# server. The printer admins (or root) may install drivers onto samba.
# Note that this feature uses the print$ share, so you will need to
# enable it below.
-# This parameter works like domain admin group:
# printer admin = @<group> <user>
; printer admin = @adm
# This should work well for winbind:
# enable pam password change
; pam password change = yes
; passwd program = /usr/bin/passwd %u
-; passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n
+; passwd chat = *New*UNIX*password* %n\n *Re*ype*new*UNIX*password* %n\n \
;*passwd:*all*authentication*tokens*updated*successfully*
# Unix users can map to different SMB User names
# Samba now has runtime-configurable password database backends. Multiple
# passdb backends may be used, but users will only be added to the first one
# Default:
-; passdb backend = smbpasswd unixsam
-# TDB backen with fallback to smbpasswd and unixsam
-; passdb backend = tdbsam_nua smbpasswd unixsam
-# LDAP with fallback to smbpasswd unixsam
+; passdb backend = smbpasswd guest
+# TDB backen with fallback to smbpasswd and guest
+; passdb backend = tdbsam smbpasswd guest
+# LDAP with fallback to smbpasswd guest
# Enable SSL by using an ldaps url, or enable tls with 'ldap ssl' below.
-; passdb backend = ldapsam_nua:ldaps://ldap.mydomain.com smbpasswd unixsam
+; passdb backend = ldapsam:ldaps://ldap.mydomain.com smbpasswd guest
+# Use the samba2 LDAP schema:
+; passdb backend = ldapsam_compat:ldaps://ldap.mydomain.com smbpasswd guest
-# Non-unix account range:
+# idmap uid account range:
# This is a range of unix user-id's that samba will map non-unix RIDs to,
-# such as machine accounts, when using a _nua passdb backend
- non unix account range = 10000-20000
+# such as when using Winbind
+; idmap uid = 10000-20000
+; idmap gid = 10000-20000
# LDAP configuration for Domain Controlling:
# The account (dn) that samba uses to access the LDAP server
; ldap port = 389
; ldap suffix = dc=mydomain,dc=com
; ldap server = ldap.mydomain.com
+# Seperate suffixes are available for machines, users, groups, and idmap, if
+# ldap suffix appears first, it is appended to the specific suffix.
+# Example for a unix-ish directory layout:
+; ldap machine suffix = ou=Hosts
+; ldap user suffix = ou=People
+; ldap group suffix = ou=Group
+; ldap idmap suffix = ou=Idmap
+# Example for AD-ish layout:
+; ldap machine suffix = cn=Computers
+; ldap user suffix = cn=Users
+; ldap group suffix = cn=Groups
+; ldap idmap suffix = cn=Idmap
# 7. Name Resolution Options:
# all users will have write access to it. See
# examples/VFS/recycle/REAME in samba-doc for details
; vfs object = /usr/lib/samba/vfs/recycle.so
-; vfs options= /etc/samba/recycle.conf
# Un-comment the following and create the netlogon directory for Domain Logons
; [netlogon]
git.samba.org / ira / wip.git / blobdiff