[global]

### winbindd hack
winbind trusted domains only = yes
winbind nested groups = no
idmap backend = noop

### tweaks
socket options = TCP_NODELAY SO_KEEPALIVE
reset on zero vc = yes

### users
username map = /etc/samba/smb.usermap
guest account = nobody
invalid users = root daemon bin adm sys ftp

### logging
# log level
debug level = 1
# cc: everything err or higher to syslog
syslog = 1
# write to standard log files also
syslog only = no
log file = /var/log/samba/log.%I

### security
enable privileges = no
restrict anonymous = 2

### authentication
security = ads
workgroup = EXAMPLE
realm = EXAMPLE.COM
allow trusted domains = false
password server = *
encrypt passwords = true
lanman auth = no
ntlm auth = no

### browsing
os level = 0
domain master = no
local master = no
preferred master = no
# set this to blank, so we don't get a big, long version string
# showing up in Network Neighborhood
server string =

name resolve order = host

### wins
### samba doesn't use it, but it'll register itself there
wins server = wdc1.example.com wdc2.arc.com

### printing
printing = cups

load printers = no
printcap = /etc/samba/printcap

### DOS-UNIX translation
hide dot files = true
store dos attributes = no

# put connections into utmp
utmp = true

### perms
# files and directories inherit permissions from parent (including setgid
# but not setuid)
inherit permissions = yes
# but inherit default ACLs instead if somebody's bothered to set those up
inherit acls = yes
# support NT messing with perms
nt acl support = true
# let the user change anything s/he wants
security mask = 777
force security mode = 0
directory security mask = 777
force directory security mode = 0

veto files = /.rhosts/.shosts/.netrc/authorized_keys/authorized_keys2/passwd/shadow/bookmarks/.k5login/.xhostrc/.amd/

[homes]
        comment = Your Home Directory
        browseable = no
        read only = no
	# get rid of ``offline share'' eventlog messages from Userenv
	csc policy = disable

[example-archive]
	path=/example/archive
	public=no
	writable=yes
	comment=/example/archive

[example-doc]
	path=/example/doc
	public=no
	writable=yes
	comment=/example/doc

[example-home]
	path=/example/home
	public=no
	writable=yes
	comment=/example/home

[example-misc]
	path=/example/misc
	public=no
	writable=yes
	comment=/example/misc

[example-work]
	path=/example/work
	public=no
	writable=yes
	comment=/example/work