#
# FILESERVER AND DOMAIN CONTROLLER
#

[global]

	# Identification
	workgroup     = MYDOMAIN
	netbios name  = MYSERVER
	server string = Fileserver

	# Role
	domain master   = yes
	domain logons   = yes
	local master    = yes
	prefered master = yes
	os level        = 33 # Ensures we win

	# Security
	security          = user
	encrypt passwords = yes
	hosts allow       = 192.168. 127.

	# Name resolution
	wins support = yes
	dns proxy    = no
	
	# Backend
	passdb backend = tdbsam

	# Domain logon management
	logon drive = H:
	logon home = \\%L\%U
	logon path = \\%L\Profiles\%U
	logon script = %U.bat

	# Access bug prevention
	veto oplock files = /*.mdb/*.MDB/*.ldb/*.LDB

	# Logging options
	log file  = /var/log/samba/log.%m
	log level = 0 

	# User and group remote management scripts
	add machine script = /usr/sbin/useradd -g users -s /bin/false '%u'
	add user script = /server/scripts/adduser.rb '%u'
	delete user script = /server/scripts/deluser.rb '%u'
	rename user script = /usr/sbin/usermod -l '%unew' '%uold'
	add group script = /usr/sbin/groupadd '%g'
	delete group script = /usr/sbin/groupdel '%g'
	add user to group script = /usr/sbin/usermod -a -G '%g' '%u'
	delete user from group script = /usr/bin/gpasswd -d '%u' '%g'
	set primary group script = /usr/sbin/usermod -g '%g' '%u'

#
# Home directory share
#
[homes]
        # Identification
	comment = User Home directory

	# Management
	browsable   = no
	writable    = yes
	valid users = %S

	# Access set up
	create mask          = 0700
	directory mask       = 0700
	force create mode    = 0600
	force directory mode = 0700

#
# Netlogon folder
#
[netlogon]
	# Identification
	comment = Network logon service

	# Management
	path       = /server/shares/netlogon
	browsable  = no
	writable   = no
	write list = +ntadmin

        root preexec    = "/server/scripts/generate_netlogon.rb %u"

#
# Profiles folder
#
[Profiles]
	# Identification
	comment = Stores all user profiles

	# Management
	path         = /server/shares/profiles
	browseable   = no
	writable     = yes
	profile acls = yes
	
	# Access set up
	create mask          = 0700
	directory mask       = 0700
	force create mode    = 0600
	force directory mode = 0700

#
# Share template - replace MyShare by the name of your share, and mygroup by the name of the associated group
#
#[MyShare]
#	# Identification
#	comment = MyShare
#
#	# Management
#	path        = /server/shares/MyShare
#	writable    = yes
#	force group = +mygroup
#	valid users = +mygroup
#
#	# Access set up
#	create mask          = 0770
#	directory mask       = 0770
#	force create mode    = 0660
#	force directory mode = 0770
#