[global]
    workgroup = SAMDOM
    security = ADS
    realm = SAMDOM.EXAMPLE.COM
    server string = Samba 4 Client %h

    winbind use default domain = yes
    winbind expand groups = 4
    winbind refresh tickets = Yes
    winbind offline logon = yes
    winbind normalize names = Yes

    idmap config *:backend = tdb
    idmap config *:range = 2000-9999
    idmap config SAMDOM : backend = ad
    idmap config SAMDOM : schema_mode = rfc2307
    idmap config SAMDOM : unix_nss_info = yes
    idmap config SAMDOM : range = 10000-999999

    domain master = no
    local master = no
    preferred master = no
    os level = 20
    map to guest = bad user
    host msdfs = no

    username map = /etc/samba/user.map

    vfs objects = acl_xattr
    map acl inherit = Yes
    store dos attributes = Yes

    unix extensions = no
    reset on zero vc = yes
    veto files = /.bash_logout/.bash_profile/.bash_history/.bashrc/
    hide unreadable = yes

    load printers = no
    printing = bsd
    printcap name = /dev/null
    disable spoolss = yes

    log level = 10