freeipa/install/share/smb.conf.template
Alexander Bokovoy b2c5691e73 Enforce SMBLoris attack protection in default Samba configuration
See https://access.redhat.com/security/vulnerabilities/smbloris for
details.

There is no recommended value but for IPA DC we can limit with 1000
concurrent connections from unrelated clients.

Related: https://pagure.io/freeipa/issue/6951
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2019-04-24 15:47:19 -04:00

36 lines
998 B
Plaintext

[global]
workgroup = $NETBIOS_NAME
netbios name = $HOST_NETBIOS_NAME
realm = $REALM
kerberos method = dedicated keytab
dedicated keytab file = /etc/samba/samba.keytab
create krb5 conf = no
security = user
domain master = yes
domain logons = yes
log level = 1
max log size = 100000
log file = /var/log/samba/log.%m
passdb backend = ipasam:ldapi://$LDAPI_SOCKET
disable spoolss = yes
ldapsam:trusted=yes
ldap ssl = off
ldap suffix = $SUFFIX
ldap user suffix = cn=users,cn=accounts
ldap group suffix = cn=groups,cn=accounts
ldap machine suffix = cn=computers,cn=accounts
rpc_server:epmapper = external
rpc_server:lsarpc = external
rpc_server:lsass = external
rpc_server:lsasd = external
rpc_server:samr = external
rpc_server:netlogon = external
rpc_server:tcpip = yes
rpc_daemon:epmd = fork
rpc_daemon:lsasd = fork
idmap config * : backend = tdb
idmap config * : range = 0 - 0
idmap config $NETBIOS_NAME : backend = sss
idmap config $NETBIOS_NAME : range = $IPA_LOCAL_RANGE
max smbd processes = 1000