A sample Samba smb.conf configuration file
The adbindproxy script tests to determine what operating system is running on the host and generates an smb.conf file appropriate to that platform.
In the following sample file, it runs on a CentOS computer in the arcade.net domain and the Samba share is called MyShare.
#
# This file was generated by Centrify ADBindProxy Utility
#
[global]
security = ADS
realm = ARCADE.NET
workgroup = ARCADE
netbios name = centos-6
auth methods = guest, sam, winbind, ntdomain
machine password timeout = 0
passdb backend = tdbsam:/var/lib/samba/private/passdb.tdb
#
# Samba versions 3.4.0 and newer have replaced "use kerberos keytab"
# with "kerberos method". The directive "kerberos method = secrets and keytab"
# enables Samba to honor service tickets that are still valid but were
# created before the Samba server's password was changed.
#
kerberos method = secrets and keytab
#
# Setting "client use spnego principal" to true instructs SMB client to
# trust the service principal name returned by the SMB server. Otherwise,
# client cannot be authenticated via Kerberos by the server in a different
# domain even though the two domains are mutually trusted.
#
# client use spnego principal = true
#
# Setting send spnego principal to yes .
# Otherwise, it will not send this principal between Samba and Windows 2008
#
# send spnego principal = Yes
# If your Samba server only serves to Windows systems, try server signing = mandatory.
server signing = auto
client ntlmv2 auth = yes
client use spnego = yes
template shell = /bin/bash
winbind use default domain = Yes
winbind enum users = No
winbind enum groups = No
winbind nested groups = Yes
idmap cache time = 0
# ignore syssetgroups error = No
idmap config * : backend = tdb
idmap config * : range = 1000 - 200000000
idmap config * : base_tdb = 0
enable core files = false
# Disable Logging to syslog, and only write log to Samba standard log files.
#syslog = 0
[samba-test]
path = /samba-test
public = yes
# if set public = No, we should set parameter valid users .
# and when the user or group is in AD , the setting syntaxes is:
# valid users = CPUBS\username +CPUBS\group
writable = yes
[MyShare]
path = /samba-test
browsable = yes
writable = yes
guest ok = yes
read only = no
[homes]
comment = Home directories
read only = No
browseable = No