62 lines
1.4 KiB
Plaintext
62 lines
1.4 KiB
Plaintext
[global]
|
|
security = ADS
|
|
kerberos method = secrets and keytab
|
|
realm = ${REALM}
|
|
workgroup = ${WORKGROUP}
|
|
netbios name = ${NETBIOS_NAME}
|
|
|
|
idmap config * : backend = tdb
|
|
idmap config * : range = 3000-7999
|
|
|
|
idmap config ${WORKGROUP} : backend = rid
|
|
idmap config ${WORKGROUP} : range = 10000-999999
|
|
|
|
winbind use default domain = yes
|
|
winbind enum users = yes
|
|
winbind enum groups = yes
|
|
|
|
vfs objects = acl_xattr
|
|
map acl inherit = yes
|
|
store dos attributes = yes
|
|
|
|
server min protocol = SMB2
|
|
client min protocol = SMB2
|
|
|
|
access based share enum = yes
|
|
|
|
dedicated keytab file = /var/lib/samba/private/krb5.keytab
|
|
kerberos encryption types = all
|
|
|
|
load printers = no
|
|
printcap name = /dev/null
|
|
disable spoolss = yes
|
|
|
|
log file = /var/log/samba/log.%m
|
|
max log size = 10000
|
|
logging = file
|
|
|
|
include = /etc/samba/generated/shares.conf
|
|
|
|
[Private]
|
|
path = /data/private
|
|
read only = no
|
|
browseable = yes
|
|
guest ok = no
|
|
valid users = @"${DOMAIN_USERS_GROUP}"
|
|
admin users = @"${DOMAIN_ADMINS_GROUP}"
|
|
hide unreadable = yes
|
|
access based share enum = yes
|
|
ea support = yes
|
|
|
|
[Public]
|
|
path = /data/public
|
|
read only = no
|
|
browseable = yes
|
|
guest ok = no
|
|
valid users = @"${PUBLIC_GROUP}"
|
|
force group = "${PUBLIC_GROUP}"
|
|
create mask = 0660
|
|
directory mask = 2770
|
|
inherit permissions = yes
|
|
access based share enum = yes
|