[global]  

# ldap stuff
ldap suffix = "dc=sci,dc=univr,dc=it"
ldap bind as = "uid=root,dc=sci,dc=univr,dc=it"
ldap passwd file = /usr/local/tng/private/ldappasswd 
# if the ldap server resides in the same machine you can use localhost 
ldap server = localhost 
ldap port = 389 
ldap scope = sub

# the password will expire in 30 days since the last change
password expire time = 30

comment = Linux Auth Samba-TNG Server
workgroup = VIPS
netbios name = ARENA
security = user 
status = yes 

wins server = 157.27.252.10

null passwords = yes
encrypt passwords = yes 
domain logons = yes 
logon drive = H:
logon script = scripts\startup.bat
logon home = \\ARENA\homes

# Many different ways of doing a roaming profile
;logon path = \\%N\%U\Profile
;logon path = \\%N\%H\Profile
;logon path = \\ARENA\profiles\%U
;logon path = \\%N\profiles\%U

# My preferred mandatory profile
# Make it ending with .man, if you want not to allow users 
# to login if profile is not available
logon path = \\arena\profiles\default.man

guest account = nobody
share modes = no 
os level = 65

local master = yes
domain master = yes
preferred master = yes

; sync samba with unix password
unix password sync = yes
passwd program = /usr/local/sbin/ldapsync.pl -o %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *modifying*
;passwd chat debug = Yes
;debug level = 100

time server = yes

[homes] 
guest ok = no 
read only = no 
create mask = 0700 
directory mask = 0700 
oplocks = false 
level 2 oplocks = false
locking = no 

[netlogon] 
;utmp = yes
path = /usr/local/tng/netlogon 
writeable = no 
guest ok = no
; netlogon share must (?) be browsable for the profiles
browseable = no
public = no
;preexec = echo "%T - user %u connected to %S from %m (%I)" >>/tmp/log
;postexec = echo "%T - user %u disconnected from %S from %m (%I)" >>/tmp/log

[profiles]
path = /usr/local/tng/profiles
writeable = yes
browseable = no
create mode = 0644
directory mode = 0755
guest ok = yes