** Updated for Samba 3.4.0 on 8/21/2011 – by default Samba now uses tdbsam as a default. This new version of an smb.conf example also allows for passwd (system passwords) to update Samba users’ passwords (aka sync). Additionally, we added a share directory for the default apache root for sharing certain files over http.
“Samba is an Open Source/Free Software suite that provides seamless file and print services to SMB/CIFS clients.” What does all that mean?
Samba is the name of a free program that allows you to share files between almost any type of computer on a network. It’s the rosetta stone of file-sharing. You can share data from a Mac to a PC, PC to a Mac, or from a Linux computer to a PC/Mac combo.
The thing with free software is that it’s not always easy to configure… Also, there’s a lot of information on the Internet – no, too much information about how to configure it a million ways that may or may not work for you. Also, people are always being jerks about RTFM on the forums. I hate that… Obviously, the reason people go to a forum is that they don’t want to RTFM. They just want some guidance!
If you need help setting up a Samba server, please give us a ring and one of our IT support guys will help you out remotely at a low hourly rate.
That being said, here’s the stuff you probably came here looking for… Some free advice on setting up your smb.conf file the way that you actually need it to work.
SMB Permissions forced for directory and file creation for Mac and PC
The good news is that, after many hours of testing… I’ve created an smb.conf file that works for forcing permissions of 770 (dir2) or 775 (dir1) for all files and directories created over smb connections.
This configuration has been tested on Ubuntu 8.04, 8.10, 9.10 and several versions of Samba server including 3.4.0 and 3.0.28a
[global] netbios name = server server string = server workgroup = Workgroup security = user hosts allow = 127. 192.168.2. interfaces = 127.0.0.1/8 192.168.2.0/24 bind interfaces only = yes remote announce = 192.168.2.255 remote browse sync = 192.168.2.255 log file = /var/log/samba/samba.log max log size = 1000 log level = 10 null passwords = no username level = 6 password level = 20 encrypt passwords = true unix password sync = yes wide links = no socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = no domain master = no preferred master = no domain logons = no os level = 33 logon drive = m: logon home = \\%L\homes\%u logon path = \\%L\profiles\%u logon script = %G.bat time server = no name resolve order = wins lmhosts bcast wins support = no wins proxy = no dns proxy = no preserve case = yes short preserve case = yes client use spnego = no client signing = no client schannel = no server signing = no server schannel = no nt pipe support = yes nt status support = yes allow trusted domains = no obey pam restrictions = yes enable spoolss = yes client plaintext auth = no disable netbios = no follow symlinks = no update encrypted = yes passwd chat timeout = 120 # settings and debugging for passwd sync to tdbsam passwd chat debug = yes pam password change = yes passdb backend = tdbsam hostname lookups = no username map = /etc/samba/smbusers passwd program = /usr/bin/passwd '%u' passwd chat = *New*password* %n\n *ReType*new*password* %n\n *passwd*changed*\n add user script = /usr/sbin/useradd -d /dev/null -c 'Samba User Account' -s /dev/null '%u' add user to group script = /usr/sbin/useradd -d /dev/null -c 'Samba User Account' -s /dev/null -g '%g' '%u' add group script = /usr/sbin/groupadd '%g' delete user script = /usr/sbin/userdel '%u' delete user from group script = /usr/sbin/userdel '%u' '%g' delete group script = /usr/sbin/groupdel '%g' add machine script = /usr/sbin/useradd -d /dev/null -g sambamachines -c 'Samba Machine Account' -s /dev/null -M '%u' machine password timeout = 120 idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /dev/null winbind use default domain = yes winbind separator = @ winbind cache time = 360 winbind trusted domains only = yes winbind nested groups = no winbind nss info = no winbind refresh tickets = no winbind offline logon = no [dir1] path = /pathto/dir1 comment = dir1 Files valid users = user1 user2 write list = user1 user2 directory mask = 0775 create mode = 0775 read only = no available = yes browseable = yes writable = no guest ok = no public = no printable = no locking = no [dir2] path = /pathto/dir2 comment = dir2 valid users = user1 user2 user3 user4 write list = user1 user2 user3 user4 create mask = 770 force create mode = 770 security mask = 770 force security mode = 644 directory mask = 770 force directory mode = 770 directory security mask = 770 force directory security mode = 770 read only = no available = yes browseable = yes writable = no guest ok = no public = no printable = no locking = no [apache2] path=/var/www comment = httpd root validusers = user1 read only = no writable = yes locking = no directory mask = 0775