# 'privacy enhanced' smb.conf

# Global parameters
[global]
	workgroup = MYDOMAIN
	server string = Fileserver
	client schannel = auto 
	map to guest = Bad User
	null passwords = Yes
	obey pam restrictions = Yes
	passdb backend = ldapsam:ldap://dir-server, guest
	passwd program = /usr/bin/passwd -q %u
	passwd chat = *New*password* %n\n *Re-enter*new*password* %n\n \n
	unix password sync = Yes
	client plaintext auth = No
	log level = 2
	syslog = 0
	log file = /var/log/samba/%m.log
	time server = Yes
	client signing = Yes
	deadtime = 1440
	socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
	add user script = /etc/samba/scripts/smbldap-useradd.pl '%u'
	delete user script = /etc/samba/scripts/userdel.sh '%u'
	add group script = /etc/samba/scripts/smbldap-groupadd.pl '%g' && /etc/samba/scripts/smbldap-groupshow.pl %g|awk '/^gidNumber:/ {print $2}'
	delete group script = /etc/samba/scripts/groupdel.sh '%g'
	add user to group script = /etc/samba/scripts/smbldap-groupmod.pl -m '%u' '%g'
	delete user from group script = /etc/samba/scripts/smbldap-groupmod.pl -x '%u' '%g'
	set primary group script = /etc/samba/scripts/smbldap-usermod.pl -g '%g' '%u'
	add machine script = /etc/samba/scripts/machadd.sh %u
	shutdown script = /sbin/shutdown +1
	abort shutdown script = /sbin/shutdown -c
	logon script = scripts\%m.bat
	logon path = \\%L\%U\.winprofile
	logon drive = m:
	logon home = \\%L\%U
	domain logons = Yes
	os level = 65
	domain master = Yes
	wins server = 10.0.0.2
	ldap admin dn = cn=proxy-user,ou=department,o=company,c=DE
	ldap group suffix = ou=Group
	ldap suffix = ou=department,o=company,c=DE
	ldap ssl = no
	ldap user suffix = ou=People
	message command = /bin/mail -s 'Nachricht von %f auf %m' root < %s; rm %s
	host msdfs = Yes
	idmap uid = 10000-20000
	idmap gid = 10000-20000
	admin users = @domadm
	write list = @domadm
	printer admin = @it-s, @domadm, @printop
	map acl inherit = Yes
	printer name = normal
	map system = Yes
	map hidden = Yes

[install]
	comment = windows installation source
	path = /data/pxe/client
	write list = root, @it-s, @domadm
	guest ok = Yes
	map system = No
	map hidden = No
	map archive = No
	browseable = No