[global]
        realm = SERVEUR.CAVESORSAT.CH
	security = ads
        netbios name = fileserver
        server string = %h server (Samba %v)
        workgroup = ORSAT
        password server = classicus.serveur.cavesorsat.ch 
        encrypt passwords = true

	passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
	socket options = TCP_NODELAY
	obey pam restrictions = no
	deadtime = 5
	passdb backend = tdbsam guest
	passwd program = /usr/bin/passwd %u
	dns proxy = no 

        # administration
        admin users = ORSAT/Administrateur  @"ORSAT/admins du domaine"      
        add share command = /etc/samba/addshare.sh

        # log 
	log file = /var/log/samba/log.%m
	syslog = 2
	max log size = 1000
        log level = 2

        # divers 
	panic action = /usr/share/samba/panic-action %d

	# winbind
        ldap admin dn = cn=admin,dc=serveur,dc=cavesorsat,dc=ch
        ldap idmap suffix = ou=idmap
        ldap suffix = dc=serveur,dc=cavesorsat,dc=ch
        idmap backend = ldap:ldap://fileserver.cavesorsat.ch
        winbind nested groups = Yes
        winbind separator = /
	idmap uid = 10000-20000
	idmap gid = 10000-20000
	winbind enum users = yes
	winbind enum groups = yes
	template homedir = /home/%U
	template shell = /bin/bash


[homes]
        comment = Home Directories
        writeable = Yes
        create mask = 0700
        directory mask = 0700
        browseable = No
        valid users = ORSAT/%S
        root preexec = /etc/samba/mkhomedir.sh  %H %u %g 

# partage toto
include = /etc/samba/shares/toto.conf


# cat /etc/samba/shares/toto.conf
[toto]
	comment = 
	path = /var/spool/samba/scsi/toto
        writeable = yes

        nt acl support = Yes
        inherit acls = Yes
        force unknown acl user = Yes
        store dos attributes = Yes
  
        security mask = 0777
        force security mode = 0
        directory security mask = 0777
        force directory security mode = 0