This file is indexed.

/etc/samba/smb-debian-edu.conf is in debian-edu-config 1.702.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
#
# Skolelinux configuration file for the samba suite
#
# Please read the smb.conf(5) manual page
#
# NOTE: Whenever you modify this file you should run the command
# "testparm" to check that you have not many any basic syntactic
# errors.
#

# Modified for use with skolelinux by Svein Magne Bang 2003/04/02

#======================= Global Settings =======================

[global]

# Do something sensible when Samba crashes: mail the admin a backtrace
;   panic action = /usr/share/samba/panic-action %d

# server name
   netbios name = TJENER
   available = yes
   # needed for samba 3.5.6 with XP (Svp3) clients...
   server signing = disabled 
   # server signing is broken with XP (Svp3) clients
   #server signing = auto
   server schannel = auto 

# disable IPv6 for Samba on Skolelinux systems
   interfaces = 127.0.0.1 10.0.2.2
   bind interfaces only = yes

# server string/NT Description field
   server string = %h server (Debian Edu/Skolelinux Main Server)

# server mode

   security = USER

# security setting
   null passwords = no
   map to guest = Bad User
   guest ok = No

# server/client spnego
   use spnego = yes
   client use spnego = yes

# Workgroup/NT-domain name

   workgroup = SKOLELINUX

# OpenLDAP configuration

   # should allways be set to 'true'
   encrypt passwords = true

   passdb backend = ldapsam:"ldap://ldap.intern"
   # divert libnss for posix users/groups lookups, rely completely on LDAP db integrity
   ldapsam:trusted = yes

   ldap suffix = dc=skole,dc=skolelinux,dc=no
   # with GOsa, we cannot use suffices here, we have to always search starting from the BaseDN
   ldap user suffix =
   ldap group suffix = 
   ldap machine suffix =
   ldap idmap suffix = 
   ldap admin dn = "cn=smbadmin,ou=samba,dc=skole,dc=skolelinux,dc=no"
   ldap ssl = start_tls

   add machine script = /etc/samba/smbaddclient.sh "%u"

   ### If you plan to use winbind then you could use the following entries.
   ### NOTE: ldapsam:editposix and winbind id allocation break Samba's interaction
   ### with GOsa on a standard Debian Edu main server (aka tjener).
   ### However, from the position of Samba developers, this mechanism is the preferred.

   #ldapsam:editposix = yes
   #idmap alloc config:backend = ldap
   #idmap alloc config:ldap_url = ldap://ldap.intern/
   #idmap alloc config:ldap_base_dn = dc=skole,dc=skolelinux,dc=no
   #idmap alloc config:user_dn = cn=admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no
   #idmap uid = 40000-50000
   #idmap gid = 40000-50000
   #idmap config SCHULE:backend = ldap
   #idmap config SKOLELINUX:readonly = no
   #idmap config SKOLELINUX:default = yes
   #idmap config SKOLELINUX:ldap_base_dn = dc=skole,dc=skolelinux,dc=no
   #idmap config SKOLELINUX:ldap_user_dn = cn=admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no
   #idmap config SKOLELINUX:ldap_url = ldap://ldap.intern
   #idmap config SKOLELINUX:range = 40000-50000
   #winbind enum users = yes
   #winbind enum groups = yes 

# PAM setup
   obey pam restrictions = no 

# Printer settings

   load printers = yes
   printing = cups
   printcap name = cups
   printcap cache time = 750

# Network logon

   logon drive = h:
   logon script = debian-edu-login.bat

   # store profiles in the users' HOME shares
   logon path = \\TJENER\%U\.ntprofile
   # in case we have win9x clients around (very bad nowadays!)
   logon home = \\TJENER\%U\.win9xprofile

# Logfiles

   log file = /var/log/samba/log.%m
   max log size = 1000
   syslog = 10 
   loglevel = 0

# Networking options

   socket options = IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_KEEPALIVE
   keepalive = 600
   dead time = 15

# Browser Control Options / PDC setup

   local master = yes
   domain logons = yes
   domain master = yes
   preferred master = yes

   lanman auth = yes
   ntlm auth = yes

   os level = 127 

   name resolve order = bcast host lmhosts wins

# WINS Support

   wins support = yes

# DNS proxy for NetBIOS

   dns proxy = yes

# Add NT clients

   ###
   ### NTFS ACL handling
   ###

   # WARNING: for full and correct NTFS ACL handling, it is required that the underlying
   # filesystem has acl and xattr capability. For ext3 you have to specify extra mount
   # options (acl, user_xattr). If you use xfs as unterlying filesystem, then both features
   # will be available by default. Please, also refer to: man 8 mount

   #acl map full control = true
   #acl group control = yes
   #map acl inherit = yes
   #inherit acls = yes
   map read only = Permissions
   dos filemode = no
   max xmit = 65535
   nt acl support = yes
   invalid users = root

   # case mangling
   case sensitive = no
   preserve case = yes
   short preserve case = yes

   # mapping of file attributes
   map system = no
   map archive = no
   map hidden = no

   getwd cache = yes
   read raw = yes
   write raw = yes

   # make sure samba password changes reach NT+LM hashes, userPassword and Kerberos 
   pam password change = yes
   unix password sync = no

   # no offline cache of shares
   csc policy = disable

   # CLSID protection and protection against Nimba Worm
   veto files = /*.scr/*.scf/*.sct/*.pif/*.exe/*.bas/*.bat/*.com/*.ade/*.adp/*.asp/*.asx/*.chm/*.cmd/*.dll/*.vbs/*.eml/*.nws/riched20.dll/*.{*}/
   delete veto files = yes

   # hide desktop.ini files + lost&found folders
   hide files = /desktop.ini/Desktop.ini/lost+found/
   hide special files = yes
   hide dot files = yes
   hide unreadable = yes

   # by default we do not allow access from LTSP thin client networks to the Samba services.
   hosts allow = 10.0.0.0/8 localhost
   hosts deny = ALL

#======================= Share Definitions =======================

[homes]
   invalid users = root Administrator
   comment = Home directories
   browseable = no
   writable = yes

   # provide read access to homes and their content
   #create mask = 0644
   #directory mask = 2755

   # or rather keep them private (recommended)
   create mask = 0600
   directory mask = 0700

   # if using a filesystem with ACL support, instead of create mask and directory mask
   # you can use these options
   #inherit owner = yes
   #inherit acls = yes

   nt acl support = yes
   veto files = /*.scr/*.sct/*.pif/*.exe/*.bas/*.bat/*.com/*.ade/*.adp/*.asp/*.asx/*.chm/*.cmd/*.dll/*.vbs/*.eml/*.nws/riched20.dll/*.{*}/

[netlogon]
   invalid users = root Administrator
   comment = Network Logon Service
   path = /etc/samba/netlogon
   guest ok = yes
   writable = no
   # allowing .cmd, .bat, .exe, .com, .vbs on netlogon share
   veto files = /*.scr/*.scf/*.sct/*.pif/*.bas/*.ade/*.adp/*.asp/*.asx/*.chm/*.dll/*.eml/*.nws/riched20.dll/*.{*}/

[printers] 
   invalid users = root Administrator
   comment = All Printers
   browseable = no
   path = /tmp
   printable = yes
   public = no
   writable = no
   create mode = 0700

###
### Shared filespace
###

# Make sure you have this line in /etc/fstab for this share (options: acl, user_xattr)
# /dev/mapper/skole+tjener+shared /skole/tjener/shared ext3 defaults,acl,user_xattr 0 2
#

#[shared-teachers]
#   invalid users = Administrator root
#   comment = Shared Folders
#   path = /skole/tjener/shared/teachers
#   guest ok = no
#   writable = yes
#   acl map full control = true
#   acl group control = yes
#   map acl inherit = yes
#   inherit acls = yes
#   valid users = @teachers

#[shared-students]
#   invalid users = Administrator root
#   comment = Shared Folders
#   path = /skole/tjener/shared/students
#   guest ok = no
#   writable = yes
#   acl map full control = true
#   acl group control = yes
#   map acl inherit = yes
#   inherit acls = yes
#   valid users = @teachers @students