wilpig/smb.dagmar

## smb.dagmar
[global]
        # log.smbd noise tuning - start
        bind interfaces only = yes
        interfaces = {{ ansible_default_ipv4.interface }}
        load printers = No
        printing = bsd
        printcap name = /dev/null
        disable spoolss = yes
        # log.smbd noise tuning - end

        netbios name = {{ inventory_hostname_short }}
        follow symlinks = Yes
        wide links = Yes
        unix extensions = No

        kerberos method = system keytab
        template homedir = /home/%U
        template shell = /bin/bash
        security = ads
        winbind use default domain = yes
        winbind refresh tickets = yes
        winbind offline logon = yes
        winbind expand groups = 1
        winbind enum groups = no
        winbind enum users = no
        workgroup = ad
        realm = ad.wilpig.org

        idmap config * : backend = tdb
        idmap config * : range = 6000000-9999999

        idmap config ad : backend = ad
        idmap config ad : range = 5000-5999999
        idmap config ad : schema_mode = rfc2307
        idmap config ad : unix_primary_group = yes

        log file = /var/log/samba/log.%m
        log level = 1 smb:3 winbind:3 auth:3 vfs:3

        max smbd processes = 1000
{% if inventory_hostname_short == 'hosting' %}
#       server signing = mandatory
#       smb encrypt = mandatory
#       enable core files = no

[homes]
        comment = Home Directories
        read only = No
        browseable = No

[media]
        valid users = wilbur +"ad\nasaccess"
        path = /media
        browsable = yes
        read only = no
        create mask = 0644
        force create mode = 0644
        directory mask = 2775
        force directory mode = 2775
        map archive = yes
        map system = yes
        map hidden = yes
{% endif %}
	[global]
	# log.smbd noise tuning - start
	bind interfaces only = yes
	interfaces = {{ ansible_default_ipv4.interface }}
	load printers = No
	printing = bsd
	printcap name = /dev/null
	disable spoolss = yes
	# log.smbd noise tuning - end

	netbios name = {{ inventory_hostname_short }}
	follow symlinks = Yes
	wide links = Yes
	unix extensions = No

	kerberos method = system keytab
	template homedir = /home/%U
	template shell = /bin/bash
	security = ads
	winbind use default domain = yes
	winbind refresh tickets = yes
	winbind offline logon = yes
	winbind expand groups = 1
	winbind enum groups = no
	winbind enum users = no
	workgroup = ad
	realm = ad.wilpig.org

	idmap config * : backend = tdb
	idmap config * : range = 6000000-9999999

	idmap config ad : backend = ad
	idmap config ad : range = 5000-5999999
	idmap config ad : schema_mode = rfc2307
	idmap config ad : unix_primary_group = yes

	log file = /var/log/samba/log.%m
	log level = 1 smb:3 winbind:3 auth:3 vfs:3

	max smbd processes = 1000
	{% if inventory_hostname_short == 'hosting' %}
	# server signing = mandatory
	# smb encrypt = mandatory
	# enable core files = no

	[homes]
	comment = Home Directories
	read only = No
	browseable = No

	[media]
	valid users = wilbur +"ad\nasaccess"
	path = /media
	browsable = yes
	read only = no
	create mask = 0644
	force create mode = 0644
	directory mask = 2775
	force directory mode = 2775
	map archive = yes
	map system = yes
	map hidden = yes
	{% endif %}