[global]
security = ads

workgroup = TESTD
realm = testd.example.com

idmap config * : backend = tdb
idmap config * : range = 100000-4294967000

winbind enum users = false
winbind enum groups = false
winbind use default domain = yes
winbind offline logon = yes

template homedir = /home/%D/%U
template shell = /bin/bash
client use spnego = yes
client ntlmv2 auth = yes
encrypt passwords = yes

restrict anonymous = 2
allow trusted domains = yes

winbind normalize names = yes