[global]
workgroup = workgroupname 
server string = LDAP server running samba %v
netbios name = directory

# Windows administrators
# You can add users or groups (prefix groups with a '@')
domain admin group = l.rathbone c.evans @domadm

# SAMBA-LDAP declarations
ldap suffix = dc=your,dc=site,dc=com
# User with write access to the LDAP directory
ldap admin dn = uid=root,cn=users,dc=your,dc=site,dc=com
ldap port = 389
ldap server = ldap.your.site.com
ldap ssl = start tls

# Create machine trust accounts automatically 
add user script = /usr/local/sbin/smbldap-useradd.pl -w %u

# this tells Samba to use a separate log file for each machine
# that connects
log file = /usr/local/samba/var/log.%m
# How much information do you want to see in the logs?
# default (1) is only to log critical messages
log level = 2

# Put a capping on the size of the log files (in Kb).
max log size = 50

# MUST be security = user for PDC
security = user

# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details
# You may want to add the following on a Linux system:
#         SO_RCVBUF=8192 SO_SNDBUF=8192
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
local master = yes

# OS Level determines the precedence of this server in master browser
# elections. The default value (20) should be reasonable
os level = 90

# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
domain master = yes

# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
preferred master = yes

# I have stuck this in because it was in a HOWTO but I have no idea what it does - but it does not sound good
null passwords = Yes

# You MUST use password encryption. Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
encrypt passwords = yes

passwd program =/usr/local/sbin/smbldap-passwd.pl -o %u

# When using encrypted passwords, Samba can synchronize the local
# UNIX password as well.  You will also need the "passwd chat" parameters
unix password sync = yes

# how should smbd talk to the local system when changing a UNIX
# password?  See smb.conf(5) for details
passwd chat = *new*password* %n\n *new*password* %n\n *successfully*

# Enable this if you want Samba act as a domain controller.
domain logons = yes

# Where to store roving profiles (only for Win95 and WinNT)
# %L substitutes for this servers netbios name, %U is username
# This refers to the [profiles] share below
# The permissions on the profiles directory should be 
# chmod 1757 /usr/local/samba/profiles
# drwxr-xrwt    5 root     root         4096 May  1 08:43 profiles
logon path = \\%L\profiles\%u

# UNC path specifying the network location of the user's home directory
# only used when acting as a DC for WinNT/2k/XP.  Ignored by Win9x clients
logon home = \\%L\%U

# What drive should the "logon home" be mounted at upon login ?
# only used when acting as a DC for WinNT/2k/XP.  Ignored by Win9x clients
logon drive = Z:

[homes]
     comment = Home Directories
     browseable = no
     writable = yes
     valid users = %S

 [netlogon]
;    comment = Network Logon Service
path = /usr/local/samba/lib/netlogon
read only = yes
write list = ntadmin
locking = no
guest ok = yes
;    writable = no
;    share modes = no


# Provide a specific roving profile share
# the default is to use the user's home directory
# The permissions on the profiles directory should be 
# chmod 1757 /usr/local/samba/profiles
# drwxr-xrwt    5 root     root         4096 May  1 08:43 profiles
[profiles]
path = /usr/local/samba/profiles
read only = no
create mask = 0600
directory mask = 0700
writable = yes
;    browseable = no
;    guest ok = yes