Skip to content

Instantly share code, notes, and snippets.

@livelace
Created January 16, 2019 23:54
Show Gist options
  • Save livelace/38d5a260ac893989d0d1d1b139fe8545 to your computer and use it in GitHub Desktop.
Save livelace/38d5a260ac893989d0d1d1b139fe8545 to your computer and use it in GitHub Desktop.
Sample of Samba configuration for Windows ACL support.
[global]
workgroup = EXAMPLE
server string = "data exchange"
# Active Directroy authentication settings
security = ADS
realm = EXAMPLE.COM
password server = dc1.example.com, dc2.example.com *
# Map Active Directory users to these ranges of UID/GID.
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind separator = /
winbind enum users = yes
winbind enum groups = yes
winbind cache time = 600
# Allow Guest access
auth methods = winbind guest
usershare allow guests = yes
map to guest = Bad Password
# Windows security permissions (with inheritance), xattr must be enabled for underlying filesystems
inherit acls = yes
inherit permissions = yes
map acl inherit = yes
nt acl support = yes
# Other settings
hide files = lost+found
load printers = no
max protocol = SMB2
log file = /var/log/samba/%U.log
max log size = 50
[exchange]
# VFS modules:
# acl_xattr - Windows permissions
# full_audit - Audit of file operations on the share
# recycle - "Recycle" for users' deleted files
vfs objects = acl_xattr full_audit recycle
path = /share/samba/exchange/data
valid users = "@EXAMPLE/администраторы домена", "@EXAMPLE/пользователи домена"
writeable = yes
browseable = yes
hide files = /Thumbs.db/
# Audit settings
full_audit:success = open opendir closedir rename pread pwrite rmdir unlink
full_audit:failure = open opendir closedir rename pread pwrite rmdir unlink
full_audit:facility = LOCAL5
full_audit:priority = NOTICE
# Recycle settings
recycle:repository = /share/samba/exchange/recycle/%U
recycle:keeptree = yes
recycle:versions = yes
recycle:touch = yes
recycle:maxsize = 104857600
[recycle]
# Dedicated access to deleted files for Administrators
path = /share/samba/exchange/recycle
valid users = "@EXAMPLE/администраторы домена"
writeable = yes
browseable = yes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment