# Global parameters
[global]
  realm = SAVOIE-COLLEGES.FR
  workgroup = SAVOIE-COLLEGES
  netbios name = DC-SETH-1

  # disable netbios legacy protocol, only port 445 !
  disable netbios = yes
  smb ports = 445


  # protection contre 'rpcclient -U "" -c enumdomusers <ip>'
  restrict anonymous = 2

  # déactivation des partages utilsiateurs
  usershare max shares = 0

  map acl inherit = Yes
  winbind separator = /

  # pas de ligne 'vfs objects = dfs_samba4 acl_xattr' sur un DC
  # pas de ligne 'store dos attributes = Yes' sur un DC

  server role = active directory domain controller
  server services = -dns

  # active TLS (pour LDAPS et la maj des mot de passe !
  tls enabled = yes
  tls keyfile = /var/lib/samba/private/tls/private/addc.key
  tls certfile = /var/lib/samba/private/tls/certs/addc.crt
  tls cafile =
  #password hash userPassword schemes = CryptSHA256 CryptSHA512

  log level = 0

  include = /etc/samba/conf.d/full_audit.global

  vfs objects = acl_xattr dfs_samba4

  # Tunning options for winbind (cf #31929)
  winbind max clients = 400
  winbind request timeout = 30
  winbind refresh tickets = Yes






[netlogon]
  comment = Network Logon Service
  path = /home/sysvol/savoie-colleges.fr/scripts
  read only = No
  guest ok = yes
  vfs objects = dfs_samba4 acl_xattr

[sysvol]
  comment = Sysvol Service
  path = /home/sysvol
  read only = No
  guest ok = yes
  vfs objects = dfs_samba4 acl_xattr





include = /etc/samba/conf.d/full_audit.conf