[global] workgroup = AD netbios name = ysmserver netbios aliases = sambatest server string = Samba Server %v # Clustering clustering = yes idmap config * : backend = tdb2 idmap config * : range = 1000000-2000000 private dir = /export/etc/samba/private # AD configuration realm = CHANGED-TO-SOMETHING-FOR-POST security = ADS encrypt passwords = yes #client use spnego = yes client use spnego = no kerberos method = secrets only #kerberos method = dedicated keytab #dedicated keytab file = /export/etc/samba/sambakrb5.keytab # Eliminates machine account error messages in logs #map to guest = bad uid # Had to disable the map to guest entry because when it is # on, it stops allowing the users in the West coast to log # in since it maps their accounts to the bad uid as well preferred master = no domain master = no local master = no #invalid users = root @wheel bind interfaces only = yes interfaces = 127.0.0.1 10.0.0.1 hosts allow = 10.0.0. 127.0.0. 10.0.10. 10.0.2. #hosts allow = 127.0.0. 10.0.0.126 10.0.0.103 10.0.0.109 hosts deny = 0.0.0.0 log level = 1 log file = /export/var/log/samba/clients/log.%m max log size = 102400 ################################# ### Perfomance tunning ########## # socket options socket options = TCP_NODELAY #socket options = TCP_NODELAY SO_RCVBUF=131072 SO_SNDBUF=131072 strict allocate = yes read raw = Yes write raw = Yes client max protocol = SMB3 ################################# # Samba 4 ACL allow execute acl allow execute always = true # Locking options lock directory = /export/etc/samba/locks strict locking = no #strict locking = auto # Disable oplocks since they create problems with excel files oplocks = no level2 oplocks = no # Printing options load printers = no # Hide Desktop.ini files hide files = /DESKTOP.INI/Desktop.ini/desktop.ini/$RECYCLE.BIN/AppData/ # Protect from Security Vulnerability # Very restrictive, disables all Simlynks outside of a share # wide links = no # Better solution dont descend = /boot,/dev,/devices,/etc,/hosts,/kernel,/lib,/lost+found,/mnt,/nsr,/opt,/proc,/root,/sbin,/system,/usr,/var,/vol,/xfn #logon path = \\ysmservernew\%U\.winprofile [homes] comment = %U Home Directories path = /home/%U browseable = no guest ok = no writable = yes #store dos attributes = yes profile acls = yes create mask = 0600 directory mask = 0700 hide files = /desktop.ini/Desktop.ini/ valid users = %U hide files = /DESKTOP.INI/Desktop.ini/desktop.ini/$RECYCLE.BIN/AppData/ #veto files = desktop.ini kernel share modes = No vfs objects = glusterfs glusterfs:loglevel = 7 glusterfs:logfile = /var/log/samba/glusterfs-homes.log glusterfs:volume = export [Marketing] path = /marketing browseable = yes write list = @Staff guest ok = no create mask = 660 directory mask = 770 kernel share modes = No vfs objects = glusterfs glusterfs:loglevel = 7 glusterfs:logfile = /var/log/samba/glusterfs-marketing.log glusterfs:volume = export [Projects] path = /projects browseable = yes write list = @Staff,root,@Admin,@Managers writeable = yes guest ok = no create mask = 660 directory mask = 770 kernel share modes = No vfs objects = glusterfs glusterfs:loglevel = 7 glusterfs:logfile = /var/log/samba/glusterfs-projects.log glusterfs:volume = export [netlogon] comment = Network Logon Service path = /etc/samba/netlogon guest ok = no writable = no read only = yes write list = root [Admin] path = /admin browseable = yes write list = root,@Admin guest ok = no create mask = 660 directory mask = 770 kernel share modes = No vfs objects = glusterfs glusterfs:loglevel = 7 glusterfs:logfile = /var/log/samba/glusterfs-admin.log glusterfs:volume = export [DBbackups] path = /dbbackups browseable = no write list = dbbackup guest ok = no create mask = 600 directory mask = 700 kernel share modes = No vfs objects = glusterfs glusterfs:loglevel = 7 glusterfs:logfile = /var/log/samba/glusterfs-dbbackups.log glusterfs:volume = export [Models] path = /models browseable = yes write list = root,@Staff,@Contractors guest ok = no create mask = 660 directory mask = 770 kernel share modes = No vfs objects = glusterfs glusterfs:loglevel = 7 glusterfs:logfile = /var/log/samba/glusterfs-models.log glusterfs:volume = export [Misc] path = /misc browseable = yes write list = root,@Admin guest ok = no create mask = 660 directory mask = 770 kernel share modes = No vfs objects = glusterfs glusterfs:loglevel = 7 glusterfs:logfile = /var/log/samba/glusterfs-misc.log glusterfs:volume = export [Photos] path = /photos browseable = yes write list = root,@Staff guest ok = yes create mask = 664 directory mask = 775 kernel share modes = No vfs objects = glusterfs glusterfs:loglevel = 7 glusterfs:logfile = /var/log/samba/glusterfs-photos.log glusterfs:volume = export [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes [Software] comment = All Printers path = /software browseable = yes guest ok = yes write list = minime,root,dijuremo kernel share modes = No vfs objects = glusterfs glusterfs:loglevel = 7 glusterfs:logfile = /var/log/samba/glusterfs-software.log glusterfs:volume = export [Revit] path = /revit browseable = yes write list = root guest ok = yes create mask = 664 directory mask = 775 kernel share modes = No vfs objects = glusterfs glusterfs:loglevel = 7 glusterfs:logfile = /var/log/samba/glusterfs-revit.log glusterfs:volume = export [Diegostart] path = /diegostart browseable = yes writeable = no #guest ok = yes create mask = 664 directory mask = 775 kernel share modes = No vfs objects = glusterfs glusterfs:loglevel = 7 glusterfs:logfile = /var/log/samba/glusterfs-diegostart.log glusterfs:volume = export [winsetup] path = /diegostart/winsetup #path = /export/diegostart/winsetup browseable = yes writeable = yes #guest ok = yes create mask = 664 directory mask = 775 kernel share modes = No vfs objects = glusterfs glusterfs:loglevel = 7 glusterfs:logfile = /var/log/samba/glusterfs-winsetup.log glusterfs:volume = export [scanner] path = /scanner browseable = yes create mask = 660 directory mask = 770 write list = scanner,@Staff kernel share modes = No vfs objects = glusterfs glusterfs:loglevel = 7 glusterfs:logfile = /var/log/samba/glusterfs-scanner.log glusterfs:volume = export