[global]
  netbios name = DC4
  realm = LAPIOLE.ORG
  workgroup = LAPIOLE
  kerberos method = secrets and keytab
  idmap config * : backend = tdb
  idmap config * : range = 10000-19999
  idmap config LAPIOLE.ORG : backend = sss
  server role = active directory domain controller
  dns forwarder = 10.99.3.1
  logging = systemd@1 file
  log level = 1 auth_audit:3@/var/log/samba/auth.log auth_json_audit:4@/var/log/samba/json/auth.log dsdb_json_audit:5@/var/log/samba/json/dsdb.log dsdb_password_json_audit:5@/var/log/samba/json/dsdb_password.log dsdb_transaction_json_audit:5@/var/log/samba/json/dsdb_transaction.log dns:3@/var/log/samba/dns.log kerberos:2@/var/log/samba/kerberos.log ldb:2@/var/log/samba/ldb.log


  # Log rotation is handled by logrotate
  max log size = 0

  tls dh params file = tls/dhparam.pem
  tls cafile = /etc/pki/tls/cert.pem
  tls certfile = /var/lib/dehydrated/certificates/certs/dc4.lapiole.org/fullchain.pem
  tls keyfile = /var/lib/dehydrated/certificates/certs/dc4.lapiole.org/privkey.pem

[netlogon]
  path = /var/lib/samba/sysvol/lapiole.org/scripts
  read only = no

[sysvol]
  path = /var/lib/samba/sysvol
  read only = no