Distribution EOLE » Modules » EOLE AD DC

# Global parameters

[global]

  realm = SAVOIE-COLLEGES.FR

  workgroup = SAVOIE-COLLEGES

  netbios name = DC-SETH-1

  # disable netbios legacy protocol, only port 445 !

  disable netbios = yes

  smb ports = 445

  # protection contre 'rpcclient -U "" -c enumdomusers <ip>'

  restrict anonymous = 2

  # déactivation des partages utilsiateurs

  usershare max shares = 0

  map acl inherit = Yes

  winbind separator = /

  # pas de ligne 'vfs objects = dfs_samba4 acl_xattr' sur un DC

  # pas de ligne 'store dos attributes = Yes' sur un DC

  server role = active directory domain controller

  server services = -dns

  # active TLS (pour LDAPS et la maj des mot de passe !

  tls enabled = yes

  tls keyfile = /var/lib/samba/private/tls/private/addc.key

  tls certfile = /var/lib/samba/private/tls/certs/addc.crt

  tls cafile =

  #password hash userPassword schemes = CryptSHA256 CryptSHA512

  log level = 0

  include = /etc/samba/conf.d/full_audit.global

  vfs objects = acl_xattr dfs_samba4

  # Tunning options for winbind (cf #31929)

  winbind max clients = 400

  winbind request timeout = 30

  winbind refresh tickets = Yes

[netlogon]

  comment = Network Logon Service

  path = /home/sysvol/savoie-colleges.fr/scripts

  read only = No

  guest ok = yes

  vfs objects = dfs_samba4 acl_xattr

[sysvol]

  comment = Sysvol Service

  path = /home/sysvol

  read only = No

  guest ok = yes

  vfs objects = dfs_samba4 acl_xattr

include = /etc/samba/conf.d/full_audit.conf