smb.conf
1 |
|
---|---|
2 |
# Global parameters |
3 |
[global] |
4 |
realm = SAVOIE-COLLEGES.FR |
5 |
workgroup = SAVOIE-COLLEGES |
6 |
netbios name = DC-SETH-1 |
7 |
|
8 |
# disable netbios legacy protocol, only port 445 ! |
9 |
disable netbios = yes |
10 |
smb ports = 445 |
11 |
|
12 |
|
13 |
# protection contre 'rpcclient -U "" -c enumdomusers <ip>' |
14 |
restrict anonymous = 2 |
15 |
|
16 |
# déactivation des partages utilsiateurs |
17 |
usershare max shares = 0 |
18 |
|
19 |
map acl inherit = Yes |
20 |
winbind separator = / |
21 |
|
22 |
# pas de ligne 'vfs objects = dfs_samba4 acl_xattr' sur un DC |
23 |
# pas de ligne 'store dos attributes = Yes' sur un DC |
24 |
|
25 |
server role = active directory domain controller |
26 |
server services = -dns |
27 |
|
28 |
# active TLS (pour LDAPS et la maj des mot de passe ! |
29 |
tls enabled = yes |
30 |
tls keyfile = /var/lib/samba/private/tls/private/addc.key |
31 |
tls certfile = /var/lib/samba/private/tls/certs/addc.crt |
32 |
tls cafile = |
33 |
#password hash userPassword schemes = CryptSHA256 CryptSHA512 |
34 |
|
35 |
log level = 0 |
36 |
|
37 |
include = /etc/samba/conf.d/full_audit.global |
38 |
|
39 |
vfs objects = acl_xattr dfs_samba4 |
40 |
|
41 |
# Tunning options for winbind (cf #31929) |
42 |
winbind max clients = 400 |
43 |
winbind request timeout = 30 |
44 |
winbind refresh tickets = Yes |
45 |
|
46 |
|
47 |
|
48 |
|
49 |
|
50 |
|
51 |
[netlogon] |
52 |
comment = Network Logon Service |
53 |
path = /home/sysvol/savoie-colleges.fr/scripts |
54 |
read only = No |
55 |
guest ok = yes |
56 |
vfs objects = dfs_samba4 acl_xattr |
57 |
|
58 |
[sysvol] |
59 |
comment = Sysvol Service |
60 |
path = /home/sysvol |
61 |
read only = No |
62 |
guest ok = yes |
63 |
vfs objects = dfs_samba4 acl_xattr |
64 |
|
65 |
|
66 |
|
67 |
|
68 |
|
69 |
include = /etc/samba/conf.d/full_audit.conf |