/p>
; set primary group script=/ usr/sbin/usermod -g % g % u
; add group script=/ usr/sbin/groupadd% g amp; amp; getent group % g | awk -F: {print $ 3}
; delete group script=/ usr/sbin/groupdel % g
# Scripts for LDAP backend (assumes nss_ldap is in use on the domain controller,
# and needs configuration in smbldap_conf.pm
; add user script=/usr/share/samba/scripts/smbldap-useradd.pl % u
; delete user script=/usr/share/samba/scripts/smbldap-userdel.pl % u
; add user to group script=/usr/share/samba/scripts/smbldap-groupmod.pl -m % u % g
; delete user from group script=/usr/share/samba/scripts/smbldap-groupmod.pl -x % u % g
; set primary group script=/usr/share/samba/scripts/smbldap-usermod.pl -g % g % u
; add group script=/usr/share/samba/scripts/smbldap-groupadd.pl % g amp; amp;/usr/share/samba/scripts/smbldap-groupshow.pl% g | awk /^ gidNumber:/{print $ 2}
; delete group script=/usr/share/samba/scripts/smbldap-userdel.pl % g
# The add machine script is use by a samba server configured as a domain
# controller to add local machine accounts when adding machines to the domain.
# The script must work from the command line when replacing the macros,
# or the operation will fail. Check that groups exist if forcing a group.
# Script for domain controller for adding machines:
; add machine script=/ usr/sbin/useradd -d/dev/null -g machines -c Machine Account -s/bin/false -M% u
# Script for domain controller with LDAP backend for adding machines (please
# configure in /etc/samba/smbldap_conf.pm first):
; add machine script=/usr/share/samba/scripts/smbldap-useradd.pl -w -d/dev/null -g machines -c Machine Account -s/bin/false% u
# Domain groups:
# Domain groups are now configured by using the net groupmap tool
# Samba Password Database configuration:
# Samba now has runtime-configurable password database backends. Multiple
# passdb backends may be used, but users will only be added to the first one
# Default:
; passdb backend=smbpasswd guest
# TDB backen with fallback to smbpasswd and guest
; passdb backend=tdbsam smbpasswd guest
# LDAP with fallback to smbpasswd guest
# Enable SSL by using an ldaps url, or enable tls with ldap ssl below.
; passdb backend=ldapsam: ldaps: //ldap.mydomain smbpasswd guest
# Use the samba2 LDAP schema:
; passdb backend=ldapsam_compat: ldaps: //ldap.mydomain smbpasswd guest
# Idmap settings:
# Idmap backend to use:
; idmap backend=ldap: ldap: //ldap.mydomain
# This is a range of unix user-id's that samba will map non-unix RIDs to,
# such as when using Winbind
; idmap uid=10000-20000
; idmap gid=10000-20000
# LDAP configuration for Domain Controlling:
# The account (dn) that samba uses to access the LDAP server
# This account needs to have write access to the LDAP tree
# You will need to give samba the password for this dn, by
# running smbpasswd -w mypassword
; ldap admin dn=cn=root, dc=mydomain, dc=com
; ldap ssl=start_tls
# start_tls should run on 389, but samba defaults incorrectly to 636
; ldap port=389
; ldap suffix=dc=mydomain, dc=com
# Seperate suffixes are available for machines, users, groups, and idmap, if
# ldap suffix appears first, it is appended to the specific suffix.
# Example for a unix-ish directory layout:
; ldap machine suffix=ou=Hosts
; ldap user suffix=ou=People
; ldap group suffix=ou=Group
; ldap idmap suffix=ou=Idmap
# Example for AD-ish layout:
; ldap machine suffix=cn=Compute...