; /liu/etc/samba/smb.conf ; [global] private directory = /liu/etc/samba/private lock directory = /liu/var/samba/locks cache directory = /liu/var/samba/cache state directory = /liu/var/samba/state ncalrpc dir = /liu/var/samba/ncalrpc ;; Network interfaces bind interfaces only = true interfaces = lagg0 ;; Server names server string = Filur00 File Server netbios name = FILUR00 ;; Security type security = ADS realm = AD.LIU.SE workgroup = AD ;; ID Mappings idmap config * : backend = tdb idmap config * : range = 3000000001-3001000000 idmap config AD : backend = ad idmap config AD : range = 1000-3000000000 idmap config AD : schema_mode = rfc2307 idmap config AD : unix_primary_group = yes ;; Enable shared robust mutexes dbwrap_tdb_mutexes:* = no ;; Auditing full_audit:prefix = %u|%I full_audit:success = none full_audit:failure = none full_audit:facility = LOCAL7 full_audit:priority = notice ;; Snapshots/Previous Versions shadow:snapdir = .zfs/snapshot shadow:format = auto-%Y-%m-%d.%H:%M:%S shadow:sort = desc shadow:localtime = yes shadow:snapdirseverywhere = yes ;; Options from Puppet/Hiera (data/common.yaml and nodes/$HOSTNAME.yaml) vfs objects = shadow_copy2 zfsacl kerberos method = system keytab kernel change notify = false socket options = TCP_NODELAY client ldap sasl wrapping = seal socket listen backlog = 1024 invalid users = root min protocol = SMB2 smb encrypt = auto time server = true hostname lookups = false ; follow symlinks = true wide links = false ; unix extensions = false winbind nested groups = false winbind enum users = false winbind enum groups = false winbind use default domain = yes winbind normalize names = yes winbind max clients = 2000 winbind max domain connections = 2 winbind nss info = template template homedir = /home/%U template shell = /bin/sh nt acl support = yes acl allow execute always = yes store dos attributes = yes ea support = false map hidden = false map system = false map archive = false map read only = permissions case sensitive = auto logging = syslog:0 file:2 log level = 1 auth:2 winbind:2 idmap:2 passdb:2 acls:2 load printers = false printing = bsd printcap name = /dev/null disable spoolss = true veto files = /.zfs/ hide files = /~$*/ zfsacl:map_dacl_protected = yes inherit permissions = yes zfsacl:denymissingspecial = no nfs4:acedup = dontcare nfs4:force_attrib_write = no inherit acls = no winbind refresh tickets = true ;; Include settings from the local configuration (not handled by Puppet) include = /etc/samba/smb.local.conf ;; ============================ Share Definitions ============================== [homes] browseable = false printable = false public = false writeable = true [admin$] copy = homes full_audit:success = connect disconnect mkdirat open renameat unlinkat fchmod fchown chdir lock symlinkat readlinkat linkat mknodat realpath create_file full_audit:failure = connect comment = Admin Access path = /export valid users = @fillager-admins, @fillager-superusers admin users = @fillager-admins, @fillager-superusers preexec close = yes preexec = /usr/local/bin/python3 /liu/libexec/mfa_auth '%u' '%I' [students] copy = homes comment = Student Home Directories path = /export/students inherit owner = yes [staff] copy = homes comment = Staff Home Directories path = /export/staff inherit owner = yes [staff$] copy = homes comment = Staff Home Directories (admin) path = /export/staff valid users = peter86, jeamo93, joaol09, @fillager-admins admin users = peter86, jeamo93, joaol09, @fillager-admins