# server. The printer admins (or root) may install drivers onto samba.
# Note that this feature uses the print$ share, so you will need to
# enable it below.
-# This parameter works like domain admin group:
# printer admin = @<group> <user>
; printer admin = @adm
# This should work well for winbind:
# enable pam password change
; pam password change = yes
; passwd program = /usr/bin/passwd %u
-; passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n
+; passwd chat = *New*UNIX*password* %n\n *Re*ype*new*UNIX*password* %n\n \
;*passwd:*all*authentication*tokens*updated*successfully*
# Unix users can map to different SMB User names
# impacts where Win2k finds it's /HOME share
; logon home = \\%L\%U\.profile
+
# The add user script is used by a domain member to add local user accounts
-# that have been authenticated by the domain controller.
-# Script for domain member for adding local accounts for authenticated users:
-; add user script = /usr/sbin/useradd -s /bin/false %u
+# that have been authenticated by the domain controller, or when adding
+# users via the Windows NT Tools (ie User Manager for Domains).
+
+# Scripts for file (passwd, smbpasswd) backend:
+; add user script = /usr/sbin/useradd -s /bin/false '%u'
+; delete user script = /usr/sbin/userdel '%s'
+; add user to group script = /usr/bin/gpasswd -a '%u' '%g'
+; delete user from group script = /usr/bin/gpasswd -d '%u' '%g'
+; set primary group script = /usr/sbin/usermod -g '%g' '%u'
+; add group script = /usr/sbin/groupadd %g && getent group '%g'|awk -F: '{print $3}'
+; delete group script = /usr/sbin/groupdel '%g'
+
+# Scripts for LDAP backend (assumes nss_ldap is in use on the domain controller,
+# and needs configuration in smbldap_conf.pm
+; add user script = /usr/share/samba/scripts/smbldap-useradd.pl '%u'
+; delete user script = /usr/share/samba/scripts/smbldap-userdel.pl '%u'
+; add user to group script = /usr/share/samba/scripts/smbldap-groupmod.pl -m '%u' '%g'
+; delete user from group script = /usr/share/samba/scripts/smbldap-groupmod.pl -x '%u' '%g'
+; set primary group script = /usr/share/samba/scripts/smbldap-usermod.pl -g '%g' '%u'
+; add group script = /usr/share/samba/scripts/smbldap-groupadd.pl '%g' && /usr/share/samba/scripts/smbldap-groupshow.pl %g|awk '/^gidNumber:/ {print $2}'
+; delete group script = /usr/share/samba/scripts/smbldap-userdel.pl '%g'
+
# The add machine script is use by a samba server configured as a domain
# controller to add local machine accounts when adding machines to the domain.
# Samba now has runtime-configurable password database backends. Multiple
# passdb backends may be used, but users will only be added to the first one
# Default:
-; passdb backend = smbpasswd unixsam
-# TDB backen with fallback to smbpasswd and unixsam
-; passdb backend = tdbsam_nua smbpasswd unixsam
-# LDAP with fallback to smbpasswd unixsam
+; passdb backend = smbpasswd guest
+# TDB backen with fallback to smbpasswd and guest
+; passdb backend = tdbsam smbpasswd guest
+# LDAP with fallback to smbpasswd guest
# Enable SSL by using an ldaps url, or enable tls with 'ldap ssl' below.
-; passdb backend = ldapsam_nua:ldaps://ldap.mydomain.com smbpasswd unixsam
+; passdb backend = ldapsam:ldaps://ldap.mydomain.com smbpasswd guest
+# Use the samba2 LDAP schema:
+; passdb backend = ldapsam_compat:ldaps://ldap.mydomain.com smbpasswd guest
+
+# Idmap settings:
+# Idmap backend to use:
+; idmap backend = ldap:ldap://ldap.mydomain.com
-# Non-unix account range:
# This is a range of unix user-id's that samba will map non-unix RIDs to,
-# such as machine accounts, when using a _nua passdb backend
- non unix account range = 10000-20000
+# such as when using Winbind
+; idmap uid = 10000-20000
+; idmap gid = 10000-20000
# LDAP configuration for Domain Controlling:
# The account (dn) that samba uses to access the LDAP server
# start_tls should run on 389, but samba defaults incorrectly to 636
; ldap port = 389
; ldap suffix = dc=mydomain,dc=com
-; ldap server = ldap.mydomain.com
+# Seperate suffixes are available for machines, users, groups, and idmap, if
+# ldap suffix appears first, it is appended to the specific suffix.
+# Example for a unix-ish directory layout:
+; ldap machine suffix = ou=Hosts
+; ldap user suffix = ou=People
+; ldap group suffix = ou=Group
+; ldap idmap suffix = ou=Idmap
+# Example for AD-ish layout:
+; ldap machine suffix = cn=Computers
+; ldap user suffix = cn=Users
+; ldap group suffix = cn=Groups
+; ldap idmap suffix = cn=Idmap
# 7. Name Resolution Options:
# all users will have write access to it. See
# examples/VFS/recycle/REAME in samba-doc for details
; vfs object = /usr/lib/samba/vfs/recycle.so
-; vfs options= /etc/samba/recycle.conf
# Un-comment the following and create the netlogon directory for Domain Logons
; [netlogon]
; path = /var/lib/samba/profiles
; browseable = no
; guest ok = yes
-
+# This script can be enabled to create profile directories on the fly
+# You may want to turn off guest acces if you enable this, as it
+# hasn't been thoroughly tested.
+;root preexec = PROFILE=/var/lib/samba/profiles/%u; if [ ! -e $PROFILE ]; \
+; then mkdir -pm700 $PROFILE; chown %u.%g $PROFILE;fi
# NOTE: If you have a CUPS print system there is no need to
# specifically define each individual printer.
# You must configure the samba printers with the appropriate Windows
-# drivers on your Windows clients. On the Samba server no filtering is
+# drivers on your Windows clients or upload the printer driver to the
+# server from Windows (NT/2000/XP). On the Samba server no filtering is
# done. If you wish that the server provides the driver and the clients
# send PostScript ("Generic PostScript Printer" under Windows), you have
-# to swap the 'print command' line below with the commented one.
+# to use 'printcap name = cups' or swap the 'print command' line below
+# with the commented one. Note that print commands only work if not using
+# 'printing=cups'
[printers]
comment = All Printers
path = /var/spool/samba
# =====================================
print command = lpr-cups -P %p -o raw %s -r # using client side printer drivers.
; print command = lpr-cups -P %p %s # using cups own drivers (use generic PostScript on clients).
-# The following two commands are the samba defaults for printing=cups
-# change them only if you need different options:
-; lpq command = lpq -P %p
-; lprm command = cancel %p-%j
# This share is used for Windows NT-style point-and-print support.
# To be able to install drivers, you need to be either root, or listed
# to the directory and share definition to be able to upload the drivers.
# For more information on this, please see the Printing Support Section of
# /usr/share/doc/samba-<version>/docs/Samba-HOWTO-Collection.pdf
+#
+# A special case is using the CUPS Windows Postscript driver, which allows
+# all features available via CUPS on the client, by publishing the ppd file
+# and the cups driver by using the 'cupsaddsmb' tool. This requires the
+# installation of the CUPS driver (http://www.cups.org/windows.php)
+# on the server, but doesn't require you to use Windows at all :-).
[print$]
path = /var/lib/samba/printers
browseable = yes
- read only = yes
write list = @adm root
guest ok = yes
+ inherit permissions = yes
+ # Settings suitable for Winbind:
+ ; write list = @"Domain Admins" root
+ ; force group = +@"Domain Admins"
# A useful application of samba is to make a PDF-generation service
# To streamline this, install windows postscript drivers (preferably colour)
# on the samba server, so that clients can automatically install them.
+# Note that this only works if 'printing' is *not* set to 'cups'
[pdf-generator]
path = /var/tmp
git.samba.org / gd / samba-autobuild / .git / blobdiff