[global]

# Enregistrement des logs
  log file=/var/log/samba/samba.log
  log level=5


#Informations du domaine
  netbios name = SMB2
  workgroup = SAMDOM
  security = ADS
  realm = AD.SAMDOM.LOCAL
  encrypt passwords = yes

#On utilise la keytab de kerberos pour authentifier ce serveur
  dedicated keytab file = /etc/krb5.keytab
  kerberos method = secrets and keytab


#Configuration de Winbind (traduction des users Windows en users UNIX)
  winbind refresh tickets = yes
  winbind trusted domains only = no
  winbind use default domain = yes
  winbind enum users  = yes
  winbind enum groups = yes

#Configuration du cluster
 clustering = Yes
 ctdbd socket = /usr/local/samba/var/run/ctdb/ctdbd.socket
 fileid:mapping = fsid
 vfs objects = fileid


#Configuration idmap par defaut pour BUILTIN et comptes locaux/groupes
 idmap config *:backend = tdb
 idmap config *:range = 2000-9999

#Configuration idmap pour le domaine SAMDOM
 idmap config SAMDOM:backend = ad
 idmap config SAMDOM:schema_mode = rfc2307
 idmap config SAMDOM:range = 10000-99999

#On recupere le login shell et le home depuis l'annuaire
 winbind nss info = rfc2307

#ACL Unix et activation des audits de securite
 vfs objects = acl_xattr full_audit
 map acl inherit = Yes
 store dos attributes = Yes

#Configuration des audits de securite
 full_audit:prefix = %u|%I|%m|%S
 full_audit:success = mkdir rename unlink rmdir write
 full_audit:failure = read pread mkdir opendir rmdir telldir
 full_audit:facility = local7
 full_audit:priority = NOTICE


#Partage personnel des utilisateurs
[home]
   path = /home/shares/staff/team
   valid users = "@SAMDOM\Domain Users"
   admin users = "@SAMDOM\Domain Admins"
   read only = no
   create mask = 0770
   directory mask = 0770
   browseable = no


#Dossiers de partages
[apps]
        comment = Partage apps
        path = /home/shares/apps
        valid users = "@SAMDOM\smbapps"
        guest ok = no
        browseable = yes
        writable = yes
        create mask = 0770
        directory mask = 0770