###########################################################################
##  Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3      ##
##  Please see: http://www.gnu.org/licenses/gpl.html for legal details,  ##
##  rights of fair usage, the disclaimer and warranty conditions.        ##
###########################################################################
## Optimized standalone configuration template for Samba servers.        ##
##                                                                       ##
## Ideal for:                                                            ##
##   * Virtual machine file sharing                                      ##
##                                                                       ##
## Requirements:                                                         ##
##   * Samba 4.x                                                         ##
##   * smbldap-tools                                                     ##
##                                                                       ##
## File placement layout:                                                ##
##  /                                                                    ##
##  `-- etc                                                              ##
##     `-- samba                                                         ##
##         |-- smb.conf                                                  ##
##         |-- smb.conf.local                                            ##
##         |-- smb.conf.share                                            ##
##         `-- smb.conf.ldap                                             ##
##                                                                       ##
## Files Description:                                                    ##
##   * /etc/samba/smb.conf (main configuration file)                     ##
##   * /etc/samba/smb.conf.local (this file)                             ##
##   * /etc/samba/smb.conf.share (samba shares go here)                  ##
##                                                                       ##
###########################################################################

[global]
    # Configuration for LDAP authentication backend.
    # The setup assumes that all samba entries are children of the "samba"
    # organizational unit.
    server role = classic primary domain controller
    passdb backend = ldapsam:ldap://example.com
    ldap suffix = ou=samba,dc=example,dc=com
    ldap admin dn = cn=admin,dc=example,dc=com
    ldap ssl = off
    ldap user suffix = ou=People
    ldap group suffix = ou=Groups
    ldap machine suffix = ou=Computers
    ldap idmap suffix = ou=Idmap
    ldap password sync = yes
    # Scripts - requires smbldap-tools to be installed.
    add user script = /usr/sbin/smbldap-useradd -m '%u' -t 1
    rename user script = /usr/sbin/smbldap-usermod -r '%unew' '%uold'
    delete user script = /usr/sbin/smbldap-userdel '%u'
    set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
    add group script = /usr/sbin/smbldap-groupadd -p '%g'
    delete group script = /usr/sbin/smbldap-groupdel '%g'
    add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
    delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g'
    add machine script = /usr/sbin/smbldap-useradd -w '%u' -t 1