Now that we've gotten our feet wet with variables, there are a few special sections of the Samba configuration file that we should talk about. Again, don't worry if you do not understand each and every configuration options listed below; we'll go over each of them over the course of the upcoming chapters.
The [globals]
section appears in virtually every Samba configuration file, even though it is not mandatory to define one. Any option set in this section of the file will apply to all the other shares, as if the contents of the section were copied into the share itself. There is one catch: other sections can list the same option in their section with a new value; this has the effect of overriding the value specified in the [globals]
section.
To illustrate this, let's again look at the opening example of the chapter:
[global] log level = 1 max log size = 1000 socket options = TCP_NODELAY IPTOS_LOWDELAY guest ok = no [homes] browseable = no map archive = yes [printers] path = /usr/tmp guest ok = yes printable = yes min print space = 2000 [test] browseable = yes read only = yes guest ok = yes path = /export/samba/test
In the previous example, if we were going to connect a client to the [test]
share, Samba would first read in the [globals]
section. At that point, it would set the option guest
ok
=
no
as the global default for each share it encounters throughout the configuration file. This includes the [homes]
and [printers]
shares. When it reads in the [test]
share, however, it would then find the configuration option guest
ok
=
yes
, and override the default from the [globals]
section with the value yes
in the context of the [pub]
share.
Any option that appears outside of a section (before the first marked section) is also assumed to be a global option.
If a client attempts to connect to a share that doesn't appear in the smb.conf file, Samba will search for a [homes]
share in the configuration file. If one exists, the unidentified share name is assumed to be a Unix username, which is queried in the password database of the Samba server. If that username appears, Samba assumes the client is a Unix user trying to connect to his or her home directory on the server.
For example, assume a client machine is connecting to the Samba server hydra
for the first time, and tries to connect to a share named [alice]
. There is no [alice]
share defined in the smb.conf file, but there is a [homes]
, so Samba searches the password database file and finds an alice
user account is present on the system. Samba then checks the password provided by the client against user alice
's Unix password - either with the password database file if it's using non-encrypted passwords, or Samba's smbpasswd file if encrypted passwords are in use. If the passwords match, then Samba knows it has guessed right: the user alice
is trying to connect to her home directory. Samba will then create a share called [alice]
for her.
The process of using the [homes]
section to create users (and dealing with their passwords) is discussed in more detail in the Chapter 6, Users, Security, and Domains .
The third special section is called [printers]
and is similar to [homes]
. If a client attempts to connect to a share that isn't in the smb.conf file, and its name can't be found in the password file, Samba will check to see if it is a printer share. Samba does this by reading the printer capabilities file (usually /etc/printcap) to see if the share name appears there.[1] If it does, Samba creates a share named after the printer.
[1] Depending on your system, this file may not be /etc/printcap. You can use the testparm command that comes with Samba to determine the value of the
printcap
name
configuration option; this was the default value chosen when Samba was compiled.
Like [homes]
, this means you don't have to maintain a share for each of your system printers in the smb.conf file. Instead, Samba honors the Unix printer registry if you request it to, and provides the registered printers to the client machines. There is, however, an obvious limitation: if you have an account named fred
and a printer named fred
, Samba will always find the user account first, even if the client really needed to connect to the printer.
The process of setting up the [printers]
share is discussed in more detail in Chapter 7, Printing and Name Resolution.
Options in the Samba configuration files fall into one of two categories: global or share. Each category dictates where an option can appear in the configuration file.
Global options must appear in the [global]
section and nowhere else. These are options that typically apply to the behavior of the Samba server itself, and not to any of its shares.
Share options can appear in specific shares, or they can appear in the [global]
section. If they appear in the [global]
section, they will define a default behavior for all shares, unless a share overrides the option with a value of its own.
In addition, the values that a configuration option can take can be divided into four categories. They are as follows:
These are simply yes or no values, but can be represented by any of the following: yes
, no
, true
, false
, 0
, 1
. The values are case insensitive: YES
is the same as yes
.
An integer, hexidecimal, or octal number. The standard 0x
nn syntax is used for hexadecimal and 0
nnn for octal.
A string of case-sensitive characters, such as a filename or a username.
A finite list of known values. In effect, a boolean is an enumerated list with only two values.