smb.conf:[global]
# host msdfs = yes
workgroup = OD-TEST
server string = BDC
security = user
hosts allow = xxx.xx. 127.
; load printers = yes
; printcap name = /etc/printcap
; printcap name = lpstat
; printing = cups
; guest account = pcguest
log file = /var/log/samba/log.%m
max log size = 500
; password server = <NT-Server-Name>
; realm = MY_REALM
# passdb backend = smbpasswd
passdb backend = ldapsam:ldap://localhost/
ldap delete dn = Yes
ldap ssl = off
ldap passwd sync = Yes
ldap suffix = dc=mylocaldomainl,dc=ru
ldap machine suffix = ou=Computers,ou=Samba
ldap user suffix = ou=Users,ou=Samba
ldap group suffix = ou=Group,ou=Samba
ldap idmap suffix = ou=Idmap,ou=Samba
ldap admin dn = cn=root,dc=mylocaldomain,dc=ru
idmap backend = ldap:ldap://localhost
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind separator = @
winbind use default domain = yes
; include = /usr/local/etc/smb.conf.%m
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
interfaces = xxx.xxx.xxx.xxx/xx
local master = no
os level = 65
domain master = yes
preferred master = yes
domain logons = yes
; logon script = %m.bat
; logon script = %U.bat
logon script = netlogon.cmd
; logon path = \\%L\Profiles\%U
wins support = yes
; wins server = w.x.y.z
; wins proxy = yes
dns proxy = no
; display charset = koi8-r
; unix charset = koi8-r
; dos charset = cp866
display charset = utf-8
unix charset = utf-8
dos charset = cp866
# Use extended attributes to store file modes
; store dos attributes = yes
; map hidden = no
; map system = no
; map archive = no
# Use inherited ACLs for directories
; nt acl support = yes
; inherit acls = yes
; map acl inherit = yes
# These scripts are used on a domain controller or stand-alone
# machine to add or delete corresponding unix accounts
; add user script = /usr/sbin/useradd %u
; add group script = /usr/sbin/groupadd %g
; add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
; delete user script = /usr/sbin/userdel %u
; delete user from group script = /usr/sbin/deluser %u %g
; delete group script = /usr/sbin/groupdel %g
add machine script = /usr/local/sbin/ldapaddmachine '%u' computers
add user script = /usr/local/sbin/ldapadduser '%u' users
add group script = /usr/local/sbin/ldapaddgroup '%g'
add user to group script = /usr/local/sbin/ldapaddusertogroup '%u' '%g'
delete user script = /usr/local/sbin/ldapdeleteuser '%u'
delete group script = /usr/local/sbin/ldapdeletegroup '%g'
delete user from group script = /usr/local/sbin/ldapdeleteuserfromgroup '%u' '%g'
set primary group script = /usr/local/sbin/ldapsetprimarygroup '%u' '%g'
rename user script = /usr/local/sbin/ldaprenameuser '%uold' '%unew'
encrypt passwords = yes
time server = Yes
logon home =
logon path =
syslog = LOG_DEBUG
winbind enum groups = yes
winbind enum users = yes
winbind use default domain = yes
# off port 445
smb ports = 139
netbios name = BDC
; netbios aliases = xxxx
# наследовать владельца (вышестоящей директории)
inherit owner = yes
# наследовать ACL
inherit acls = yes
# наследовать права
inherit permissions = yes
# позвоялет редактору прав из винды корректно обрабатывать
# наследуемые права
map acl inherit = yes
#============================ Share Definitions ==============================