mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 23:50:03 -06:00
b2c5691e73
See https://access.redhat.com/security/vulnerabilities/smbloris for details. There is no recommended value but for IPA DC we can limit with 1000 concurrent connections from unrelated clients. Related: https://pagure.io/freeipa/issue/6951 Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com>
36 lines
998 B
Plaintext
36 lines
998 B
Plaintext
[global]
|
|
workgroup = $NETBIOS_NAME
|
|
netbios name = $HOST_NETBIOS_NAME
|
|
realm = $REALM
|
|
kerberos method = dedicated keytab
|
|
dedicated keytab file = /etc/samba/samba.keytab
|
|
create krb5 conf = no
|
|
security = user
|
|
domain master = yes
|
|
domain logons = yes
|
|
log level = 1
|
|
max log size = 100000
|
|
log file = /var/log/samba/log.%m
|
|
passdb backend = ipasam:ldapi://$LDAPI_SOCKET
|
|
disable spoolss = yes
|
|
ldapsam:trusted=yes
|
|
ldap ssl = off
|
|
ldap suffix = $SUFFIX
|
|
ldap user suffix = cn=users,cn=accounts
|
|
ldap group suffix = cn=groups,cn=accounts
|
|
ldap machine suffix = cn=computers,cn=accounts
|
|
rpc_server:epmapper = external
|
|
rpc_server:lsarpc = external
|
|
rpc_server:lsass = external
|
|
rpc_server:lsasd = external
|
|
rpc_server:samr = external
|
|
rpc_server:netlogon = external
|
|
rpc_server:tcpip = yes
|
|
rpc_daemon:epmd = fork
|
|
rpc_daemon:lsasd = fork
|
|
idmap config * : backend = tdb
|
|
idmap config * : range = 0 - 0
|
|
idmap config $NETBIOS_NAME : backend = sss
|
|
idmap config $NETBIOS_NAME : range = $IPA_LOCAL_RANGE
|
|
max smbd processes = 1000
|