Skip to content

Instantly share code, notes, and snippets.

@turkerali

turkerali/samba.conf

Forked from livelace/samba.conf
Created August 27, 2023 08:33
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save turkerali/c26ee6530634968ab2545e2f1067702c to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save turkerali/c26ee6530634968ab2545e2f1067702c to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. Oleg Popov created this gist Jan 16, 2019.
    70 changes: 70 additions & 0 deletions samba.conf
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,70 @@
    [global]
    workgroup = EXAMPLE
    server string = "data exchange"

    # Active Directroy authentication settings
    security = ADS
    realm = EXAMPLE.COM
    password server = dc1.example.com, dc2.example.com *

    # Map Active Directory users to these ranges of UID/GID.
    idmap uid = 10000-20000
    idmap gid = 10000-20000

    winbind separator = /
    winbind enum users = yes
    winbind enum groups = yes
    winbind cache time = 600

    # Allow Guest access
    auth methods = winbind guest
    usershare allow guests = yes
    map to guest = Bad Password

    # Windows security permissions (with inheritance), xattr must be enabled for underlying filesystems
    inherit acls = yes
    inherit permissions = yes
    map acl inherit = yes
    nt acl support = yes

    # Other settings
    hide files = lost+found
    load printers = no
    max protocol = SMB2

    log file = /var/log/samba/%U.log
    max log size = 50

    [exchange]
    # VFS modules:
    # acl_xattr - Windows permissions
    # full_audit - Audit of file operations on the share
    # recycle - "Recycle" for users' deleted files
    vfs objects = acl_xattr full_audit recycle

    path = /share/samba/exchange/data
    valid users = "@EXAMPLE/администраторы домена", "@EXAMPLE/пользователи домена"
    writeable = yes
    browseable = yes

    hide files = /Thumbs.db/

    # Audit settings
    full_audit:success = open opendir closedir rename pread pwrite rmdir unlink
    full_audit:failure = open opendir closedir rename pread pwrite rmdir unlink
    full_audit:facility = LOCAL5
    full_audit:priority = NOTICE

    # Recycle settings
    recycle:repository = /share/samba/exchange/recycle/%U
    recycle:keeptree = yes
    recycle:versions = yes
    recycle:touch = yes
    recycle:maxsize = 104857600

    [recycle]
    # Dedicated access to deleted files for Administrators
    path = /share/samba/exchange/recycle
    valid users = "@EXAMPLE/администраторы домена"
    writeable = yes
    browseable = yes