[global] # Script pour créer automatiquement les comptes machines lors de la jonction au domaine NT add machine script = /usr/local/bin/addworkstation.sh "%u" # Désactive les profiles itinérants logon path = # Nom du domaine NT workgroup = __DOMAIN__ # nom et description de ce serveur sur le réseau netbios name = __NETBIOS__ server string = %h server (Samba, Ubuntu) # Contrôleur de domaine domain master = yes preferred master = yes local master = yes domain logons = yes security = user encrypt passwords = true # On active la résolution wins wins support = yes dns proxy = no # Log level pour debuguer pendant la mise en place # Cette directove peut être supprimée une fois que tout est fonctionnel log level = 2 # COnfiguration des journaux log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 # En cas de crash, on envoi un core dump à l'admin panic action = /usr/share/samba/panic-action %d # Backend LDAP passdb backend = ldapsam:ldap://localhost ldap admin dn = uid=samba,ou=DSA,,dc=firewall-services,dc=com ldap suffix = dc=firewall-services,dc=com ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers,ou=systems ldap idmap suffix = ou=Users ldap delete dn = no ldap passwd sync = yes ldap ssl = off obey pam restrictions = yes # Pas de synchro des mot de passes UNIX, tout est dans LDAP unix password sync = no pam password change = no # Pas de compte invité map to guest = bad user # Optimisations SOCKET socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # Support des ACL nt acl support = yes inherit acls = yes map acl inherit = yes map archive = no map hidden = no map read only = no map system = no store dos attributes = yes inherit permissions = yes [homes] comment = Répertoire Personnel browseable = no guest ok = no read only = no writable = yes printable = no create mode = 0660 force create mode = 0660 directory mode = 0770 force directory mode = 0770 path = /home/__DOMAIN__/%S root preexec = /usr/local/bin/mkhomedir.sh %U [printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes guest ok = no read only = yes create mask = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = yes writable = yes browseable = no [files] comment = Partage de fichiers path = /home/files guest ok = no read only = no writeable = yes admin users = @"__DOMAIN__\admins"