# Global parameters [global] netbios name = FOO realm = FOO.BAR.DE # server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate server services = -dns kerberos method = secrets and keytab tls enabled = yes tls keyfile = tls/key.pem tls certfile = tls/cert.pem tls cafile = tls/ca.pem workgroup = MYWG server role = active directory domain controller # idmap_ldb:use rfc2307 = yes # idmap config MYWG:backend = ad # idmap config MYWG:schema_mode = rfc2307 # idmap config MYWG:range = 10000-999999 idmap config MYWG:unix_nss_info = yes unix password sync = yes passwd program = /bin/passwd %u interfaces = lo eth0 eth2 eth3 bind interfaces only = yes #dns proxy = no #name resolve order = host bcast wins winbind offline logon = yes winbind refresh tickets = yes # Disable printing error log messages when CUPS is not installed. printcap name = /etc/printcap load printers = no time server = yes log level = 1 logfile = /var/log/samba/machines/%U_%m.log add machine script = /usr/sbin/pdbedit -a %m -m max disk size = 2500000 #vfs objects = acl_xattr #vfs objects = dfs_samba4 acl_xattr recycle vfs objects = dfs_samba4 acl_xattr map acl inherit = yes store dos attributes = yes client min protocol = SMB3 # smb2 max credits = 65536 # client based level 10 log # create link with ip adress extension to activate # include = /etc/samba/debugclient-%I [netlogon] path = /home/samba/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No [home] comment = %U path= /home/user/ read only = no force create mode = 0600 force directory mode = 0700 [%U_Trash] # /home muss für other next traversierbar sein! comment = Papierkorb von %U path = /home/user/%U/.Trash browseable = Yes valid users = %U read only = No [share_1to15]