1
|
# Global parameters
|
2
|
[global]
|
3
|
realm = %%ad_realm.upper()
|
4
|
workgroup = %%ad_domain.upper()
|
5
|
netbios name = %%nom_machine.upper()
|
6
|
|
7
|
# disable netbios legacy protocol, only port 445 !
|
8
|
#disable netbios = yes
|
9
|
smb ports = 445
|
10
|
|
11
|
vfs objects = acl_xattr
|
12
|
map acl inherit = Yes
|
13
|
store dos attributes = Yes
|
14
|
|
15
|
%if %%ad_server_role == 'controleur de domaine'
|
16
|
server role = active directory domain controller
|
17
|
#server services = +smb
|
18
|
# server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate, dns, smb
|
19
|
# dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver, winreg, srvsvc
|
20
|
# allow dns updates = signed
|
21
|
dns forwarder = %%adresse_ip_dns[0]
|
22
|
idmap_ldb:use rfc2307 = yes
|
23
|
winbind separator = /
|
24
|
|
25
|
# active TLS (pour LDAPS et la maj des mot de passe !
|
26
|
tls enabled = yes
|
27
|
tls keyfile = /var/lib/samba/private/tls/key.pem
|
28
|
tls certfile = /var/lib/samba/private/tls/cert.pem
|
29
|
tls cafile = /var/lib/samba/private/tls/ca.pem
|
30
|
|
31
|
[netlogon]
|
32
|
comment = Network Logon Service
|
33
|
path = /var/lib/samba/sysvol/%%ad_realm/scripts
|
34
|
read only = No
|
35
|
guest ok = yes
|
36
|
|
37
|
[sysvol]
|
38
|
comment = Sysvol Service
|
39
|
path = /var/lib/samba/sysvol
|
40
|
read only = No
|
41
|
guest ok = yes
|
42
|
|
43
|
[profiles]
|
44
|
comment = Profiles
|
45
|
path = /var/lib/samba/profiles
|
46
|
read only = No
|
47
|
|
48
|
%elif %%ad_server_role == 'membre'
|
49
|
# pas de server role !
|
50
|
security = ADS
|
51
|
#dedicated keytab file = /etc/krb5.keytab
|
52
|
#kerberos method = secrets and keytab
|
53
|
server services = +smb
|
54
|
|
55
|
idmap config *:backend = tdb
|
56
|
idmap config *:range = 2000-9999
|
57
|
idmap config %%ad_domain.upper():backend = ad
|
58
|
idmap config %%ad_domain.upper():schema_mode = rfc2307
|
59
|
idmap config %%ad_domain.upper():range = 10000-99999
|
60
|
|
61
|
winbind nss info = rfc2307
|
62
|
winbind trusted domains only = no
|
63
|
winbind use default domain = yes
|
64
|
winbind enum users = yes
|
65
|
winbind enum groups = yes
|
66
|
winbind refresh tickets = Yes
|
67
|
|
68
|
%end if
|
69
|
|
70
|
%if %%activer_ad_share == 'oui'
|
71
|
[home]
|
72
|
path = %%ad_home_share_path
|
73
|
readonly = No
|
74
|
%else
|
75
|
# le home est obligatoire sur un DC pour le compte 'admin' !
|
76
|
[home]
|
77
|
path = /home/%u
|
78
|
readonly = No
|
79
|
%end if
|