[Samba] Samba3 + smbldap-tools & smbpasswd
Dan Slatford
dan.samba at foxhosts.co.uk
Thu Sep 16 10:15:15 GMT 2004
On Thu, 2004-09-16 at 00:10, rruegner wrote:
> have you set
> time server = yes
> you should post yor whole smb.conf
I should :)
[global]
netbios name = TESTDOM-PDC
workgroup = TESTDOM
server string = TESTDOM Domain Controller
wins support = yes
time server = yes
dns proxy = no
name resolve order = lmhosts host wins bcast
interfaces = 10.10.10.99
domain master = yes
domain logons = yes
preferred master = yes
local master = yes
os level = 64
log file = /var/log/samba/log.%m
max log size = 1000
syslog only = no
syslog = 0
panic action = /usr/share/samba/panic-action %d
security = user
encrypt passwords = true
passdb backend = ldapsam:ldap://localhost
obey pam restrictions = yes
guest account = nobody
invalid users = root
load printers = yes
printing = cups
printcap name = cups
printer admin = @ntadmin
preserve case = yes
short preserve case = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
ldap suffix = dc=testdom,dc=com
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
# ldap admin dn = cn=samba,ou=DSA,dc=testdom,dc=com
ldap admin dn = cn=Manager,dc=testdom,dc=com
ldap ssl = no
ldap delete dn = no
ldap passwd sync = Yes
ldap ssl = start tls
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
delete user script = /usr/local/sbin/smbldap-userdel "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/local/sbin/smbldap-groupdel "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u"
"%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x
"%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g "%g"
"%u"
[homes]
comment = Home Directories
browseable = no
writable = yes
create mask = 0600
directory mask = 0700
[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
guest ok = no
writable = yes
browsable = no
share modes = no
[profiles]
comment = User Profiles
path = /home/samba/profiles
read only = no
create mode = 0600
directory mode = 0700
browseable = no
guest ok = Yes
profile acls = Yes
csc policy = disable
# next line is a great way to secure the profiles
force user = %U
# next line allows administrator to access all profiles
valid users = %U @"Domain Admins"
; this stops w2k fucking up it's logon
veto oplock files = /prf*.tmp/
[printers]
comment = All Printers
browseable = yes
path = /tmp
printable = yes
public = no
writable = no
create mode = 0700
--
Dan
More information about the samba
mailing list