[global]
#separate domain and username with '+', like DOMAIN+username
winbind separator = +

#use pids from 10000 to 20000 for domain users
idmap uid = 10000-20000

#use gids from 10000 to 20000 for domain groups
idmap gid = 10000-20000

#allow enumeration of winbind users and groups
winbind enum users = yes
winbind enum groups = yes

#give winbind users a real shell
template homedir = /export/home/%U
#template homedir = /home/%U
template shell = /usr/bin/tcsh

workgroup = BUS
realm = BUS.CBA.NAU.EDU
security = ADS
encrypt passwords = yes
#winbind cache time = 0
password server = bd2, bd1
wins support = no
name resolve order = hosts lmhosts bcast
local master = no
domain master = no
dns proxy = no
winbind use default domain = yes
log level = 3
unix password sync = no
obey pam restrictions = no
winbind nested groups = yes
invalid users = root