Get To Know Linux: Understanding smb.conf

Jack Wallen
Feb 6, 2009
Updated • Dec 2, 2012

Next to the xorg.conf file (read my Get To Know Linux: Understanding xorg.conf for more) the smb.conf file might be the most misunderstood of all files. Part of the reason for this is because the default file is, well, rather large and confusing. When you compare what you need vs what you have (in the default at least), you will be surprised at how simple Samba can be to configure.

After Samba is installed the smb.conf file will be around 533 lines long. Fear not. It's much easier than it seems.

The smb.conf file is broken into sections. Each section will start with a line that looks like:


Where TITLE is the actual title of the block. Each block represents either a configuration or a  share that other machines can connect to. You will, at minimum, have a global block and a single share.


The global block is one of the more important blocks in your smb.conf file. This block defines the global configuration of your Samba server. This block begins with:


Within your blocks your configuration lines will be made up of:

option = value


The most important statements you will need in your global block are:
netbios name= NAME
workgroup = WORKGROUP_NAME
security = SECURITY_TYPE
encrypt passwords = YES/NO
smb passwd file = /path/to/smbpasswd

The values for each option above should be self explanatory. But there is one thing to note. If you are encrypting passwords you will need to add users (with passwords) with the smbpasswd command.
Within the global block one of the more important options is the security option. This option refers to authentication (how users will be able to log in). There are five different types of security:

  • ADS - Active Directory Domain
  • Domain - User verification through NT Primary or Backup Domain
  • Server - Samba server passes on authentication to another server
  • Share - Users do not have to enter username or password (until they try to access a specific directory)
  • User - Users must provide valid username/password. This is the default.

Share Blocks

The next blocks will refer to individual shares. You will need a different block for each directory you want to share to Samba users. A typical share block will look like this:
comment = COMMENT
path = /path/to/share
writeable = YES/NO
create mode = NUMERIC VALUE
directory mode = NUMERIC VALUE
locking = YES/NO

Everything in caps above will be defined according to your needs. The tricky entries will be the create and directory modes. What this does is define permissions for any file created as well as the share directories. So the values will be in the form of 0700 or 0600 (depending upon your permission needs). Remember, you will need a share block for every directory you want to share out.

Naturally there are plenty of options that can be used in Samba. Many of these options will fall in the global block.

Printer Block

You can also define a block to share out printers. This block will start with:


and will contain options like:
comment = COMMENT
browseable = YES/NO
guest ok = YES/NO
writable = YES/NO
printable = YES/NO
create mode = NUMERIC VALUE

Sample smb.conf

I have an external drive that I mount to /media/music and I share out to my home network with the following smb.conf file:
netbios name = MONKEYPANTZ
workgroup = MONKEYPANTZ
security = user
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
interfaces =
[wallen music]
comment = Music Library
path = /media/music
writeable = yes
create mode = 0600
directory mode = 0700
locking = yes

And that's it. That is my entire smb.conf file. Granted I am only sharing out a single directory, but it shows how simple smb.conf can be to configure.


Previous Post: «
Next Post: «


  1. oes tsetnoc said on September 25, 2009 at 9:44 am

    honestly I’m new to samba. it was very usefull to read at your blog.thanks

  2. RogueSpear said on February 8, 2009 at 3:38 am

    Another great article. It’s nice that they’re brief and to the point. They answer the “obvious” questions that a ton of how-to articles take for granted that you should know – when noobs like me sometimes don’t. Makes it much easier to jump into self learning and searching.

    I do have a question however. At work I recently upgraded our Active Directory domain to Windows Server 2008 servers. When I did this I was presented with the obligatory ominous message that Windows NT4 clients would no longer be able to authenticate. “No problem” I thought to myself as it has been about 8 years since I’ve had any NT4 clients on my network. I didn’t think about my Mepis workstations. They are no longer able to connect to AD resources. Do you know if Samba has a limitation that has yet to be overcome on this front? Or is there something.. ahh.. “obvious” that I am missing?

    Keep up the great work Jack. Your Linux articles have become one of my favorite resources.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.