The Samba Configuration File
Samba uses the /etc/samba/smb.conf
file to manage Samba configuration.
smb.conf
File Structure Overview
The smb.conf
file consists of several sections that you configure to make
the required services for a specific Samba configuration available. Consider the following
sample extract from an smb.conf
file:
#========== Global Settings =======
[global]
security = ADS
realm = EXAMPLE.REALM
password server = krbsvr.example.com
.
.
.
load printers = yes
printing = cups
printcap name = cups
#========== Share Definitions =========
[homes]
comment = User home directories
path = /data/pchome/%S
valid users = %S, WWW.EXAMPLE.COM\%S
browsable = no
read only = no
guest ok = no
[printers]
comment = All Printers
path = /var/spool/samba
printable = yes
[test_share]
comment = Shared /usr/local/test_share directory created for tests
path = /usr/local/test_share
valid users = @examplegroup
browsable = yes
read only = no
The following list describes the sections in the preceding configuration example:
-
[global]
-
This section contains global settings for the Samba server.
In the preceding example, the
security
parameter value ofADS
means the server is a member of an AD domain that's running in native mode. In this scenario, Samba relies on tickets issued by the Kerberos server to authenticate clients who want to access local services. -
[homes]
-
The
[homes]
section provides a personal share for users that log onto the Samba server. In the example, the location of each user's home directory is set by the linepath = /data/pchome/%S
(the%S
macro is substituted with the username). The settings forbrowsable = no
andread only = no
prevent other users from browsing home directories, while granting full access to valid users.Important:
Be careful with settings, such as security, especially in the special sections
[global]
,[homes],
and[printers]
.For example, if guest access is specified in the
[homes]
section, all home directories are visible to all clients without a password.You might consider using the
invalid users
parameter for users such asroot
and other users with administrative privileges. -
[printers]
-
Specifies print services. The
path
parameter specifies the location of a spooling directory that receives print jobs from Windows clients before submitting them to the local print spooler.Samba advertises all locally configured printers on the server.
-
[test_share]
-
Specifies a share named test_share, which grants users belonging to group examplegroup browsing and write permissions to the
/usr/local/test_share
directory.Note:
The
read only = no
configuration entry is essential to ensure Samba shares the directory as a writeable share.
For more information see /etc/samba/smb.conf.example
,
smb.conf(5)
manual page, and https://wiki.samba.org/index.php/User_Documentation
Using the testparm
Program to Validate Samba Configuration File
Content
You use the testparm
program to validate a Samba configuration file after
making configuration changes. The testparm
program detects invalid
parameters and values and highlights incorrect settings such as incorrect ID mappings.
Note:
testparm
checks a configuration file for internal correctness only. The
testparm
command isn't capable of testing whether configured services are
available or work as expected.
The following example shows how you might use the command to test a copy of the file you're working on:
sudo testparm /etc/samba/smb.conf.my_copy
Load smb config files from /etc/samba/smb.conf.my_copy
Loaded services file OK.
...
If, instead of a copy, you want to test the default Samba configuration file, you don't
have to specify the file as a parameter. Run testparm
as follows:
sudo testparm
If the testparm
command reports any errors or misconfiguration in the
configuration file, you must fix the problem and then reissue the command.
For more information, see the testparm(1)
manual page.
Best Practice When Editing Samba Configuration
Samba services reload their configuration as follows:
-
Most configuration values are reloaded automatically, every 3 minutes.
-
You can also manually request a reload, for example by using the
smbcontrol all reload-config command
.
Note:
Some parameters, such as security
, require a restart of the
smb
service to take effect.
The frequent reloading of configuration values doesn't give you much time to validate any
changes you're planning to make to /etc/samba/smb.conf
. Therefore, as
best practice, first test the changes on a copy of the configuration file. The following
steps describe how you might do this:
-
Make a copy of the samba configuration file.
sudo cp /etc/samba/smb.conf /etc/samba/samba.conf.mycopy
-
Edit the copy of the file in a text editor, such as
vi
:sudo vi /etc/samba/samba.conf.mycopy
-
Validate the changes using
testparm
:sudo testparm /etc/samba/smb.conf.my_copy
-
Overwrite the original file with the copy you have validated:
sudo mv /etc/samba/samba.conf.my_copy /etc/samba/smb.conf
-
Use the
smbcontrol all reload-config
command to reload the configuration:sudo smbcontrol all reload-config