[global] workgroup = DOMAIN realm = DOMAIN.LAN security = ADS ### winbind settings # separate domain and username with '.', like DOMAIN.username winbind separator = . idmap config * : range = 10000 - 20000 idmap config DOMAIN : backend = rid idmap config DOMAIN : range = 10000 - 20000 # allow enumeration of winbind users and groups winbind enum users = yes winbind enum groups = yes winbind use default domain = yes winbind refresh tickets = yes # give winbind users a real shell (only needed if they have telnet access) template homedir = /home/domain.lan/%u template shell = /bin/bash