A sample Samba smb.conf configuration file
The adbindproxy script tests to determine what operating system is running on the host and generates an smb.conf file appropriate to that platform.
In the following sample file, it runs on a CentOS computer in the arcade.net domain and the Samba share is called MyShare.
# # This file was generated by Centrify ADBindProxy Utility # [global] security = ADS realm = ARCADE.NET workgroup = ARCADE netbios name = centos-6 auth methods = guest, sam, winbind, ntdomain machine password timeout = 0 passdb backend = tdbsam:/var/lib/samba/private/passdb.tdb # # Samba versions 3.4.0 and newer have replaced "use kerberos keytab" # with "kerberos method". The directive "kerberos method = secrets and keytab" # enables Samba to honor service tickets that are still valid but were # created before the Samba server's password was changed. # kerberos method = secrets and keytab # # Setting "client use spnego principal" to true instructs SMB client to # trust the service principal name returned by the SMB server. Otherwise, # client cannot be authenticated via Kerberos by the server in a different # domain even though the two domains are mutually trusted. # # client use spnego principal = true # # Setting send spnego principal to yes . # Otherwise, it will not send this principal between Samba and Windows 2008 # # send spnego principal = Yes # If your Samba server only serves to Windows systems, try server signing = mandatory. server signing = auto client ntlmv2 auth = yes client use spnego = yes template shell = /bin/bash winbind use default domain = Yes winbind enum users = No winbind enum groups = No winbind nested groups = Yes idmap cache time = 0 # ignore syssetgroups error = No idmap config * : backend = tdb idmap config * : range = 1000 - 200000000 idmap config * : base_tdb = 0 enable core files = false # Disable Logging to syslog, and only write log to Samba standard log files. #syslog = 0 [samba-test] path = /samba-test public = yes # if set public = No, we should set parameter valid users . # and when the user or group is in AD , the setting syntaxes is: # valid users = CPUBS\username +CPUBS\group writable = yes [MyShare] path = /samba-test browsable = yes writable = yes guest ok = yes read only = no [homes] comment = Home directories read only = No browseable = No