[global]
acl_xattr:security_acl_name = user.NTACL
acl_xattr:default acl style = windows
add machine script = /usr/sbin/useradd -c "%u machine account" -d /dev/null -g machines -M -N -s /bin/false %u
add user script = /usr/sbin/useradd -c "%u domain user" -d /dev/null -g users -M -N -s /bin/false %u
allow dns updates = secure
bind interfaces only = yes
debug syslog format = always
debug hires timestamp = no
# FIXME:
# dns forwarder = 5.101.171.216 5.101.171.217 185.176.90.169
dns forwarder = 216.119.155.58 185.176.90.169
#dsdb:schema update allowed = true
enable core files = no
idmap config * : backend = tdb
idmap config * : range = 1000000 - 9999999
idmap config SLACKWARE.UK.INTERNAL : backend = ad
idmap config SLACKWARE.UK.INTERNAL : schema_mode = rfc2307
idmap config SLACKWARE.UK.INTERNAL : range = 100 - 10000
idmap config SLACKWARE.UK.INTERNAL : unix_nss_info = yes
idmap config SLACKWARE.UK.INTERNAL : unix_primary_group = yes
idmap_ldb:use rfc2307 = yes
interfaces = lo eth1
logging = syslog:local5
log file = /var/log/samba/samba-debug
log level = 1
netbios name = CORE
nfs4acl_xattr:encoding = nfs
nfs4acl_xattr:version = 41
nfs4acl_xattr:xattr_name = user.nfs4_acl
nfs4acl_xattr:default acl style = windows
password hash userPassword schemes = CryptSHA512
realm = SLACKWARE.UK.INTERNAL
server role = active directory domain controller
server string = "slackware.uk.internal Domain Controller"
template shell = /bin/bash
template homedir = /home/%U
tls cafile = /etc/ssl/certs/ca-certificates.crt
tls certfile = /etc/certificates/core.slackware.uk.internal_cert.pem
tls keyfile = /etc/certificates/core.slackware.uk.internal_key_samba.pem
tls verify peer = ca_and_name_if_available
username map = /etc/samba/smbusers
vfs objects = dfs_samba4 posixacl acl_xattr
workgroup = SLACKWAREUKINT

# [homes]

# [printers]

[sysvol]
path = /var/lib/samba/sysvol
write list = @'Domain Admins@slackware.uk.internal'

[netlogon]
path = /var/lib/samba/sysvol/slackware.uk.internal/scripts
write list = @'Domain Admins@slackware.uk.internal'