# Global parameters [global] workgroup = MCS netbios name = SERVER security = domain enable privileges = yes server string = MCS encrypt passwords = true # min passwd length = 8 pam password change = yes # obey pam restrictions = on ldap passwd sync = yes unix password sync = no passwd program = /usr/sbin/smbldap-passwd -u %u # passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . passwd chat = *password:* %n\n *password:* %n\n *password* # passwd chat debug = Yes log level = 1 syslog = 1 log file = /var/log/samba/log.%m max log size = 100000 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 mangling method = hash2 Dos charset = 852 Unix charset = UTF-8 name resolve order = lmhosts wins hosts bcast inherit permissions = Yes inherit acls = Yes logon script = 123.msc logon drive = H: logon home = logon path = logon script = login.bat domain logons = Yes domain master = Yes os level = 65 preferred master = Yes wins support = yes null passwords = no hide unreadable = yes hide dot files = yes passdb backend = ldapsam:ldap://127.0.0.1/ ldap ssl = no ldap admin dn = cn=admin,dc=mcs,dc=cz ldap suffix = dc=mcs,dc=cz ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Idmap add user script = smbldap-useradd -m '%u' #ldap delete dn = Yes delete user script = smbldap-userdel '%u' add machine script = smbldap-useradd -t 0 -w '%u' #add machine script = smbldap-useradd -w '%u' add group script = smbldap-groupadd -p '%g' #delete group script = smbldap-groupdel '%g' add user to group script = smbldap-groupmod -m '%u' '%g' delete user from group script = smbldap-groupmod -x '%u' '%g' set primary group script = smbldap-usermod -g '%g' '%u' # printers configuration printer admin = @"Print Operators" load printers = Yes create mask = 0640 directory mask = 0750 #force create mode = 0640 #force directory mode = 0750 nt acl support = No printing = cups printcap name = cups deadtime = 10 guest account = nobody map to guest = Bad User dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd show add printer wizard = yes ; to maintain capital letters in shortcuts in any of the profile folders: preserve case = yes short preserve case = yes case sensitive = no client ntlmv2 auth = yes client use spnego principal = no send spnego principal = no max protocol = smb2 [netlogon] path = /home/samba/netlogon/ browseable = No read only = yes [profiles] path = /home/samba/profiles read only = no create mask = 0600 directory mask = 0700 browseable = No guest ok = Yes profile acls = yes nt acl support = yes csc policy = disable # next line is a great way to secure the profiles #force user = %U # next line allows administrator to access all profiles #valid users = %U "Domain Admins" [printers] comment = Network Printers printer admin = @"Print Operators" guest ok = yes printable = yes path = /home/samba/spool/ browseable = No read only = Yes printable = Yes print command = /usr/bin/lpr -P%p -r %s lpq command = /usr/bin/lpq -P%p lprm command = /usr/bin/lprm -P%p %j # print command = /usr/bin/lpr -U%U@%M -P%p -r %s # lpq command = /usr/bin/lpq -U%U@%M -P%p # lprm command = /usr/bin/lprm -U%U@%M -P%p %j # lppause command = /usr/sbin/lpc -U%U@%M hold %p %j # lpresume command = /usr/sbin/lpc -U%U@%M release %p %j # queuepause command = /usr/sbin/lpc -U%U@%M stop %p # queueresume command = /usr/sbin/lpc -U%U@%M start %p nt acl support = yes [print$] path = /home/samba/printers guest ok = Yes browseable = Yes read only = No # valid users = @"Print Operators" # write list = @"Print Operators" create mask = 0664 directory mask = 0775 nt acl support = yes [homes] comment = Home Directories browseable = yes writable = yes [shared] path = /home/samba/shared guest ok = No browseable = Yes read only = no create mask = 0664 directory mask = 0775 nt acl support = Yes