4.1 global section

The [global] section handles settings that apply to the SMB server.

• workgroup = myworkgroup
  This setting configures the workgroup or domain name of which the SMB server will be a part.
• load printers = yes
  Do we want to expose the printers of the server computer to SMB clients? If this setting is enabled, then all the printers available on the server host will be visible to SMB clients.
• printcap name = /etc/printcap
  This is where the SMB server look to find out what printers are available to the server host.
• printing = cups
  Which print server is used on the SMB server? The two most popular choices are cups and lprng. Note that this must match the actual print server daemon used on the server.
• invalid users = root
  This setting indicates what account cannot be accessed on the server.
• log file = /var/log/samba/log.%m
  This let you specify which file stores the log from clients. The %m in the filename is replaced by the actual name of the client host. This allows the system to use a different file for each client host.
• max log size = 1000
  This means the log file can only be up to 1000kB (1,000 kilobytes).
• syslog = 0
  This means that we are not using the usual syslog to store messages for the SMB server.
• security = user
  Now, this one is important. There are three popular options. user specifies a user level security. This means that a client host must first authenticate as a user on the server host before permitted access. This is the easier method. domain specifies a domain level security. To make this option work, there must be a domain controller that performs the authentication. ADS specifies Active Directory Security mode, which requires the availability of a password server.
  But what about the other settings? share is known not to be with some Windows, and server is known to be insecure.
• realm = losrios.edu
  This is needed when security = ADS to specify the realm of the active directory.
• password server
  This is needed when security = ADS to specify the name of a password server.
• encrypt password = true
  This setting specifies that when passwords are transmitted, they should be encrypted. Note that this should not be used when you have hosts that runs Windows 98 or earlier. This is because these hosts cannot encrypt passwords.
• passdb backend = smbpasswd
  This setting controls how the password is authenticated. smbpasswd is a password database that is independent to the file /etc/shadow. This way, you can set up client users of the SMB server so that they are independent of the main system accounts.