Created
January 16, 2019 23:54
-
-
Save livelace/38d5a260ac893989d0d1d1b139fe8545 to your computer and use it in GitHub Desktop.
Sample of Samba configuration for Windows ACL support.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[global] | |
workgroup = EXAMPLE | |
server string = "data exchange" | |
# Active Directroy authentication settings | |
security = ADS | |
realm = EXAMPLE.COM | |
password server = dc1.example.com, dc2.example.com * | |
# Map Active Directory users to these ranges of UID/GID. | |
idmap uid = 10000-20000 | |
idmap gid = 10000-20000 | |
winbind separator = / | |
winbind enum users = yes | |
winbind enum groups = yes | |
winbind cache time = 600 | |
# Allow Guest access | |
auth methods = winbind guest | |
usershare allow guests = yes | |
map to guest = Bad Password | |
# Windows security permissions (with inheritance), xattr must be enabled for underlying filesystems | |
inherit acls = yes | |
inherit permissions = yes | |
map acl inherit = yes | |
nt acl support = yes | |
# Other settings | |
hide files = lost+found | |
load printers = no | |
max protocol = SMB2 | |
log file = /var/log/samba/%U.log | |
max log size = 50 | |
[exchange] | |
# VFS modules: | |
# acl_xattr - Windows permissions | |
# full_audit - Audit of file operations on the share | |
# recycle - "Recycle" for users' deleted files | |
vfs objects = acl_xattr full_audit recycle | |
path = /share/samba/exchange/data | |
valid users = "@EXAMPLE/администраторы домена", "@EXAMPLE/пользователи домена" | |
writeable = yes | |
browseable = yes | |
hide files = /Thumbs.db/ | |
# Audit settings | |
full_audit:success = open opendir closedir rename pread pwrite rmdir unlink | |
full_audit:failure = open opendir closedir rename pread pwrite rmdir unlink | |
full_audit:facility = LOCAL5 | |
full_audit:priority = NOTICE | |
# Recycle settings | |
recycle:repository = /share/samba/exchange/recycle/%U | |
recycle:keeptree = yes | |
recycle:versions = yes | |
recycle:touch = yes | |
recycle:maxsize = 104857600 | |
[recycle] | |
# Dedicated access to deleted files for Administrators | |
path = /share/samba/exchange/recycle | |
valid users = "@EXAMPLE/администраторы домена" | |
writeable = yes | |
browseable = yes |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment