I'm looking for a good starting point for a smb.conf for an AD member file server, serving Windows/Mac clients. I don't see anything on the Wiki, and a good sane starting place would be good. ? (Probably use RID, I think it makes the most sense. No substantial *nix machines/users in the mix.) ? Louis, Rowland?? :) ?
On 12/13/21 17:59, Gregory Sloop via samba wrote:> > > I'm looking for a good starting point for a smb.conf for an AD member file server, serving Windows/Mac clients. > I don't see anything on the Wiki, and a good sane starting place would be good. > > (Probably use RID, I think it makes the most sense. No substantial *nix machines/users in the mix.) >This is a pretty basic smb.conf that uses RID and extended ACL support: [global] workgroup = EA security = ADS realm = EA.LINUXCS.COM winbind refresh tickets = yes vfs objects = acl_xattr map acl inherit = yes store dos attributes = yes dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab winbind use default domain = yes # (Remove the following after testing) # winbind enum users = yes # winbind enum groups = yes idmap config * : backend = tdb idmap config * : range = 3000-9999 idmap config EA : backend = rid idmap config EA : range = 10000-999999 # Printing is disabled load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes # User templates template homedir = /home/%U template shell = /bin/bash username map = /etc/samba/user.map #======================= Share Definitions ====================== [home] comment = Home Directories path = /data/home guest ok = no browseable = no writeable = yes create mask = 2750 directory mask = 2750 follow symlinks = yes [share] comment = Share Directory path = /data/share guest ok = no browseable = yes writeable = yes create mask = 2770 directory mask = 2770 # force group = ea-staff # This can slow down large directory listings # hide unreadable = yes # inherit permissions = yes follow symlinks = yes