[Samba] Please criticize my smb.conf

Rowland Penny rpenny at samba.org
Thu Oct 5 07:59:32 UTC 2017


See inline comments:

On Tue, 3 Oct 2017 19:48:20 -0700
ToddAndMargo via samba <samba at lists.samba.org> wrote:

> Server:
>     Fedora 26
>     samba-4.6.8-0.fc26.x86_64
> 
> Workstations (5 of them):
>     XP Pro SP3
> 
> One Xerox Workcentre 3550 multifunction printer scanner that requires
>       lanman auth = yes
>       ntlm auth = yes
> 
> I turned off "winbind.service", which I presume is "wins":

'wins' or to give it its full name 'Windows Internet Name Service' has
nothing to do with winbind.

> 
>      # systemctl stop winbind.service
>      # systemctl disable winbind.service
>      Removed /etc/systemd/system/multi-user.target.wants/winbind.service.
> 
> I turned off "wins" where ever I found it.

You can if you wish turn it back on again, because you might need it :)

> 
> I kept the
>      # note default "map archive" is "yes"
>      map archive = yes
> comment so I realize at a later date what remapping is going on.

OK



    volume = Fedora Core, %v
    comment = Samba (NetBIOS) Server on FedoraServer.xxxxx.local

The above two lines are only really useful in a share

    netbios name = FedoraServer

You do not need the above line, Samba will fill it in for you
If you do not have it, you can transplant the smb.conf to another
computer and get the same results.

    follow symlinks = yes
    wide links = no
    locking = yes

The above three lines are default settings and as such, you might as
well remove them. 

#  smbpasswd - The old, deprecated passwd backend. Takes a path  to
#              the smbpasswd file as an optional argument.
#  tdbsam    - The  default password storage backend.

    passdb backend = smbpasswd

You really should use 'tdbsam'

> 
> # Unix users can map to different SMB User names
> # touch /etc/samba/smbusers   to start
>     username map = /etc/samba/smbusers

You don't need a usermap on a standalone server

>     logon script = scripts/logon.bat
>     logon path = /exports/netlogon
>     logon drive = X:

The above will do nothing on a standalone server

> 
> ; name resolve order = lmhosts host wins bcast
> ; if winbind is running, use wins host bcast
> ;   name resolve order = wins host bcast
>     name resolve order = host bcast

You may have problems if you don't use 'wins'

> ;  note: deadtime is in minutes 1440=24hrs 2880=48hrs (2 days)
> 20160=14days ;  deadtime = 60
> ;  deadtime = 1440
>     deadtime = 20160

I will be a bit blunter this time, waiting for 2 weeks before an idle
connection is disconnected is just plain stupid.

The shares don't seem to have changed, so see my previous comments.

Rowland



More information about the samba mailing list