[global]
  workgroup = {{ ad_nt_domain }}
  realm = {{ ad_dns_domain }}
  security = ADS
  log file = /var/log/samba/%m
  max log size = 1024
  template homedir = /home/%U
  template shell = /bin/bash
  winbind separator = /
  winbind enum users = Yes
  winbind enum groups = Yes
  winbind use default domain = Yes
  winbind offline logon = Yes
  winbind rpc only = Yes
  winbind refresh tickets = Yes
  idmap config * : range = 16777216-33554431
  idmap config * : backend = tdb