Samba配置文件的位置：#/etc/samba/smb.conf　

［global］

workgroup = WORKGROUP　　＜－－－－－－－－工作组名

netbios name = redhat　　　　＜－－－－－－－－netbios主机名

server string = samba server    <——————服务器注释说明

security = share/user/server　　＜－－－－－三种安全级别，默认为user

;password server = <server>     <—去掉；号后，指定的数据库server的路径

logfile = /var/log/samba/log.%m　<———日志存放的目录及日志名，日志名是一个变量表示的．

encrypt passwords = yes           <———-加密密码

smb passwd file = /etc/samba/smbpasswd　<——smb帐号文件的存放目录，此目录路径要为绝对路径

include = /etc/samba/smb.conf.%m　　

interfaces = 192.168.0.0/24       <————–开启的端口

;name resolve order = wins lmhosts bcast　<–主机名的解析顺序：先是wins服务器，再是lmhost文件，最后广播

;wins support = yes  <————-本地做不做wins服务器，与下面的wins server 不能同时使用．

;wins server = w.x.y.z   <———-与上面的wins support 不能同时使用

配置文件中，以#开头的为注释，去除#后为无意义的字段行，而以;开头的虽然也是注释，但是去除;后是有意义的命令行或字段．

Samba的安全级别：

[global]

secutiry = < level >

level 包括三种安全级：

1、share          windows用户不需要认证，就能直接访问共享的目录列表

2、user          客户端必须输入合法的用户才能访问共享目录列表，服务器上需要建立用户帐号和设定密码

3、server       客户端必须输入合法的用户才能访问共享目录列表，但客户端需要连到其他的服务器上进行相应的认证

访问控制

一、全局访问控制  （允许优先）

[global]

host deny = ALL

host allow = 192.168.0.

二、局部访问控制  （允许优先）

[docs]

host deny =192.168.0.    （拒绝192.168.0.这个网段的所有主机）

host allow = 192.168.0.153 （只对192.168.0.153主机开放访问权限）

[redhat]

host allow = 192.168.0.        （允许192.168.0.网段的所有主机）

host deny = 192.168.0.153    （只对192.168.0.153主机开放访问权限，将会失去限制的意义,允许优先）

所以设定访问权限的时候，要注意此项（host allow =192.168.0. EXCEPT 192.168.0.153）

如下的配置文件：

#============= Global Settings ==================
[global]

# workgroup = NT-Domain-Name or Workgroup-Name
   workgroup = WORKGROUP

# server string is the equivalent of the NT Description field
   server string = linux

# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
;   hosts allow = 192.168.1. 192.168.2. 127.

# this tells Samba to use a separate log file for each machine
# that connects
  log file = /var/log/samba/%m.log

# Put a capping on the size of the log files (in Kb).
   max log size = 0
# Security mode. Most people will want user level security. See
# security_level.txt for details.
   security = user

# Use password server option only with security = server
# The argument list may include:
#   password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
# or to auto-locate the domain controller/s
#   password server = *
;   password server = <NT-Server-Name>

# Password Level allows matching of _n_ characters of the password for
# all combinations of upper and lower case.
;  password level = 8
;  username level = 8

# You may wish to use password encryption. Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
# Do not enable this option unless you have read those documents
   encrypt passwords = yes
   smb passwd file = /etc/samba/smbpasswd

# The following is needed to keep smbclient from spouting spurious errors
# when Samba is built with support for SSL.
;   ssl CA certFile = /usr/share/ssl/certs/ca-bundle.crt

# The following are needed to allow password changing from Windows to
# update the Linux system password also.
# NOTE: Use these with ‘encrypt passwords’ and ‘smb passwd file’ above.
# NOTE2: You do NOT need these to allow workstations to change only
#        the encrypted SMB passwords. They allow the Unix password
#        to be kept in sync with the SMB password.
   unix password sync = Yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*

# You can use PAM’s password change control flag for Samba. If
# enabled, then PAM will be used for password changes when requested
# by an SMB client instead of the program listed in passwd program.
# It should be possible to enable this without changing your passwd
# chat parameter for most setups.

pam password change = yes

# Unix users can map to different SMB User names
  username map = /etc/samba/smbusers

# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
# of the machine that is connecting
;   include = /etc/samba/smb.conf.%m

# This parameter will control whether or not Samba should obey PAM’s
# account and session management directives. The default behavior is
# to use PAM for clear text authentication only and to ignore any
# account or session management. Note that Samba always ignores PAM
# for authentication in the case of encrypt passwords = yes

obey pam restrictions = yes

# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

# Configure Samba to use multiple interfaces
# If you have multiple network interfaces then you must list them
# here. See the man page for details.
;   interfaces = 192.168.12.2/24 192.168.13.2/24

# Configure remote browse list synchronisation here
#  request announcement to, or browse list sync from:
#       a specific host or from / to a whole subnet (see below)
;   remote browse sync = 192.168.3.25 192.168.5.255
# Cause this host to announce itself to local subnets here
;   remote announce = 192.168.1.255 192.168.2.44

# Browser Control Options:
# set local master to no if you don’t want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
;   local master = no

# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
;   os level = 33

# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don’t use this
# if you already have a Windows NT domain controller doing this job
;   domain master = yes

# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
;   preferred master = yes

# Enable this if you want Samba to be a domain logon server for
# Windows95 workstations.
;   domain logons = yes

# if you enable domain logons then you may want a per-machine or
# per user logon script
# per user logon script
# run a specific logon batch file per workstation (machine)
;   logon script = %m.bat
# run a specific logon batch file per username
;   logon script = %U.bat

# Where to store roving profiles (only for Win95 and WinNT)
#        %L substitutes for this servers netbios name, %U is username
#        You must uncomment the [Profiles] share below
;   logon path = \\%L\Profiles\%U

# Windows Internet Name Serving Support Section:
# WINS Support – Tells the NMBD component of Samba to enable it’s WINS Server
;   wins support = yes

# WINS Server – Tells the NMBD components of Samba to be a WINS Client
#       Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
;   wins server = w.x.y.z

# WINS Proxy – Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one  WINS Server on the network. The default is NO.
;   wins proxy = yes

# DNS Proxy – tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The built-in default for versions 1.9.17 is yes,
# this has been changed in version 1.9.18 to no.
   dns proxy = no

# Case Preservation can be handy – system default is _no_
# NOTE: These can be set on a per share basis
;  preserve case = no
;  short preserve case = no
# Default case is normally upper case for all DOS files
;  default case = lower
# Be very careful with case sensitivity – it can break things!
;  case sensitive = no

#============== Share Definitions ================
[homes]
comment = Home Directories
   browseable = no
   writable = yes
   valid users = %S
   create mode = 0664
   directory mode = 0775
# If you want users samba doesn’t recognize to be mapped to a guest user
; map to guest = bad user

# Un-comment the following and create the netlogon directory for Domain Logons
# Un-comment the following and create the netlogon directory for Domain Logons
; [netlogon]
;   comment = Network Logon Service
;   path = /usr/local/samba/lib/netlogon
;   guest ok = yes
;   writable = no
;   share modes = no

# Un-comment the following to provide a specific roving profile share
# the default is to use the user’s home directory
;[Profiles]
;    path = /usr/local/samba/profiles
;    browseable = no
;    guest ok = yes

# NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer
[printers]
   comment = All Printers
   path = /var/spool/samba
   browseable = no
# Set public = yes to allow user ‘guest account’ to print
guest ok = no
   writable = no
   printable = yes

# Other examples.
#
# A private printer, usable only by fred. Spool data will be placed in fred’s
# home directory. Note that fred must have write access to the spool directory,
# wherever it is.
;[fredsprn]
;[fredsprn]
;   comment = Fred’s Printer
;   valid users = fred
;   path = /home/fred
;   printer = freds_printer
;   public = no
;   writable = no
;   printable = yes

# The following two entries demonstrate how to share a directory so that two
# users can place files there that will be owned by the specific users. In this
# setup, the directory should be writable by both users and should have the
# sticky bit set on it to prevent abuse. Obviously this could be extended to
# as many users as required.
;[myshare]
;   comment = Mary’s and Fred’s stuff
;   path = /usr/somewhere/shared
;   valid users = mary fred
;   public = no
;   writable = yes
;   printable = no
;   create mask = 0765
[redhat]
path = /home/redhat
        comment = redhat’s files
        public = no
        valid users = redhat
        write list = redhat
        create mask = 0660
        directory mask = 0770

最后的这个redhat是自己加的目录，属于自定义的内容目录．