Cybergod
18.04.03, 12:26
Ich hab mich vor einer Woche mal an Linux getraut und wollte jetzt in meinem Lan Samba als PDC/Fileserver haben. Dazu meine smb.conf hier mit der Bitte um KRITIK und/oder VERBESSERUNGSVORSCHLÄGE! Als BS hab ich Gentoo laufen. Danke im voraus.
[global]
netbios name = Kerberos
# netbios aliases = <virtuelle-servernamen>
server string = Samba %v
workgroup = mein-lan.lan
guest ok = no
writeable = no
public = no
browseable = no
auto services = user1 user2 user3 user4
default service = Public
; announce as = Win95
; announce version = 4.3
; browse list = no
; unix realname = yes
encrypt passwords = yes
smb passwd file = /etc/samba/private/smbpasswd
security = user
# username map = /etc/samba/usermap.txt
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*success fully*
domain master = yes
domain logons = yes
password server = Kerberos
os level = 65
local master = yes
preferred master = yes
; remote announce = <ip-des-subnets>/<Klasse>
; remote browse sync = <ip-des-anderen-NT/Samba-browsers>
wins support = yes
name resolve order = wins lmhosts bcast
; dns proxy = yes
; wins server = <ip-des-wins-servers>
; wins proxy = no
hosts allow = localhost 192.168.0.
; hosts deny = <ip-range-here>
interfaces = 192.168.0.254/24
bind interfaces only = yes
client code page = 850
character set = ISO8859-1
# PERFORMANCE
mangle case = no
case sensitive = no
default case = lower
short preserve case = yes
preserve case = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
oplocks = yes
deadtime = 15
# LOGON
logon script = %U.bat
logon path = \\%L\Profiles\%U
logon home = \\Kerberos\%U
# NUR FUER PROGRAMMIERER:
; socket address = <ip-here>
# DEBUG LOGGING INFORMATION
# log file = <dein-pfad-zur-eigenen-log-datei>
log file = /var/log/samba/log.%m
log level = 2
max log size = 100
debug timestamp = no
#WAS DIESE EINTRÄGE BEWIRKEN HAB ICH IRGENDWIE NOCH NICHT RAUSGEFUNDEN:
# password Level allows matching of _n_ characters
password level = 8
; username level = 8
# Options for using winbind. Winbind allows you to do all account and
# authentication from a Windows or samba domain controller, creating
# accounts on the fly, and maintaining a mapping of Windows RIDs to unix uid's
# and gid's. winbind uid and winbind gid are the only required parameters.
# winbind uid is the range of uid's winbind can use when mapping RIDs to uid's
winbind uid = 10000-20000
# winbind gid is the range of uid's winbind can use when mapping RIDs to gid's
winbind gid = 10000-20000
# winbind separator is the character a user must use between their domain
# name and username, defaults to "\"
winbind separator = _
# template homedir determines the home directory for winbind users, with
# %D expanding to their domain name and %U expanding to their username:
template homedir = /home/%D/%U
# template shell determines the shell users authenticated by winbind get
template shell = /bin/bash
# Where to store roaming profiles for Win9x. Be careful with this as it also
# impacts where Win2k finds it's /HOME share
; logon home = \\%L\%U\.profile
add user script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine Account' -s /bin/false -M %u
#add user script = /usr/sbin/useradd -s /bin/false %u
add user script = /usr/sbin/useradd -d /home/%u -g 100 -s / bin/false -M %u
domain admin group = root dirk @wheel
domain guest group = nobody @guest
# File Naming Options:
# Case Preservation can be handy - system default is _no_
# NOTE: These can be set on a per share basis
preserve case = no
short preserve case = no
# Die Standard Shares
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
writeable = no
browseable = no
public = no
[profiles]
path = /var/lib/samba/profiles
create mode = 0600
directory mode = 700
writeable = yes
browseable = no
[homes]
comment = Home Directories
browseable = no
writeable = yes
[global]
netbios name = Kerberos
# netbios aliases = <virtuelle-servernamen>
server string = Samba %v
workgroup = mein-lan.lan
guest ok = no
writeable = no
public = no
browseable = no
auto services = user1 user2 user3 user4
default service = Public
; announce as = Win95
; announce version = 4.3
; browse list = no
; unix realname = yes
encrypt passwords = yes
smb passwd file = /etc/samba/private/smbpasswd
security = user
# username map = /etc/samba/usermap.txt
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*success fully*
domain master = yes
domain logons = yes
password server = Kerberos
os level = 65
local master = yes
preferred master = yes
; remote announce = <ip-des-subnets>/<Klasse>
; remote browse sync = <ip-des-anderen-NT/Samba-browsers>
wins support = yes
name resolve order = wins lmhosts bcast
; dns proxy = yes
; wins server = <ip-des-wins-servers>
; wins proxy = no
hosts allow = localhost 192.168.0.
; hosts deny = <ip-range-here>
interfaces = 192.168.0.254/24
bind interfaces only = yes
client code page = 850
character set = ISO8859-1
# PERFORMANCE
mangle case = no
case sensitive = no
default case = lower
short preserve case = yes
preserve case = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
oplocks = yes
deadtime = 15
# LOGON
logon script = %U.bat
logon path = \\%L\Profiles\%U
logon home = \\Kerberos\%U
# NUR FUER PROGRAMMIERER:
; socket address = <ip-here>
# DEBUG LOGGING INFORMATION
# log file = <dein-pfad-zur-eigenen-log-datei>
log file = /var/log/samba/log.%m
log level = 2
max log size = 100
debug timestamp = no
#WAS DIESE EINTRÄGE BEWIRKEN HAB ICH IRGENDWIE NOCH NICHT RAUSGEFUNDEN:
# password Level allows matching of _n_ characters
password level = 8
; username level = 8
# Options for using winbind. Winbind allows you to do all account and
# authentication from a Windows or samba domain controller, creating
# accounts on the fly, and maintaining a mapping of Windows RIDs to unix uid's
# and gid's. winbind uid and winbind gid are the only required parameters.
# winbind uid is the range of uid's winbind can use when mapping RIDs to uid's
winbind uid = 10000-20000
# winbind gid is the range of uid's winbind can use when mapping RIDs to gid's
winbind gid = 10000-20000
# winbind separator is the character a user must use between their domain
# name and username, defaults to "\"
winbind separator = _
# template homedir determines the home directory for winbind users, with
# %D expanding to their domain name and %U expanding to their username:
template homedir = /home/%D/%U
# template shell determines the shell users authenticated by winbind get
template shell = /bin/bash
# Where to store roaming profiles for Win9x. Be careful with this as it also
# impacts where Win2k finds it's /HOME share
; logon home = \\%L\%U\.profile
add user script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine Account' -s /bin/false -M %u
#add user script = /usr/sbin/useradd -s /bin/false %u
add user script = /usr/sbin/useradd -d /home/%u -g 100 -s / bin/false -M %u
domain admin group = root dirk @wheel
domain guest group = nobody @guest
# File Naming Options:
# Case Preservation can be handy - system default is _no_
# NOTE: These can be set on a per share basis
preserve case = no
short preserve case = no
# Die Standard Shares
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
writeable = no
browseable = no
public = no
[profiles]
path = /var/lib/samba/profiles
create mode = 0600
directory mode = 700
writeable = yes
browseable = no
[homes]
comment = Home Directories
browseable = no
writeable = yes