#
# http://www.unav.es/cti/ldap-smb/ldap-smb-3-howto.html
#
#
# 26-Jul-06 amo Extract sample samba conf
#
#
#
------ snip ------
#       CTI, Universidad de Navarra
#       Ignacio Coupeau 001011.01;
#
[global]
#  LDAPsam updates (abartlet):
#    - Now runtime selectable (when configured)
#    - ldap user suffix and ldap group suffix support.
#    - non unix account support
#    - select with 'passdb backend = ldapsam' or 'passdb backend = ldapsam_nua'
#    - from smb.conf(5)
#       o   ldapsam - The LDAP based passdb backend.
#           Takes an LDAP URL as an optional argument (defaults to ldap://localhost)
#           Example: passdb backend = ldapsam:ldaps://ldap.example.com
#
#       o   ldapsam_nua - The LDAP based passdb backend, with non unix account support.
#           Takes an LDAP URL as an optional argument (defaults to ldap://localhost)
#               Example: passdb backend = ldapsam_nua:ldaps://ldap.example.com
#
#       o   and the nua mapping for ldapsam_nua:
#               Default: non unix account range = <empty string>
#               Example: non unix account range = 10000-20000
#
# ldap filter = (&(uid=%u)(objectclass=sambaAccount))

# passdb backend = ldapsam_compat requires --with-ldapsam configure AND uses 2.x samba schema
# passdb backend = ldapsam do not requires --with-ldapsam configure AND uses 3.x samba schema
#
passdb backend = ldapsam_compat:ldap://arcos.cti.unav.es/
ldap suffix = o=smb,dc=unav,dc=es
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap admin dn = "cn=root,o=smb,dc=unav,dc=es"
#      
#       the ldap admin dn password is stored in secrets.tdb
#       and is set using "smbpasswd -w passphrase".  It is no
#       longer stored in the smb.conf file.
#
#       start tls by default
#ldap ssl = No
#ldap ssl = Yes
ldap ssl = start tls

#  comes with 3.0.2
#  ldap replication sleep = 1000
#  value specified in milliseconds: is a grace time for read after update the master ldap
#  take care: don't check that the update form master to slave are performed.

# smbpasswd -x delete the entire dn-entry
ldap delete dn = no

workgroup = CTI-SMB-3
netbios name = arcos
comment = Linux RedHat Samba Server
security = user
null passwords = Yes
encrypt passwords = yes

logon drive = U:
logon path = \\%N\profiles\%g

domain master = yes
domain logons = yes
preferred master = yes
os level = 255

# we have other wins server (samba, of course)
#wins support = yes
wins support = no
wins proxy = no
wins server = 159.237.12.25

log file = /usr/local/etc2/samba_2_2/logs
public = No
browseable = No
writable = No

; necessary share for domain controller
[netlogon]
path = /usr/local/etc2/samba_2_2/netlogon
locking = no
read only = yes
write list = ntadmin

; share for storing user profiles
[profiles]
path = /usr/local/etc2/samba2_2/profiles
read only = no
writeable = yes
create mask = 0600
directory mask = 0700

--------- eof -----------
#
# End of file