[global] workgroup = $NETBIOS_NAME netbios name = $HOST_NETBIOS_NAME realm = $REALM kerberos method = dedicated keytab dedicated keytab file = /etc/samba/samba.keytab create krb5 conf = no server role = $SERVER_ROLE security = user domain master = yes domain logons = yes log level = 1 max log size = 100000 log file = /var/log/samba/log.%m passdb backend = ipasam:ldapi://$LDAPI_SOCKET disable spoolss = yes ldapsam:trusted=yes ldap ssl = off ldap suffix = $SUFFIX ldap user suffix = cn=users,cn=accounts ldap group suffix = cn=groups,cn=accounts ldap machine suffix = cn=computers,cn=accounts rpc_server:epmapper = external rpc_server:lsarpc = external rpc_server:lsass = external rpc_server:lsasd = external rpc_server:samr = external rpc_server:netlogon = external rpc_server:tcpip = yes rpc_daemon:epmd = fork rpc_daemon:lsasd = fork idmap config * : backend = tdb idmap config * : range = 0 - 0 idmap config $NETBIOS_NAME : backend = sss idmap config $NETBIOS_NAME : range = $IPA_LOCAL_RANGE max smbd processes = 1000