4.1 The Global section

The global section start with a single line [global].

• workgroup = thevillage
  This line configures the workgroup of the server. A workgroup is the highest level of a SMB-based file sharing mechanism. In essense, a workgroup is a named entity that contains a number of file servers. In the example, the server being set up will be a part of the workgroup thevillage.
• wins support = no
  This line specifies whether the server should be set up as a WINS (Windows Internet Naming Service) server. Typically, a machine should not be set up as a WINS server. The default is no for this option.
• wins server = 192.168.87.132
  This line instructs the server to use the specified IP address as the IP address of the WINS server. Although DNS (domain name service) is preferred as of Windows 2000, some systems still require the use of WINS. Also, note that this setting does not only affect the Samba server, but it also affect Samba clients running on the same machine.
• security = user
  This specifies how authentication is done on this server. Special care must be taken here.
  • user is the most common method. This specifies that when a remote machine attempts to connect to this SMB server, it will be required to authenticate against a local user and password list. Once authenticated, there is no need to authenticate again, regardless of which “share” the remote machine wants to access.
  • share implements per-share authentication. A “share” is the finest access control level in SMB, as it is a part of the file system of the server. This option requires more explaining of how a “share” is configured, later in this module.
  • domain specifies authentication against a domain controller. When this mechanism is specified, the SMB server will use a domain controller for authentication purposes. This is particularly useful in an enterprise environment where there is a large number of SMB servers. This option requires coordination with a domain controller. More on this later.
• encrypt passwords = true
  This option specifies that passwords be encrypted during authentication. Unless old Windows machines (Windows 98 or before) will be potential clients, specify Yes. Passwords transmitted as plain text is a high exposure to security risks.