Djam/samba
1
0
Fork 0
mirror of https://abf.rosa.ru/djam/samba.git synced 2025-02-23 09:02:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
samba/ROSA-smb-default-config.patch
Mikhail Novosyolov 60d9d3d2d8 Fix delete user from group script
2019-04-28 14:40:23 +03:00

196 lines
7.4 KiB
Diff
Raw Permalink Blame History

From fd29cdb7a72e4d2b8bfacd38f105fc25812d6f7f Mon Sep 17 00:00:00 2001
From: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
Date: Sat, 26 Jan 2019 23:45:10 +0300
Subject: [PATCH] ROSA default config
Inspired by Ubuntu/Debian smb.conf
---
examples/smb.conf.default | 134 +++++++++++++++++++++++++++++++-------
1 file changed, 109 insertions(+), 25 deletions(-)
diff --git a/examples/smb.conf.default b/examples/smb.conf.default
index 2f207209018..c63554aeb3a 100644
--- a/examples/smb.conf.default
+++ b/examples/smb.conf.default
@@ -23,10 +23,10 @@
[global]
# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
- workgroup = MYGROUP
+ workgroup = WORKGROUP
# server string is the equivalent of the NT Description field
- server string = Samba Server
+ server string = Samba on %h (ROSA GNU/Linux @ROSA_PLATFORM@)
# Server role. Defines in which mode Samba will operate. Possible
# values are "standalone server", "member server", "classic primary
@@ -52,10 +52,10 @@
# this tells Samba to use a separate log file for each machine
# that connects
- log file = /usr/local/samba/var/log.%m
+; log file = /var/log/samba/log.%m
# Put a capping on the size of the log files (in Kb).
- max log size = 50
+ max log size = 20480
# Specifies the Kerberos or Active Directory realm the host is part of
; realm = MY_REALM
@@ -63,7 +63,7 @@
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
-; passdb backend = tdbsam
+ passdb backend = tdbsam
# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
@@ -99,21 +99,92 @@
# via DNS nslookups. The default is NO.
dns proxy = no
+# This parameter will control whether or not Samba should obey PAM's account
+# and session management directives. The default behavior is to use PAM for
+# clear text authentication only and to ignore any account or session management.
+# Note that Samba always ignores PAM for authentication in the case of encrypt passwords = yes.
+# The reason is that PAM modules cannot support the challenge/response authentication
+# mechanism needed in the presence of SMB password encryption.
+ obey pam restrictions = yes
+
+# This boolean parameter controls whether Samba attempts to sync the Unix
+# password with the SMB password when the encrypted SMB password in the
+# passdb is changed.
+ unix password sync = yes
+
+# 'yes' allows plain-text authorization if needed (we don't recommend using it!)
+ client plaintext auth = yes
+
# These scripts are used on a domain controller or stand-alone
# machine to add or delete corresponding unix accounts
-; add user script = /usr/sbin/useradd %u
-; add group script = /usr/sbin/groupadd %g
-; add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
-; delete user script = /usr/sbin/userdel %u
-; delete user from group script = /usr/sbin/deluser %u %g
-; delete group script = /usr/sbin/groupdel %g
-
-
+ add user script = /usr/sbin/useradd %u
+ add group script = /usr/sbin/groupadd %g
+ add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
+ delete user script = /usr/sbin/userdel %u
+ delete user from group script = /usr/bin/gpasswd %u %g
+ delete group script = /usr/sbin/groupdel %g
+
+# This boolean controls whether PAM will be used for password changes
+# when requested by an SMB client instead of the program listed in
+# 'passwd program'. The default is 'no'.
+ pam password change = yes
+
+# This option controls how unsuccessful authentication attempts are mapped
+# to anonymous connections
+ map to guest = bad user
+
+# Setup usershare options to enable non-root users to share folders
+# with the net usershare command (including share plugins for Dolphin, Thunar, Nautilus etc.).
+
+# Maximum number of usershare. 0 (default) means that usershare is disabled.
+ usershare max shares = 100
+
+# Controls if usershares can permit guest access
+ usershare allow guests = yes
+
+# Asolute path of the directory on the filesystem used to store
+# the user defined share definition files.
+# This directory must be owned by root, and have no access for other,
+# and be writable only by the group owner. In addition the "sticky" bit must
+# also be set, restricting rename and delete to owners of a file
+# (in the same way the /tmp directory is usually configured). Members of the group
+# owner of this directory are the users allowed to create usershares.
+# On ROSA, users must be in the group 'sambashare'.
+ usershare path = @smb_usershare_dir@
+
+# This controls whether shares are seen in the list of available shares
+# in a net view and in the browse list.
+ browseable = yes
+
+# Anonymous connections are mapped to this user
+ guest account = nobody
+
#============================ Share Definitions ==============================
-[homes]
- comment = Home Directories
- browseable = no
- writable = yes
+# Un-comment the following (and tweak the other settings below to suit)
+# to enable the default home directory shares. This will share each
+# user's home directory as \\server\username
+;[homes]
+; comment = Home Directories
+; browseable = no
+
+# By default, the home directories are exported read-only. Change the
+# next parameter to 'no' if you want to be able to write to them.
+; read only = yes
+
+# File creation mask is set to 0700 for security reasons. If you want to
+# create files with group=rw permissions, set next parameter to 0775.
+; create mask = 0700
+
+# Directory creation mask is set to 0700 for security reasons. If you want to
+# create dirs. with group=rw permissions, set next parameter to 0775.
+; directory mask = 0700
+
+# By default, \\server\username shares can be connected to by anyone
+# with access to the samba server.
+# Un-comment the following parameter to make sure that only "username"
+# can connect to \\server\username
+# This might need tweaking when using external authentication schemes
+; valid users = %S
# Un-comment the following and create the netlogon directory for Domain Logons
; [netlogon]
@@ -131,17 +202,30 @@
; browseable = no
; guest ok = yes
-
-# NOTE: If you have a BSD-style print system there is no need to
-# specifically define each individual printer
[printers]
comment = All Printers
- path = /usr/spool/samba
- browseable = no
-# Set public = yes to allow user 'guest account' to print
- guest ok = no
- writable = no
+ browseable = yes
+ path = /var/spool/samba
printable = yes
+# change to 'guest ok = no' to block unauthenticated printing from inside network
+ guest ok = yes
+ read only = yes
+ create mask = 0700
+
+# Windows clients look for this share name as a source of downloadable
+# printer drivers
+[print$]
+ comment = Printer Drivers
+ path = /var/lib/samba/printers
+ browseable = yes
+ read only = yes
+ guest ok = no
+# Uncomment to allow remote administration of Windows print drivers.
+# You may need to replace 'lpadmin' with the name of the group your
+# admin users are members of.
+# Please note that you also need to set appropriate Unix permissions
+# to the drivers directory for these users to have write rights in it
+; write list = root, @lpadmin
# This one is useful for people to share files
;[tmp]
--
2.17.1
Reference in a new issue View git blame Copy permalink