66 lines
1.4 KiB
Plaintext
66 lines
1.4 KiB
Plaintext
|
[global]
|
||
|
# update or die
|
||
|
server min protocol = SMB3
|
||
|
smb ports = 445
|
||
|
use sendfile = yes
|
||
|
winbind max domain connections = 10
|
||
|
|
||
|
# disable attack vectors
|
||
|
load printers = no
|
||
|
disable spoolss = yes
|
||
|
disable netbios = yes
|
||
|
|
||
|
# auto-create home directories with pam_mkhomedir
|
||
|
obey pam restrictions = yes
|
||
|
|
||
|
template homedir = /home/%U@%D
|
||
|
template shell = /bin/bash
|
||
|
|
||
|
# domain settings
|
||
|
security = ads
|
||
|
kerberos method = secrets and keytab
|
||
|
realm = {{ domain | upper }}
|
||
|
workgroup = {{ domain | split('.') | first | upper }}
|
||
|
|
||
|
idmap config * : backend = sss
|
||
|
idmap config * : range = 200000-2147483647
|
||
|
|
||
|
[homes]
|
||
|
comment = home directory
|
||
|
valid users = %S "@domain admins@{{ domain }}"
|
||
|
admin users = "@domain admins@{{ domain }}"
|
||
|
browseable = no
|
||
|
read only = no
|
||
|
create mask = 0700
|
||
|
directory mask = 0700
|
||
|
vfs objects = acl_xattr
|
||
|
map acl inherit = yes
|
||
|
inherit acls = yes
|
||
|
inherit permissions = yes
|
||
|
|
||
|
# TODO parametrize this somehow
|
||
|
#[profiles]
|
||
|
#comment = Users profiles
|
||
|
#path = /home/profiles
|
||
|
#read only = no
|
||
|
#browsable = yes
|
||
|
#create mask = 0600
|
||
|
#directory mask = 0700
|
||
|
#vfs objects = acl_xattr
|
||
|
#map acl inherit = yes
|
||
|
##inherit acls = yes # default on for acl_xattr
|
||
|
## inherit permissions = yes
|
||
|
#
|
||
|
#[ucilnice_d]
|
||
|
#comment = Users profiles
|
||
|
#path = /home/ucilnice_d
|
||
|
#read only = no
|
||
|
#guest ok = yes
|
||
|
#browsable = yes
|
||
|
#create mask = 0600
|
||
|
#directory mask = 0700
|
||
|
#vfs objects = acl_xattr
|
||
|
#map acl inherit = yes
|
||
|
##inherit acls = yes # default on for acl_xattr
|
||
|
## inherit permissions = yes
|