首页 > 代码库 > AD域用户和samba结合使用,smb.conf配置文件
AD域用户和samba结合使用,smb.conf配置文件
#此配置文件仅为samba和AD域用户访问设置权限的配置文件
[global]
workgroup = OFFICE
realm = OFFICE.ABC.COM
security = ADS
client signing = required
template homedir = /home/%U
template shell = /bin/bash
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
idmap config * : range = 100000-200000
idmap config * : backend = tdb
full_audit:prefix = %u|%I|%m|%S
full_audit:facility = LOCAL5
full_audit:priority = NOTICE
full_audit:success = mkdir pwrite rename rmdir unlink pread read
# full_audit:success = connect disconnect opendir mkdir rmdir closedir
open close read pread write pwrite sendfile rename unlink chmod fchmod chown fchown chdir ftruncate lock symlink readlink link mknod realpath
full_audit:failure = connect
#以下是清除log文件内报错的,可以不必添加
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
#以下为优化项
follow symlinks = no
wide links = no
# enable some read/write tuning,启用读写缓存等等
aio read size = 16384
aio write size = 16384
aio write behind = true
write cache size = 2097152
max xmit = 65536
large readwrite = yes
#socket options = TCP_NODELAY
#[userdata]
path = /user-data
writeable = yes
public = no
vfs objects = full_audit
valid users = @all
force create mode = 0775
#[人力资源部]
path = /data/office/人力资源部
#
writeable = yes
public = no
read only = yes
browseable = yes
vfs objects = full_audit
force create mode = 0770
force directory mode = 0770
valid users = @人力资源部权限组
force group = 人力资源部权限组
write list = @人力资源部权限组读写
read list = @人力资源部权限组只读
#以下适合所有人只读,部分人读写,可读写的人可彼此删除文件
#[返利学院-期刊]
path = /data/office/返利学院-期刊
public = no
read only = yes
vfs objects = full_audit
valid users = @everyone
#force group = 培训绩效权限组
write list = @培训绩效权限组
#[视频共享]
path = /data/office/视频共享
public = no
read only = yes
vfs objects = full_audit
valid users = @everyone
read list = @everyone
write list = @adadmin
[16.设计]
path = /data/office/16.设计
# writeable = yes
public = no
read only = yes
browseable = yes
vfs objects = full_audit
create mode = 0770
directory mode = 0770
force create mode = 0770
force directory mode = 0770
valid users = @smb设计部权限组
# invalid users = @smb设计部拒绝
force group = smb设计部权限组
write list = @smb设计部读写
read list = @smb设计部只读
AD域用户和samba结合使用,smb.conf配置文件