[global]
	debug level = 1
	workgroup = MEDITURE
	realm = MEDITURE.DOM
	netbios name = DC01

	server role = active directory domain controller
	server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
	
	tls enabled  = yes
	tls keyfile  = tls/key.pem
	tls certfile = tls/cert.pem
	tls cafile   = tls/ca.pem

	template homedir = /home/%U
	template shell = /bin/bash

	server string = Samba Server Version %v

	server max protocol = SMB3
	allow trusted domains = no
	ldap server require strong auth = no
	
	passdb backend = tdbsam

	winbind refresh tickets = yes
	winbind offline logon = yes
	winbind use default domain = yes
	winbind nss info = rfc2307
	winbind enum users = yes
	winbind enum groups = yes
	winbind nested groups = yes

	kerberos method = secrets and keytab

	idmap_ldb:use rfc2307 = yes
	
	idmap config *: backend = tdb
	idmap config *: range = 90000001-100000000

	idmap config MEDITURE: backend = ad
	idmap config MEDITURE: range = 10000-49999
	idmap config MEDITURE: schema mode = rfc2307

[netlogon]
	path = /usr/local/samba/var/locks/sysvol/mediture.dom/scripts
	read only = No

[sysvol]
	path = /usr/local/samba/var/locks/sysvol
	read only = No

[deploy]
	path = /usr/local/samba/var/deploy
	read only = No