Example Samba Config
[global]
# log?
#log level = all:10
# passdb?
#passdb backend = ?
# apparently no windows system supports case-sensitive filenames,
# so setting 'auto' effectively means 'no' for them
case sensitive = auto
# for windows, we'll try to be sensible... use lower case by default,
# but try to preserve the case where possible
default case = lower
preserve case = yes
short preserve case = yes
# don't just let Windows execute stuff...
acl allow execute always = no
# do not use the registry...
config backend = file
registry shares = no
# what does samba have to do with DNS??
allow dns updates = disabled
# authenticate local accounts, then fall back as guest??
auth methods = sam guest
# fail to lock immediately, don't hang about
blocking locks = no
# require clients to use at least SMB3
client ipc min protocol = SMB3_11
# push for better protocols... this should support Win7+
#client min protocol = SMB2_10
#client max protocol = SMB3
#server min protocol = SMB2_10
#server max protocol = SMB3
# allow rw- for group and other
create mask = 0766
# disconnect clients after n-minutes of inactivity
deadtime = 15
# keep permissions sensible
create mask = 0664
directory mask = 0775
force create mode = 0600
force directory mode = 0700
# map DOS file attributes... or not
map archive = no
map hidden = no
map system = no
map readonly = yes
store dos attributes = no
# disable netbios
disable netbios = yes
# don't be a domain master
domain master = no
# make it look like directories are always older than their children
# (helps `make` work properly)
fake directory create times = yes
# use the current user in place of an unknown Windows SID
force unknown acl user = yes
# don't present the filesystem as 'NTFS'
fstype = Samba
# the guest account is...
guest account = nobody
# dot files are presented as hidden
hide dot files = yes
# don't show some files
hide special files = yes
hide files = /desktop.ini/thumbs.db/
veto files = /.dropbox/.dropbox.cache/
# do not spend time doing hostname lookups
hostname lookups = no
# restrict to this network
hosts allow = 192.168.0.0/24
hosts deny = ALL
# root has no business here...
invalid users = root
# shhh don't make Lanman broadcasts
lm announce = no
# don't participate in elections for master
local master = no
# map unknown users to the guest account
map to guest = bad user
# only lookup names using DNS or /etc/hosts
name resolve order = host
# use user-based security
security = user
# we're a standalone server, with certain services
server role = standalone
server services = s3fs
server string = Perdy
workgroup = attie.co.uk
# just... nothing about printers
show add printer wizard = no
# disable usershares
usershare path =
# tweak the sockets for performance
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=131072 SO_SNDBUF=131072
[homes]
# this is the template for each user's home directory
# don't specify a path, so we'll use the user's home dir
path = /home/%u/
comment = Your Home!
writable = yes
# always present consistent information
#level2 oplocks = no
#kernel oplocks = yes
# don't show the 'homes' share in a browser
browseable = no
# don't let the mfd / multi-function device user in
invalid users = mfd
[shared]
path = /home/shared/
comment = Shared
# always present consistent information
#level2 oplocks = no
#kernel oplocks = yes
# always present as nobody/nogroup
force user = nobody
force group = nogroup
# inherit owner ??
# keep permissions sensible
create mask = 0664
directory mask = 0775
force create mode = 0660
force directory mode = 0770
writable = yes
# always show this share
browseable = yes
guest ok = yes
# enforce readers / writers
#read list =
#write list =