/etc/samba/smb-debian-edu.conf is in debian-edu-config 1.702.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 | #
# Skolelinux configuration file for the samba suite
#
# Please read the smb.conf(5) manual page
#
# NOTE: Whenever you modify this file you should run the command
# "testparm" to check that you have not many any basic syntactic
# errors.
#
# Modified for use with skolelinux by Svein Magne Bang 2003/04/02
#======================= Global Settings =======================
[global]
# Do something sensible when Samba crashes: mail the admin a backtrace
; panic action = /usr/share/samba/panic-action %d
# server name
netbios name = TJENER
available = yes
# needed for samba 3.5.6 with XP (Svp3) clients...
server signing = disabled
# server signing is broken with XP (Svp3) clients
#server signing = auto
server schannel = auto
# disable IPv6 for Samba on Skolelinux systems
interfaces = 127.0.0.1 10.0.2.2
bind interfaces only = yes
# server string/NT Description field
server string = %h server (Debian Edu/Skolelinux Main Server)
# server mode
security = USER
# security setting
null passwords = no
map to guest = Bad User
guest ok = No
# server/client spnego
use spnego = yes
client use spnego = yes
# Workgroup/NT-domain name
workgroup = SKOLELINUX
# OpenLDAP configuration
# should allways be set to 'true'
encrypt passwords = true
passdb backend = ldapsam:"ldap://ldap.intern"
# divert libnss for posix users/groups lookups, rely completely on LDAP db integrity
ldapsam:trusted = yes
ldap suffix = dc=skole,dc=skolelinux,dc=no
# with GOsa, we cannot use suffices here, we have to always search starting from the BaseDN
ldap user suffix =
ldap group suffix =
ldap machine suffix =
ldap idmap suffix =
ldap admin dn = "cn=smbadmin,ou=samba,dc=skole,dc=skolelinux,dc=no"
ldap ssl = start_tls
add machine script = /etc/samba/smbaddclient.sh "%u"
### If you plan to use winbind then you could use the following entries.
### NOTE: ldapsam:editposix and winbind id allocation break Samba's interaction
### with GOsa on a standard Debian Edu main server (aka tjener).
### However, from the position of Samba developers, this mechanism is the preferred.
#ldapsam:editposix = yes
#idmap alloc config:backend = ldap
#idmap alloc config:ldap_url = ldap://ldap.intern/
#idmap alloc config:ldap_base_dn = dc=skole,dc=skolelinux,dc=no
#idmap alloc config:user_dn = cn=admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no
#idmap uid = 40000-50000
#idmap gid = 40000-50000
#idmap config SCHULE:backend = ldap
#idmap config SKOLELINUX:readonly = no
#idmap config SKOLELINUX:default = yes
#idmap config SKOLELINUX:ldap_base_dn = dc=skole,dc=skolelinux,dc=no
#idmap config SKOLELINUX:ldap_user_dn = cn=admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no
#idmap config SKOLELINUX:ldap_url = ldap://ldap.intern
#idmap config SKOLELINUX:range = 40000-50000
#winbind enum users = yes
#winbind enum groups = yes
# PAM setup
obey pam restrictions = no
# Printer settings
load printers = yes
printing = cups
printcap name = cups
printcap cache time = 750
# Network logon
logon drive = h:
logon script = debian-edu-login.bat
# store profiles in the users' HOME shares
logon path = \\TJENER\%U\.ntprofile
# in case we have win9x clients around (very bad nowadays!)
logon home = \\TJENER\%U\.win9xprofile
# Logfiles
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 10
loglevel = 0
# Networking options
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_KEEPALIVE
keepalive = 600
dead time = 15
# Browser Control Options / PDC setup
local master = yes
domain logons = yes
domain master = yes
preferred master = yes
lanman auth = yes
ntlm auth = yes
os level = 127
name resolve order = bcast host lmhosts wins
# WINS Support
wins support = yes
# DNS proxy for NetBIOS
dns proxy = yes
# Add NT clients
###
### NTFS ACL handling
###
# WARNING: for full and correct NTFS ACL handling, it is required that the underlying
# filesystem has acl and xattr capability. For ext3 you have to specify extra mount
# options (acl, user_xattr). If you use xfs as unterlying filesystem, then both features
# will be available by default. Please, also refer to: man 8 mount
#acl map full control = true
#acl group control = yes
#map acl inherit = yes
#inherit acls = yes
map read only = Permissions
dos filemode = no
max xmit = 65535
nt acl support = yes
invalid users = root
# case mangling
case sensitive = no
preserve case = yes
short preserve case = yes
# mapping of file attributes
map system = no
map archive = no
map hidden = no
getwd cache = yes
read raw = yes
write raw = yes
# make sure samba password changes reach NT+LM hashes, userPassword and Kerberos
pam password change = yes
unix password sync = no
# no offline cache of shares
csc policy = disable
# CLSID protection and protection against Nimba Worm
veto files = /*.scr/*.scf/*.sct/*.pif/*.exe/*.bas/*.bat/*.com/*.ade/*.adp/*.asp/*.asx/*.chm/*.cmd/*.dll/*.vbs/*.eml/*.nws/riched20.dll/*.{*}/
delete veto files = yes
# hide desktop.ini files + lost&found folders
hide files = /desktop.ini/Desktop.ini/lost+found/
hide special files = yes
hide dot files = yes
hide unreadable = yes
# by default we do not allow access from LTSP thin client networks to the Samba services.
hosts allow = 10.0.0.0/8 localhost
hosts deny = ALL
#======================= Share Definitions =======================
[homes]
invalid users = root Administrator
comment = Home directories
browseable = no
writable = yes
# provide read access to homes and their content
#create mask = 0644
#directory mask = 2755
# or rather keep them private (recommended)
create mask = 0600
directory mask = 0700
# if using a filesystem with ACL support, instead of create mask and directory mask
# you can use these options
#inherit owner = yes
#inherit acls = yes
nt acl support = yes
veto files = /*.scr/*.sct/*.pif/*.exe/*.bas/*.bat/*.com/*.ade/*.adp/*.asp/*.asx/*.chm/*.cmd/*.dll/*.vbs/*.eml/*.nws/riched20.dll/*.{*}/
[netlogon]
invalid users = root Administrator
comment = Network Logon Service
path = /etc/samba/netlogon
guest ok = yes
writable = no
# allowing .cmd, .bat, .exe, .com, .vbs on netlogon share
veto files = /*.scr/*.scf/*.sct/*.pif/*.bas/*.ade/*.adp/*.asp/*.asx/*.chm/*.dll/*.eml/*.nws/riched20.dll/*.{*}/
[printers]
invalid users = root Administrator
comment = All Printers
browseable = no
path = /tmp
printable = yes
public = no
writable = no
create mode = 0700
###
### Shared filespace
###
# Make sure you have this line in /etc/fstab for this share (options: acl, user_xattr)
# /dev/mapper/skole+tjener+shared /skole/tjener/shared ext3 defaults,acl,user_xattr 0 2
#
#[shared-teachers]
# invalid users = Administrator root
# comment = Shared Folders
# path = /skole/tjener/shared/teachers
# guest ok = no
# writable = yes
# acl map full control = true
# acl group control = yes
# map acl inherit = yes
# inherit acls = yes
# valid users = @teachers
#[shared-students]
# invalid users = Administrator root
# comment = Shared Folders
# path = /skole/tjener/shared/students
# guest ok = no
# writable = yes
# acl map full control = true
# acl group control = yes
# map acl inherit = yes
# inherit acls = yes
# valid users = @teachers @students
|