[global]
	workgroup = DOMAIN
	realm = DOMAIN.LAN
	security = ADS

        ### winbind settings
        # separate domain and username with '.', like DOMAIN.username
        winbind separator = .

	idmap config * : range = 10000 - 20000
	idmap config DOMAIN : backend = rid
	idmap config DOMAIN : range = 10000 - 20000

        # allow enumeration of winbind users and groups
        winbind enum users = yes
        winbind enum groups = yes

	winbind use default domain = yes
	winbind refresh tickets = yes

        # give winbind users a real shell (only needed if they have telnet access)
        template homedir = /home/domain.lan/%u
        template shell = /bin/bash