#======================= Global Settings ======================= [global] workgroup = DOMAIN_NAME # server string is the equivalent of the NT Description field server string = SERVER_STRING wins support = yes dns proxy = no time server = yes netbios name = NETBIOS_NAME #### Networking #### ; interfaces = 127.0.0.0/8 eth0 ;;;; bind interfaces only = true #### Debugging/Accounting #### log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d log level = 3 ####### Authentication ####### ; security = user encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes passwd program = /usr/bin/passwd %u # modified rob@egressive.com 20070213 to make sure users can change password # passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* . passwd chat = *password:* %n\n *password:* %n\n *success* unix password sync = yes ########## Domains ########### domain logons = yes logon drive = H: logon path = \\%N\profiles\%U logon script = %U.cmd domain master = yes preferred master = yes enable privileges = yes # # Scripts # add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/usermod -G %g %u add machine script = /usr/sbin/useradd -s /bin/false/ -d /var/lib/nobody %u # # Winbind # idmap uid = 10000-20000 idmap gid = 10000-20000 template shell = /bin/bash ########## Misc ########### socket options = TCP_NODELAY # added rob@egressive.com 20070226 # PDB and PNX are used by profax - attempt to sort out speed issues level2 oplocks = yes oplocks = yes veto oplock files = /*.mdb/*.MDB/*.ldb/*.LDB/*.dbf/*.DBF/*.pdb/*.PDB/*.pnx/*.PNX/ ######### Printing ######## load printers = yes printing = cups printcap name = CUPS cups options = Raw #======================= Share Definitions ======================= [homes] comment = Home Directories browseable = no valid users = %S writable = yes create mask = 0600 directory mask = 0700 [netlogon] comment = Network Logon Service path = /home/samba/netlogon admin users = Administrator valid users = %U guest ok = yes writable = no share modes = no [profiles] comment = User Profiles path = /home/samba/profiles valid users = %U guest ok = no browseable = no create mask = 0640 directory mask = 0750 writable = yes [profdata] comment = User Profile Data path = /home/samba/profdata valid users = %U guest ok = no browseable = no create mask = 0660 directory mask = 0770 writable = yes #[printers] # comment = All Printers # browseable = no # path = /var/spool/samba # printable = yes # guest ok = yes # rob@egresisve.com 20070213 ; public = no ; writable = no ; create mode = 0700 #[print$] # comment = Printer Drivers ## path = /var/lib/samba/printers # browseable = no # writable = yes # guest ok = no [printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes public = no writable = no create mode = 0700 # Windows clients look for this share name as a source of downloadable # printer drivers [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no # Uncomment to allow remote administration of Windows print drivers. # Replace 'ntadmin' with the name of the group your admin users are # members of. write list = root, @domainadmins