[global]
# netbios name
netbios name = office01
# server string is the equivalent of the NT Description field
server string = Samba Server office01
# realm = Kerberos realm
realm = OKGROUP
# workgroup = NT-Domain-Name or Workgroup-Name
workgroup = OKGROUP
# Security mode.
security = ADS
# Use password server option only with security = server
password server = *
# Password encryption
encrypt passwords = true
# This option is important for security. It allows you to restrict
# connections to machines which are on your local network.
hosts allow = 0 127.
hosts deny = 0.0.0.0/0.0.0.0
# Uncomment this if you want a guest account, you must add this to /etc/passwd
# otherwise the user \"nobody\" is used
guest account = nobody
# this tells Samba to use a separate log file for each machine
# that connects
; log file = /var/log/samba/%m.log;
log file = /var/log/samba/samba.log
# The following are needed to allow password changing from Windows to
# update the Linux system password also.
# noTE: Use these with 'encrypt passwords' and 'smb passwd file' above.
# noTE2: You do noT need these to allow workstations to change only
# the encrypted SMB passwords. They allow the Unix password
# to be kept in sync with the SMB password.
; unix password sync = yes
; passwd program = /usr/bin/passwd %u
; passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
# Unix users can map to different SMB User names
username map = /etc/samba/user.map
# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
; include = /etc/samba/smb.conf.%m
# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details
socket options = TCP_noDELAY SO_RCVBUF=8192 SO_SNDBUF=8192
# All NetBIOS names must be resolved to IP Addresses
# 'Name Resolve Order' allows the named resolution mechanism to be specified
# the default order is \"host lmhosts wins bcast\". \"host\" means use the unix
# system gethostbyname() function call that will use either /etc/hosts OR
# DNS or NIS depending on the settings of /etc/host.config, /etc/nsswitch.conf
# and the /etc/resolv.conf file. \"host\" therefore is system configuration
# dependant. This parameter is most often of use to prevent DNS lookups
# in order to resolve NetBIOS names to IP Addresses. Use with care!
# The example below excludes use of name resolution for machines that are noT
# on the local network segment
# - OR - are not deliberately to be known via lmhosts or via WINS.
; name resolve order = wins lmhosts bcast
# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
; wins support = yes
# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# note: Samba can be either a WINS Server, or a WINS Client, but noT both
wins server = 0
# if you want to automatically load your printer list rather
# than setting them up individually then you'll need this
printcap name = /etc/printcap
load printers = yes
# It should not be necessary to spell out the print system type unless
# yours is non-standard. Currently supported print systems include:
# bsd, sysv, plp, lprng, aix, hpux, qnx
; printing = lprng
# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The built-in default for versions 1.9.17 is yes,
# this has been changed in version 1.9.18 to no.
dns proxy = no
# PAM-related
obey pam restrictions = yes
pam password change = yes
# Winbind separator
winbind separator = /
# Winbind use default domain
# This parameter specifies whether the winbindd daemon should
# operate on users without domain component in their username.
# Users without a domain component are treated as is part of
# the winbindd server's own domain. While this does not benefit
# Windows users, it makes SSH, FTP and e-mail function in a way
# much closer to the way they would in a native unix system.
# Default: winbind use default domain = no
winbind use default domain = yes
# RID to UID map
idmap backend = rid:\"BUILTIN=1000-9999,0=10000-60000\"
; idmap domains = 0
; idmap config 0:backend = rid
; idmap config 0:range = 10000-60000
; idmap config BUILTIN:backend = rid
; idmap config BUILTIN:range = 1000-9999
# RID idmap does not work with trusted domains
allow trusted domains = no
# Domain user id range
idmap uid = 1000-40000
# Domain group id range
idmap gid = 1000-40000
# Allow enumeration of domain users and groups
winbind enum users = yes
winbind enum groups = yes
# Allow nested groups
; winbind nested groups = yes
# Winbind templates
# This parameter is designed to control how Winbind retrieves
# Name Service Information to construct a user's home directory
# and login shell. Currently the following settings are available:
# - template - The default, using the parameters of template shell
# and template homedir)
# - sfu - When Samba is running in security = ads and your Active
# Directory Domain Controller does support the Microsoft \"Services
# for Unix\" (SFU) LDAP schema, winbind can retrieve the login shell
# and the home directory attributes directly from your Directory
# Server. Note that retrieving UID and GID from your ADS-Server
# requires to use idmap backend = idmap_ad as well.
; winbind nss info = template
# When filling out the user information for a Windows NT user, the
# winbindd(

daemon uses this parameter to fill in the home
# directory for that user. If the string %D is present it is sub-
# stituted with the user’s Windows NT domain name. If the string
# %U is present it is substituted with the user’s Windows NT user
# name.
template homedir = /home/%U
# When filling out the user information for a Windows NT user, the
# winbindd(

daemon uses this parameter to fill in the login
# shell for that user.
template shell = /bin/bash
winbind refresh tickets = yes
# This option defines the default primary group for each user cre-
# ated by winbindd(

’s local account management functions (simi-
# lar to the ’add user script’).
; template primary group = \"0/Domain Users\"
; template primary group = \"Domain Users\"
# Services
default service = homes
preload = global homes printers
# Default share values
# valid users = @\"0/Domain Users\"
# admin users = \"0/Малахов\"
#==================
[homes]
comment = Home Directory
browseable = no
writable = yes
valid users = @\"0/Domain Users\"
; read only = No
; create mask = 0664
; directory mask = 0775
[users]
path = /home
comment = All Home Directories
browseable = yes
writable = yes
valid users = @\"0/Domain Users\"
admin users = \"0/Малахов\"
read list = @\"0/Domain Users\"
write list = @\"0/Domain Users\"
[data]
path = /data
comment = Data
browseable = yes
writable = yes
valid users = @\"0/Domain Users\"
admin users = \"0/Малахов\"
read list = @\"0/Domain Users\"
write list = @\"0/Domain Users\"
;[tmp]
; comment = Temporary file space
; path = /tmp
; read only = no
; public = yes
# NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
;public = yes
;to allow user 'guest account' to print