On Sat, 24 May 2008 01:00:31 +0200, Udo Rader wrote:
> > BTW, providing your smb.conf or actually the output of testparm would be > a good start point to get better feedback on what goes wrong with your > installation. > > - -- > Udo Rader > http://www.bestsolution.at Please note that this has had names changed to protect the guilty and confuse the innocent. I have also heavily bowlderized any mention of vendors into formats suitable for public display. Settings have been left intact, and the entire shebang is of course behind a firewall so I have no fear in exposing networking names. The references can easily be inferred and for those who are not in the know, you can visit www.centos.org and determine for yourself what Prominent North American Enterprise Linux Vendor refers to. :D Please forgive the cut-n-paste verbosity but at the time there was considerable pressure and emphasis on documenting why each setting was used, why the GUI wasn't used (which was a sore point with some staff) and who-set-what, hence the repeated mention of GUI options not being available, etc. And yes, there are a few sections that "repeat" - I noticed that and will be cleaning that up as we head towards implementing recommendations. After getting my public flogging^W^W^W^Wreceiving constructive critism, I'll be looking forward to implementing ACL inheritance and other settings that are sorely missing. Yes, it's a mess, yes it needs some work - but that's why I'm posting it here, eh? #===================== Global Settings =============================== [global] # ----------------------- Network Related Options ------------------------- # # workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH # # server string is the equivalent of the NT Description field # # netbios name can be used to specify a server name not tied to the hostname # # Interfaces lets you configure Samba to use multiple interfaces # If you have multiple network interfaces then you can list the ones # you want to listen on (never omit localhost) # # Hosts Allow/Hosts Deny lets you restrict who can connect, and you can # specifiy it as a per share option as well # workgroup = PDX ; --- 2007-12-08 reset the server string to shorten its description and bring it in line with other porthole servers. ; --- This string can be set in the Prominent North American Enterprise Linux Vendor GUI. server string = %L netbios name = SRV2210 interfaces = lo eth0 eth1 ; --- 2007-12-08 added standard options that increase performance (refer to the Offical Samba 3.2 documentation ; --- at samba.org). DO NOT REMOVE THE SO_RCVBUF SETTING OR CHANGE IT, IT IS PART OF A FIX TO THE ISSUE SURROUNDING ; --- DELAYED WRITES FOR MACROSQUISH PORTHOLE CLIENTS. YOU HAVE BEEN WARNED! ; --- This is NOT a standard Prominent North American Enterprise Linux Vendor GUI option (it doesn't exist). socket options = TCP_NODELAY SO_KEEPALIVE IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=16738 ; --- 2008-01-16 added "keepalive" option keepalive = 30 ; --- 2008-01-22 added "deadtime" option; zero means it will never disconnect ; --- a client. deadtime = 0 getwd cache = yes # --------------------------- Logging Options ----------------------------- # # Log File let you specify where to put logs and how to split them up. # # Max Log Size let you specify the max size log files should reach log file = /var/log/samba.log # logs split per machine ; log file = /var/log/samba/%m.log ; Level 0 = ??? ; Level 1 = Share Access recorded ; Level 2 = File Access recorded ; Level 3 = File Locking ; Level 4 = High-level SMB protocol actvity log level = 1 # max 50KB per log file, then rotate ; max log size = 50 # ----------------------- Security Model Options ------------------------ # # Scurity can be set to user, share(deprecated) or server(deprecated) # # Backend to store user information in. New installations should # use either tdbsam or ldapsam. smbpasswd is available for backwards # compatibility. tdbsam requires no further configuration. security = ads passdb backend = tdbsam # ----------------------- Domain Controller Options ------------------------ # # Security must be set to user for domain controllers # # Backend to store user information in. New installations should # use either tdbsam or ldapsam. smbpasswd is available for backwards # compatibility. tdbsam requires no further configuration. # # Domain Master specifies Samba to be the Domain Master Browser. This # allows Samba to collate browse lists between subnets. Don't use this # if you already have a MacroSquish Porthole NT domain controller doing this job # # Domain Logons let Samba be a domain logon server for MacroSquish Porthole workstations. # # Logon Scrpit let yuou specify a script to be run at login time on the client # You need to provide it in a share called NETLOGON # # Logon Path let you specify where user profiles are stored (UNC path) # # Various scripts can be used on a domain controller or stand-alone # machine to add or delete corresponding unix accounts # ; --- 2007-12-08 DO NOT REMOVE THIS OPTION, THIS OPTION PREVENTS THE FILE SERVER FROM PARTICIPATING IN ; --- BROWSER ELECTIONS; TURNING THE OPTION ON WILL CAUSE THE FILE SERVER TO BECOME A POTENTIAL HOLDER OF ; --- THE MASTER BROWSE LIST (IE, THE COMPUTERS LISTED IN NETWORK EXPLODER WILL BE PROVIDED FROM DATA COLLECTED HERE!) ; --- Thus, turning on the option is a BAD thing. Do not do it. ; --- This is NOT a standard Prominent North American Enterprise Linux Vendor GUI option (it doesn't exist). domain master = no # ----------------------- Browser Control Options ---------------------------- # # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply # # OS Level determines the precedence of this server in master browser # elections. The default value should be reasonable # # Preferred Master causes Samba to force a local browser election on startup # and gives it a slightly higher chance of winning the election ; --- 2007-12-08 DO NOT REMOVE THIS OPTION, THIS OPTION PREVENTS THE FILE SERVER FROM PARTICIPATING IN ; --- BROWSER ELECTIONS; TURNING THE OPTION ON WILL CAUSE THE FILE SERVER TO BECOME A POTENTIAL HOLDER OF ; --- THE MASTER BROWSE LIST (IE, THE COMPUTERS LISTED IN NETWORK EXPLODER WILL BE PROVIDED FROM DATA COLLECTED HERE!) ; --- Thus, turning on the option is a BAD thing. Do not do it. Let the domain controllers handle this! ; --- This is NOT a standard Prominent North American Enterprise Linux Vendor GUI option (it doesn't exist). domain master = no local master = no preferred master = no os level = 33 ; --- 2007-12-18 because of the enormous flood of WINs errors in the logs, I have added this ; --- to get the server to think about other avenues besides wins to resolve addresses. This ; --- is a "crutch" of sorts until the issues with the Win2K3 WINS servers can be resolved. ; --- This is NOT a standard Prominent North American Enterprise Linux Vendor GUI option (it doesn't exist). name resolve order = host wins bcast #----------------------------- Name Resolution ------------------------------- # MacroSquish Porthole Internet Name Serving Support Section: # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both # # - WINS Support: Tells the NMBD component of Samba to enable it's WINS Server # # - WINS Server: Tells the NMBD components of Samba to be a WINS Client # # - WINS Proxy: Tells Samba to answer name resolution queries on # behalf of a non WINS capable client, for this to work there must be # at least one WINS Server on the network. The default is NO. # # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names # via DNS nslookups. wins support = no wins server = 10.2.1.2 # --------------------------- Printing Options ----------------------------- # # Load Printers let you load automatically the list of printers rather # than setting them up individually # # Cups Options let you pass the cups libs custom options, setting it to raw # for example will let you use drivers on your MacroSquish Porthole clients # # Printcap Name let you specify an alternative printcap file # # You can choose a non default printing system using the Printing option ; load printers = yes cups options = raw ; printcap name = /etc/printcap #obtain list of printers automatically on SystemV ; printcap name = lpstat ; printing = cups # --------------------------- Filesystem Options --------------------------- # # The following options can be uncommented if the filesystem supports # Extended Attributes and they are enabled (usually by the mount option # user_xattr). Thess options will let the admin store the DOS attributes # in an EA and make samba not mess with the permission bits. # # Note: these options can also be set just per share, setting them in global # makes them the default for all shares ; --- 2007-12-08 due to Unix's heavy use of dotfiles as hidden directories, and because it likes to ; --- fill up user home directories with these little annoyances, the following option was set on ; --- to make porthole clients treat the directories and files as "hidden". This is NOT on by default. This is ; --- also NOT a standard Prominent North American Enterprise Linux Vendor GUI option (it doesn't exist). hide dot files = true ; --- 2007-12-08 added this line to prevent backslash characters from triggering name mangling; without this ; --- set to off, names that are "suspect" will be mangled windows-95 style into DOS 8.3 characters. ; --- Mangling is ENABLED by default. ; --- This is not a standard Prominent North American Enterprise Linux Vendor GUI option (it doesn't exist). mangled names = false ; --- 2007-12-08 this option is REQUIRED to fix an issue with delayed write errors on MacroSquish Porthole clients. ; --- DO NOT REMOVE THIS LINE! YOU HAVE BEEN WARNED! ; --- This is not a standard Prominent North American Enterprise Linux Vendor GUI option (it doesn't exist). write raw = no ; --- 2007-12-18 this option is needed to provide "backwards emulation" of Window's case insensitivity. ; --- This is not a standard Prominent North American Enterprise Linux Vendor GUI option (it doesn't exist). case sensitive = false # ----------------------------- Locking Options ---------------------------- ; --- 2007-12-08 all oplocks are disabled for safety; in case we selectively activate oplocks for ; --- a given share, we will also disable oplocks by file extension, as a safety measure. Do not remove ; --- the next three lines or the system will suffer slowdowns and other issues under heavy load. ; --- These are not standard Prominent North American Enterprise Linux Vendor GUI options (they don't exist). level2 oplocks = false oplocks = false veto oplock files = /*.mdb/*.MDB/*.ldb/*.LDB/*.dbf/*.DBF/*.cdx/ *.CDX/*.idx/*.IDX/*.dct/*.DCT/*.dcx/*.DCX/*.fpt/*.FPT/ ; --- 2007-12-23 enabled kernel oplocks for additional safety, as Linux supports these. ; --- Note that this is enabled by default anyways and will automatically disable if the ; --- host OS does not support the feature. We enable it here explicitly. ; --- This is NOT a standard Prominent North American Enterprise Linux Vendor GUI option (it doesn't exist). kernel oplocks = Yes lock spin time = 15 #============================ Share Definitions ============================== password server = 10.2.1.1 realm = PDX.PCFRUIT.COM idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 ; template shell = /bin/nologin ; --- 2007-12-08 This option is enabled to shorten names returned from the domain. Typically domain names ; --- are returned with their domain attached, ie. PDX\joeuser is the account "joeuser" in the "PDX" domain. ; --- By enabling this, the domain THAT THE SAMBA SERVICE IS JOINED TO will have its domain name omitted from ; --- names that are returned from the domain, ie. PDX\joeuser becomes just "joeuser" with no PDX attached. ; --- DO NOT DISABLE THIS OPTION. DISABLING THIS WILL AFFECT THE USER'S HOME SHARES BECAUSE THEY ARE MAPPED ; --- USING THE USER'S DOMAIN NAME. This has the effect of changing the location that Samba will look for when ; --- a user tries to connect to their home share. Note that other domains will NOT have their name removed, ie. ; --- a user in PCFRUIT will show as PCFRUIT\someotheruser, because it only affects the domain name we have joined to. ; --- This is NOT a standard Prominent North American Enterprise Linux Vendor GUI option (it doesn't exist). winbind use default domain = true ; --- 2007-12-08 added to fix backslash naming issue on clients. DO NOT REMOVE THIS OPTION. ; --- If you have a need to enable this (ie. make it visible) and you want to show a backslash, simply ; --- comment out the option entirely and Samba will default the character to a backslash (\). Do not ; --- attempt to assign the backslash manually as it will fail. ; --- This is NOT a standard Prominent North American Enterprise Linux Vendor GUI option (it doesn't exist). winbind separator = + ; encrypt passwords = yes ; guest ok = no ; guest account = nobody ; encrypt passwords = yes ; guest ok = no ; guest account = nobody ; --- 2007-12-08 added to force all shares visible by default. This is a deviation from ; --- the Prominent North American Enterprise Linux Vendor GUI tool as ; --- it attempt to set every share it creates individually. By setting the value here in the global section, ; --- we can ensure that all shares inherit this setting by default. Please do not change it; if you do need to change it ; --- you will need to go to each share definition and define it there, otherwise your shares will not be visible in ; --- the MacroSquish Porthole Exploder window! ; --- This is not available on a global basis. The Prominent North American Enterprise Linux Vendor GUI ; --- does provide for it on a share-by-share basis. browseable = yes [homes] comment = Home Directories path = /home/%S ; --- 2007-12-08 must be set to "no" for this section, otherwise a ghost share will appear browseable = no writeable = yes ; --- 2007-12-08 activated stock permission setting by uncommenting valid users = %S ; valid users = MYDOMAIN\%S ; --- 2007-12-08 added file creation mask to force correct permissions on initial file creates ; --- This is NOT a standard Prominent North American Enterprise Linux Vendor GUI option (it doesn't exist). create mask = 0660 ; --- 2007-12-08 added directory creation mask to force correct permissions on initial directory creates ; --- This is NOT a standard Prominent North American Enterprise Linux Vendor GUI option (it doesn't exist). directory mask = 0770 ; --- 2007-12-08 added well-known/documented option to force account to user's account upon access. It is ; --- suggested that you keep this to prevent file ownership issues when looking at user home directories from ; --- an administrative level. ; --- This is NOT a standard Prominent North American Enterprise Linux Vendor GUI option (it doesn't exist). force user = %S [printers] comment = All Printers path = /var/spool/samba browseable = no ; guest ok = no ; writeable = no printable = yes [home] path = /home writeable = yes browseable = no guest ok = yes ; --- 2007-12-08 added to force admin access based on account admin users = PDX+admin1 PDX+admin3 PDX+admin4 PDX+admin2 ; --- 2007-12-12 per Prominent North American Enterprise Linux Vendor Global Support, ; --- added this option to allow for permissions to be set ; --- based on the accounting having write ability to the object. ; --- This is NOT a standard Prominent North American Enterprise Linux Vendor GUI option (it doesn't exist). dos filemode = yes [depts] path = /depts writeable = yes browseable = no guest ok = yes admin users = admin2, admin1, admin3, admin4 ; --- 2007-12-08 added to force admin access based on account admin users = PDX+admin1 PDX+admin3 PDX+admin4 PDX+admin2 ; --- 2007-12-12 per Prominent North American Enterprise Linux Vendor Global Support, ; --- added this option to allow for permissions to be set ; --- based on the accounting having write ability to the object. ; --- This is NOT a standard Prominent North American Enterprise Linux Vendor GUI option (it doesn't exist). dos filemode = yes [share] path = /share writeable = yes browseable = no guest ok = yes ; --- 2007-12-08 added to force admin access based on account admin users = PDX+admin1 PDX+admin3 PDX+admin4 PDX+admin2 ; --- 2007-12-12 per Prominent North American Enterprise Linux Vendor Global Support, ; --- added this option to allow for permissions to be set ; --- based on the accounting having write ability to the object. ; --- This is NOT a standard Prominent North American Enterprise Linux Vendor GUI option (it doesn't exist). dos filemode = yes [accounting] path = /depts/acct writeable = yes ; browseable = yes guest ok = yes comment = Department Share - Accounting ; --- 2007-12-08 added to force admin access based on account admin users = PDX+admin1 PDX+admin3 PDX+admin4 PDX+admin2 ; --- 2007-12-12 per Prominent North American Enterprise Linux Vendor Global Support, added this option to allow for permissions to be set ; --- based on the accounting having write ability to the object. ; --- This is NOT a standard Prominent North American Enterprise Linux Vendor GUI option (it doesn't exist). dos filemode = yes ; --- 2007-12-13 this next setting is part of a two-part fix that addresses issues with MacroSquish Obfuscator documents ; --- being saved, only to be later re-openned as "read only". The issue is in MacroSquish Obfuscator, not in Samba, and ; --- typically affects MacroSquish Weird documents (it creates a temp document, you save it, it deletes the old doc ; --- and renames the temp). The other half of the fix requires that the sticky bit be set for the group "chmod g+s <filename>" force create mode = 0660 force directory mode =0770 [buyers] comment = Department Share - Buyers path = /depts/buyers writeable = yes ; browseable = yes guest ok = yes ; --- 2007-12-08 added to force admin access based on account admin users = PDX+admin1 PDX+admin3 PDX+admin4 PDX+admin2 ; --- 2007-12-12 per Prominent North American Enterprise Linux Vendor Global Support, added this option to allow for permissions to be set ; --- based on the accounting having write ability to the object. ; --- This is NOT a standard Prominent North American Enterprise Linux Vendor GUI option (it doesn't exist). dos filemode = yes ; --- 2007-12-13 this next setting is part of a two-part fix that addresses issues with MacroSquish Obfuscator documents ; --- being saved, only to be later re-openned as "read only". The issue is in MacroSquish Obfuscator, not in Samba, and ; --- typically affects MacroSquish Weird documents (it creates a temp document, you save it, it deletes the old doc ; --- and renames the temp). The other half of the fix requires that the sticky bit be set for the group "chmod g+s <filename>" force create mode = 0660 force directory mode =0770 [hr] comment = Department Share - HR path = /depts/hr writeable = yes ; browseable = yes guest ok = yes ; --- 2007-12-08 added to force admin access based on account admin users = PDX+admin1 PDX+admin3 PDX+admin4 PDX+admin2 ; --- 2007-12-12 per Prominent North American Enterprise Linux Vendor Global Support, added this option to allow for permissions to be set ; --- based on the accounting having write ability to the object. ; --- This is NOT a standard Prominent North American Enterprise Linux Vendor GUI option (it doesn't exist). dos filemode = yes ; --- 2007-12-13 this next setting is part of a two-part fix that addresses issues with MacroSquish Obfuscator documents ; --- being saved, only to be later re-openned as "read only". The issue is in MacroSquish Obfuscator, not in Samba, and ; --- typically affects MacroSquish Weird documents (it creates a temp document, you save it, it deletes the old doc ; --- and renames the temp). The other half of the fix requires that the sticky bit be set for the group "chmod g+s <filename>" force create mode = 0660 force directory mode =0770 [is] comment = Department Share - Information Services path = /depts/is writeable = yes ; browseable = yes guest ok = yes ; --- 2007-12-08 added to force admin access based on account admin users = PDX+admin1 PDX+admin3 PDX+admin4 PDX+admin2 ; --- 2007-12-12 per Prominent North American Enterprise Linux Vendor Global Support, added this option to allow for permissions to be set ; --- based on the accounting having write ability to the object. ; --- This is NOT a standard Prominent North American Enterprise Linux Vendor GUI option (it doesn't exist). dos filemode = yes ; --- 2007-12-13 this next setting is part of a two-part fix that addresses issues with MacroSquish Obfuscator documents ; --- being saved, only to be later re-openned as "read only". The issue is in MacroSquish Obfuscator, not in Samba, and ; --- typically affects MacroSquish Weird documents (it creates a temp document, you save it, it deletes the old doc ; --- and renames the temp). The other half of the fix requires that the sticky bit be set for the group "chmod g+s <filename>" force create mode = 0660 force directory mode =0770 [management] path = /depts/mgmt writeable = yes ; browseable = yes guest ok = yes comment = Department Share - Management ; --- 2007-12-08 added to force admin access based on account admin users = PDX+admin1 PDX+admin3 PDX+admin4 PDX+admin2 ; --- 2007-12-12 per Prominent North American Enterprise Linux Vendor Global Support, added this option to allow for permissions to be set ; --- based on the accounting having write ability to the object. ; --- This is NOT a standard Prominent North American Enterprise Linux Vendor GUI option (it doesn't exist). dos filemode = yes ; --- 2007-12-13 this next setting is part of a two-part fix that addresses issues with MacroSquish Obfuscator documents ; --- being saved, only to be later re-openned as "read only". The issue is in MacroSquish Obfuscator, not in Samba, and ; --- typically affects MacroSquish Weird documents (it creates a temp document, you save it, it deletes the old doc ; --- and renames the temp). The other half of the fix requires that the sticky bit be set for the group "chmod g+s <filename>" force create mode = 0660 force directory mode =0770 [operations] comment = Department Share - Operations path = /depts/ops writeable = yes ; browseable = yes guest ok = yes ; --- 2007-12-08 added to force admin access based on account admin users = PDX+admin1 PDX+admin3 PDX+admin4 PDX+admin2 ; --- 2007-12-12 per Prominent North American Enterprise Linux Vendor Global Support, added this option to allow for permissions to be set ; --- based on the accounting having write ability to the object. ; --- This is NOT a standard Prominent North American Enterprise Linux Vendor GUI option (it doesn't exist). dos filemode = yes ; --- 2007-12-13 this next setting is part of a two-part fix that addresses issues with MacroSquish Obfuscator documents ; --- being saved, only to be later re-openned as "read only". The issue is in MacroSquish Obfuscator, not in Samba, and ; --- typically affects MacroSquish Weird documents (it creates a temp document, you save it, it deletes the old doc ; --- and renames the temp). The other half of the fix requires that the sticky bit be set for the group "chmod g+s <filename>" force create mode = 0660 force directory mode =0770 [sales] comment = Department Share - Sales path = /depts/sales writeable = yes ; browseable = yes guest ok = yes ; --- 2007-12-08 added to force admin access based on account admin users = PDX+admin1 PDX+admin3 PDX+admin4 PDX+admin2 ; --- 2007-12-12 per Prominent North American Enterprise Linux Vendor Global Support, added this option to allow for permissions to be set ; --- based on the accounting having write ability to the object. ; --- This is NOT a standard Prominent North American Enterprise Linux Vendor GUI option (it doesn't exist). dos filemode = yes ; --- 2007-12-13 this next setting is part of a two-part fix that addresses issues with MacroSquish Obfuscator documents ; --- being saved, only to be later re-openned as "read only". The issue is in MacroSquish Obfuscator, not in Samba, and ; --- typically affects MacroSquish Weird documents (it creates a temp document, you save it, it deletes the old doc ; --- and renames the temp). The other half of the fix requires that the sticky bit be set for the group "chmod g+s <filename>" force create mode = 0660 force directory mode =0770 [archive] comment = Shared Applications path = /share/archive writeable = yes browseable = no guest ok = no ; --- 2007-12-08 added to force admin access based on account admin users = PDX+admin1 PDX+admin3 PDX+admin4 PDX+admin2 ; --- 2007-12-12 per Prominent North American Enterprise Linux Vendor Global Support, added this option to allow for permissions to be set ; --- based on the accounting having write ability to the object. ; --- This is NOT a standard Prominent North American Enterprise Linux Vendor GUI option (it doesn't exist). dos filemode = yes oplocks = true level2 oplocks = true [dev] comment = Development path = /share/dev writeable = yes browseable = no guest ok = yes ; --- 2007-12-08 added to force admin access based on account admin users = PDX+admin1 PDX+admin3 PDX+admin4 PDX+admin2 ; --- 2007-12-12 per Prominent North American Enterprise Linux Vendor Global Support, ; --- added this option to allow for permissions to be set ; --- based on the accounting having write ability to the object. ; --- This is NOT a standard Prominent North American Enterprise Linux Vendor GUI option (it doesn't exist). dos filemode = yes ; --- 2007-12-13 this next setting is part of a two-part fix that addresses issues with MacroSquish Obfuscator documents ; --- being saved, only to be later re-openned as "read only". The issue is in MacroSquish Obfuscator, not in Samba, and ; --- typically affects MacroSquish Weird documents (it creates a temp document, you save it, it deletes the old doc ; --- and renames the temp). The other half of the fix requires that the sticky bit be set for the group "chmod g+s <filename>" force create mode = 0660 force directory mode =0770 [pcf_public] comment = Public Non-Sensitive Files path = /share/public writeable = yes ; browseable = yes guest ok = yes ; --- 2007-12-08 added to force admin access based on account admin users = PDX+admin1 PDX+admin3 PDX+admin4 PDX+admin2 ; --- 2007-12-12 per Prominent North American Enterprise Linux Vendor Global Support, added this option to ; --- allow for permissions to be set based on the accounting having write ability to the object. ; --- This is NOT a standard Prominent North American Enterprise Linux Vendor GUI option (it doesn't exist). dos filemode = yes ; --- 2007-12-13 this next setting is part of a two-part fix that addresses issues with MacroSquish Obfuscator documents ; --- being saved, only to be later re-openned as "read only". The issue is in MacroSquish Obfuscator, not in Samba, and ; --- typically affects MacroSquish Weird documents (it creates a temp document, you save it, it deletes the old doc ; --- and renames the temp). The other half of the fix requires that the sticky bit be set for the group "chmod g+s <filename>" ; --- NEITHER of these are standard Prominent North American Enterprise Linux Vendor GUI options (they don't exist in the GUI). force create mode = 0666 force directory mode =0777 [test] comment = Testing Area - Not For General Use path = /share/test writeable = yes ; browseable = yes guest ok = yes ; --- 2007-12-08 added to force admin access based on account ; --- 2007-12-18 this is strictly a test environment. Admin functionality has been disabled ; --- to facilitate permissions testing. ; admin users = PDX+admin1 PDX+admin3 PDX+admin4 PDX+admin2 ; --- 2007-12-12 per Prominent North American Enterprise Linux Vendor Global Support, added this option to ; --- allow for permissions to be set based on the user having write ability to the object. ; --- This is NOT a standard Prominent North American Enterprise Linux Vendor GUI option (it doesn't exist). dos filemode = yes ; --- 2007-12-13 this next setting is part of a two-part fix that addresses issues with MacroSquish Obfuscator documents ; --- being saved, only to be later re-openned as "read only". The issue is in MacroSquish Obfuscator, not in Samba, and ; --- typically affects MacroSquish Weird documents (it creates a temp document, you save it, it deletes the old doc ; --- and renames the temp). The other half of the fix requires that the sticky bit be set for the group "chmod g+s <filename>" force create mode = 0660 force directory mode =0770 ; --- 2007-12-18 oplock functionality can be tested on this share selectively. level2 oplocks = true oplocks = true ; veto oplock files = ; --- 2007-12-18 force a flush of all buffers to disk once a client sends their buffers over ; --- to the service. This is NOT a standard Prominent North American Enterprise Linux Vendor GUI option (it doesn't exist). ; sync always = yes [vp] comment = Visual Package for ERP/accounting based on Very Frumpy Programming language path = /share/vp writeable = yes read only = no ; browseable = yes ; --- 2007-12-08 added to force admin access based on account admin users = PDX+admin1 PDX+admin3 PDX+admin4 PDX+admin2 ; --- 2007-12-12 per Prominent North American Enterprise Linux Vendor Global Support, added this option ; --- to allow for permissions to be set based on the accounting having write ability to the object. ; --- This is NOT a standard Prominent North American Enterprise Linux Vendor GUI option (it doesn't exist). ; --- 2007-12-13 this next setting is part of a two-part fix that addresses issues with MacroSquish Obfuscator documents ; --- being saved, only to be later re-openned as "read only". The issue is in MacroSquish Obfuscator, not in Samba, and ; --- typically affects MacroSquish Weird documents (it creates a temp document, you save it, it deletes the old doc ; --- and renames the temp). The other half of the fix requires that the sticky bit be set for the group "chmod g+s <filename>" force create mode = 0660 force directory mode =0770 ; --- 2007-12-13 as this is a critical share, this function has been disabled to prevent potential conflict. ; dos filemode = yes ; --- 2007-12-18 oplock functionality can be tested on this share selectively. level2 oplocks = true oplocks = true veto oplock files = /*.mdb/*.MDB/*.dbf/*.DBF/*.fpt/*.FPT/*.cdx/ *.CDX/*.idx/*.IDX/*.ndx/*.NDX/*.dct/*.DCT/*.dcx/*.DCX/*.dbc/*.DBC/*.dll/ *.DLL/ ; --- 2007-12-23 added these parameters as part of Very Old Accounting Packager's recommendations create mask = 0660 directory mask = 0770 guest ok = yes [apps] comment = Testing Area - Not For General Use path = /share/apps writeable = yes browseable = yes guest ok = yes ; --- 2007-12-08 added to force admin access based on account ; --- 2007-12-18 this is strictly a test environment. Admin functionality has been disabled ; --- to facilitate permissions testing. ; admin users = PDX+admin1 PDX+admin3 PDX+admin4 PDX+admin2 ; --- 2007-12-12 per Prominent North American Enterprise Linux Vendor Global Support, added this option to allow for permissions to be set ; --- based on the user having write ability to the object. ; --- This is NOT a standard Prominent North American Enterprise Linux Vendor GUI option (it doesn't exist). dos filemode = yes ; --- 2007-12-13 this next setting is part of a two-part fix that addresses issues with MacroSquish Obfuscator documents ; --- being saved, only to be later re-openned as "read only". The issue is in MacroSquish Obfuscator, not in Samba, and ; --- typically affects MacroSquish Weird documents (it creates a temp document, you save it, it deletes the old doc ; --- and renames the temp). The other half of the fix requires that the sticky bit be set for the group "chmod g+s <filename>" force create mode = 0660 force directory mode =0770 ; --- 2007-12-18 oplock functionality can be tested on this share selectively. level2 oplocks = true oplocks = true ; veto oplock files = ; --- 2007-12-18 force a flush of all buffers to disk once a client sends their buffers over ; --- to the service. This is NOT a standard Prominent North American Enterprise Linux Vendor GUI option (it doesn't exist). ; sync always = yes [vmware] ; -- ; -- This share hosts VMWare Images. ; -- path = /share/vmware comment = VMWare Virual Machine Images browseable = Yes read only = No writeable = Yes guest ok = No dos filemode = yes level2 oplocks = true oplocks = true admin users = PDX+admin1 PDX+admin3 PDX+admin4 PDX+admin2 force create mode = 0660 force directory mode = 0770 veto oplock files = /*.mdb/*.MDB/*.dbf/*.DBF/*.fpt/*.FPT/*.cdx/ *.CDX/*.idx/*.IDX/*.ndx/*.NDX/*.dct/*.DCT/*.dcx/*.DCX/*.dbc/*.DBC/*.dll/ *.DLL/ [stub] ; -- ; -- Default Share Template ; -- ; -- Copy this share template ONLY. Do not copy any other share for a template as you ; -- may accidentally damage or loose it. path = /share comment = Stub Template (for internal use only) browseable = Yes read only = No writeable = Yes guest ok = No dos filemode = yes level2 oplocks = true oplocks = true admin users = PDX+admin1 PDX+admin3 PDX+admin4 PDX+admin2 force create mode = 0660 force directory mode = 0770 veto oplock files = /*.mdb/*.MDB/*.dbf/*.DBF/*.fpt/*.FPT/*.cdx/ *.CDX/*.idx/*.IDX/*.ndx/*.NDX/*.dct/*.DCT/*.dcx/*.DCX/*.dbc/*.DBC/*.dll/ *.DLL/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
