Finalise (hopefully\!) samba configs.

etc/init.d/samba-ad-dc

@@ -0,0 +1,63 @@
+#! /bin/sh
+
+### BEGIN INIT INFO
+# Provides:          samba-ad-dc
+# Required-Start:    $network $local_fs $remote_fs autofs
+# Required-Stop:     $network $local_fs $remote_fs
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Samba daemons for the AD DC
+# Description:  Meta-service to provide AD and SMB/CIFS services to clients
+### END INIT INFO
+
+NAME=samba
+DAEMON=/usr/sbin/$NAME
+PIDFILE=/run/samba/$NAME.pid
+DESC="Samba AD DC server"
+SCRIPT=samba-ad-dc
+
+# clear conflicting settings from the environment
+unset TMPDIR
+
+test -x $DAEMON || exit 0
+/usr/share/samba/is-configured $NAME || exit 0
+
+[ -f /etc/default/samba ] && . /etc/default/samba
+
+. /lib/lsb/init-functions
+
+case "$1" in
+	(start)
+		# CVE-2013-4475
+		KEYFILE=/var/lib/samba/private/tls/key.pem
+		if [ -e $KEYFILE ]
+		then
+				KEYPERMS=`stat -c %a $KEYFILE`
+				if [ "$KEYPERMS" != "600" ]
+				then
+						echo "wrong permission on $KEYFILE, must be 600"
+						echo "samba will not start (CVE-2013-4475)"
+						echo "Removing all tls .pem files will cause an auto-regeneration with the correct permissions."
+						exit 1
+				fi
+		fi
+		log_daemon_msg "Starting $DESC" $NAME
+		start-stop-daemon --start --quiet --oknodo --exec $DAEMON --pidfile $PIDFILE -- -D $SAMBAOPTIONS
+		log_end_msg $?
+		;;
+	(stop)
+		log_daemon_msg "Stopping $DESC" $NAME
+		start-stop-daemon --stop  --quiet --oknodo --exec $DAEMON --pidfile $PIDFILE
+		log_end_msg $?
+		;;
+	(restart|force-reload)
+		$0 stop && sleep 1 && $0 start
+		;;
+	(status)
+		status_of_proc -p $PIDFILE $DAEMON $NAME
+		;;
+	(*)
+		echo "Usage: /etc/init.d/$SCRIPT {start|stop|restart|force-reload|status}"
+		exit 1
+		;;
+esac