# Global parameters
[global]
        allow dns updates = secure only
        bind interfaces only = Yes
        disable spoolss = Yes
        interfaces = eth0
        ldap server require strong auth = Yes
        netbios name = DC
        ntlm auth = mschapv2-and-ntlmv2-only
        printcap name = /dev/null
        realm = DOMAIN.ORG
        restrict anonymous = 2
        server min protocol = SMB3
        server role = active directory domain controller
        tls cafile = tls/bundle_ca.crt
        tls certfile = tls/dc.crt
        tls enabled = Yes
        tls keyfile = tls/dc.key
        workgroup = DOMAIN
        idmap_ldb:use rfc2307 = yes
        comment = "Domain Controller for domain.org"

[sysvol]
        path = /opt/samba/var/locks/sysvol
        read only = No
        acl_xattr:ignore system acls = yes

[netlogon]
        path = /opt/samba/var/locks/sysvol/domain.org/scripts
        read only = No
        acl_xattr:ignore system acls = yes