Last active
November 14, 2023 08:44
-
-
Save tomtastic/930ec8c08843ed9cb2d899d9a80d81f5 to your computer and use it in GitHub Desktop.
Samba 4.13.5 config for MacOS Monterey
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# Sample configuration file for the Samba suite for Debian GNU/Linux. | |
# | |
# | |
# This is the main Samba configuration file. You should read the | |
# smb.conf(5) manual page in order to understand the options listed | |
# here. Samba has a huge number of configurable options most of which | |
# are not shown in this example | |
# | |
# Some options that are often worth tuning have been included as | |
# commented-out examples in this file. | |
# - When such options are commented with ";", the proposed setting | |
# differs from the default Samba behaviour | |
# - When commented with "#", the proposed setting is the default | |
# behaviour of Samba but the option is considered important | |
# enough to be mentioned here | |
# | |
# NOTE: Whenever you modify this file you should run the command | |
# "testparm" to check that you have not made any basic syntactic | |
# errors. | |
#======================= Global Settings ======================= | |
[global] | |
# Special configuration for Apple's Time Machine | |
# catia - maps MacOS filename encodings to a form most Linux filesystems support | |
# fruit - provides Apple’s proprietary extensions to SMB | |
# acl_xattr - stores NTFS Access Control Lists (ACLs) in Extended Attributes (EAs) | |
# streams_xattr - stores NTFS alternate data streams in POSIX xattrs | |
vfs objects = catia fruit streams_xattr | |
fruit:aapl = yes | |
fruit:time machine = yes | |
fruit:resource = xattr | |
fruit:nfs_aces = no | |
fruit:model = Xserve | |
# Security | |
interfaces = 192.168.0.0/16 10.0.0.0/24 | |
bind interfaces only = yes | |
server role = standalone server | |
workgroup = WORKGROUP | |
client min protocol = SMB3_02 | |
#client smb encrypt = enabled | |
server min protocol = SMB3_02 | |
server max protocol = SMB3_11 | |
#server smb encrypt = enabled | |
smb ports = 445 | |
restrict anonymous = 2 | |
unix password sync = yes | |
pam password change = yes | |
passwd program = /usr/bin/passwd %u | |
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . | |
# Unneeded features | |
disable netbios = yes | |
enhanced browsing = no | |
host msdfs = no | |
load printers = no | |
printcap cache time = 0 | |
printcap name = /dev/null | |
# dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver | |
dcerpc endpoint servers = rpcecho | |
server services = -s3fs, +rpc, -nbt, -wrepl, -ldap, -cldap, -kdc, -drepl, -winbindd, -ntp_signd, -kcc, -dnsupdate, -dns, +smb | |
rpc_server:epmapper = disabled | |
rpc_server:winreg = disabled | |
rpc_server:lsarpc = disabled | |
rpc_server:samr = disabled | |
rpc_server:netlogon = disabled | |
rpc_server:netdfs = disabled | |
rpc_server:dssetup = disabled | |
rpc_server:wkssvc = disabled | |
rpc_server:spoolss = disabled | |
rpc_server:svcctl = disabled | |
rpc_server:ntsvcs = disabled | |
rpc_server:eventlog = disabled | |
rpc_server:initshutdown = disabled | |
rpc_server:mdssvc = disabled | |
allow dns updates = disabled | |
dns proxy = no | |
enable core files = no | |
name resolve order = host bcast | |
# Performance | |
use sendfile = yes | |
#### Debugging/Accounting #### | |
# This tells Samba to use a separate log file for each machine | |
# that connects | |
log file = /var/log/samba/log.%m | |
log level = 0 | |
# Cap the size of the individual log files (in KiB). | |
max log size = 1000 | |
# We want Samba to only log to /var/log/samba/log.{smbd,nmbd}. | |
# Append syslog@1 if you want important messages to be sent to syslog too. | |
logging = file | |
# Do something sensible when Samba crashes: mail the admin a backtrace | |
panic action = /usr/share/samba/panic-action %d | |
############ Misc ############ | |
# Some defaults for winbind (make sure you're not using the ranges | |
# for something else.) | |
; idmap config * : backend = tdb | |
; idmap config * : range = 3000-7999 | |
; idmap config YOURDOMAINHERE : backend = tdb | |
; idmap config YOURDOMAINHERE : range = 100000-999999 | |
; template shell = /bin/bash | |
#======================= Share Definitions ======================= | |
[Time Machine] | |
path = /data/backup/timemachine/%U | |
valid users = %U | |
browseable = Yes | |
writable = Yes | |
read only = No | |
inherit acls = Yes | |
spotlight = No | |
block size = 524288 | |
dfree command = /usr/local/bin/dfree | |
dfree cache time = 120 | |
printing = bsd |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
As I've been frustrated with the formatting of the documentation, I put together some JSON with all the parameters, their default values and the source for that info.