#
# Copyright (c) 1999-2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
# All rights reserved.
#
# /etc/samba/smb.conf is the main Samba configuration file.  See the manual
# page of smb.conf and the included documentation in
# /usr/share/doc/packages/samba in order to understand the options listed here
# and many more features.
#
# Lines in this file which starts with ; and # are ignored by Samba while
# parsing it.  Therefor both signs mark a comment, but here we use a # to
# indicate a real comment and ; for a deactivated option.  To activate such a
# feature just remove the leading semicolon.
#
# We suggest to use the command 'testparm' after any changes you made.
#
# Please submit bugfixes or comments via http://www.suse.de/feedback/
#

[global]

#	panic action = export DISPLAY=localhost:0; /usr/bin/X11/xterm -e gdb /proc/%d/exe %d || /bin/sleep

# default:
;	smb ports = 139 445 

# to disable netbios also disable nmbd!
;	disable netbios = Yes

#	utmp = Yes
	workgroup = WORKGROUP

# choose your passdb backend
# options: smbpasswd, tdbsam, ldapsam, plugin
# default: passdb backend = tdbsam
	passdb backend = tdbsam
#	passdb backend = ldapsam:ldap://localhost
#	passdb backend = ldapsam:ldaps://localhost
#	passdb backend = smbpasswd
#	passdb backend = plugin:/path/to/plugin.so:pluging args
#	algorithmic rid base = 100000

# sample for the new pdb_msql-backend
#	passdb backend = [other-plugins] plugin:/location/to/pdb_mysql.so:identifier [other-plugins]
#	identifier:mysql host                     - host name, defaults to 'localhost'
#	identifier:mysql password
#	identifier:mysql user                     - defaults to 'samba'
#	identifier:mysql database                 - defaults to 'samba'
#	identifier:mysql port                     - defaults to 3306
#	identifier:table                          - Name of the table containing users


# save lookup time...
;	username level = 0

#	debuglevel = 3 tdb:10 printdriver:10 lanman:10 smb:10 rpc_parse:10 rpc_srv:10 rpc_cli:10 passdb:10 sam:10 auth:10 winbind:10 vfs:10
#	debuglevel = 10
;	time server = Yes

# Please uncomment the following entry and replace the IP address and
# netmask with the values of your network interface configuration.
;	interfaces = 127.0.0.1 192.0.2.0/24 eth0
# By this limit also NMB name servie to the listed interfaces above.  Before
# activating this, read carefully the 'bind interfaces only' section of the
# smb.conf man page.
;	bind interfaces only = true

# This enables MS Distributed File System. 
;	host msdfs = Yes

# CUPS is the current default printing system.
	printing = cups
	printcap name = cups
# Rescan for new or obsolet printers after every 12 & 1/2 minutes.
	printcap cache time = 750
# Send all print jobs with option 'raw' to CUPS.  This disables any filter on
# the CUPS level.  You only need such a filter if the output generated on the
# Microsoft side (e.g. from a generic PostScript driver) must be transformed
# to a format (e.g. PCL or vendor specific) supported by the attached printer.
	cups options = raw
# If you don't want all your printers automatically shared to Samba clients,
# set load printers to no and create extra individual printer shares manually.
;	load printers = No
# This tells Samba to use the file smbusers for user mapping.  It's disabled
# as a root = Administrator results in files owned by root and not
# Administrator as it was intended.
;	username map = /etc/samba/smbusers

# Guest handling
	map to guest = Bad User
;	restrict anonymous = 0

# Is this a WINS server?
;	wins support = Yes
# If you want Samba to use an existing WINS server, please uncomment the
# following line and replace the IP address with the one of your WINS server.
;	wins server = 192.0.2.13
;	include = /etc/samba/dhcp.conf

# Is this a BDC?
;	local master = Yes 
;	domain master = No
;	domain logons = Yes
;	security = user

# Is this a PDC?
;	local master = Yes 
;	domain master = Yes
;	domain logons = Yes
;	security = user

# Is this a domain member?
;	local master = No 
;	domain master = No
;	domain logons = No
;	security = ads
;	security = domain


# Generic logon script? (passdb).  See also the netlogon example share.
;	logon script = test.bat

# Where to store NT user profiles? (passdb)
	logon path = \\%L\profiles\.msprofile
# Where to store 9x/ ME roaming  profiles
	logon home = \\%L\%U\.9xprofile

# Where is a user's home directory and where should it be mounted ? (passdb)
	logon drive = P:

# how to handle local file-caching (offline mode)
# csc policy (one of manual (manual), documents, programs, disable)
;	csc policy = manual

# This allows machine-account-creation on-the-fly.
# You need to create a root samba-user (never ever with the unix root pwd !!!)
# root has to be domain admin. and you need a group "machines"
;              add user script = ldapsmb -a -u "%u"
;           delete user script = ldapsmb -d -u "%u"
;           add machine script = ldapsmb -a -w "%u"
;             add group script = ldapsmb -a -g "%g"
;          delete group script = ldapsmb -d -g "%g"
;     add user to group script = ldapsmb -j -u "%u" -g "%g"
;delete user from group script = ldapsmb -j -u "%u" -g "%g"
;     set primary group script = ldapsmb -m -u "%u" -gid "%g"

#########################################################################

;	add share command = /var/lib/samba/scripts/modify_samba_config.pl 
;	delete share command = /var/lib/samba/scripts/modify_samba_config.pl
;	add printer command = 
;	deleteprinter command = 

;	shutdown script = ldapsmb --shutdown="%m %t %r %f"
;	abort shutdown script = ldapsmb --abortshutdown

# Syncs passwords from windows to unix. mind the local pwd limits (length 5-8)
;	passwd chat debug = Yes
;	unix password sync = True
;	passwd program = /usr/bin/passwd %u
;	passwd chat = *password* %n\n *password* %n\n *changed*

# --- winbind --- 
# Don't forget to prepare your /etc/nsswitch.conf and your /etc/pam.d files
# this will only work if you have joined your NT-domain
;	winbind separator = +
;	winbind use default domain = Yes
;	winbind cache time = 600
;	template shell = /bin/bash
;	template homedir = /home/%U
;	idmap uid = 10000-20000
;	idmap gid = 10000-20000
;	idmap backend = ldap:ldap://localhost
;	winbind enum groups = Yes
;	winbind enum users = Yes
#	security = domain
#	security = ads
# Where do we get our user information from?
;	password server = win2ksrv

# --- ldapsam --- 
# add rootpw to secrets.tdb with "smbpasswd -w secret"
;	ldap admin dn 		= cn=Administrator,dc=example,dc=net
;	ldap suffix		= dc=example,dc=net
;	ldap machine suffix 	= ou=Computers
;	ldap group suffix 	= ou=Group
;	ldap idmap suffix 	= ou=Idmap
;	ldap user suffix 	= ou=People
;  ldap tls/ssl (yes, no (default), start_tls)
;	ldap ssl = Yes
;	ldap passwd sync 	= Yes

# --- Active Directory integration ---
;	realm = MY.REALM.DE
;	security = ads

# --- net usershare ---
;	usershare max shares = 40
	usershare allow guests = Yes


[homes]
	comment = Home Directories
	valid users = %S, %D%w%S
	browseable = No
	read only = No
	inherit acls = Yes

# Setup an extra share for the profiles to add extra attributes.
[profiles]
	comment = Network Profiles Service
	path = %H
	read only = No
# Take care to mount the user homes with the option user_xattr.
	store dos attributes = Yes
	create mask = 0600
	directory mask = 0700

# Used as directory for batch or command files of the logon script parameter.
;[netlogon]
;	comment = User netlogon scripts
;	path = /var/lib/samba/netlogon
;	browseable = No

# A share to export all user directories; appropriate permissions required.
[users]
	comment = All users
	path = /home
	read only = No
	inherit acls = Yes
# Exclude a groups and other shares
	veto files = /aquota.user/groups/shares/

# Create all directories for groups below /home/groups and export this
# directries as one share
[groups]
	comment = All groups
	path = /home/groups
	read only = No
	inherit acls = Yes

# A simple PostScript to PDF converter provided to SMB clients
# This doesn't work if 'printing = cups' as it is our default.
;[pdf]
;	comment = PDF creator
;	path = /var/tmp
;	printable = Yes
;	print command = /usr/bin/smbprngenpdf -J '%J' -c %c -s %s -u '%u' -z %z
;	create mask = 0600

# The following share gives all users access to the Server's CD drive,
# assuming it is mounted under /media/cdrom.
;[cdrom]
;	comment = Linux CD-ROM
;	path = /media/cdrom
;	locking = No
# With the next two lines you could automatically mount or umount the CD if a
# connection to the share is established or closed.
;	preexec = /bin/mount /media/cdrom
;	postexec = /bin/umount /media/cdrom


[printers]
	comment = All Printers
	path = /var/tmp
# Make printers accessible without user authentication.
;	guest ok = Yes
	printable = Yes
	create mask = 0600
	browseable = No

# This share provides printer driver down- and upload in an Windows NT-style
# point-and-print way.  For more detailed information consult the Printing
# Support Section of the Samba-HOWTO-Collection.  For uploading take extra
# care to add the printer admins to the group lp.
[print$]
	comment = Printer Drivers
	path = /var/lib/samba/drivers
# Make printer drivers accessible without user authentication.
;	guest ok = Yes
	write list = @ntadmin root
	force group = ntadmin
	create mask = 0664
	directory mask = 0775