[Global]
# Gestion du backend
;passdb backend = tdbsam:/usr/local/samba/lib/passdb.tdb
passdb backend = ldapsam:ldap://localhost
ldap admin dn = "cn=manager,dc=samba,dc=linagora,dc=com"
ldap ssl = off
ldap delete dn = no
ldap user suffix = ou=Users
ldap machine suffix = ou=Machines
ldap group suffix = ou=Groups
ldap suffix = dc=samba,dc=linagora,dc=com

# Si utilisation de Winbind
;idmap backend = ldap:ldap://localhost
;winbind separator = +
;idmap uid = 10000-20000
;idmap gid = 10000-20000
;winbind enum users = yes
;winbind enum groups = yes
# Homes basés sur le domaine et le nom de l'utilisateur
;template homedir = /dev/null
;template shell = /bin/false

# Identification sur le réseau
workgroup = Linagora
netbios name = SambaPDC
netbios aliases = NTSERVER PDC
server string = Samba server

# Netbios
name resolve order = lmhosts host wins bcast
# Serveur WINS actif
wins support = yes
# Désactiver netbios
;disable netbios = yes

# Action a effectuer en cas de crash smbd ou nmbd
;panic action = echo \"Panic : process %d\" >> /tmp/log

# Sécurité
encrypt passwords = yes
null passwords = no
# Authentification via la base de comptes locale (LDAP)
security = user

# Browsing et rôle
os level = 65
# Activer le contrôle de domaine
domain logons = yes
domain master = yes
local master = yes
preferred master = yes

# Utilisé notamment lors du net vampire
# Avec les ldapscripts (cf. http://contribs.martymac.com)
add machine script = /usr/local/bin/ldapaddmachine '%u' sambamachines
add user script = /usr/local/bin/ldapadduser '%u' sambausers
add group script = /usr/local/bin/ldapaddgroup '%g'
add user to group script = /usr/local/bin/ldapaddusertogroup '%u' '%g'
delete user script = /usr/local/bin/ldapdeleteuser '%u'
delete group script = /usr/local/bin/ldapdeletegroup '%g'
delete user from group script = /usr/local/bin/ldapdeleteuserfromgroup '%u' '%g'
set primary group script = /usr/local/bin/ldapsetprimarygroup '%u' '%g'
rename user script = /usr/local/bin/ldaprenameuser '%uold' '%unew'

# Avec les smbldap-tools
;add machine script = /usr/local/sbin/smbldap-useradd -g sambamachines -w -c "Samba Machine" -d /dev/null -s /bin/false '%u'
;add user script = /usr/local/sbin/smbldap-useradd -g sambausers -c "Samba User" -d /dev/null -s /bin/false '%u'
;add group script = /usr/local/sbin/smbldap-groupadd '%g' 
;add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
;delete user script = /usr/local/sbin/smbldap-userdel "%u"
;delete group script = /usr/local/sbin/smbldap-groupdel "%g"
;delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
;set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"

# Pour des comptes locaux
; add machine script = /usr/sbin/useradd -g sambamachines -c Machine -d /dev/null -s /bin/false '%u'
; add user script = /usr/sbin/useradd -g sambausers -c Utilisateur -d /dev/null -s /bin/false '%u'
; add group script = /usr/sbin/groupadd '%g'
; add user to group script = /usr/bin/gpasswd -a '%u' '%g'
; delete user script = /usr/sbin/userdel -r '%u'
; delete group script = /usr/sbin/groupdel '%g'
; delete user from group script = /usr/bin/gpasswd -d '%u' '%g'
; set primary group script = /usr/sbin/usermod -g '%g' '%u'

# Paramètres par défaut pour un utilisateur
logon drive = u:
logon home = \\SambaPDC\%U
logon path = \\SambaPDC\profiles\%U
logon script = %U.cmd

# Gestion des logs
log file = /var/log/samba/%m.log
log level = 2
max log size = 1000

# Serveur de temps (net time \\serveur /set /y)
time server = yes

# Options Réseau
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
;hosts allow = 192.168.0. EXCEPT 192.168.0.35
;hosts deny = ALL
;interfaces = 192.168.0.1 127.0.0.1
;bind interfaces only = yes

# Charsets
;Dos charset = 850
;Unix charset = ISO8859-1
# Gestion des noms de fichiers
preserve case = yes
short preserve case = yes
case sensitive = no

# Support des Acls
;nt acl support = yes
# Configuration auto de la gestion des acls en fonction du type de client
;acl compatibility = auto

# Gestion des profils pour 2000/XP
;profile acls = yes

# Interdire l'accès a certains fichiers
veto files = /lost+found/.recycle/

# Interdit oplocks (cache local) sur certains types de fichiers
;veto oplock files = /*.mdb/*.doc/*.xls/*.ppt/

# Impression
printing = cups
printcap name = cups
load printers = yes
show add printer wizard = yes

# Partages homes, a mapper via \\serveur\utilisateur
[homes]
path = /data/samba/home/%u
comment = Repertoire Homes
valid users = %S
guest ok = no
writeable = yes
create mode = 0700
directory mode = 2700
browseable = no
# Corbeille
vfs objects = recycle
recycle:versions = true
# Suivi des connexions
;preexec = echo \"%u se connecte a %S depuis %m (%I)\" >> /tmp/log

# Partage commun
[commun]
path = /data/samba/commun
comment = Partage Commun
writeable = yes
browseable = yes
guest ok = no
valid users = @sambausers
create mode = 774
directory mode = 2774
# Heritage des permissions ou acls
;inherit permissions = yes
;inherit acls = yes

# Partage d'imprimantes
# Configurées en "raw" sous CUPS
# Drivers installés sur chaque client
[printers]
comment = Partage d'imprimantes
path = /data/spool
printable = yes
browseable = yes
guest ok = no
valid users = @sambausers

# Ce partage contient les drivers des imprimantes
[print$]
comment = Drivers d'imprimantes
path = /data/samba/drivers
browseable = no
guest ok = no
writeable = no
write list = root

# Un partage tmp accessible a tous
;[tmp]
;path = /tmp
;guest ok = yes
;writeable = yes
;browseable = yes