[Global] workgroup = MYDOMAIN server string = %h log level = 1 log file = /var/log/samba/%m.log max log size = 50 security = ADS realm = MYDOMAIN.MORNINGSIDE.EDU # Set to default by SRGM - Dec 13, 2011 # Changed from 'disabled' by SRGM - Oct 9, 2009 # Changed from 'auto' by MWH - Nov 11, 2009 #server signing = disabled #smb passwd file = /etc/samba/smbpasswd admin users = @"MYDOMAIN:Domain Admins" unix password sync = yes unix extensions = no #passwd program = /usr/bin/passwd %u #passwd chat = *New*password* %n\n *Retype*new*password* %n\n*passwd:*all*authentication*tokens*updated*successfully* #pam password change = yes #obey pam restrictions = yes #socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 # socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no # Used for guest access map to guest = Bad User guest account = nobody # Default to our primary domain map untrusted to domain = yes # required for RID idmap #allow trusted domains = no # Old style: idmap backend = rid idmap uid = 10000-1000000 idmap gid = 10000-1000000 # New style: #idmap config BUILTIN : backend = tdb #idmap config BUILTIN : range = 9000-9200 #idmap config FRANK : backend = tdb #idmap config FRANK : range = 9201-9400 #idmap config NT AUTHORITY : backend = tdb #idmap config NT AUTHORITY : range = 9401-9600 #idmap config MYDOMAIN : backend = rid #idmap config MYDOMAIN : range = 10000-1000000 #idmap config * : backend = tdb #idmap config * : range = 1000001-1010000 winbind use default domain = yes winbind separator = : winbind enum users = yes winbind enum groups = yes template shell = /bin/tcsh template homedir = /home/%U local master = no # Inherit these qualities from parent folder: inherit permissions = yes #inherit acls = yes inherit owner = yes # Allow users in groups that can write to change perms dos filemode = yes # I don't want to run cups at this time printcap name = /etc/printcap load printers = no printing = #include = /etc/samba/conf.d/includes [homes] comment = Workspaces create mask = 0077 browseable = no writable = yes valid users = @"MYDOMAIN:filesurfer-users" nt acl support = yes path = /tank/workspaces/%U root preexec = /usr/local/bin/mkhomedir.sh %U