$ sudo salt-call state.highstate -l debug --local [DEBUG ] Reading configuration from /etc/salt/minion [DEBUG ] Using cached minion ID from /etc/salt/minion_id: danube [DEBUG ] Configuration file path: /etc/salt/minion [WARNING ] Insecure logging configuration detected! Sensitive data may be logged. [DEBUG ] Reading configuration from /etc/salt/minion [DEBUG ] Please install 'virt-what' to improve results of the 'virtual' grain. [DEBUG ] Determining pillar cache [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [DEBUG ] compile template: /srv/pillar/top.sls [DEBUG ] Jinja search path: ['/srv/pillar', '/srv/spm/pillar'] [PROFILE ] Time (in seconds) to render '/srv/pillar/top.sls' using 'jinja' renderer: 0.00458812713623 [DEBUG ] Rendered data from file: /srv/pillar/top.sls: ### List of formulas supported in the profile ### Can be extended and modified as required. ### Formula names must be spelled correctly. base: '*': - user - samba [DEBUG ] LazyLoaded config.get [DEBUG ] Results of YAML rendering: OrderedDict([('base', OrderedDict([('*', ['user', 'samba'])]))]) [PROFILE ] Time (in seconds) to render '/srv/pillar/top.sls' using 'yaml' renderer: 0.00880098342896 [DEBUG ] compound_match: danube ? * [DEBUG ] compound_match danube ? "*" => "True" [DEBUG ] compile template: /srv/pillar/user.sls [DEBUG ] Jinja search path: ['/srv/pillar', '/srv/spm/pillar'] [PROFILE ] Time (in seconds) to render '/srv/pillar/user.sls' using 'jinja' renderer: 0.00126791000366 [DEBUG ] Rendered data from file: /srv/pillar/user.sls: default_user: messi [DEBUG ] Results of YAML rendering: OrderedDict([('default_user', 'messi')]) [PROFILE ] Time (in seconds) to render '/srv/pillar/user.sls' using 'yaml' renderer: 0.000921964645386 [DEBUG ] compile template: /srv/pillar/samba.sls [DEBUG ] Template is an empty file: /srv/pillar/samba.sls [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [DEBUG ] LazyLoaded state.highstate [DEBUG ] LazyLoaded grains.get [DEBUG ] LazyLoaded saltutil.is_running [DEBUG ] LazyLoaded roots.envs [DEBUG ] Could not LazyLoad roots.init: 'roots.init' is not available. [DEBUG ] Updating roots fileserver cache [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [DEBUG ] In saltenv 'base', looking at rel_path 'top.sls' to resolve 'salt://top.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/top.sls' to resolve 'salt://top.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://top.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'top.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/top.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/top.sls' using 'jinja' renderer: 0.0037841796875 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/top.sls: ### List of states applied by profile base: '*': - samba.client - samba.config [DEBUG ] LazyLoaded config.get [DEBUG ] Results of YAML rendering: OrderedDict([('base', OrderedDict([('*', ['samba.client', 'samba.config'])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/top.sls' using 'yaml' renderer: 0.00252199172974 [DEBUG ] compound_match: danube ? * [DEBUG ] compound_match danube ? "*" => "True" [DEBUG ] LazyLoaded saltutil.sync_all [DEBUG ] Syncing all [INFO ] Creating module dir '/var/cache/salt/minion/extmods/clouds' [DEBUG ] LazyLoaded roots.envs [DEBUG ] Could not LazyLoad roots.init: 'roots.init' is not available. [INFO ] Syncing clouds for environment 'base' [INFO ] Loading cache from salt://_clouds, for base) [INFO ] Caching directory '_clouds/' for environment 'base' [DEBUG ] Local cache dir: '/var/cache/salt/minion/files/base/_clouds' [INFO ] Creating module dir '/var/cache/salt/minion/extmods/beacons' [DEBUG ] LazyLoaded roots.envs [DEBUG ] Could not LazyLoad roots.init: 'roots.init' is not available. [INFO ] Syncing beacons for environment 'base' [INFO ] Loading cache from salt://_beacons, for base) [INFO ] Caching directory '_beacons/' for environment 'base' [DEBUG ] Local cache dir: '/var/cache/salt/minion/files/base/_beacons' [INFO ] Creating module dir '/var/cache/salt/minion/extmods/modules' [DEBUG ] LazyLoaded roots.envs [DEBUG ] Could not LazyLoad roots.init: 'roots.init' is not available. [INFO ] Syncing modules for environment 'base' [INFO ] Loading cache from salt://_modules, for base) [INFO ] Caching directory '_modules/' for environment 'base' [DEBUG ] Local cache dir: '/var/cache/salt/minion/files/base/_modules' [INFO ] Creating module dir '/var/cache/salt/minion/extmods/states' [DEBUG ] LazyLoaded roots.envs [DEBUG ] Could not LazyLoad roots.init: 'roots.init' is not available. [INFO ] Syncing states for environment 'base' [INFO ] Loading cache from salt://_states, for base) [INFO ] Caching directory '_states/' for environment 'base' [DEBUG ] Local cache dir: '/var/cache/salt/minion/files/base/_states' [INFO ] Creating module dir '/var/cache/salt/minion/extmods/sdb' [DEBUG ] LazyLoaded roots.envs [DEBUG ] Could not LazyLoad roots.init: 'roots.init' is not available. [INFO ] Syncing sdb for environment 'base' [INFO ] Loading cache from salt://_sdb, for base) [INFO ] Caching directory '_sdb/' for environment 'base' [DEBUG ] Local cache dir: '/var/cache/salt/minion/files/base/_sdb' [INFO ] Creating module dir '/var/cache/salt/minion/extmods/grains' [DEBUG ] LazyLoaded roots.envs [DEBUG ] Could not LazyLoad roots.init: 'roots.init' is not available. [INFO ] Syncing grains for environment 'base' [INFO ] Loading cache from salt://_grains, for base) [INFO ] Caching directory '_grains/' for environment 'base' [DEBUG ] Local cache dir: '/var/cache/salt/minion/files/base/_grains' [INFO ] Creating module dir '/var/cache/salt/minion/extmods/renderers' [DEBUG ] LazyLoaded roots.envs [DEBUG ] Could not LazyLoad roots.init: 'roots.init' is not available. [INFO ] Syncing renderers for environment 'base' [INFO ] Loading cache from salt://_renderers, for base) [INFO ] Caching directory '_renderers/' for environment 'base' [DEBUG ] Local cache dir: '/var/cache/salt/minion/files/base/_renderers' [INFO ] Creating module dir '/var/cache/salt/minion/extmods/returners' [DEBUG ] LazyLoaded roots.envs [DEBUG ] Could not LazyLoad roots.init: 'roots.init' is not available. [INFO ] Syncing returners for environment 'base' [INFO ] Loading cache from salt://_returners, for base) [INFO ] Caching directory '_returners/' for environment 'base' [DEBUG ] Local cache dir: '/var/cache/salt/minion/files/base/_returners' [INFO ] Creating module dir '/var/cache/salt/minion/extmods/output' [DEBUG ] LazyLoaded roots.envs [DEBUG ] Could not LazyLoad roots.init: 'roots.init' is not available. [INFO ] Syncing output for environment 'base' [INFO ] Loading cache from salt://_output, for base) [INFO ] Caching directory '_output/' for environment 'base' [DEBUG ] Local cache dir: '/var/cache/salt/minion/files/base/_output' [INFO ] Creating module dir '/var/cache/salt/minion/extmods/utils' [DEBUG ] LazyLoaded roots.envs [DEBUG ] Could not LazyLoad roots.init: 'roots.init' is not available. [INFO ] Syncing utils for environment 'base' [INFO ] Loading cache from salt://_utils, for base) [INFO ] Caching directory '_utils/' for environment 'base' [DEBUG ] Local cache dir: '/var/cache/salt/minion/files/base/_utils' [INFO ] Creating module dir '/var/cache/salt/minion/extmods/log_handlers' [DEBUG ] LazyLoaded roots.envs [DEBUG ] Could not LazyLoad roots.init: 'roots.init' is not available. [INFO ] Syncing log_handlers for environment 'base' [INFO ] Loading cache from salt://_log_handlers, for base) [INFO ] Caching directory '_log_handlers/' for environment 'base' [DEBUG ] Local cache dir: '/var/cache/salt/minion/files/base/_log_handlers' [INFO ] Creating module dir '/var/cache/salt/minion/extmods/proxy' [DEBUG ] LazyLoaded roots.envs [DEBUG ] Could not LazyLoad roots.init: 'roots.init' is not available. [INFO ] Syncing proxy for environment 'base' [INFO ] Loading cache from salt://_proxy, for base) [INFO ] Caching directory '_proxy/' for environment 'base' [DEBUG ] Local cache dir: '/var/cache/salt/minion/files/base/_proxy' [INFO ] Creating module dir '/var/cache/salt/minion/extmods/engines' [DEBUG ] LazyLoaded roots.envs [DEBUG ] Could not LazyLoad roots.init: 'roots.init' is not available. [INFO ] Syncing engines for environment 'base' [INFO ] Loading cache from salt://_engines, for base) [INFO ] Caching directory '_engines/' for environment 'base' [DEBUG ] Local cache dir: '/var/cache/salt/minion/files/base/_engines' [INFO ] Creating module dir '/var/cache/salt/minion/extmods/pillar' [DEBUG ] LazyLoaded roots.envs [DEBUG ] Could not LazyLoad roots.init: 'roots.init' is not available. [INFO ] Syncing pillar for environment 'base' [INFO ] Loading cache from salt://_pillar, for base) [INFO ] Caching directory '_pillar/' for environment 'base' [DEBUG ] Local cache dir: '/var/cache/salt/minion/files/base/_pillar' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [DEBUG ] In saltenv 'base', looking at rel_path 'samba/client.sls' to resolve 'salt://samba/client.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/samba/client.sls' to resolve 'salt://samba/client.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://samba/client.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'samba/client.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/samba/client.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [DEBUG ] LazyLoaded roots.envs [DEBUG ] Could not LazyLoad roots.init: 'roots.init' is not available. [DEBUG ] In saltenv 'base', looking at rel_path 'samba/map.jinja' to resolve 'salt://samba/map.jinja' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/samba/map.jinja' to resolve 'salt://samba/map.jinja' [DEBUG ] LazyLoaded grains.filter_by [DEBUG ] LazyLoaded pillar.get [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/samba/client.sls' using 'jinja' renderer: 0.0354778766632 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/samba/client.sls: samba_client: pkg.installed: - name: samba-client [DEBUG ] LazyLoaded config.get [DEBUG ] Results of YAML rendering: OrderedDict([('samba_client', OrderedDict([('pkg.installed', [OrderedDict([('name', 'samba-client')])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/samba/client.sls' using 'yaml' renderer: 0.00235104560852 [DEBUG ] In saltenv 'base', looking at rel_path 'samba/config.sls' to resolve 'salt://samba/config.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/samba/config.sls' to resolve 'salt://samba/config.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://samba/config.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'samba/config.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/samba/config.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [DEBUG ] LazyLoaded roots.envs [DEBUG ] Could not LazyLoad roots.init: 'roots.init' is not available. [DEBUG ] In saltenv 'base', looking at rel_path 'samba/map.jinja' to resolve 'salt://samba/map.jinja' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/samba/map.jinja' to resolve 'salt://samba/map.jinja' [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/samba/config.sls' using 'jinja' renderer: 0.0318541526794 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/samba/config.sls: include: - samba samba_config: file.managed: - name: /etc/samba/smb.conf - source: salt://samba/files/smb.conf - template: jinja - watch_in: - service: samba [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['samba']), ('samba_config', OrderedDict([('file.managed', [OrderedDict([('name', '/etc/samba/smb.conf')]), OrderedDict([('source', 'salt://samba/files/smb.conf')]), OrderedDict([('template', 'jinja')]), OrderedDict([('watch_in', [OrderedDict([('service', 'samba')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/samba/config.sls' using 'yaml' renderer: 0.00643491744995 [DEBUG ] Could not find file 'salt://samba.sls' in saltenv 'base' [DEBUG ] In saltenv 'base', looking at rel_path 'samba/init.sls' to resolve 'salt://samba/init.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/samba/init.sls' to resolve 'salt://samba/init.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/samba/init.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [DEBUG ] LazyLoaded roots.envs [DEBUG ] Could not LazyLoad roots.init: 'roots.init' is not available. [DEBUG ] In saltenv 'base', looking at rel_path 'samba/map.jinja' to resolve 'salt://samba/map.jinja' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/samba/map.jinja' to resolve 'salt://samba/map.jinja' [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/samba/init.sls' using 'jinja' renderer: 0.0317471027374 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/samba/init.sls: samba: pkg.installed: - name: samba service.running: - name: smbd - enable: True - require: - pkg: samba [DEBUG ] Results of YAML rendering: OrderedDict([('samba', OrderedDict([('pkg.installed', [OrderedDict([('name', 'samba')])]), ('service.running', [OrderedDict([('name', 'smbd')]), OrderedDict([('enable', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'samba')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/samba/init.sls' using 'yaml' renderer: 0.00328588485718 [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.ex_mod_init: 'pkg.ex_mod_init' is not available. [INFO ] Running state [samba-client] at time 12:57:13.783389 [INFO ] Executing state pkg.installed for [samba-client] [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}', '-W'] in directory '/home/messi' [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['apt-get', '-q', 'update'] in directory '/home/messi' [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/messi' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'samba-client'] in directory '/home/messi' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}', '-W'] in directory '/home/messi' [INFO ] Made the following changes: 'smbclient' changed from 'absent' to '2:4.5.8+dfsg-0ubuntu0.17.04.7' 'samba-client' changed from 'absent' to '1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [samba-client] at time 12:57:28.812505 duration_in_ms=15029.117 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [samba] at time 12:57:28.819775 [INFO ] Executing state pkg.installed for [samba] [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Package samba is already installed [INFO ] Completed state [samba] at time 12:57:29.507793 duration_in_ms=688.016 [DEBUG ] LazyLoaded service.running [DEBUG ] LazyLoaded file.managed [INFO ] Running state [/etc/samba/smb.conf] at time 12:57:29.511413 [INFO ] Executing state file.managed for [/etc/samba/smb.conf] [DEBUG ] LazyLoaded roots.envs [DEBUG ] Could not LazyLoad roots.init: 'roots.init' is not available. [DEBUG ] In saltenv 'base', looking at rel_path 'samba/files/smb.conf' to resolve 'salt://samba/files/smb.conf' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/samba/files/smb.conf' to resolve 'salt://samba/files/smb.conf' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://samba/files/smb.conf' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'samba/files/smb.conf' [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [INFO ] File changed: --- +++ @@ -1,260 +1,290 @@ # -# Sample configuration file for the Samba suite for Debian GNU/Linux. -# -# +# This file is managed by salt. Manual changes risk being overwritten. +# If so configured, the contents of the original skeleton smb.conf are stored +# at the bottom as a quick reference to the default option values. +# + # This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed -# here. Samba has a huge number of configurable options most of which -# are not shown in this example -# -# Some options that are often worth tuning have been included as -# commented-out examples in this file. -# - When such options are commented with ";", the proposed setting -# differs from the default Samba behaviour -# - When commented with "#", the proposed setting is the default -# behaviour of Samba but the option is considered important -# enough to be mentioned here -# -# NOTE: Whenever you modify this file you should run the command -# "testparm" to check that you have not made any basic syntactic -# errors. - -#======================= Global Settings ======================= - -[global] - -## Browsing/Identification ### - -# Change this to the workgroup/NT-domain name your Samba server will part of - workgroup = WORKGROUP +# here. Samba has a huge number of configurable options (perhaps too +# many!) most of which are not shown in this example +# +# Any line which starts with a ; (semi-colon) or a # (hash) +# is a comment and is ignored. In this example we will use a # +# for commentry and a ; for parts of the config file that you +# may wish to enable +# +# NOTE: Whenever you modify this file you should run the command "testparm" +# to check that you have not made any basic syntactic errors. +# +#======================= Global Settings ===================================== +;[global] + +# workgroup = NT-Domain-Name or Workgroup-Name +; workgroup = MYGROUP # server string is the equivalent of the NT Description field - server string = %h server (Samba, Ubuntu) - -# Windows Internet Name Serving Support Section: -# WINS Support - Tells the NMBD component of Samba to enable its WINS Server -# wins support = no - -# WINS Server - Tells the NMBD components of Samba to be a WINS Client -# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both -; wins server = w.x.y.z - -# This will prevent nmbd to search for NetBIOS names through DNS. - dns proxy = no - -#### Networking #### - -# The specific set of interfaces / networks to bind to -# This can be either the interface name or an IP address/netmask; -# interface names are normally preferred -; interfaces = 127.0.0.0/8 eth0 - -# Only bind to the named interfaces and/or networks; you must use the -# 'interfaces' option above to use this. -# It is recommended that you enable this feature if your Samba machine is -# not protected by a firewall or is a firewall itself. However, this -# option cannot handle dynamic or non-broadcast interfaces correctly. -; bind interfaces only = yes - - - -#### Debugging/Accounting #### - -# This tells Samba to use a separate log file for each machine +; server string = Samba Server + +# This option is important for security. It allows you to restrict +# connections to machines which are on your local network. The +# following example restricts access to two C class networks and +# the "loopback" interface. For more examples of the syntax see +# the smb.conf man page +; hosts allow = 192.168.1. 192.168.2. 127. + +# if you want to automatically load your printer list rather +# than setting them up individually then you'll need this +; printcap name = /etc/printcap +; load printers = yes + +# It should not be necessary to spell out the print system type unless +# yours is non-standard. Currently supported print systems include: +# bsd, sysv, plp, lprng, aix, hpux, qnx +; printing = bsd + +# Uncomment this if you want a guest account, you must add this to /etc/passwd +# otherwise the user "nobody" is used +; guest account = pcguest + +# this tells Samba to use a separate log file for each machine # that connects - log file = /var/log/samba/log.%m - -# Cap the size of the individual log files (in KiB). - max log size = 1000 - -# If you want Samba to only log through syslog then set the following -# parameter to 'yes'. -# syslog only = no - -# We want Samba to log a minimum amount of information to syslog. Everything -# should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log -# through syslog you should set the following parameter to something higher. - syslog = 0 - -# Do something sensible when Samba crashes: mail the admin a backtrace - panic action = /usr/share/samba/panic-action %d - - -####### Authentication ####### - -# Server role. Defines in which mode Samba will operate. Possible -# values are "standalone server", "member server", "classic primary -# domain controller", "classic backup domain controller", "active -# directory domain controller". -# -# Most people will want "standalone sever" or "member server". -# Running as "active directory domain controller" will require first -# running "samba-tool domain provision" to wipe databases and create a -# new domain. - server role = standalone server - -# If you are using encrypted passwords, Samba will need to know what -# password database type you are using. - passdb backend = tdbsam - - obey pam restrictions = yes - -# This boolean parameter controls whether Samba attempts to sync the Unix -# password with the SMB password when the encrypted SMB password in the -# passdb is changed. - unix password sync = yes - -# For Unix password sync to work on a Debian GNU/Linux system, the following -# parameters must be set (thanks to Ian Kahan < for -# sending the correct chat script for the passwd program in Debian Sarge). - passwd program = /usr/bin/passwd %u - passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . - -# This boolean controls whether PAM will be used for password changes -# when requested by an SMB client instead of the program listed in -# 'passwd program'. The default is 'no'. - pam password change = yes - -# This option controls how unsuccessful authentication attempts are mapped -# to anonymous connections - map to guest = bad user - -########## Domains ########### - -# -# The following settings only takes effect if 'server role = primary -# classic domain controller', 'server role = backup domain controller' -# or 'domain logons' is set -# - -# It specifies the location of the user's -# profile directory from the client point of view) The following -# required a [profiles] share to be setup on the samba server (see -# below) -; logon path = \\%N\profiles\%U -# Another common choice is storing the profile in the user's home directory -# (this is Samba's default) -# logon path = \\%N\%U\profile - -# The following setting only takes effect if 'domain logons' is set -# It specifies the location of a user's home directory (from the client -# point of view) -; logon drive = H: -# logon home = \\%N\%U - -# The following setting only takes effect if 'domain logons' is set -# It specifies the script to run during logon. The script must be stored -# in the [netlogon] share -# NOTE: Must be store in 'DOS' file format convention -; logon script = logon.cmd - -# This allows Unix users to be created on the domain controller via the SAMR -# RPC pipe. The example command creates a user account with a disabled Unix -# password; please adapt to your needs -; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u - -# This allows machine accounts to be created on the domain controller via the -# SAMR RPC pipe. -# The following assumes a "machines" group exists on the system -; add machine script = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u - -# This allows Unix groups to be created on the domain controller via the SAMR -# RPC pipe. -; add group script = /usr/sbin/addgroup --force-badname %g - -############ Misc ############ +; log file = /var/log/samba/%m.log + +# Put a capping on the size of the log files (in Kb). +; max log size = 50 + +# Security mode. Most people will want user level security. See +# security_level.txt for details. +; security = user +# Use password server option only with security = server +; password server = + +# Password Level allows matching of _n_ characters of the password for +# all combinations of upper and lower case. +; password level = 8 +; username level = 8 + +# You may wish to use password encryption. Please read +# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. +# Do not enable this option unless you have read those documents +; encrypt passwords = yes +; smb passwd file = /etc/samba/smbpasswd + +# The following are needed to allow password changing from Windows to +# update the Linux sytsem password also. +# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above. +# NOTE2: You do NOT need these to allow workstations to change only +# the encrypted SMB passwords. They allow the Unix password +# to be kept in sync with the SMB password. +; unix password sync = Yes +; passwd program = /usr/bin/passwd %u +; passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* + +# Unix users can map to different SMB User names +; username map = /etc/samba/smbusers # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting -; include = /home/samba/etc/smb.conf.%m - -# Some defaults for winbind (make sure you're not using the ranges -# for something else.) -; idmap uid = 10000-20000 -; idmap gid = 10000-20000 -; template shell = /bin/bash - -# Setup usershare options to enable non-root users to share folders -# with the net usershare command. - -# Maximum number of usershare. 0 (default) means that usershare is disabled. -; usershare max shares = 100 - -# Allow users who've been granted usershare privileges to create -# public shares, not just authenticated ones - usershare allow guests = yes - -#======================= Share Definitions ======================= - -# Un-comment the following (and tweak the other settings below to suit) -# to enable the default home directory shares. This will share each -# user's home directory as \\server\username +; include = /etc/samba/smb.conf.%m + +# Configure Samba to use multiple interfaces +# If you have multiple network interfaces then you must list them +# here. See the man page for details. +; interfaces = 192.168.12.2/24 192.168.13.2/24 + +# Configure remote browse list synchronisation here +# request announcement to, or browse list sync from: +# a specific host or from / to a whole subnet (see below) +; remote browse sync = 192.168.3.25 192.168.5.255 +# Cause this host to announce itself to local subnets here +; remote announce = 192.168.1.255 192.168.2.44 + +# Browser Control Options: +# set local master to no if you don't want Samba to become a master +# browser on your network. Otherwise the normal election rules apply +; local master = no + +# OS Level determines the precedence of this server in master browser +# elections. The default value should be reasonable +; os level = 33 + +# Domain Master specifies Samba to be the Domain Master Browser. This +# allows Samba to collate browse lists between subnets. Don't use this +# if you already have a Windows NT domain controller doing this job +; domain master = yes + +# Preferred Master causes Samba to force a local browser election on startup +# and gives it a slightly higher chance of winning the election +; preferred master = yes + +# Use only if you have an NT server on your network that has been +# configured at install time to be a primary domain controller. +; domain controller = + +# Enable this if you want Samba to be a domain logon server for +# Windows95 workstations. +; domain logons = yes + +# if you enable domain logons then you may want a per-machine or +# per user logon script +# run a specific logon batch file per workstation (machine) +; logon script = %m.bat +# run a specific logon batch file per username +; logon script = %U.bat + +# Where to store roving profiles (only for Win95 and WinNT) +# %L substitutes for this servers netbios name, %U is username +# You must uncomment the [Profiles] share below +; logon path = \\%L\Profiles\%U + +# All NetBIOS names must be resolved to IP Addresses +# 'Name Resolve Order' allows the named resolution mechanism to be specified +# the default order is "host lmhosts wins bcast". "host" means use the unix +# system gethostbyname() function call that will use either /etc/hosts OR +# DNS or NIS depending on the settings of /etc/host.config, /etc/nsswitch.conf +# and the /etc/resolv.conf file. "host" therefore is system configuration +# dependant. This parameter is most often of use to prevent DNS lookups +# in order to resolve NetBIOS names to IP Addresses. Use with care! +# The example below excludes use of name resolution for machines that are NOT +# on the local network segment +# - OR - are not deliberately to be known via lmhosts or via WINS. +; name resolve order = wins lmhosts bcast + +# Windows Internet Name Serving Support Section: +# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server +; wins support = yes + +# WINS Server - Tells the NMBD components of Samba to be a WINS Client +# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both +; wins server = w.x.y.z + +# WINS Proxy - Tells Samba to answer name resolution queries on +# behalf of a non WINS capable client, for this to work there must be +# at least one WINS Server on the network. The default is NO. +; wins proxy = yes + +# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names +# via DNS nslookups. The built-in default for versions 1.9.17 is yes, +# this has been changed in version 1.9.18 to no. +; dns proxy = no + +# Case Preservation can be handy - system default is _no_ +# NOTE: These can be set on a per share basis +; preserve case = no +; short preserve case = no +# Default case is normally upper case for all DOS files +; default case = lower +# Be very careful with case sensitivity - it can break things! +; case sensitive = no + +#============================ Share Definitions ============================== ;[homes] ; comment = Home Directories ; browseable = no - -# By default, the home directories are exported read-only. Change the -# next parameter to 'no' if you want to be able to write to them. +; writable = yes + +# Un-comment the following and create the netlogon directory for Domain Logons +; [netlogon] +; comment = Network Logon Service +; path = /home/netlogon +; guest ok = yes +; writable = no +; share modes = no + + +# Un-comment the following to provide a specific roving profile share +# the default is to use the user's home directory +;[Profiles] +; path = /home/profiles +; browseable = no +; guest ok = yes + + +# NOTE: If you have a BSD-style print system there is no need to +# specifically define each individual printer +;[printers] +; comment = All Printers +; path = /var/spool/samba +; browseable = no +# Set public = yes to allow user 'guest account' to print +; guest ok = no +; writable = no +; printable = yes + +# This one is useful for people to share files +;[tmp] +; comment = Temporary file space +; path = /tmp +; read only = no +; public = yes + +# A publicly accessible directory, but read only, except for people in +# the "staff" group +;[public] +; comment = Public Stuff +; path = /home/samba +; public = yes ; read only = yes - -# File creation mask is set to 0700 for security reasons. If you want to -# create files with group=rw permissions, set next parameter to 0775. -; create mask = 0700 - -# Directory creation mask is set to 0700 for security reasons. If you want to -# create dirs. with group=rw permissions, set next parameter to 0775. -; directory mask = 0700 - -# By default, \\server\username shares can be connected to by anyone -# with access to the samba server. -# Un-comment the following parameter to make sure that only "username" -# can connect to \\server\username -# This might need tweaking when using external authentication schemes -; valid users = %S - -# Un-comment the following and create the netlogon directory for Domain Logons -# (you need to configure Samba to act as a domain controller too.) -;[netlogon] -; comment = Network Logon Service -; path = /home/samba/netlogon -; guest ok = yes -; read only = yes - -# Un-comment the following and create the profiles directory to store -# users profiles (see the "logon path" option above) -# (you need to configure Samba to act as a domain controller too.) -# The path below should be writable by all users so that their -# profile directory may be created the first time they log on -;[profiles] -; comment = Users profiles -; path = /home/samba/profiles -; guest ok = no -; browseable = no -; create mask = 0600 -; directory mask = 0700 - -[printers] - comment = All Printers - browseable = no - path = /var/spool/samba - printable = yes - guest ok = no - read only = yes - create mask = 0700 - -# Windows clients look for this share name as a source of downloadable -# printer drivers -[print$] - comment = Printer Drivers - path = /var/lib/samba/printers - browseable = yes - read only = yes - guest ok = no -# Uncomment to allow remote administration of Windows print drivers. -# You may need to replace 'lpadmin' with the name of the group your -# admin users are members of. -# Please note that you also need to set appropriate Unix permissions -# to the drivers directory for these users to have write rights in it -; write list = root, @lpadmin - +; write list = @staff + +# Other examples. +# +# A private printer, usable only by fred. Spool data will be placed in fred's +# home directory. Note that fred must have write access to the spool directory, +# wherever it is. +;[fredsprn] +; comment = Fred's Printer +; valid users = fred +; path = /homes/fred +; printer = freds_printer +; public = no +; writable = no +; printable = yes + +# A private directory, usable only by fred. Note that fred requires write +# access to the directory. +;[fredsdir] +; comment = Fred's Service +; path = /usr/somewhere/private +; valid users = fred +; public = no +; writable = yes +; printable = no + +# a service which has a different directory for each machine that connects +# this allows you to tailor configurations to incoming machines. You could +# also use the %u option to tailor it by user name. +# The %m gets replaced with the machine name that is connecting. +;[pchome] +; comment = PC Directories +; path = /usr/pc/%m +; public = no +; writable = yes + +# A publicly accessible directory, read/write to all users. Note that all files +# created in the directory by users will be owned by the default user, so +# any user with access can delete any other user's files. Obviously this +# directory must be writable by the default user. Another user could of course +# be specified, in which case all files would be owned by that user instead. +;[public] +; path = /usr/somewhere/else/public +; public = yes +; only guest = yes +; writable = yes +; printable = no + +# The following two entries demonstrate how to share a directory so that two +# users can place files there that will be owned by the specific users. In this +# setup, the directory should be writable by both users and should have the +# sticky bit set on it to prevent abuse. Obviously this could be extended to +# as many users as required. +;[myshare] +; comment = Mary's and Fred's stuff +; path = /usr/somewhere/shared +; valid users = mary fred +; public = no +; writable = yes +; printable = no +; create mask = 0765 [INFO ] Completed state [/etc/samba/smb.conf] at time 12:57:29.568359 duration_in_ms=56.946 [INFO ] Running state [smbd] at time 12:57:29.568709 [INFO ] Executing state service.running for [smbd] [INFO ] Executing command ['systemctl', 'status', 'smbd.service', '-n', '0'] in directory '/home/messi' [DEBUG ] stdout: * smbd.service - Samba SMB Daemon Loaded: loaded (/lib/systemd/system/smbd.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2017-09-26 12:45:29 IST; 11min ago Docs: man:smbd(8) man:samba(7) man:smb.conf(5) Main PID: 19033 (smbd) Status: "smbd: ready to serve connections..." Tasks: 4 (limit: 9830) CGroup: /system.slice/smbd.service |-19033 /usr/sbin/smbd |-19034 /usr/sbin/smbd |-19035 /usr/sbin/smbd `-19037 /usr/sbin/smbd [INFO ] Executing command ['systemctl', 'is-active', 'smbd.service'] in directory '/home/messi' [DEBUG ] output: active [INFO ] Executing command ['systemctl', 'is-enabled', 'smbd.service'] in directory '/home/messi' [DEBUG ] output: enabled [INFO ] The service smbd is already running [INFO ] Completed state [smbd] at time 12:57:29.649478 duration_in_ms=80.769 [INFO ] Running state [smbd] at time 12:57:29.649691 [INFO ] Executing state service.mod_watch for [smbd] [INFO ] Executing command ['systemctl', 'is-active', 'smbd.service'] in directory '/home/messi' [DEBUG ] output: active [DEBUG ] LazyLoaded service.full_restart [INFO ] Executing command ['systemd-run', '--scope', 'systemctl', 'restart', 'smbd.service'] in directory '/home/messi' [DEBUG ] stderr: Running scope as unit: run-r927500ffc008467a8951a84e646751bf.scope [INFO ] {'smbd': True} [INFO ] Completed state [smbd] at time 12:57:29.816216 duration_in_ms=166.524 [DEBUG ] File /var/cache/salt/minion/accumulator/140064489843856 does not exist, no need to cleanup. [DEBUG ] LazyLoaded highstate.output [DEBUG ] LazyLoaded nested.output [DEBUG ] LazyLoaded nested.output [DEBUG ] LazyLoaded nested.output local: ---------- ID: samba_client Function: pkg.installed Name: samba-client Result: True Comment: The following packages were installed/updated: samba-client Started: 12:57:13.783388 Duration: 15029.117 ms Changes: ---------- samba-client: ---------- new: 1 old: smbclient: ---------- new: 2:4.5.8+dfsg-0ubuntu0.17.04.7 old: ---------- ID: samba Function: pkg.installed Result: True Comment: Package samba is already installed Started: 12:57:28.819777 Duration: 688.016 ms Changes: ---------- ID: samba_config Function: file.managed Name: /etc/samba/smb.conf Result: True Comment: File /etc/samba/smb.conf updated Started: 12:57:29.511413 Duration: 56.946 ms Changes: ---------- diff: --- +++ @@ -1,260 +1,290 @@ # -# Sample configuration file for the Samba suite for Debian GNU/Linux. -# -# +# This file is managed by salt. Manual changes risk being overwritten. +# If so configured, the contents of the original skeleton smb.conf are stored +# at the bottom as a quick reference to the default option values. +# + # This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed -# here. Samba has a huge number of configurable options most of which -# are not shown in this example -# -# Some options that are often worth tuning have been included as -# commented-out examples in this file. -# - When such options are commented with ";", the proposed setting -# differs from the default Samba behaviour -# - When commented with "#", the proposed setting is the default -# behaviour of Samba but the option is considered important -# enough to be mentioned here -# -# NOTE: Whenever you modify this file you should run the command -# "testparm" to check that you have not made any basic syntactic -# errors. - -#======================= Global Settings ======================= - -[global] - -## Browsing/Identification ### - -# Change this to the workgroup/NT-domain name your Samba server will part of - workgroup = WORKGROUP +# here. Samba has a huge number of configurable options (perhaps too +# many!) most of which are not shown in this example +# +# Any line which starts with a ; (semi-colon) or a # (hash) +# is a comment and is ignored. In this example we will use a # +# for commentry and a ; for parts of the config file that you +# may wish to enable +# +# NOTE: Whenever you modify this file you should run the command "testparm" +# to check that you have not made any basic syntactic errors. +# +#======================= Global Settings ===================================== +;[global] + +# workgroup = NT-Domain-Name or Workgroup-Name +; workgroup = MYGROUP # server string is the equivalent of the NT Description field - server string = %h server (Samba, Ubuntu) - -# Windows Internet Name Serving Support Section: -# WINS Support - Tells the NMBD component of Samba to enable its WINS Server -# wins support = no - -# WINS Server - Tells the NMBD components of Samba to be a WINS Client -# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both -; wins server = w.x.y.z - -# This will prevent nmbd to search for NetBIOS names through DNS. - dns proxy = no - -#### Networking #### - -# The specific set of interfaces / networks to bind to -# This can be either the interface name or an IP address/netmask; -# interface names are normally preferred -; interfaces = 127.0.0.0/8 eth0 - -# Only bind to the named interfaces and/or networks; you must use the -# 'interfaces' option above to use this. -# It is recommended that you enable this feature if your Samba machine is -# not protected by a firewall or is a firewall itself. However, this -# option cannot handle dynamic or non-broadcast interfaces correctly. -; bind interfaces only = yes - - - -#### Debugging/Accounting #### - -# This tells Samba to use a separate log file for each machine +; server string = Samba Server + +# This option is important for security. It allows you to restrict +# connections to machines which are on your local network. The +# following example restricts access to two C class networks and +# the "loopback" interface. For more examples of the syntax see +# the smb.conf man page +; hosts allow = 192.168.1. 192.168.2. 127. + +# if you want to automatically load your printer list rather +# than setting them up individually then you'll need this +; printcap name = /etc/printcap +; load printers = yes + +# It should not be necessary to spell out the print system type unless +# yours is non-standard. Currently supported print systems include: +# bsd, sysv, plp, lprng, aix, hpux, qnx +; printing = bsd + +# Uncomment this if you want a guest account, you must add this to /etc/passwd +# otherwise the user "nobody" is used +; guest account = pcguest + +# this tells Samba to use a separate log file for each machine # that connects - log file = /var/log/samba/log.%m - -# Cap the size of the individual log files (in KiB). - max log size = 1000 - -# If you want Samba to only log through syslog then set the following -# parameter to 'yes'. -# syslog only = no - -# We want Samba to log a minimum amount of information to syslog. Everything -# should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log -# through syslog you should set the following parameter to something higher. - syslog = 0 - -# Do something sensible when Samba crashes: mail the admin a backtrace - panic action = /usr/share/samba/panic-action %d - - -####### Authentication ####### - -# Server role. Defines in which mode Samba will operate. Possible -# values are "standalone server", "member server", "classic primary -# domain controller", "classic backup domain controller", "active -# directory domain controller". -# -# Most people will want "standalone sever" or "member server". -# Running as "active directory domain controller" will require first -# running "samba-tool domain provision" to wipe databases and create a -# new domain. - server role = standalone server - -# If you are using encrypted passwords, Samba will need to know what -# password database type you are using. - passdb backend = tdbsam - - obey pam restrictions = yes - -# This boolean parameter controls whether Samba attempts to sync the Unix -# password with the SMB password when the encrypted SMB password in the -# passdb is changed. - unix password sync = yes - -# For Unix password sync to work on a Debian GNU/Linux system, the following -# parameters must be set (thanks to Ian Kahan < for -# sending the correct chat script for the passwd program in Debian Sarge). - passwd program = /usr/bin/passwd %u - passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . - -# This boolean controls whether PAM will be used for password changes -# when requested by an SMB client instead of the program listed in -# 'passwd program'. The default is 'no'. - pam password change = yes - -# This option controls how unsuccessful authentication attempts are mapped -# to anonymous connections - map to guest = bad user - -########## Domains ########### - -# -# The following settings only takes effect if 'server role = primary -# classic domain controller', 'server role = backup domain controller' -# or 'domain logons' is set -# - -# It specifies the location of the user's -# profile directory from the client point of view) The following -# required a [profiles] share to be setup on the samba server (see -# below) -; logon path = \\%N\profiles\%U -# Another common choice is storing the profile in the user's home directory -# (this is Samba's default) -# logon path = \\%N\%U\profile - -# The following setting only takes effect if 'domain logons' is set -# It specifies the location of a user's home directory (from the client -# point of view) -; logon drive = H: -# logon home = \\%N\%U - -# The following setting only takes effect if 'domain logons' is set -# It specifies the script to run during logon. The script must be stored -# in the [netlogon] share -# NOTE: Must be store in 'DOS' file format convention -; logon script = logon.cmd - -# This allows Unix users to be created on the domain controller via the SAMR -# RPC pipe. The example command creates a user account with a disabled Unix -# password; please adapt to your needs -; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u - -# This allows machine accounts to be created on the domain controller via the -# SAMR RPC pipe. -# The following assumes a "machines" group exists on the system -; add machine script = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u - -# This allows Unix groups to be created on the domain controller via the SAMR -# RPC pipe. -; add group script = /usr/sbin/addgroup --force-badname %g - -############ Misc ############ +; log file = /var/log/samba/%m.log + +# Put a capping on the size of the log files (in Kb). +; max log size = 50 + +# Security mode. Most people will want user level security. See +# security_level.txt for details. +; security = user +# Use password server option only with security = server +; password server = + +# Password Level allows matching of _n_ characters of the password for +# all combinations of upper and lower case. +; password level = 8 +; username level = 8 + +# You may wish to use password encryption. Please read +# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. +# Do not enable this option unless you have read those documents +; encrypt passwords = yes +; smb passwd file = /etc/samba/smbpasswd + +# The following are needed to allow password changing from Windows to +# update the Linux sytsem password also. +# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above. +# NOTE2: You do NOT need these to allow workstations to change only +# the encrypted SMB passwords. They allow the Unix password +# to be kept in sync with the SMB password. +; unix password sync = Yes +; passwd program = /usr/bin/passwd %u +; passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* + +# Unix users can map to different SMB User names +; username map = /etc/samba/smbusers # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting -; include = /home/samba/etc/smb.conf.%m - -# Some defaults for winbind (make sure you're not using the ranges -# for something else.) -; idmap uid = 10000-20000 -; idmap gid = 10000-20000 -; template shell = /bin/bash - -# Setup usershare options to enable non-root users to share folders -# with the net usershare command. - -# Maximum number of usershare. 0 (default) means that usershare is disabled. -; usershare max shares = 100 - -# Allow users who've been granted usershare privileges to create -# public shares, not just authenticated ones - usershare allow guests = yes - -#======================= Share Definitions ======================= - -# Un-comment the following (and tweak the other settings below to suit) -# to enable the default home directory shares. This will share each -# user's home directory as \\server\username +; include = /etc/samba/smb.conf.%m + +# Configure Samba to use multiple interfaces +# If you have multiple network interfaces then you must list them +# here. See the man page for details. +; interfaces = 192.168.12.2/24 192.168.13.2/24 + +# Configure remote browse list synchronisation here +# request announcement to, or browse list sync from: +# a specific host or from / to a whole subnet (see below) +; remote browse sync = 192.168.3.25 192.168.5.255 +# Cause this host to announce itself to local subnets here +; remote announce = 192.168.1.255 192.168.2.44 + +# Browser Control Options: +# set local master to no if you don't want Samba to become a master +# browser on your network. Otherwise the normal election rules apply +; local master = no + +# OS Level determines the precedence of this server in master browser +# elections. The default value should be reasonable +; os level = 33 + +# Domain Master specifies Samba to be the Domain Master Browser. This +# allows Samba to collate browse lists between subnets. Don't use this +# if you already have a Windows NT domain controller doing this job +; domain master = yes + +# Preferred Master causes Samba to force a local browser election on startup +# and gives it a slightly higher chance of winning the election +; preferred master = yes + +# Use only if you have an NT server on your network that has been +# configured at install time to be a primary domain controller. +; domain controller = + +# Enable this if you want Samba to be a domain logon server for +# Windows95 workstations. +; domain logons = yes + +# if you enable domain logons then you may want a per-machine or +# per user logon script +# run a specific logon batch file per workstation (machine) +; logon script = %m.bat +# run a specific logon batch file per username +; logon script = %U.bat + +# Where to store roving profiles (only for Win95 and WinNT) +# %L substitutes for this servers netbios name, %U is username +# You must uncomment the [Profiles] share below +; logon path = \\%L\Profiles\%U + +# All NetBIOS names must be resolved to IP Addresses +# 'Name Resolve Order' allows the named resolution mechanism to be specified +# the default order is "host lmhosts wins bcast". "host" means use the unix +# system gethostbyname() function call that will use either /etc/hosts OR +# DNS or NIS depending on the settings of /etc/host.config, /etc/nsswitch.conf +# and the /etc/resolv.conf file. "host" therefore is system configuration +# dependant. This parameter is most often of use to prevent DNS lookups +# in order to resolve NetBIOS names to IP Addresses. Use with care! +# The example below excludes use of name resolution for machines that are NOT +# on the local network segment +# - OR - are not deliberately to be known via lmhosts or via WINS. +; name resolve order = wins lmhosts bcast + +# Windows Internet Name Serving Support Section: +# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server +; wins support = yes + +# WINS Server - Tells the NMBD components of Samba to be a WINS Client +# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both +; wins server = w.x.y.z + +# WINS Proxy - Tells Samba to answer name resolution queries on +# behalf of a non WINS capable client, for this to work there must be +# at least one WINS Server on the network. The default is NO. +; wins proxy = yes + +# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names +# via DNS nslookups. The built-in default for versions 1.9.17 is yes, +# this has been changed in version 1.9.18 to no. +; dns proxy = no + +# Case Preservation can be handy - system default is _no_ +# NOTE: These can be set on a per share basis +; preserve case = no +; short preserve case = no +# Default case is normally upper case for all DOS files +; default case = lower +# Be very careful with case sensitivity - it can break things! +; case sensitive = no + +#============================ Share Definitions ============================== ;[homes] ; comment = Home Directories ; browseable = no - -# By default, the home directories are exported read-only. Change the -# next parameter to 'no' if you want to be able to write to them. +; writable = yes + +# Un-comment the following and create the netlogon directory for Domain Logons +; [netlogon] +; comment = Network Logon Service +; path = /home/netlogon +; guest ok = yes +; writable = no +; share modes = no + + +# Un-comment the following to provide a specific roving profile share +# the default is to use the user's home directory +;[Profiles] +; path = /home/profiles +; browseable = no +; guest ok = yes + + +# NOTE: If you have a BSD-style print system there is no need to +# specifically define each individual printer +;[printers] +; comment = All Printers +; path = /var/spool/samba +; browseable = no +# Set public = yes to allow user 'guest account' to print +; guest ok = no +; writable = no +; printable = yes + +# This one is useful for people to share files +;[tmp] +; comment = Temporary file space +; path = /tmp +; read only = no +; public = yes + +# A publicly accessible directory, but read only, except for people in +# the "staff" group +;[public] +; comment = Public Stuff +; path = /home/samba +; public = yes ; read only = yes - -# File creation mask is set to 0700 for security reasons. If you want to -# create files with group=rw permissions, set next parameter to 0775. -; create mask = 0700 - -# Directory creation mask is set to 0700 for security reasons. If you want to -# create dirs. with group=rw permissions, set next parameter to 0775. -; directory mask = 0700 - -# By default, \\server\username shares can be connected to by anyone -# with access to the samba server. -# Un-comment the following parameter to make sure that only "username" -# can connect to \\server\username -# This might need tweaking when using external authentication schemes -; valid users = %S - -# Un-comment the following and create the netlogon directory for Domain Logons -# (you need to configure Samba to act as a domain controller too.) -;[netlogon] -; comment = Network Logon Service -; path = /home/samba/netlogon -; guest ok = yes -; read only = yes - -# Un-comment the following and create the profiles directory to store -# users profiles (see the "logon path" option above) -# (you need to configure Samba to act as a domain controller too.) -# The path below should be writable by all users so that their -# profile directory may be created the first time they log on -;[profiles] -; comment = Users profiles -; path = /home/samba/profiles -; guest ok = no -; browseable = no -; create mask = 0600 -; directory mask = 0700 - -[printers] - comment = All Printers - browseable = no - path = /var/spool/samba - printable = yes - guest ok = no - read only = yes - create mask = 0700 - -# Windows clients look for this share name as a source of downloadable -# printer drivers -[print$] - comment = Printer Drivers - path = /var/lib/samba/printers - browseable = yes - read only = yes - guest ok = no -# Uncomment to allow remote administration of Windows print drivers. -# You may need to replace 'lpadmin' with the name of the group your -# admin users are members of. -# Please note that you also need to set appropriate Unix permissions -# to the drivers directory for these users to have write rights in it -; write list = root, @lpadmin - +; write list = @staff + +# Other examples. +# +# A private printer, usable only by fred. Spool data will be placed in fred's +# home directory. Note that fred must have write access to the spool directory, +# wherever it is. +;[fredsprn] +; comment = Fred's Printer +; valid users = fred +; path = /homes/fred +; printer = freds_printer +; public = no +; writable = no +; printable = yes + +# A private directory, usable only by fred. Note that fred requires write +# access to the directory. +;[fredsdir] +; comment = Fred's Service +; path = /usr/somewhere/private +; valid users = fred +; public = no +; writable = yes +; printable = no + +# a service which has a different directory for each machine that connects +# this allows you to tailor configurations to incoming machines. You could +# also use the %u option to tailor it by user name. +# The %m gets replaced with the machine name that is connecting. +;[pchome] +; comment = PC Directories +; path = /usr/pc/%m +; public = no +; writable = yes + +# A publicly accessible directory, read/write to all users. Note that all files +# created in the directory by users will be owned by the default user, so +# any user with access can delete any other user's files. Obviously this +# directory must be writable by the default user. Another user could of course +# be specified, in which case all files would be owned by that user instead. +;[public] +; path = /usr/somewhere/else/public +; public = yes +; only guest = yes +; writable = yes +; printable = no + +# The following two entries demonstrate how to share a directory so that two +# users can place files there that will be owned by the specific users. In this +# setup, the directory should be writable by both users and should have the +# sticky bit set on it to prevent abuse. Obviously this could be extended to +# as many users as required. +;[myshare] +; comment = Mary's and Fred's stuff +; path = /usr/somewhere/shared +; valid users = mary fred +; public = no +; writable = yes +; printable = no +; create mask = 0765 ---------- ID: samba Function: service.running Name: smbd Result: True Comment: Service restarted Started: 12:57:29.649692 Duration: 166.524 ms Changes: ---------- smbd: True Summary for local ------------ Succeeded: 4 (changed=3) Failed: 0 ------------ Total states run: 4 Total run time: 15.941 s