Differences

This shows you the differences between two versions of the page.

--- samba:samba_configuration_detailed [2016/11/10 15:18] – created peter
+++ samba:samba_configuration_detailed [2019/12/04 19:11] (current) – removed peter
@@ Line 1: / Line 1: @@
-====== Samba - Samba Configuration Detailed ======
-<file bash smb.conf>
-#---------------
-# SELINUX NOTES:
-#
-# If you want to use the useradd/groupadd family of binaries please run:
-# setsebool -P samba_domain_controller on
-#
-# If you want to share home directories via samba please run:
-# setsebool -P samba_enable_home_dirs on
-#
-# If you create a new directory you want to share you should mark it as
-# "samba-share_t" so that selinux will let you write into it.
-# Make sure not to do that on system directories as they may already have
-# been marked with othe SELinux labels.
-#
-# Use ls -ldZ /path to see which context a directory has
-#
-# Set labels only on directories you created!
-# To set a label use the following: chcon -t samba_share_t /path
-#
-# If you need to share a system created directory you can use one of the
-# following (read-only/read-write):
-# setsebool -P samba_export_all_ro on
-# or
-# setsebool -P samba_export_all_rw on
-#
-# If you want to run scripts (preexec/root prexec/print command/...) please
-# put them into the /var/lib/samba/scripts directory so that smbd will be
-# allowed to run them.
-# Make sure you COPY them and not MOVE them so that the right SELinux context
-# is applied, to check all is ok use restorecon -R -v /var/lib/samba/scripts
-#
-#--------------
-#
-#======================= Global Settings =====================================
-[global]
-	workgroup = WORKGROUP
-	server string = Samba Server Version %v
-	netbios name = HP00
-;	interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
-;	hosts allow = 127. 192.168.12. 192.168.13.
-# --------------------------- Logging Options -----------------------------
-#
-# Log File let you specify where to put logs and how to split them up.
-#
-# Max Log Size let you specify the max size log files should reach
-	# logs split per machine
-	log file = /var/log/samba/log.%m
-	# max 50KB per log file, then rotate
-	max log size = 50
-# ----------------------- Standalone Server Options ------------------------
-#
-# Security can be set to user, share(deprecated) or server(deprecated)
-#
-# Backend to store user information in. New installations should
-# use either tdbsam or ldapsam. smbpasswd is available for backwards
-# compatibility. tdbsam requires no further configuration.
-	security = user
-#	passdb backend = ldapsam
-# ----------------------- Domain Members Options ------------------------
-#
-# Security must be set to domain or ads
-#
-# Use the realm option only with security = ads
-# Specifies the Active Directory realm the host is part of
-#
-# Backend to store user information in. New installations should
-# use either tdbsam or ldapsam. smbpasswd is available for backwards
-# compatibility. tdbsam requires no further configuration.
-#
-# Use password server option only with security = server or if you can't
-# use the DNS to locate Domain Controllers
-# The argument list may include:
-#   password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
-# or to auto-locate the domain controller/s
-#   password server = *
-;	security = domain
-;	passdb backend = tdbsam
-;	realm = MY_REALM
-;	password server = <NT-Server-Name>
-# ----------------------- Domain Controller Options ------------------------
-#
-# Security must be set to user for domain controllers
-#
-# Backend to store user information in. New installations should
-# use either tdbsam or ldapsam. smbpasswd is available for backwards
-# compatibility. tdbsam requires no further configuration.
-#
-# Domain Master specifies Samba to be the Domain Master Browser. This
-# allows Samba to collate browse lists between subnets. Don't use this
-# if you already have a Windows NT domain controller doing this job
-#
-# Domain Logons let Samba be a domain logon server for Windows workstations.
-#
-# Logon Scrpit let yuou specify a script to be run at login time on the client
-# You need to provide it in a share called NETLOGON
-#
-# Logon Path let you specify where user profiles are stored (UNC path)
-#
-# Various scripts can be used on a domain controller or stand-alone
-# machine to add or delete corresponding unix accounts
-#
-;	security = user
-;	passdb backend = tdbsam
-	domain master = yes
-	domain logons = yes
-	# the login script name depends on the machine name
-;	logon script = %m.bat
-	# the login script name depends on the unix user used
-;	logon script = %u.bat
-;	logon path = \\%L\Profiles\%u
-	# disables profiles support by specifing an empty path
-	logon path =
-        passdb backend = ldapsam:ldap://127.0.0.1/
-        ldap admin dn = cn=Manager,dc=example
-        #ldap admin dn = cn=samba,ou=DSA,dc=company,dc=com
-        ldap suffix = dc=example
-        ldap group suffix = ou=Groups
-        ldap user suffix = ou=People
-        ldap machine suffix = ou=Computers
-        #ldap idmap suffix = ou=Idmap
-        add user script = /usr/sbin/smbldap-useradd -m "%u"
-        ldap delete dn = Yes
-        delete user script = /usr/sbin/smbldap-userdel "%u"
-        add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
-        add group script = /usr/sbin/smbldap-groupadd -p "%g"
-        delete group script = /usr/sbin/smbldap-groupdel "%g"
-        add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
-        delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
-        set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
-	#pam password change = yes
-	check password script = /usr/local/bin/check.sh
-;	add user script = /usr/sbin/useradd "%u" -n -g users
-;	add group script = /usr/sbin/groupadd "%g"
-;	add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u"
-;	delete user script = /usr/sbin/userdel "%u"
-;	delete user from group script = /usr/sbin/userdel "%u" "%g"
-;	delete group script = /usr/sbin/groupdel "%g"
-# ----------------------- Browser Control Options ----------------------------
-#
-# set local master to no if you don't want Samba to become a master
-# browser on your network. Otherwise the normal election rules apply
-#
-# OS Level determines the precedence of this server in master browser
-# elections. The default value should be reasonable
-#
-# Preferred Master causes Samba to force a local browser election on startup
-# and gives it a slightly higher chance of winning the election
-	local master = yes
-	os level = 96
-	preferred master = yes
-#----------------------------- Name Resolution -------------------------------
-# Windows Internet Name Serving Support Section:
-# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
-#
-# - WINS Support: Tells the NMBD component of Samba to enable it's WINS Server
-#
-# - WINS Server: Tells the NMBD components of Samba to be a WINS Client
-#
-# - WINS Proxy: Tells Samba to answer name resolution queries on
-#   behalf of a non WINS capable client, for this to work there must be
-#   at least one	WINS Server on the network. The default is NO.
-#
-# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
-# via DNS nslookups.
-	wins support = yes
-;	wins server = w.x.y.z
-;	wins proxy = yes
-;	dns proxy = yes
-# --------------------------- Printing Options -----------------------------
-#
-# Load Printers let you load automatically the list of printers rather
-# than setting them up individually
-#
-# Cups Options let you pass the cups libs custom options, setting it to raw
-# for example will let you use drivers on your Windows clients
-#
-# Printcap Name let you specify an alternative printcap file
-#
-# You can choose a non default printing system using the Printing option
-	load printers = yes
-	cups options = raw
-;	printcap name = /etc/printcap
-	#obtain list of printers automatically on SystemV
-;	printcap name = lpstat
-;	printing = cups
-# --------------------------- Filesystem Options ---------------------------
-#
-# The following options can be uncommented if the filesystem supports
-# Extended Attributes and they are enabled (usually by the mount option
-# user_xattr). Thess options will let the admin store the DOS attributes
-# in an EA and make samba not mess with the permission bits.
-#
-# Note: these options can also be set just per share, setting them in global
-# makes them the default for all shares
-;	map archive = no
-;	map hidden = no
-;	map read only = no
-;	map system = no
-;	store dos attributes = yes
-#============================ Share Definitions ==============================
-[homes]
-	comment = Home Directories
-	browseable = no
-	writable = yes
-;	valid users = %S
-;	valid users = MYDOMAIN\%S
-[printers]
-	comment = All Printers
-	path = /var/spool/samba
-	browseable = no
-	guest ok = no
-	writable = no
-	printable = yes
-# Un-comment the following and create the netlogon directory for Domain Logons
-;	[netlogon]
-;	comment = Network Logon Service
-;	path = /var/lib/samba/netlogon
-;	guest ok = yes
-;	writable = no
-;	share modes = no
-# Un-comment the following to provide a specific roving profile share
-# the default is to use the user's home directory
-;	[Profiles]
-;	path = /var/lib/samba/profiles
-;	browseable = no
-;	guest ok = yes
-# A publicly accessible directory, but read only, except for people in
-# the "staff" group
-	[public]
-	comment = Public Stuff
-	path = /srv/samba
-	public = yes
-	writable = yes
-	printable = no
-;	write list = +staff
-	force create mode = 0666
-	force directory mode = 0777
-	vfs objects = recycle
-	vfs recycle:repository = .recycle
-</file>
-<file bash slapd.conf>
-#
-# See slapd.conf(5) for details on configuration options.
-# This file should NOT be world readable.
-#
-include		/etc/openldap/schema/corba.schema
-include		/etc/openldap/schema/core.schema
-include		/etc/openldap/schema/cosine.schema
-include		/etc/openldap/schema/duaconf.schema
-include		/etc/openldap/schema/dyngroup.schema
-include		/etc/openldap/schema/inetorgperson.schema
-include		/etc/openldap/schema/java.schema
-include		/etc/openldap/schema/misc.schema
-include		/etc/openldap/schema/nis.schema
-include		/etc/openldap/schema/openldap.schema
-include		/etc/openldap/schema/ppolicy.schema
-include		/etc/openldap/schema/collective.schema
-include		/etc/openldap/schema/samba.schema
-# Allow LDAPv2 client connections.  This is NOT the default.
-allow bind_v2
-# Do not enable referrals until AFTER you have a working directory
-# service AND an understanding of referrals.
-#referral	ldap://root.openldap.org
-pidfile		/var/run/openldap/slapd.pid
-argsfile	/var/run/openldap/slapd.args
-# Load dynamic backend modules:
-# modulepath	/usr/lib/openldap # or /usr/lib64/openldap
-# moduleload accesslog.la
-# moduleload auditlog.la
-# moduleload back_sql.la
-# moduleload denyop.la
-# moduleload dyngroup.la
-# moduleload dynlist.la
-# moduleload lastmod.la
-# moduleload pcache.la
-# moduleload ppolicy.la
-# moduleload refint.la
-# moduleload retcode.la
-# moduleload rwm.la
-moduleload syncprov.la
-# moduleload translucent.la
-# moduleload unique.la
-# moduleload valsort.la
-serverID 1
-# The next three lines allow use of TLS for encrypting connections using a
-# dummy test certificate which you can generate by changing to
-# /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions on
-# slapd.pem so that the ldap user or group can read it.  Your client software
-# may balk at self-signed certificates, however.
-TLSCACertificateFile /etc/openldap/ca.crt
-TLSCertificateFile /etc/openldap/ldap.crt
-TLSCertificateKeyFile /etc/openldap/ldap.key
-# Sample security restrictions
-#	Require integrity protection (prevent hijacking)
-#	Require 112-bit (3DES or better) encryption for updates
-#	Require 63-bit encryption for simple bind
-# security ssf=1 update_ssf=112 simple_bind=64
-# Sample access control policy:
-#	Root DSE: allow anyone to read it
-#	Subschema (sub)entry DSE: allow anyone to read it
-#	Other DSEs:
-#		Allow self write access
-#		Allow authenticated users read access
-#		Allow anonymous users to authenticate
-#	Directives needed to implement policy:
-# access to dn.base="" by * read
-# access to dn.base="cn=Subschema" by * read
-# access to *
-#	by self write
-#	by users read
-#	by anonymous auth
-#
-# if no access controls are present, the default policy
-# allows anyone and everyone to read anything but restricts
-# updates to rootdn.  (e.g., "access to * by * read")
-#
-# rootdn can always read and write EVERYTHING!
-#######################################################################
-# ldbm and/or bdb database definitions
-#######################################################################
-database	bdb
-suffix		"dc=example"
-checkpoint	1024 15
-#rootdn		"cn=Manager,dc=my-domain,dc=com"
-# Cleartext passwords, especially for the rootdn, should
-# be avoided.  See slappasswd(8) and slapd.conf(5) for details.
-# Use of strong authentication encouraged.
-# rootpw		secret
-# rootpw		{crypt}ijFYNcSNctBYg
-overlay syncprov
-syncprov-checkpoint 100 10
-syncprov-sessionlog 100
-# The database directory MUST exist prior to running slapd AND
-# should only be accessible by the slapd and slap tools.
-# Mode 700 recommended.
-directory	/var/lib/ldap
-# Indices to maintain for this database
-index objectClass                       eq,pres
-index ou,cn,mail,surname,givenname      eq,pres,sub
-index uidNumber,gidNumber,loginShell    eq,pres
-index uid,memberUid                     eq,pres,sub
-index nisMapName,nisMapEntry            eq,pres,sub
-# Replicas of this database
-#replogfile /var/lib/ldap/openldap-master-replog
-#replica host=ldap-1.example.com:389 starttls=critical
-#     bindmethod=sasl saslmech=GSSAPI
-#     authcId=host/ldap-master.example.com@EXAMPLE.COM
-access to dn.base="" by * read
-access to attrs=userPassword,shadowLastChange,sambaNTPassword,sambaPasswordHistory
-	by dn="cn=Manager,dc=example" write
-	by dn="cn=replicator,dc=example" read
-	by anonymous auth
-	by self write
-	by * none
-access to *
-	by dn="cn=Manager,dc=example" write
-	by self write
-	by * read
-# enable monitoring
-database monitor
-# allow onlu rootdn to read the monitor
-access to *
-        by dn.exact="cn=Manager,dc=example" read
-        by * none
-</file>
-<file bash /etc/smbldap-tools/smbldap.conf>
-# $Source: $
-# $Id: smbldap.conf,v 1.18 2005/05/27 14:28:47 jtournier Exp $
-#
-# smbldap-tools.conf : Q & D configuration file for smbldap-tools
-#  This code was developped by IDEALX (http://IDEALX.org/) and
-#  contributors (their names can be found in the CONTRIBUTORS file).
-#
-#                 Copyright (C) 2001-2002 IDEALX
-#
-#  This program is free software; you can redistribute it and/or
-#  modify it under the terms of the GNU General Public License
-#  as published by the Free Software Foundation; either version 2
-#  of the License, or (at your option) any later version.
-#
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
-#
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
-#  USA.
-#  Purpose :
-#       . be the configuration file for all smbldap-tools scripts
-##############################################################################
-#
-# General Configuration
-#
-##############################################################################
-# Put your own SID. To obtain this number do: "net getlocalsid".
-# If not defined, parameter is taking from "net getlocalsid" return
-SID="S-1-5-21-2252255531-4061614174-2474224979"
-# Domain name the Samba server is in charged.
-# If not defined, parameter is taking from smb.conf configuration file
-# Ex: sambaDomain="IDEALX-NT"
-sambaDomain="EXAMPLE"
-##############################################################################
-#
-# LDAP Configuration
-#
-##############################################################################
-# Notes: to use to dual ldap servers backend for Samba, you must patch
-# Samba with the dual-head patch from IDEALX. If not using this patch
-# just use the same server for slaveLDAP and masterLDAP.
-# Those two servers declarations can also be used when you have
-# . one master LDAP server where all writing operations must be done
-# . one slave LDAP server where all reading operations must be done
-#   (typically a replication directory)
-# Slave LDAP server
-# Ex: slaveLDAP=127.0.0.1
-# If not defined, parameter is set to "127.0.0.1"
-slaveLDAP="127.0.0.1"
-# Slave LDAP port
-# If not defined, parameter is set to "389"
-slavePort="389"
-# Master LDAP server: needed for write operations
-# Ex: masterLDAP=127.0.0.1
-# If not defined, parameter is set to "127.0.0.1"
-masterLDAP="127.0.0.1"
-# Master LDAP port
-# If not defined, parameter is set to "389"
-masterPort="389"
-# Use TLS for LDAP
-# If set to 1, this option will use start_tls for connection
-# (you should also used the port 389)
-# If not defined, parameter is set to "0"
-ldapTLS="0"
-# Use SSL for LDAP
-# If set to 1, this option will use SSL for connection
-# (standard port for ldaps is 636)
-# If not defined, parameter is set to "0"
-ldapSSL="0"
-# How to verify the server's certificate (none, optional or require)
-# see "man Net::LDAP" in start_tls section for more details
-verify="require"
-# CA certificate
-# see "man Net::LDAP" in start_tls section for more details
-cafile="/etc/pki/tls/certs/ldapserverca.pem"
-# certificate to use to connect to the ldap server
-# see "man Net::LDAP" in start_tls section for more details
-clientcert="/etc/pki/tls/certs/ldapclient.pem"
-# key certificate to use to connect to the ldap server
-# see "man Net::LDAP" in start_tls section for more details
-clientkey="/etc/pki/tls/certs/ldapclientkey.pem"
-# LDAP Suffix
-# Ex: suffix=dc=IDEALX,dc=ORG
-suffix="dc=example"
-# Where are stored Users
-# Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG"
-# Warning: if 'suffix' is not set here, you must set the full dn for usersdn
-usersdn="ou=People,${suffix}"
-# Where are stored Computers
-# Ex: computersdn="ou=Computers,dc=IDEALX,dc=ORG"
-# Warning: if 'suffix' is not set here, you must set the full dn for computersdn
-computersdn="ou=Computers,${suffix}"
-# Where are stored Groups
-# Ex: groupsdn="ou=Groups,dc=IDEALX,dc=ORG"
-# Warning: if 'suffix' is not set here, you must set the full dn for groupsdn
-groupsdn="ou=Group,${suffix}"
-# Where are stored Idmap entries (used if samba is a domain member server)
-# Ex: idmapdn="ou=Idmap,dc=IDEALX,dc=ORG"
-# Warning: if 'suffix' is not set here, you must set the full dn for idmapdn
-idmapdn="ou=Idmap,${suffix}"
-# Where to store next uidNumber and gidNumber available for new users and groups
-# If not defined, entries are stored in sambaDomainName object.
-# Ex: sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"
-# Ex: sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}"
-sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"
-# Default scope Used
-scope="sub"
-# Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT)
-hash_encrypt="SSHA"
-# if hash_encrypt is set to CRYPT, you may set a salt format.
-# default is "%s", but many systems will generate MD5 hashed
-# passwords if you use "$1$%.8s". This parameter is optional!
-crypt_salt_format="%s"
-##############################################################################
-#
-# Unix Accounts Configuration
-#
-##############################################################################
-# Login defs
-# Default Login Shell
-# Ex: userLoginShell="/bin/bash"
-userLoginShell="/bin/bash"
-# Home directory
-# Ex: userHome="/home/%U"
-userHome="/home/%U"
-# Default mode used for user homeDirectory
-userHomeDirectoryMode="700"
-# Gecos
-userGecos="System User"
-# Default User (POSIX and Samba) GID
-defaultUserGid="513"
-# Default Computer (Samba) GID
-defaultComputerGid="515"
-# Skel dir
-skeletonDir="/etc/skel"
-# Default password validation time (time in days) Comment the next line if
-# you don't want password to be enable for defaultMaxPasswordAge days (be
-# careful to the sambaPwdMustChange attribute's value)
-defaultMaxPasswordAge="45"
-##############################################################################
-#
-# SAMBA Configuration
-#
-##############################################################################
-# The UNC path to home drives location (%U username substitution)
-# Just set it to a null string if you want to use the smb.conf 'logon home'
-# directive and/or disable roaming profiles
-# Ex: userSmbHome="\\PDC-SMB3\%U"
-userSmbHome="\\HP00\%U"
-# The UNC path to profiles locations (%U username substitution)
-# Just set it to a null string if you want to use the smb.conf 'logon path'
-# directive and/or disable roaming profiles
-# Ex: userProfile="\\PDC-SMB3\profiles\%U"
-userProfile=""
-# The default Home Drive Letter mapping
-# (will be automatically mapped at logon time if home directory exist)
-# Ex: userHomeDrive="H:"
-userHomeDrive="H:"
-# The default user netlogon script name (%U username substitution)
-# if not used, will be automatically username.cmd
-# make sure script file is edited under dos
-# Ex: userScript="startup.cmd" # make sure script file is edited under dos
-userScript="logon.bat"
-# Domain appended to the users "mail"-attribute
-# when smbldap-useradd -M is used
-# Ex: mailDomain="idealx.com"
-mailDomain="example.info"
-##############################################################################
-#
-# SMBLDAP-TOOLS Configuration (default are ok for a RedHat)
-#
-##############################################################################
-# Allows not to use smbpasswd (if with_smbpasswd == 0 in smbldap_conf.pm) but
-# prefer Crypt::SmbHash library
-with_smbpasswd="0"
-smbpasswd="/usr/bin/smbpasswd"
-# Allows not to use slappasswd (if with_slappasswd == 0 in smbldap_conf.pm)
-# but prefer Crypt:: libraries
-with_slappasswd="0"
-slappasswd="/usr/sbin/slappasswd"
-# comment out the following line to get rid of the default banner
-# no_banner="1"
-</file>
-This is a template for phpLDAPAdmin-a.
-<file bash sambaSamAccount.xml>
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE template SYSTEM "template.dtd">
-<template>
-<title>Samba3 Account</title>
-<regexp>^ou=People,dc=example$</regexp>
-<icon>images/user.png</icon>
-<description>New Samba3 Account</description>
-<askcontainer>1</askcontainer>
-<!--This is the main attribute, which will be part of the dn-a -->
-<rdn>uid</rdn>
-<visible>1</visible>
-<objectClasses>
-<objectClass id="top"></objectClass>
-<objectClass id="person"></objectClass>
-<objectClass id="inetOrgPerson"></objectClass>
-<objectClass id="organizationalPerson"></objectClass>
-<objectClass id="sambaSAMAccount"></objectClass>
-<objectClass id="posixAccount"></objectClass>
-<objectClass id="shadowAccount"></objectClass>
-</objectClasses>
-<attributes>
-<attribute id="givenName">
-	<display>First name</display>
-	<icon>images/uid.png</icon>
-	<onchange>autoFill:cn,%givenName% %sn%</onchange>
-	<order>1</order>
-	<page>1</page>
-</attribute>
-<attribute id="sn">
-	<display>Last name</display>
-	<onchange>autoFill:cn,%givenName% %sn%</onchange>
-	<onchange>autoFill:uid,%gidNumber|0-0/T%-%givenName|0-1/l%%sn/l%</onchange>
-	<order>2</order>
-	<page>1</page>
-</attribute>
-<attribute id="cn">
-	<display>Common Name</display>
-	<order>3</order>
-	<page>1</page>
-	<spacer>1</spacer>
-</attribute>
-<attribute id="uid">
-	<display>User ID</display>
-	<onchange>autoFill:homeDirectory,/home/users/%gidNumber|0-0/T%/%uid|3-%</onchange>
-	<order>4</order>
-	<page>1</page>
-	<spacer>1</spacer>
-</attribute>
-<attribute id="uidNumber">
-	<display>UID Number</display>
-	<hint>Automatically determined</hint>
-	<value>=php.GetNextNumber(/,uid)</value>
-	<order>5</order>
-	<page>1</page>
-	<readonly>1</readonly>
-</attribute>
-<attribute id="sambaSID">
-	<display>Samba SID</display>
-	<option>=php.PickList(/,(objectClass=sambaDomain),sambaSID,%sambaSID% (%sambaDomainName%))</option>
-	<helper>
-		<id>sidsuffix</id>
-		<option>=php.GetNextNumber(/,uid,false,,*2;+1000)</option>
-	</helper>
-	<post>=php.Join(-,(%sambaSID%,%sidsuffix%))</post>
-	<order>6</order>
-	<page>1</page>
-	<spacer>1</spacer>
-</attribute>
-<attribute id="userPassword">
-	<display>Password</display>
-	<icon>images/lock.png</icon>
-	<onchange>autoFill:sambaLMPassword,%userPassword%</onchange>
-	<onchange>autoFill:sambaNTPassword,%userPassword%</onchange>
-	<type>password</type>
-	<verify>1</verify>
-	<helper>
-		<display>Encryption</display>
-		<id>enc</id>
-		<option>blowfish</option>
-		<option>clear</option>
-		<option>crypt</option>
-		<option>ext_des</option>
-		<option>md5</option>
-		<option>md5crypt</option>
-		<option>sha</option>
-		<option>smd5</option>
-		<option>ssha</option>
-		<value>md5</value>
-	</helper>
-	<post>=php.Password(%enc%,%userPassword%)</post>
-	<order>7</order>
-	<page>1</page>
-</attribute>
-<attribute id="sambaLMPassword">
-	<display>LM Password</display>
-	<type>password</type>
-	<post>=php.SambaPassword(LM,%sambaLMPassword%)</post>
-	<order>8</order>
-	<page>1</page>
-</attribute>
-<attribute id="sambaNTPassword">
-	<display>NT Password</display>
-	<type>password</type>
-	<post>=php.SambaPassword(NT,%sambaNTPassword%)</post>
-	<order>9</order>
-	<page>1</page>
-	<spacer>1</spacer>
-</attribute>
-<attribute id="loginShell">
-	<display>Login shell</display>
-	<icon>images/terminal.png</icon>
-	<!-- <option>=php.PickList(/,(objectClass=posixAccount),loginShell,%loginShell%)</option> -->
-	<option>/bin/false</option>
-	<option>/bin/bash</option>
-	<order>10</order>
-	<page>1</page>
-</attribute>
-<attribute id="gidNumber">
-	<display>GID Number</display>
-	<onchange>autoFill:homeDirectory,/home/users/%gidNumber|0-0/T%/%uid|3-%</onchange>
-	<option>=php.PickList(/,(objectClass=posixGroup),gidNumber,%cn%)</option>
-	<order>11</order>
-	<page>1</page>
-</attribute>
-<attribute id="sambaPrimaryGroupSID">
-	<display>Primary Group ID</display>
-	<option>=php.PickList(/,(objectClass=sambaGroupMapping),sambaSID,%sambaSID% (%cn%),sambaPrimaryGroupSID)</option>
-	<helper>
-		<id>sidpgsuffix</id>
-		<value></value>
-	</helper>
-	<post>=php.Join(-,(%sambaPrimaryGroupSID%,%sidpgsuffix%))</post>
-	<order>13</order>
-	<page>1</page>
-	<spacer>1</spacer>
-</attribute>
-<attribute id="homeDirectory">
-	<display>Home directory</display>
-	<order>14</order>
-	<page>1</page>
-</attribute>
-<attribute id="sambaAcctFlags">
-	<value>[U]</value>
-	<hidden>1</hidden>
-</attribute>
-</attributes>
-</template>
-</file>