# Global parameters [global] workgroup = ADS realm = ADS.SOFTWAREENERGIE.EU netbios name = SAMBA4-AD2 netbios aliases = SAMBA4 AD Master Dresden server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate, ntp_signd idmap_ldb:use rfc2307 = yes encrypt passwords = yes kerberos method = system keytab client ldap sasl wrapping = sign dcerpc endpoint servers = +winreg +srvsvc +netlogon +samr +epmapper +rpcecho +lsarpc +dssetup +unixinfo +browser +eventlog6 +backupkey +remote send spnego principal yes # client use spnego principal yes disable netbios = no preferred master = yes domain master = yes local master = yes domain logons = yes max protocol = smb3 # winbind separator = / winbind enum users = yes winbind enum groups = yes winbind expand groups = 1 winbind nss info = rfc2307 winbind nested groups = yes winbind offline logon = yes winbind refresh tickets = yes winbind normalize names = yes winbind rpc only = yes winbind sealed pipes = no winbind trusted domains only = no winbind cache time = 3600 winbind reconnect delay = 30 winbind max clients = 2000 winbind use default domain = true idmap config ALL:backend = lwicompat_v4 idmap config ALL:default = yes idmap config ALL:readonly = yes idmap uid = 10000-33554431 idmap gid = 10000-33554431 idmap backend = idmap_rid:ADS=10000-33554431 ##template primary group = "Domain Users" template shell = /bin/bash lanman auth = yes ntlm auth = yes client lanman auth = yes client ntlmv2 auth = yes client plaintext auth = yes guest account = nobody rpc_server:tcpip = embedded rpc_daemon:spoolssd = embedded rpc_server:spoolss = embedded rpc_server:winreg = embedded rpc_server:ntsvcs = embedded rpc_server:eventlog = embedded rpc_server:srvsvc = embedded rpc_server:svcctl = embedded rpc_server:default = external store dos attributes = Yes vfs objects = dfs_samba4, acl_xattr full_audit:success = connect opendir disconnect unlink mkdir rmdir open rename full_audit:failure = connect opendir disconnect unlink mkdir rmdir open rename ### ssl / TLS ### tls enabled = Yes tls keyfile = tls/key.pem tls certfile = tls/cert.pem tls cafile = tls/ca.pem ### log/syslog/debug ### log level = 4 syslog = 0 syslog only = No max log size = 500k debug timestamp = Yes debug prefix timestamp = No debug hires timestamp = Yes debug pid = No debug uid = No debug class = Yes enable core files = Yes log file = /var/log/samba/log.%I #### BIND DLZ-DNS #### dns forwarder = 192.168.40.11 allow dns updates = nonsecure and secure nsupdate command = /usr/bin/nsupdate -g #### Printing #### load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes #### Networking #### interfaces = 127.0.0.1 10.40.0.11 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 bind interfaces only = yes [netlogon] path = /var/lib/samba/sysvol/ads.softwareenergie.eu/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No [home] comment = Home Directories valid users = %S, %D%w%S browseable = No read only = No inherit acls = Yes [homes] comment = Home Directories valid users = %S, %D%w%S browseable = No read only = No inherit acls = Yes [profiles] comment = Network Profiles Service path = %H read only = No store dos attributes = Yes create mask = 0650 directory mask = 0750 inherit acls = Yes [users] comment = All users path = /home read only = No inherit acls = Yes veto files = /aquota.user/groups/shares/ [groups] comment = All groups path = /home/groups read only = No inherit acls = Yes #----------------------------------- [srv] comment = srv path = /srv printable = no create mask = 0644 directory mask = 0775 writeable = yes create mode = 0600 browseable = yes force user = root force group = root