cat /etc/samba/smb.conf[global]security = ADSworkgroup = EXAMPLErealm

1. cat /etc/samba/smb.conf
2.  
3. [global]
4. security = ADS
5. workgroup = EXAMPLE
6. realm = EXAMPLE.CORP
7.  
8. username map = /etc/samba/user.map
9.  
10. log file = /var/log/samba/%m.log
11. log level = 0
12.  
13. allow trusted domains = no
14.  
15. dns proxy = no
16. domain master = no
17. local master = no
18. preferred master = no
19. os level = 0
20. domain logons = no
21.  
22. # Disable printing completely
23. load printers = no
24. printing = bsd
25. show add printer wizard = no
26. printcap name = /dev/null
27. disable spoolss = yes
28.  
29. map to guest = bad user
30. host msdfs = no
31. ea support = yes
32.  
33. unix charset = UTF-8
34.  
35. winbind enum groups = yes
36. winbind enum users = yes
37. #winbind enum groups = no
38. #winbind enum users = no
39. winbind use default domain = yes
40. #winbind use default domain = no
41. winbind refresh tickets = yes
42. winbind offline logon = yes
43. winbind nested groups = yes
44. winbind expand groups = 5
45. winbind max domain connections = 30
46. winbind scan trusted domains = no
47.  
48.  
49. kerberos method = system keytab
50. dedicated keytab file = /etc/krb5.keytab
51.  
52. # disable usershares creating, when set empty no error log messages.
53. usershare path =
54.  
55. idmap config * : backend = tdb
56. idmap config * : range = 3000-7999
57. idmap config EXAMPLE : backend = rid
58. idmap config EXAMPLE : range = 10000-999999
59.  
60.  
61. vfs objects = acl_xattr
62. map acl inherit = yes
63. store dos attributes = yes
64.  
65. access based share enum = yes
66. # hide files start with a dot (.)
67. hide dot files = no
68. # hide files with no read permissions
69. hide unreadable = yes
70. # hide files with no write permissions
71. hide unwriteable files = yes
72. # hide selected files. example files start with ($)
73. #hide files = //
74. # hide pipes, sockets, devices ...
75. #hide special files = yes
76. hide files = /lost+found/
77. #veto files = /lost+found/
78.  
79. acl group control = yes
80. acl map full control = Yes
81. #enable privileges = yes
82. restrict anonymous = 2
83.  
84. disable netbios = yes
85. smb ports = 445
86. interfaces = lo ens18
87. bind interfaces only = yes
88.  
89. # pam
90. template shell = /bin/bash
91. template homedir = /home/%D/%U
92. #template homedir = /dev/null
93. #template shell = /bin/false
94.  
95. [videoreg]
96. #browseable = yes
97. path = /data/videoreg
98. read only = no
99.  
100.  
101. disable netbios = yes
102. smb ports = 445
103. interfaces = lo ens18
104. bind interfaces only = yes
105.  
106. # pam
107. template shell = /bin/bash
108. template homedir = /home/%D/%U
109. #template homedir = /dev/null
110. #template shell = /bin/false
111.  
112. [videoreg]
113. #browseable = yes
114. path = /data/videoreg
115. read only = no
116.  
117. cat /etc/samba/user.map
118. !root = EXAMPLE\admin
119.  
120. firewall-cmd --list-all
121. public
122. target: default
123. icmp-block-inversion: no
124. interfaces:
125. sources:
126. services: ssh
127. ports: 445/tcp 10050/tcp
128. protocols:
129. masquerade: no
130. forward-ports:
131. source-ports:
132. icmp-blocks:
133. rich rules:
134.  
135. cat /etc/krb5.conf
136. [libdefaults]
137. default_realm = EXAMPLE.CORP
138. dns_lookup_realm = false
139. dns_lookup_kdc = true