; EXAMPLE SMBD (SAMBA) configuration file.
; 
; Edit Date:  6/21/2006
; Last Edited By:   Red Byer
;
; ============================================================================
; For the format of this file and comprehensive descriptions of all the
; configuration option, please refer to the man page for smb.conf(5).
;
; Some things to check out:
;
; 1: Make sure that the user specified in "guest account" exists. Typically
;    this will be a user that cannot log in and has minimal privileges.
;    Often the "nobody" account doesn't work (very system dependant).
;
; 2: You should consider the "security =" option. See a full description
;    in the main documentation and the smb.conf(5) manual page
;
; 3: Look at the "hosts allow" option, unless you want everyone on the internet
;    to be able to access the shares you export here.
;
; 4: If you want to support printers, add/uncomment the relevant entries.
;=============================================================================
;
;  NOTE:  YOU CAN USE testparm TO CHECK THE smb.conf FILE
;
;  Some of the smb.conf changes from default listed below:
;
;  changed "guest account" to "unknown"
;  changed "passdb backend" and "auth methods" to include opendirectory
;  added "workgroup" line
;  added netbios name line
;  changed "dos charset" to 437 (works better than UTF_8)
;  commented out "ntlmv2",  is an auth method, and it seems to not work 
;  "vfs objects"  = darwin_acls  seems to control access better?
;  brlm appears to be useful.
;  edited "hosts allow" for local subnet
;  interfaces set to local address and RJ45 ethernet port (NOT airport)
;  socket address  same as interfaces
;  bind interfaces only set true
;  NOTE:  the interface HAS TO MATCH the airport IP address or it won't work
;    i'm using interface to keep the binding to inside
;  IMPORTANT:  you can't have "hosts allow" && "interfaces""
;              YOU MUST specify one or the other
;  limited max connections to 10
;  added hide dot files
;  added "veto files" and "delete veto files" 
;   IMPORTANT NOTE:  "veto files" will cause problems when
;  trying to drag sets of folders from Windoze to Mac when those
;  windoze directories contain .DS_Store.  Temporarily turn
;  off the "veto files" option during this transfer
;
;  "local master" = yes 
;  "preferred maser" = yes
;  "os level" = 35  (to be prime server)
;  "oplocks" = yes
;  "time server" = no (not really needed, windows won't use unless forced to)
;  "log level" = 2 is  a little more verbose
;  added "shared" section
;  printing = CUPS
;


[global]
guest account = unknown
encrypt passwords = yes
auth methods = guest opendirectory
passdb backend = opendirectorysam guest
printer admin = @admin, @staff
workgroup = MY_GROUP_NAME
netbios name = MAC_MINI_SERVER
server string = MAC_MINI
comment = Samba %v on %L
;users = @staff
;_______Charset OPTIONS (dos charset can be UTF_8, 437, CP0)
unix charset = UTF-8-MAC
display charset = UTF-8-MAC
dos charset = CP437
;_______File System Options
use spnego = yes
client ntlmv2 auth = no
defer sharing violations = no
vfs objects = darwin_acls
brlm = yes
;_____SETTING UP SOME SECURITY 
;hosts deny = 0.0.0.0/0   ;__NOT USED this time
hosts allow = localhost 127.0.0.1 192.168.1.
interfaces = localhost 127.0.0.1 192.168.1.1/255.255.255.0
bind interfaces only = yes
socket address = 192.168.123.1 127.0.0.1 localhost
max connections = 10
hide dot files = yes
veto files = /.DS_Store/
delete veto files = yes
wins support = yes
;__really for routing name info across subnets/VPNs
;domain logons = yes
domain master = yes
local master = yes
preferred master = yes
os level = 36
oplocks = yes
time server = yes
log level = 2
map to guest = Bad User
security = USER
;default service = MINI_SHARED_DOCS
; had to set oplocks to avoid seeing an oplock error
printing = cups


; This is where everything is...largely shared
[MINI_SHARED_DOCS]
comment = SHARED_DOCS on MAC_MINI
path = /Users/SHARED_DOCS
writeable = yes
browsable = yes
inherit permissions = Yes
;also spelled browseable
;create mode = 755
;read only = no
;force user = guest

;   This is for STAFF users only.  No Consultants
[MAC_MINI_StaffOnly]
comment = MAC_MINI SMB on OS X
path = /Users/StaffDocs
writeable = yes
browsable = yes
admin users = MINIadmin
valid users = @staff
invalid users = @consultants
inherit permissions = Yes
hide unreadable = yes
;also spelled browseable
;create mode = 755
;read only = no
;force user = MINIadmin

;  Consultants get access here.  Put symlinks to staff sub-directories
;  if necessary
[MAC_MINI_ConsultantAccess]
comment = MAC_MINI SMB on OS X
path = /Users/Consultants
writeable = yes
browsable = yes
valid users = @consultants, @staff
inherit permissions = Yes
force group = staff
;also spelled browseable
;create mode = 775
;read only = no
;force user = guest


; This is for the special few...like business docs, HR docs, etc.
[MAC_MINI_Private]
comment = MAC_MINI SMB on OS X
path = /Users/Private
writeable = yes
browsable = no
valid users = MINIadmin, PowerUser, SpecialUser
inherit permissions = Yes
;also spelled browseable
;create mode = 775
;read only = no
;force user = PowerUser


;[homes]
;comment = User Home Directories
;browseable = no
;read only = no

;[netlogon]
;path = /usr/local/samba/lib/netlogon
;writable = no
;browsable = no
;required if Samba is a DOMAIN CONTROLLER
;be sure to check the path and its existance

;[public]
;path = /tmp
;public = yes
;only guest = yes
;writable = yes
;printable = no

[printers]
path = /tmp
printable = yes
guest ok = yes
use client driver = yes