; smb.conf

[global]
private directory = /etc/samba/private
lock directory    = /var/samba/locks
cache directory   = /var/samba/cache
state directory   = /var/samba/state
ncalrpc dir       = /var/samba/ncalrpc

bind interfaces only = true
interfaces = lagg0
server string = Name File Server
netbios name = NAME

security = ADS
realm = REALM
workgroup = WG

invalid users = root

;; User authentication stuff
kerberos method = system keytab

idmap config *  : backend = tdb
idmap config *  : range = 2000000001-2100000000
;
idmap config AD : backend = ad
idmap config AD : schema_mode = rfc2307
idmap config AD : range = 1-2000000000
idmap config AD : unix_primary_group = yes
;idmap config AD : unix_nss_info = yes
;
winbind use default domain = yes
winbind normalize names = yes
winbind max clients = 1000
winbind max domain connections = 5
;
; Override AD data
winbind nss info = template # rfc2307
template homedir = /export/users/%U
template shell = /bin/tcsh

; Enable shared robust mutexes
dbwrap_tdb_mutexes:* = yes

;; Enable "Previous Versions" support
vfs objects = shadow_copy2 zfsacl
shadow:snapdir = .zfs/snapshot
shadow:format = auto-%Y-%m-%d.%H:%M:%S
shadow:sort = desc
shadow:localtime = yes
shadow:snapdirseverywhere = yes
veto files = /.zfs/
delete veto files = yes

zfsacl:acesort = dontcare

nfs4:mode = special
nfs4:acedup = merge
; nfs4:chown = yes

kernel change notify = false
socket options = TCP_NODELAY SO_RCVBUF=65536 SO_SNDBUF=65536
client ldap sasl wrapping = seal
min protocol = SMB2
smb encrypt = auto
deadtime = 120
time server = true
hostname lookups = false
follow symlinks = true
wide links = false
unix extensions = false
winbind nested groups = false
winbind enum users = false
winbind enum groups = false
nt acl support = yes
inherit acls = yes
inherit permissions = yes
inherit owner = yes
store dos attributes = false
ea support = false
map hidden = false
map system = false
map archive = false
map read only = permissions
case sensitive = auto
logging = syslog@1 file@2
log level = 1 auth:2 smb:2
load printers = false
printing = bsd
printcap name = /dev/null
disable spoolss = true

; ============================ Share Definitions ==============================

[homes]
browseable = false
printable = false
public = false
writeable = true

[admin$]
copy = homes
comment = Admin Access
path = /export
valid users = list-of-admins
admin users = list-of-admins

[students]
copy = homes
comment = Student Home Directories
path = /export/students

[staff]
copy = homes
comment = Staff Home Directories
path = /export/staff

[staff$]
copy = homes
comment = Staff Home Directories (admin)
path = /export/staff
valid users = list-of-users
admin users = list-of-users

[samarbete]
copy = homes
comment = Group Directories (not active)
path = /export/samarbete
writeable = false

[samarbete$]
copy = homes
comment = Group Directories (test)
path = /export/samarbete
valid users = list-of-users