[Samba] smb.conf review

Rowland Penny rpenny at samba.org
Fri Jun 27 08:40:28 UTC 2025 

On Thu, 26 Jun 2025 16:31:19 -0500 (CDT)
Jonathan Hutchins via samba <samba at lists.samba.org> wrote:

> I'm replacing a very old smb.conf that's been tweaked to keep it
> working on current servers.  I would appreciate it if someone could
> give the file and let me know if there's anything obsolete or wrong
> with it. https://paste.debian.net/1382765/ 
> Thanks,
> Jonathan

This is your smb.conf after being run through 'testparm -s'

[global]
	workgroup = TARCANFEL
	log file = /var/log/samba/samba.log
	max log size = 1000
	logging = file syslog at 1
	panic action = /usr/share/samba/panic-action %d
	server role = standalone server
	obey pam restrictions = Yes
	unix password sync = Yes
	passwd program = /usr/bin/passwd %u
	passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
	pam password change = Yes
	client ipc min protocol = NT1
	map to guest = Bad User

[data]
	comment = "Data"
	create mask = 0777
	directory mask = 0777
	force create mode = 0777
	force directory mode = 0777
	force user = root
	guest ok = Yes
	path = /share/data
	read only = No

[images]
	comment = "Images and Photos"
	force create mode = 0777
	force directory mode = 0777
	force user = root
	guest ok = Yes
	path = /share/media/images
	read only = No

[iso]
	comment = "ISO Images"
	force create mode = 0777
	force directory mode = 0777
	force user = root
	guest ok = Yes
	path = /share/iso
	read only = No

[library]
	comment = "Instllable Program Files"
	force create mode = 0777
	force directory mode = 0777
	force user = root
	guest ok = Yes
	path = /share/library
	read only = No

[music]
	comment = "Music Collection"
	force create mode = 0777
	force directory mode = 0777
	force user = root
	guest ok = Yes
	path = /share/media/music
	read only = No

[media]
	comment = "Video, Imges, Music"
	force create mode = 0777
	force directory mode = 0777
	force user = root
	guest ok = Yes
	path = /share/media
	read only = No

[video]
	comment = "Video"
	force create mode = 0777
	force directory mode = 0777
	force user = root
	guest ok = Yes
	path = /share/media/video
	read only = No

Just a couple of comments:

Why set 'client ipc min protocol = NT1' ? Nothing else is using NT1
(aka SMBv1)
That smb.conf is very insecure, anyone can connect to your Samba server.

Rowland

>  
> PS: Please copy hutchins at tarcanfel.org

PS: I do not 'CC' anyone, I just reply to the list.

More information about the samba mailing list