[global]

   workgroup = DARKWOLF
   server string = LDAP-Samba PDC
   netbios name = ldap-dc
   server max protocol = NT1
   client ipc min protocol = SMB3_10
   security = user
   encrypt passwords = yes
   load printers = no

   log level = 1
   log file = /var/log/samba/log.%m
   max log size = 50

   passdb backend = ldapsam:ldap://ldap-dc.darkwolf.lan

   ldap admin dn = cn=admin,dc=darkwolf,dc=lan
   ldap passwd sync = yes
   ldap machine suffix = ou=machines,dc=darkwolf,dc=lan
   ldap User suffix = ou=users,ou=people,dc=darkwolf,dc=lan
   ldap Group Suffix = ou=windowsusergroups,ou=group,dc=darkwolf,dc=lan
   ldap suffix = dc=darkwolf,dc=lan
   ldap ssl = off

   tls enabled  = yes
   idmap config * : range = 10000-40000

   add user script = /usr/sbin/smbldap-useradd -m "%u"
   add machine script = /usr/sbin/smbldap-useradd -w "%u"

   add group script = /usr/sbin/smbldap-groupadd -p "%g"
   add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
   delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
   set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
   delete group script = /usr/sbin/smbldap-groupdel "%g"
   delete user script = /usr/sbin/smbldap-userdel "%u" -r "%u"


   local master = yes
   os level = 200
   domain master = yes
   preferred master = yes
   domain logons = yes
   wins support = yes
   dns proxy = no

   logon path = \\%N\profiles\%U

#============================ Share Definitions ==============================
[netlogon]
   comment = Network Logon Service
   path = /var/lib/samba/netlogon
   guest ok = yes
   browseable = no
   write list = root


[profiles]
   path = /var/lib/samba/profiles
   comment = Users profiles
   browseable = No
   read only = No
   force create mode = 0600
   force directory mode = 0700
   csc policy = disable
   store dos attributes = yes
   vfs objects = acl_xattr


[homes]
   path = /home/%U
   browseable = no
   valid users = %S
   read only = no
   create mask = 0664
   directory mask = 0775

[public]
   comment = Public Stuff
   path = /home/public
   writable = yes
   public = yes
   browseable = yes
   write list = @ldapbenutzer


[printers]
   comment = All Printers
   browseable = no
   path = /var/spool/samba
   printable = yes
   guest ok = no
   read only = yes
   create mask = 0700

[print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   guest ok = no