|
Configuration reference samba as PDC |
|
Written by pnyet
|
|
The fucking manual of samba as domain controller
#smb.conf
[global] workgroup = LERINDRO server string = PTLI File Server interfaces = lo, eth0, 192.168.7.0/24 bind interfaces only = Yes passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new password*" %n\n" passwd chat debug = Yes username map = /etc/samba/smbusers log file = /var/log/samba/%m.log max log size = 50 time server = Yes printcap name = cups add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel '%u' add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%g' '%u' delete user from group script = /usr/sbin/smbldap-groupmod -x '%g' '%u' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -w '%u' shutdown script = /var/lib/samba/scripts/shutdown.sh abort shutdown script = /sbin/shutdown -c logon script = %u.bat logon path = \\server1.lerindro.net\profiles\%u logon drive = H: domain logons = Yes os level = 69 preferred master = Yes domain master = Yes wins support = Yes ldap admin dn = cn=sambaadmin,dc=lerindro,dc=net ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers,ou=Users ldap suffix = dc=lerindro,dc=net ldap ssl = no ldap user suffix = ou=People,ou=Users usershare path = /home/Public idmap backend = ldap://127.0.0.1 idmap uid = 10000-20000 idmap gid = 10000-20000 ldapsam:trusted = yes admin users = sambaadmin printer admin = root acl group control = Yes hosts allow = 127., 192.168.7. cups options = raw
[homes] comment = Home Directories valid users = %S read only = No create mask = 0600 directory mask = 0700
[netlogon] comment = Network Logon Service path = /home/netlogon read only = No
[profiles] path = /home/profiles read only = No create mask = 0777 directory mask = 0777 browseable = No
[Documents] comment = Share Users Documents path = /home/DataUser valid users = "@Domain Users" read only = No
|