
;   comment = Mary's and Fred's stuff
;   path = /usr/somewhere/shared
;   valid users = mary fred
;   public = no
;   writable = yes
;   printable = no
;   create mask = 0765

#======================= Global Settings =====================================
[global]
   workgroup = WG619
   server string = mg12-linux
   # netbios name 是计算机名, 屏蔽这句则在共享中显示为 Localhost
   netbios name = RoKee
   # share模式, 任何用户无需用户名和口令即可访问服务器上的资源
   security = share
   # 允许所有 IP 的计算机访问
;   hosts allow = 192.168.1.
   printcap name = /etc/printcap
   load printers = yes
;   printcap name = lpstat
;   printing = lprng
;cups options = raw
;  guest account = pcguest
   log file = /var/log/samba/%m.log
   max log size = 50
;   password server = <NT-Server-Name>
;   realm = MY_REALM
;   passdb backend = tdbsam
;   include = /usr/local/samba/lib/smb.conf.%m
;   interfaces = 192.168.12.2/24 192.168.13.2/24
;   local master = no
;   os level = 33
;   domain master = yes 
;   preferred master = yes
;   domain logons = yes
;   logon script = %m.bat
;   logon script = %U.bat
;   logon path = \\%L\Profiles\%U
;   wins support = yes
;   wins server = w.x.y.z
;   wins proxy = yes
   dns proxy = no
;  add user script = /usr/sbin/useradd %u
;  add group script = /usr/sbin/groupadd %g
;  add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
;  delete user script = /usr/sbin/userdel %u
;  delete user from group script = /usr/sbin/deluser %u %g
;  delete group script = /usr/sbin/groupdel %g


#============================ Share Definitions ==============================
[homes]
   comment = Home Directories
   browseable = no
   writable = yes

; [netlogon]
;   comment = Network Logon Service
;   path = /usr/local/samba/lib/netlogon
;   guest ok = yes
;   writable = no
;   share modes = no


;[Profiles]
;    path = /usr/local/samba/profiles
;    browseable = no
;    guest ok = yes

[printers]
   comment = All Printers
   path = /usr/spool/samba
   browseable = no
   guest ok = no
   writable = no
   printable = yes

# 共享文件夹名称是 music
[music]
   # 描述
   comment = Music
   # 目录路径, 这是我 Windows 分区上的音乐文件夹
   path = /windows/E/Music
   # 只读
   read only = yes
   # 共享
   public = yes

[tmp]
   comment = Temporary file space
   path = /tmp
   # 可读可写, 但写入时要注意用户权限
   read only = no
   public = yes

;[public]
;   comment = Public Stuff
;   path = /home/samba
;   public = yes
;   writable = yes
;   printable = no
;   write list = @staff

;[fredsprn]
;   comment = Fred's Printer
;   valid users = fred
;   path = /homes/fred
;   printer = freds_printer
;   public = no
;   writable = no
;   printable = yes

;[fredsdir]
;   comment = Fred's Service
;   path = /usr/somewhere/private
;   valid users = fred
;   public = no
;   writable = yes
;   printable = no

;[pchome]
;  comment = PC Directories
;  path = /usr/pc/%m
;  public = no
;  writable = yes

;[public]
;   path = /usr/somewhere/else/public
;   public = yes
;   only guest = yes
;   writable = yes
;   printable = no

;[myshare]
;   comment = Mary's and Fred's stuff
;   path = /usr/somewhere/shared
;   valid users = mary fred
;   public = no
;   writable = yes
;   printable = no
;   create mask = 0765

[root@localhost mg12]# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[printers]"
Processing section "[music]"
Processing section "[tmp]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions

[global]
        workgroup = WG619
        netbios name = ROKEE
        server string = mg12
        security = SHARE
        log file = /var/log/samba/%m.log
        max log size = 50
        printcap name = /etc/printcap
        dns proxy = No

[homes]
        comment = Home Directories
        read only = No
        browseable = No

[printers]
        comment = All Printers
        path = /usr/spool/samba
        printable = Yes
        browseable = No

[music]
        comment = Music
        path = /windows/E/Music
        guest ok = Yes

[tmp]
        comment = Temporary file space
        path = /tmp
        read only = No
        guest ok = Yes

[root@localhost mg12]# /etc/init.d/smb restart
关闭 SMB 服务：                                            [确定]
关闭 NMB 服务：                                            [确定]
启动 SMB 服务：                                            [确定]
启动 NMB 服务：                                            [确定]