Finalise (hopefully\!) samba configs.

2026-04-28 20:27:14 +01:00 · 2026-04-28 20:27:14 +01:00 · 76a096f1ec
commit 76a096f1ec
parent e992cd622b
3 changed files with 103 additions and 32 deletions
--- a/etc/samba/smb.conf
+++ b/etc/samba/smb.conf
@ -1,40 +1,47 @@
 [global]
-realm = SLACKWARE.UK.INTERNAL
-netbios name = CORE
-workgroup = SLACKWAREUKINT
-server string = "slackware.uk.internal Domain Controller"
-bind interfaces only = yes
-interfaces = lo eth1
-# FIXME:
-# dns forwarder = 5.101.171.216 5.101.171.217 185.176.90.169
-dns forwarder = 216.119.155.58 185.176.90.169
-allow dns updates = secure
-tls cafile = /etc/ssl/certs/ca-certificates.crt
-tls certfile = /etc/certificates/core.slackware.uk.internal_cert.pem
-tls keyfile = /etc/certificates/core.slackware.uk.internal_key_samba.pem
-tls verify peer = ca_and_name_if_available
-log level = 1
-logging = syslog:local5
-log file = /var/log/samba/samba-debug
-debug syslog format = always
-debug hires timestamp = no
-enable core files = no
-idmap config * : backend = tdb
-# There are only 568 IDs mapped into the container by TrueNAS, so limit the number that can be used.
-idmap config * : range = 10000-10500
-idmap_ldb:use rfc2307 = yes
-password hash userPassword schemes = CryptSHA512
-server role = active directory domain controller
-username map = /etc/samba/smbusers
-vfs objects = dfs_samba4 posixacl acl_xattr
-nfs4acl_xattr:encoding = nfs
-nfs4acl_xattr:version = 41
-nfs4acl_xattr:xattr_name = user.nfs4_acl
-nfs4acl_xattr:default acl style = windows
 acl_xattr:security_acl_name = user.NTACL
 acl_xattr:default acl style = windows
 add machine script = /usr/sbin/useradd -c "%u machine account" -d /dev/null -g machines -M -N -s /bin/false %u
 add user script = /usr/sbin/useradd -c "%u domain user" -d /dev/null -g users -M -N -s /bin/false %u
+allow dns updates = secure
+bind interfaces only = yes
+debug syslog format = always
+debug hires timestamp = no
+# FIXME:
+# dns forwarder = 5.101.171.216 5.101.171.217 185.176.90.169
+dns forwarder = 216.119.155.58 185.176.90.169
+#dsdb:schema update allowed = true
+enable core files = no
+idmap config * : backend = tdb
+idmap config * : range = 1000000 - 9999999
+idmap config SLACKWARE.UK.INTERNAL : backend = ad
+idmap config SLACKWARE.UK.INTERNAL : schema_mode = rfc2307
+idmap config SLACKWARE.UK.INTERNAL : range = 100 - 10000
+idmap config SLACKWARE.UK.INTERNAL : unix_nss_info = yes
+idmap config SLACKWARE.UK.INTERNAL : unix_primary_group = yes
+idmap_ldb:use rfc2307 = yes
+interfaces = lo eth1
+logging = syslog:local5
+log file = /var/log/samba/samba-debug
+log level = 1
+netbios name = CORE
+nfs4acl_xattr:encoding = nfs
+nfs4acl_xattr:version = 41
+nfs4acl_xattr:xattr_name = user.nfs4_acl
+nfs4acl_xattr:default acl style = windows
+password hash userPassword schemes = CryptSHA512
+realm = SLACKWARE.UK.INTERNAL
+server role = active directory domain controller
+server string = "slackware.uk.internal Domain Controller"
+template shell = /bin/bash
+template homedir = /home/%U
+tls cafile = /etc/ssl/certs/ca-certificates.crt
+tls certfile = /etc/certificates/core.slackware.uk.internal_cert.pem
+tls keyfile = /etc/certificates/core.slackware.uk.internal_key_samba.pem
+tls verify peer = ca_and_name_if_available
+username map = /etc/samba/smbusers
+vfs objects = dfs_samba4 posixacl acl_xattr
+workgroup = SLACKWAREUKINT

 # [homes]